SlideShare uma empresa Scribd logo

#MoreCrypto : Introduction to TLS

Olle E Johansson
Olle E Johansson

TLS provides confidentiality, identity, and integrity for internet communication. It is used for HTTPS web pages and applications on computers and phones. TLS is based on SSL and uses asymmetric encryption where the server sends a public key to set up the secure connection. The client then challenges the server, which responds using its private key to prove its identity. Certificates bind a public key to an identity and are signed by a Certification Authority. They contain information like the key, owner identity, and validity period.

TecnologiaEducação
1 de 15
Baixar para ler offline
TLS in five minutes #MeraKrypto @oej * oej@edvina.net
 v 1.1 2014-05-06
#MoreCrypto Identity Security basics. Confidentiality Authorization Integrity Non-repudiation
#MoreCrypto TLS is an important tool TLS Transport
 Layer
 Security TLS provides confidentiality, identity
 and integrity to Internet communication. TLS is used in HTTPS:// web pages, but can also be used from applications on a computer as well as a cell phone. TLS is based on SSL, that was a provider-specific technology. TLS is maintained by the IETF and is still being improved.
TLS basics in a minute • TLS use a keypair to set up a secure connection • Assymetric encryption • The server sends the public key at connection • The client challenges the server • The server responds to the challenge using the server private key • Now the client knows that the server has the private key that matches the public key private
TLS Usage • TLS is used for • authentication of servers and clients • initiating encryption of a session • digital signatures on messages to ensure integrity and provide authentication Authentication Who are you? Prove it! Encryption Providing confidentiality Integrity Making sure that the receiver get what the sender sent
Adding a certificate to the mix • A certificate is nothing more complicated than a passport or an ID card • It contains the public key and some administrative data • And is signed (electronically) by someone you might trust ... or not. • This is part of the complex structure called PKI, which you might want or just disregard • A PKI is not needed to get encryption for the signalling path! • You can however use a PKI to only set up connections that you trust
The X.509v3 certificate • An X.509 certificate is the standardised way to
 bind a public key to an identity • The certificate is issued by a 
 Certification Authority (CA) • The most important component of the PKI? • An X.509 certificate is an 
 electronic document with a specific layout ! • Standard: documented in IETF PKIX RFC:s Version Serial number Issuer identity Validity period User identity Public key Extension fields
X509.v3
 contents • Version number • Certificate serial number
 Used for validation • Identity of the issuer • Validity period • Identity of the public key owner • Public key • Extension fields • A digital signature, created by the issuer Internet
 Explorer
 Certificate
 Manager
SIP certificates • SubjectAltName contains a list of identities that are valid for this certificate • draft-ietf-certs outlines a SIP event package to distribute and manage certificates • This is based on the Authentication Service in SIP identity (RFC 4474) • The domain cert is used to sign the NOTIFY payload
x.509 cert for SIP Certificate: Data: Version: 3 (0x2) Serial Number: 01:08:00:79:00:15:00:43 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=California, L=San Jose, O=sipit, OU=SipitTest Certificate Authority Validity Not Before: Sep 16 17:17:00 2009 GMT Not After : Sep 15 17:17:00 2012 GMT Subject: C=US, ST=California, L=San Jose, O=sipit, CN=tls6.test.sipit.net Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:a7:96:65:6e:b6:ba:3a:48:a1:bd:a3:ae:21:dc: a8:92:97:3c:43:ea:24:e6:9f:93:2f:61:7e:d3:2d: 30:1e:21:42:b9:d6:59:87:f1:b1:f8:c8:39:8e:43: 64:9a:31:2c:18:3d:cd:d8:03:64:bb:14:38:44:05: 20:30:d8:e1:db:a7:4d:c3:47:a2:49:73:d1:10:ed: 2f:cf:74:26:57:91:64:af:b0:f2:5d:3f:88:9f:df: 65:6c:ba:65:3f:66:99:52:6b:20:d2:0e:e3:65:18: b1:8e:3d:ca:f2:4a:45:c5:4d:85:ef:82:54:f8:54: 54:db:96:90:9b:c5:1b:2a:1e:60:3c:43:71:55:60: 30:93:8f:fd:d8:d9:3d:a1:32:e3:56:4b:e2:73:b6: cc:18:93:8a:d8:8b:68:81:c7:fd:cd:d5:dc:4c:a2: 86:61:9f:ad:d0:b1:d3:3c:4c:6c:07:54:b2:43:b4: a7:0a:0a:f2:e3:6d:12:43:16:70:63:c9:e9:1a:78: 66:9d:ee:30:94:7b:ab:f2:e9:67:4a:66:6d:8c:ed: a8:a4:98:51:77:0b:a7:60:55:73:85:87:4a:57:6b: 24:fe:27:00:02:79:70:da:5a:45:ad:aa:3d:d5:40: 5b:5c:85:63:93:56:af:c7:e8:e3:b6:1a:25:b6:a2: 2d:37 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Alternative Name: DNS:test.sipit.net, DNS:tls6.test.sipit.net, URI:sip:tls6.test.sipit.net X509v3 Basic Constraints: CA:FALSE X509v3 Subject Key Identifier: 27:F7:A9:96:F5:B2:8F:0B:5E:A9:C7:F5:0F:AC:3D:AB:3D:8D:F0:30 Signature Algorithm: sha1WithRSAEncryption 1a:fe:1f:af:86:99:82:e5:14:97:8d:64:9a:d1:5c:ea:6c:96: f5:c6:0c:7d:20:5f:4e:70:05:24:3a:de:b5:b9:cf:66:8d:4c: 74:d5:6a:a9:52:74:17:bc:b4:79:a0:58:32:78:a9:70:7c:6a: 15:ac:07:29:77:13:06:55:53:3f:0b:4c:3d:da:55:6e:ad:74: 56:01:55:c8:4c:19:8d:06:0b:f3:4c:04:d5:9a:6f:44:ad:7a: fd:3b:aa:e8:4b:84:6e:f1:c4:34:f4:a0:6a:f6:81:ae:74:b4: 46:6e:b9:2f:a6:59:f1:02:e9:58:7c:a1:8d:08:31:2b:39:ee: eb:7e Subject: C=US, ST=California, L=San Jose, O=sipit, CN=tls6.test.sipit.net X509v3 Subject Alternative Name: DNS:test.sipit.net, DNS:tls6.test.sipit.net, URI:sip:tls6.test.sipit.net
Process for a server Generate
 Keys Pack public key
 in CSR Send CSR
 to CA CA validate
 process CA issues 
 Certificate Install cert
 in server with
 private key
Client connection Open TCP
 connection Server sends
 certificate Client
 challenge server Server answers
 challenge Client validates
 certificate Server can issue
 cert request Client and server produce session key Symmetric encryption starts
Protocol specifics • Given a protocol request - how do we match the request address to a certificate • SIP Uri, E-mail address, HTTPS uri
User specifics • Which CAs do we trust? • How do we check validity of certificate, even if we trust the CA? • Do we have time for validation?
New solutions • Anchoring the certificate in DNS • Validating the certificate in DNS • No certificate - bare keys • Oppurtunistic Security with TLS

