Network security

Dr.Aida Nasr
Eng.Mahmoud Goda
 ▪ SSL (Secure Socket Layer), TLS (Transport Layer
Security) : are cryptographic protocols that provide security and data
integrity for communications in transport layer over networks such as the
internet
Ssl and Tls ▪ SSL is an older protocol, and TLS is its more modern and
secure version
 ▪ What is SSL/TLS Basics ?
▪ Encryption:
▪ SSL/TLS protocols encrypt data during transmission,
making it unreadable to anyone who might intercept it.

▪ Authentication:
▪ SSL/TLS provides a mechanism for verifying the identity
SSL/TLS Basics of the parties involved in a communication. This is
typically done using digital certificates.

▪ Data Integrity:
▪ It ensures that the data has not been altered during
transit.

▪
 ▪ What is SSL/TLS Certificates:
▪ Certificate Authority (CA):
▪ SSL/TLS certificates are issued by Certificate Authorities.
▪ The CA verifies the identity of the certificate holder.
▪ Types of Certificates:
SSL / TLS Certificates ▪ Domain Validation (DV): Checks the ownership of the
domain.
▪ Organization Validation (OV): Includes additional
checks on the organization.
▪ Extended Validation (EV): The highest level, involving
thorough validation of the organization's identity.
 ▪ How to Implement SSL/TLS?

▪ Obtain a Certificate:
▪ Purchase an SSL/TLS certificate from a trusted CA.
▪ Some CAs provide free certificates (e.g., Let's Encrypt).

▪ Install the Certificate:

▪ Install the certificate on your web server.
▪ This involves associating the certificate with the domain or subdomain you want to secure.

▪ Configure Web Server:

▪ Update your web server configuration to use the SSL/TLS certificate.
▪ Common web servers include Apache, Nginx, IIS, etc.

Implement SSL / TLS ▪ Testing:

▪ Test the SSL/TLS implementation to ensure it's functioning correctly.
▪ Use online tools to check the SSL configuration.

▪ Renewal:
▪ SSL/TLS certificates have an expiration date. Renew them before they expire.

▪ HSTS (HTTP Strict Transport Security):

▪ HSTS is a web security policy mechanism that helps to protect websites against man-in-the-
middle attacks.

▪ It forces web browsers to use only secure connections (HTTPS).

 ▪ What is Key Derivation?
▪ From the master secret, multiple keys are derived using
a key derivation function. These keys include:
▪ Encryption Keys(2): Used for encrypting data.

Key draivation ▪ MAC (Message Authentication Code) Keys: Used for

ensuring message integrity.
▪ IVs (Initialization Vectors): Used in certain encryption
modes.
 ▪ 4 keys
▪ Kc: encryprion from client to server
▪ Mc: mac from client to server
cont
▪ Ks : encryprion from server to client
▪ Ks : mac from server to client
 ▪ 1: attacker can capture and replay record or re_order ?
▪ Solve: puy sequence num in mac
Problem ▪ 2. attacker can capture and replay all record ?
▪ Solve: use nonce