Recomendados

Building a new ecosystem for interoperable communications
Building a new ecosystem for interoperable communicationsBuilding a new ecosystem for interoperable communications
Building a new ecosystem for interoperable communicationsPaloSanto Solutions
 
SIP (Session Initiation Protocol)
SIP (Session Initiation Protocol)SIP (Session Initiation Protocol)
SIP (Session Initiation Protocol)KHNOG
 
Session Initiation Protocol
Session Initiation ProtocolSession Initiation Protocol
Session Initiation ProtocolMatt Bynum
 
Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2Warren Bent
 
Apple’s facetime protocol
Apple’s facetime protocolApple’s facetime protocol
Apple’s facetime protocolIMTC
 
SIP (Session Initiation Protocol) - Study Notes
SIP (Session Initiation Protocol) - Study NotesSIP (Session Initiation Protocol) - Study Notes
SIP (Session Initiation Protocol) - Study NotesOxfordCambridge
 
Apple Facetime Protocol
Apple Facetime ProtocolApple Facetime Protocol
Apple Facetime Protocolkshitijmehta23
 
Session initiation protocol SIP
Session initiation protocol SIPSession initiation protocol SIP
Session initiation protocol SIPLaraib Khan
 

Recomendados

Building a new ecosystem for interoperable communications
Building a new ecosystem for interoperable communicationsBuilding a new ecosystem for interoperable communications
Building a new ecosystem for interoperable communicationsPaloSanto Solutions
 
SIP (Session Initiation Protocol)
SIP (Session Initiation Protocol)SIP (Session Initiation Protocol)
SIP (Session Initiation Protocol)KHNOG
 
Session Initiation Protocol
Session Initiation ProtocolSession Initiation Protocol
Session Initiation ProtocolMatt Bynum
 
Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2Warren Bent
 
Apple’s facetime protocol
Apple’s facetime protocolApple’s facetime protocol
Apple’s facetime protocolIMTC
 
SIP (Session Initiation Protocol) - Study Notes
SIP (Session Initiation Protocol) - Study NotesSIP (Session Initiation Protocol) - Study Notes
SIP (Session Initiation Protocol) - Study NotesOxfordCambridge
 
Apple Facetime Protocol
Apple Facetime ProtocolApple Facetime Protocol
Apple Facetime Protocolkshitijmehta23
 
Session initiation protocol SIP
Session initiation protocol SIPSession initiation protocol SIP
Session initiation protocol SIPLaraib Khan
 
Introduction to VoIP Security
Introduction to VoIP SecurityIntroduction to VoIP Security
Introduction to VoIP Securityn|u - The Open Security Community
 
Sip
SipSip
SipAnirban Roy
 
Sip crash course
Sip crash courseSip crash course
Sip crash courseJonas Borjesson
 
Squire Technologies: Media Gateway
Squire Technologies: Media GatewaySquire Technologies: Media Gateway
Squire Technologies: Media GatewaySquire Technologies
 
100197
100197100197
100197Abhishek Malik
 
Aboutsip - SIP Routing
Aboutsip - SIP RoutingAboutsip - SIP Routing
Aboutsip - SIP RoutingJonas Borjesson
 
Positive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshopPositive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshopPositive Hack Days
 
Introduction into SIP protocol
Introduction into SIP protocolIntroduction into SIP protocol
Introduction into SIP protocolMichal Hrncirik
 
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...Positive Hack Days
 
Introduction to VoIP, RTP and SIP
Introduction to VoIP, RTP and SIP Introduction to VoIP, RTP and SIP
Introduction to VoIP, RTP and SIP ThousandEyes
 
Meletis Belsis - Voip security
Meletis Belsis - Voip securityMeletis Belsis - Voip security
Meletis Belsis - Voip securityMeletis Belsis MPhil/MRes/BSc
 
Preventing Autonomous System against IP Source Address Spoofing: (PASIPS) A N...
Preventing Autonomous System against IP Source Address Spoofing: (PASIPS) A N...Preventing Autonomous System against IP Source Address Spoofing: (PASIPS) A N...
Preventing Autonomous System against IP Source Address Spoofing: (PASIPS) A N...IDES Editor
 
Voice over Internet Protocol (VoIP) using Asterisk
Voice over Internet Protocol (VoIP) using AsteriskVoice over Internet Protocol (VoIP) using Asterisk
Voice over Internet Protocol (VoIP) using AsteriskSameer Verma
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikPositive Hack Days
 
Number one-issue-voip-today-fraud
Number one-issue-voip-today-fraudNumber one-issue-voip-today-fraud
Number one-issue-voip-today-fraudFlavio Eduardo de Andrade Goncalves
 
LinuxCon North America: SIPPing from the Open Source Well
LinuxCon North America: SIPPing from the Open Source WellLinuxCon North America: SIPPing from the Open Source Well
LinuxCon North America: SIPPing from the Open Source WellMatt Bynum
 
No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014Flavio Eduardo de Andrade Goncalves
 
Hacking Telco equipment: The HLR/HSS, by Laurent Ghigonis
Hacking Telco equipment: The HLR/HSS, by Laurent GhigonisHacking Telco equipment: The HLR/HSS, by Laurent Ghigonis
Hacking Telco equipment: The HLR/HSS, by Laurent GhigonisP1Security
 
Sinnreich Henry Johnston Alan Pt 1
Sinnreich Henry Johnston Alan Pt 1Sinnreich Henry Johnston Alan Pt 1
Sinnreich Henry Johnston Alan Pt 1Carl Ford
 
NAT Scneario
NAT ScnearioNAT Scneario
NAT ScnearioMansour Naslcheraghi
 
Week 13 Sponges
Week 13 SpongesWeek 13 Sponges
Week 13 SpongesCorey Topf
 
Intro. to Econ.
Intro. to Econ.Intro. to Econ.
Intro. to Econ.Corey Topf
 

Mais conteúdo relacionado

Mais procurados

Squire Technologies: Media Gateway
Squire Technologies: Media GatewaySquire Technologies: Media Gateway
Squire Technologies: Media GatewaySquire Technologies
 
Positive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshopPositive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshopPositive Hack Days
 
Introduction into SIP protocol
Introduction into SIP protocolIntroduction into SIP protocol
Introduction into SIP protocolMichal Hrncirik
 
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...Positive Hack Days
 
Introduction to VoIP, RTP and SIP
Introduction to VoIP, RTP and SIP Introduction to VoIP, RTP and SIP
Introduction to VoIP, RTP and SIP ThousandEyes
 
Preventing Autonomous System against IP Source Address Spoofing: (PASIPS) A N...
Preventing Autonomous System against IP Source Address Spoofing: (PASIPS) A N...Preventing Autonomous System against IP Source Address Spoofing: (PASIPS) A N...
Preventing Autonomous System against IP Source Address Spoofing: (PASIPS) A N...IDES Editor
 
Voice over Internet Protocol (VoIP) using Asterisk
Voice over Internet Protocol (VoIP) using AsteriskVoice over Internet Protocol (VoIP) using Asterisk
Voice over Internet Protocol (VoIP) using AsteriskSameer Verma
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikPositive Hack Days
 
LinuxCon North America: SIPPing from the Open Source Well
LinuxCon North America: SIPPing from the Open Source WellLinuxCon North America: SIPPing from the Open Source Well
LinuxCon North America: SIPPing from the Open Source WellMatt Bynum
 
Hacking Telco equipment: The HLR/HSS, by Laurent Ghigonis
Hacking Telco equipment: The HLR/HSS, by Laurent GhigonisHacking Telco equipment: The HLR/HSS, by Laurent Ghigonis
Hacking Telco equipment: The HLR/HSS, by Laurent GhigonisP1Security
 
Sinnreich Henry Johnston Alan Pt 1
Sinnreich Henry Johnston Alan Pt 1Sinnreich Henry Johnston Alan Pt 1
Sinnreich Henry Johnston Alan Pt 1Carl Ford
 

Mais procurados (20)

Introduction to VoIP Security
Introduction to VoIP SecurityIntroduction to VoIP Security
Introduction to VoIP Security
 
Sip
SipSip
Sip
 
Sip crash course
Sip crash courseSip crash course
Sip crash course
 
Squire Technologies: Media Gateway
Squire Technologies: Media GatewaySquire Technologies: Media Gateway
Squire Technologies: Media Gateway
 
100197
100197100197
100197
 
Aboutsip - SIP Routing
Aboutsip - SIP RoutingAboutsip - SIP Routing
Aboutsip - SIP Routing
 
Positive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshopPositive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshop
 
Introduction into SIP protocol
Introduction into SIP protocolIntroduction into SIP protocol
Introduction into SIP protocol
 
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...
 
Introduction to VoIP, RTP and SIP
Introduction to VoIP, RTP and SIP Introduction to VoIP, RTP and SIP
Introduction to VoIP, RTP and SIP
 
Meletis Belsis - Voip security
Meletis Belsis - Voip securityMeletis Belsis - Voip security
Meletis Belsis - Voip security
 
Preventing Autonomous System against IP Source Address Spoofing: (PASIPS) A N...
Preventing Autonomous System against IP Source Address Spoofing: (PASIPS) A N...Preventing Autonomous System against IP Source Address Spoofing: (PASIPS) A N...
Preventing Autonomous System against IP Source Address Spoofing: (PASIPS) A N...
 
Voice over Internet Protocol (VoIP) using Asterisk
Voice over Internet Protocol (VoIP) using AsteriskVoice over Internet Protocol (VoIP) using Asterisk
Voice over Internet Protocol (VoIP) using Asterisk
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey Gordeychik
 
Number one-issue-voip-today-fraud
Number one-issue-voip-today-fraudNumber one-issue-voip-today-fraud
Number one-issue-voip-today-fraud
 
LinuxCon North America: SIPPing from the Open Source Well
LinuxCon North America: SIPPing from the Open Source WellLinuxCon North America: SIPPing from the Open Source Well
LinuxCon North America: SIPPing from the Open Source Well
 
No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014
 
Hacking Telco equipment: The HLR/HSS, by Laurent Ghigonis
Hacking Telco equipment: The HLR/HSS, by Laurent GhigonisHacking Telco equipment: The HLR/HSS, by Laurent Ghigonis
Hacking Telco equipment: The HLR/HSS, by Laurent Ghigonis
 
Sinnreich Henry Johnston Alan Pt 1
Sinnreich Henry Johnston Alan Pt 1Sinnreich Henry Johnston Alan Pt 1
Sinnreich Henry Johnston Alan Pt 1
 
NAT Scneario
NAT ScnearioNAT Scneario
NAT Scneario
 

Destaque

Week 13 Sponges
Week 13 SpongesWeek 13 Sponges
Week 13 SpongesCorey Topf
 
Intro. to Econ.
Intro. to Econ.Intro. to Econ.
Intro. to Econ.Corey Topf
 
Daniela delgadoted talk
Daniela delgadoted talkDaniela delgadoted talk
Daniela delgadoted talkCorey Topf
 
Techo Club Freshmen
Techo Club FreshmenTecho Club Freshmen
Techo Club FreshmenCorey Topf
 
Vocab lang&masscomm
Vocab lang&masscommVocab lang&masscomm
Vocab lang&masscommCorey Topf
 
Interoperability frameworks
Interoperability frameworksInteroperability frameworks
Interoperability frameworksStevenSegaert
 
Quick Quiz Week6
Quick Quiz Week6Quick Quiz Week6
Quick Quiz Week6Corey Topf
 
Iad2 0809 Q3 Hoorcollege 1 Typen Navigatie En Patronen
Iad2 0809 Q3 Hoorcollege 1 Typen Navigatie En PatronenIad2 0809 Q3 Hoorcollege 1 Typen Navigatie En Patronen
Iad2 0809 Q3 Hoorcollege 1 Typen Navigatie En PatronenHans Kemp
 
User Created Content, deel III
User Created Content, deel IIIUser Created Content, deel III
User Created Content, deel IIISanoma Netherlands
 
1011q1 design for mobile les 1 the carry principle
1011q1 design for mobile les 1 the carry principle1011q1 design for mobile les 1 the carry principle
1011q1 design for mobile les 1 the carry principleHans Kemp
 
Tips for Using Semi-Colons
Tips for Using Semi-ColonsTips for Using Semi-Colons
Tips for Using Semi-ColonsCorey Topf
 
Week 14 Sponges
Week 14 SpongesWeek 14 Sponges
Week 14 SpongesCorey Topf
 
Week 6 Sponges
Week 6 SpongesWeek 6 Sponges
Week 6 SpongesCorey Topf
 
Unit 3.6 income distribution
Unit 3.6 income distributionUnit 3.6 income distribution
Unit 3.6 income distributionCorey Topf
 
Iadd2 0910 Q2 Information Architecture And Navigation
Iadd2 0910 Q2 Information Architecture And NavigationIadd2 0910 Q2 Information Architecture And Navigation
Iadd2 0910 Q2 Information Architecture And NavigationHans Kemp
 
Iad1 0809Q2 Hoorcollege2
Iad1 0809Q2 Hoorcollege2Iad1 0809Q2 Hoorcollege2
Iad1 0809Q2 Hoorcollege2Hans Kemp
 

Destaque (20)

Week 13 Sponges
Week 13 SpongesWeek 13 Sponges
Week 13 Sponges
 
Intro. to Econ.
Intro. to Econ.Intro. to Econ.
Intro. to Econ.
 
Daniela delgadoted talk
Daniela delgadoted talkDaniela delgadoted talk
Daniela delgadoted talk
 
Techo sept.5
Techo sept.5Techo sept.5
Techo sept.5
 
Techo Club Freshmen
Techo Club FreshmenTecho Club Freshmen
Techo Club Freshmen
 
Vocab lang&masscomm
Vocab lang&masscommVocab lang&masscomm
Vocab lang&masscomm
 
Interoperability frameworks
Interoperability frameworksInteroperability frameworks
Interoperability frameworks
 
Quick Quiz Week6
Quick Quiz Week6Quick Quiz Week6
Quick Quiz Week6
 
Iad2 0809 Q3 Hoorcollege 1 Typen Navigatie En Patronen
Iad2 0809 Q3 Hoorcollege 1 Typen Navigatie En PatronenIad2 0809 Q3 Hoorcollege 1 Typen Navigatie En Patronen
Iad2 0809 Q3 Hoorcollege 1 Typen Navigatie En Patronen
 
User Created Content, deel III
User Created Content, deel IIIUser Created Content, deel III
User Created Content, deel III
 
1011q1 design for mobile les 1 the carry principle
1011q1 design for mobile les 1 the carry principle1011q1 design for mobile les 1 the carry principle
1011q1 design for mobile les 1 the carry principle
 
Tips for Using Semi-Colons
Tips for Using Semi-ColonsTips for Using Semi-Colons
Tips for Using Semi-Colons
 
Incroyable
IncroyableIncroyable
Incroyable
 
Week 14 Sponges
Week 14 SpongesWeek 14 Sponges
Week 14 Sponges
 
Week 6 Sponges
Week 6 SpongesWeek 6 Sponges
Week 6 Sponges
 
Adult learning
Adult learningAdult learning
Adult learning
 
Unit 3.6 income distribution
Unit 3.6 income distributionUnit 3.6 income distribution
Unit 3.6 income distribution
 
Ict lab
Ict labIct lab
Ict lab
 
Iadd2 0910 Q2 Information Architecture And Navigation
Iadd2 0910 Q2 Information Architecture And NavigationIadd2 0910 Q2 Information Architecture And Navigation
Iadd2 0910 Q2 Information Architecture And Navigation
 
Iad1 0809Q2 Hoorcollege2
Iad1 0809Q2 Hoorcollege2Iad1 0809Q2 Hoorcollege2
Iad1 0809Q2 Hoorcollege2
 

Semelhante a #MoreCrypto : Introduction to TLS

#Morecrypto 1.8 - with introduction to TLS
#Morecrypto 1.8 - with introduction to TLS#Morecrypto 1.8 - with introduction to TLS
#Morecrypto 1.8 - with introduction to TLSOlle E Johansson
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applicationsArash Ramez
 
#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2Olle E Johansson
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureInformation Technology
 
020618 Why Do we Need HTTPS
020618 Why Do we Need HTTPS020618 Why Do we Need HTTPS
020618 Why Do we Need HTTPSJackio Kwok
 
TLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured CommunicationsTLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured CommunicationsNitin Ramesh
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitToni de la Fuente
 
15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki conceptMostafa El Lathy
 
I would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdfI would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdfJUSTSTYLISH3B2MOHALI
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificatesStephane Potier
 
Cisco iso based CA (certificate authority)
Cisco iso based CA (certificate authority)Cisco iso based CA (certificate authority)
Cisco iso based CA (certificate authority)Netwax Lab
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layerBU
 
Internet Security Basics
Internet Security BasicsInternet Security Basics
Internet Security BasicsBipin Jethwani
 
Steam Learn: HTTPS and certificates explained
Steam Learn: HTTPS and certificates explainedSteam Learn: HTTPS and certificates explained
Steam Learn: HTTPS and certificates explainedinovia
 
Microservices Security landscape
Microservices Security landscapeMicroservices Security landscape
Microservices Security landscapeSagara Gunathunga
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and ApplicationsSvetlin Nakov
 

Semelhante a #MoreCrypto : Introduction to TLS (20)

#Morecrypto 1.8 - with introduction to TLS
#Morecrypto 1.8 - with introduction to TLS#Morecrypto 1.8 - with introduction to TLS
#Morecrypto 1.8 - with introduction to TLS
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applications
 
#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key Infrastructure
 
020618 Why Do we Need HTTPS
020618 Why Do we Need HTTPS020618 Why Do we Need HTTPS
020618 Why Do we Need HTTPS
 
TLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured CommunicationsTLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured Communications
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transit
 
15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept
 
I would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdfI would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdf
 
PKI & SSL
PKI & SSLPKI & SSL
PKI & SSL
 
1165839977.pptx
1165839977.pptx1165839977.pptx
1165839977.pptx
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificates
 
Cisco iso based CA (certificate authority)
Cisco iso based CA (certificate authority)Cisco iso based CA (certificate authority)
Cisco iso based CA (certificate authority)
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
Internet Security Basics
Internet Security BasicsInternet Security Basics
Internet Security Basics
 
ch17.ppt
ch17.pptch17.ppt
ch17.ppt
 
unit6.ppt
unit6.pptunit6.ppt
unit6.ppt
 
Steam Learn: HTTPS and certificates explained
Steam Learn: HTTPS and certificates explainedSteam Learn: HTTPS and certificates explained
Steam Learn: HTTPS and certificates explained
 
Microservices Security landscape
Microservices Security landscapeMicroservices Security landscape
Microservices Security landscape
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and Applications
 

Mais de Olle E Johansson

Cybernode.se: Securing the software supply chain (CRA)
Cybernode.se: Securing the software supply chain (CRA)Cybernode.se: Securing the software supply chain (CRA)
Cybernode.se: Securing the software supply chain (CRA)Olle E Johansson
 
CRA - overview of vulnerability handling
CRA - overview of vulnerability handlingCRA - overview of vulnerability handling
CRA - overview of vulnerability handlingOlle E Johansson
 
Introduction to the proposed EU cyber resilience act (CRA)
Introduction to the proposed EU cyber resilience act (CRA)Introduction to the proposed EU cyber resilience act (CRA)
Introduction to the proposed EU cyber resilience act (CRA)Olle E Johansson
 
The birth and death of PSTN
The birth and death of PSTNThe birth and death of PSTN
The birth and death of PSTNOlle E Johansson
 
WebRTC and Janus intro for FOSS Stockholm January 2019
WebRTC and Janus intro for FOSS Stockholm January 2019WebRTC and Janus intro for FOSS Stockholm January 2019
WebRTC and Janus intro for FOSS Stockholm January 2019Olle E Johansson
 
Kamailio World 2018: Having fun with new stuff
Kamailio World 2018: Having fun with new stuffKamailio World 2018: Having fun with new stuff
Kamailio World 2018: Having fun with new stuffOlle E Johansson
 
Realtime communication over a dual stack network
Realtime communication over a dual stack networkRealtime communication over a dual stack network
Realtime communication over a dual stack networkOlle E Johansson
 
The Realtime Story - part 2
The Realtime Story - part 2The Realtime Story - part 2
The Realtime Story - part 2Olle E Johansson
 
Sip2016 - a talk at VOIP2DAY 2016
Sip2016 - a talk at VOIP2DAY 2016Sip2016 - a talk at VOIP2DAY 2016
Sip2016 - a talk at VOIP2DAY 2016Olle E Johansson
 
Sips must die, die, die - about TLS usage in the SIP protocol
Sips must die, die, die - about TLS usage in the SIP protocolSips must die, die, die - about TLS usage in the SIP protocol
Sips must die, die, die - about TLS usage in the SIP protocolOlle E Johansson
 
SIP :: Half outbound (random notes)
SIP :: Half outbound (random notes)SIP :: Half outbound (random notes)
SIP :: Half outbound (random notes)Olle E Johansson
 
Kamailio World 2016: Update your SIP!
Kamailio World 2016: Update your SIP!Kamailio World 2016: Update your SIP!
Kamailio World 2016: Update your SIP!Olle E Johansson
 
SIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer worldSIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer worldOlle E Johansson
 
Tio tester av TLS - Transport Layer Security (TLS-O-MATIC.COM)
Tio tester av TLS - Transport Layer Security (TLS-O-MATIC.COM)Tio tester av TLS - Transport Layer Security (TLS-O-MATIC.COM)
Tio tester av TLS - Transport Layer Security (TLS-O-MATIC.COM)Olle E Johansson
 
2015 update: SIP and IPv6 issues - staying Happy in SIP
2015 update: SIP and IPv6 issues - staying Happy in SIP2015 update: SIP and IPv6 issues - staying Happy in SIP
2015 update: SIP and IPv6 issues - staying Happy in SIPOlle E Johansson
 
TCP/IP Geeks Stockholm :: Introduction to IPv6
TCP/IP Geeks Stockholm :: Introduction to IPv6TCP/IP Geeks Stockholm :: Introduction to IPv6
TCP/IP Geeks Stockholm :: Introduction to IPv6Olle E Johansson
 
Why is Kamailio so different? An introduction.
Why is Kamailio so different? An introduction.Why is Kamailio so different? An introduction.
Why is Kamailio so different? An introduction.Olle E Johansson
 
RFC 7435 - Opportunistic security - Some protection most of the time
RFC 7435 - Opportunistic security - Some protection most of the timeRFC 7435 - Opportunistic security - Some protection most of the time
RFC 7435 - Opportunistic security - Some protection most of the timeOlle E Johansson
 

Mais de Olle E Johansson (20)

Cybernode.se: Securing the software supply chain (CRA)
Cybernode.se: Securing the software supply chain (CRA)Cybernode.se: Securing the software supply chain (CRA)
Cybernode.se: Securing the software supply chain (CRA)
 
CRA - overview of vulnerability handling
CRA - overview of vulnerability handlingCRA - overview of vulnerability handling
CRA - overview of vulnerability handling
 
Introduction to the proposed EU cyber resilience act (CRA)
Introduction to the proposed EU cyber resilience act (CRA)Introduction to the proposed EU cyber resilience act (CRA)
Introduction to the proposed EU cyber resilience act (CRA)
 
The birth and death of PSTN
The birth and death of PSTNThe birth and death of PSTN
The birth and death of PSTN
 
WebRTC and Janus intro for FOSS Stockholm January 2019
WebRTC and Janus intro for FOSS Stockholm January 2019WebRTC and Janus intro for FOSS Stockholm January 2019
WebRTC and Janus intro for FOSS Stockholm January 2019
 
Kamailio World 2018: Having fun with new stuff
Kamailio World 2018: Having fun with new stuffKamailio World 2018: Having fun with new stuff
Kamailio World 2018: Having fun with new stuff
 
Kamailio on air
Kamailio on airKamailio on air
Kamailio on air
 
Webrtc overview
Webrtc overviewWebrtc overview
Webrtc overview
 
Realtime communication over a dual stack network
Realtime communication over a dual stack networkRealtime communication over a dual stack network
Realtime communication over a dual stack network
 
The Realtime Story - part 2
The Realtime Story - part 2The Realtime Story - part 2
The Realtime Story - part 2
 
Sip2016 - a talk at VOIP2DAY 2016
Sip2016 - a talk at VOIP2DAY 2016Sip2016 - a talk at VOIP2DAY 2016
Sip2016 - a talk at VOIP2DAY 2016
 
Sips must die, die, die - about TLS usage in the SIP protocol
Sips must die, die, die - about TLS usage in the SIP protocolSips must die, die, die - about TLS usage in the SIP protocol
Sips must die, die, die - about TLS usage in the SIP protocol
 
SIP :: Half outbound (random notes)
SIP :: Half outbound (random notes)SIP :: Half outbound (random notes)
SIP :: Half outbound (random notes)
 
Kamailio World 2016: Update your SIP!
Kamailio World 2016: Update your SIP!Kamailio World 2016: Update your SIP!
Kamailio World 2016: Update your SIP!
 
SIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer worldSIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer world
 
Tio tester av TLS - Transport Layer Security (TLS-O-MATIC.COM)
Tio tester av TLS - Transport Layer Security (TLS-O-MATIC.COM)Tio tester av TLS - Transport Layer Security (TLS-O-MATIC.COM)
Tio tester av TLS - Transport Layer Security (TLS-O-MATIC.COM)
 
2015 update: SIP and IPv6 issues - staying Happy in SIP
2015 update: SIP and IPv6 issues - staying Happy in SIP2015 update: SIP and IPv6 issues - staying Happy in SIP
2015 update: SIP and IPv6 issues - staying Happy in SIP
 
TCP/IP Geeks Stockholm :: Introduction to IPv6
TCP/IP Geeks Stockholm :: Introduction to IPv6TCP/IP Geeks Stockholm :: Introduction to IPv6
TCP/IP Geeks Stockholm :: Introduction to IPv6
 
Why is Kamailio so different? An introduction.
Why is Kamailio so different? An introduction.Why is Kamailio so different? An introduction.
Why is Kamailio so different? An introduction.
 
RFC 7435 - Opportunistic security - Some protection most of the time
RFC 7435 - Opportunistic security - Some protection most of the timeRFC 7435 - Opportunistic security - Some protection most of the time
RFC 7435 - Opportunistic security - Some protection most of the time
 

Último

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 

Último (20)

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 

#MoreCrypto : Introduction to TLS

  • 1. TLS in five minutes #MeraKrypto @oej * oej@edvina.net
 v 1.1 2014-05-06
  • 3. #MoreCrypto TLS is an important tool TLS Transport
 Layer
 Security TLS provides confidentiality, identity
 and integrity to Internet communication. TLS is used in HTTPS:// web pages, but can also be used from applications on a computer as well as a cell phone. TLS is based on SSL, that was a provider-specific technology. TLS is maintained by the IETF and is still being improved.
  • 4. TLS basics in a minute • TLS use a keypair to set up a secure connection • Assymetric encryption • The server sends the public key at connection • The client challenges the server • The server responds to the challenge using the server private key • Now the client knows that the server has the private key that matches the public key private
  • 5. TLS Usage • TLS is used for • authentication of servers and clients • initiating encryption of a session • digital signatures on messages to ensure integrity and provide authentication Authentication Who are you? Prove it! Encryption Providing confidentiality Integrity Making sure that the receiver get what the sender sent
  • 6. Adding a certificate to the mix • A certificate is nothing more complicated than a passport or an ID card • It contains the public key and some administrative data • And is signed (electronically) by someone you might trust ... or not. • This is part of the complex structure called PKI, which you might want or just disregard • A PKI is not needed to get encryption for the signalling path! • You can however use a PKI to only set up connections that you trust
  • 7. The X.509v3 certificate • An X.509 certificate is the standardised way to
 bind a public key to an identity • The certificate is issued by a 
 Certification Authority (CA) • The most important component of the PKI? • An X.509 certificate is an 
 electronic document with a specific layout ! • Standard: documented in IETF PKIX RFC:s Version Serial number Issuer identity Validity period User identity Public key Extension fields
  • 8. X509.v3
 contents • Version number • Certificate serial number
 Used for validation • Identity of the issuer • Validity period • Identity of the public key owner • Public key • Extension fields • A digital signature, created by the issuer Internet
 Explorer
 Certificate
 Manager
  • 9. SIP certificates • SubjectAltName contains a list of identities that are valid for this certificate • draft-ietf-certs outlines a SIP event package to distribute and manage certificates • This is based on the Authentication Service in SIP identity (RFC 4474) • The domain cert is used to sign the NOTIFY payload
  • 10. x.509 cert for SIP Certificate: Data: Version: 3 (0x2) Serial Number: 01:08:00:79:00:15:00:43 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=California, L=San Jose, O=sipit, OU=SipitTest Certificate Authority Validity Not Before: Sep 16 17:17:00 2009 GMT Not After : Sep 15 17:17:00 2012 GMT Subject: C=US, ST=California, L=San Jose, O=sipit, CN=tls6.test.sipit.net Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:a7:96:65:6e:b6:ba:3a:48:a1:bd:a3:ae:21:dc: a8:92:97:3c:43:ea:24:e6:9f:93:2f:61:7e:d3:2d: 30:1e:21:42:b9:d6:59:87:f1:b1:f8:c8:39:8e:43: 64:9a:31:2c:18:3d:cd:d8:03:64:bb:14:38:44:05: 20:30:d8:e1:db:a7:4d:c3:47:a2:49:73:d1:10:ed: 2f:cf:74:26:57:91:64:af:b0:f2:5d:3f:88:9f:df: 65:6c:ba:65:3f:66:99:52:6b:20:d2:0e:e3:65:18: b1:8e:3d:ca:f2:4a:45:c5:4d:85:ef:82:54:f8:54: 54:db:96:90:9b:c5:1b:2a:1e:60:3c:43:71:55:60: 30:93:8f:fd:d8:d9:3d:a1:32:e3:56:4b:e2:73:b6: cc:18:93:8a:d8:8b:68:81:c7:fd:cd:d5:dc:4c:a2: 86:61:9f:ad:d0:b1:d3:3c:4c:6c:07:54:b2:43:b4: a7:0a:0a:f2:e3:6d:12:43:16:70:63:c9:e9:1a:78: 66:9d:ee:30:94:7b:ab:f2:e9:67:4a:66:6d:8c:ed: a8:a4:98:51:77:0b:a7:60:55:73:85:87:4a:57:6b: 24:fe:27:00:02:79:70:da:5a:45:ad:aa:3d:d5:40: 5b:5c:85:63:93:56:af:c7:e8:e3:b6:1a:25:b6:a2: 2d:37 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Alternative Name: DNS:test.sipit.net, DNS:tls6.test.sipit.net, URI:sip:tls6.test.sipit.net X509v3 Basic Constraints: CA:FALSE X509v3 Subject Key Identifier: 27:F7:A9:96:F5:B2:8F:0B:5E:A9:C7:F5:0F:AC:3D:AB:3D:8D:F0:30 Signature Algorithm: sha1WithRSAEncryption 1a:fe:1f:af:86:99:82:e5:14:97:8d:64:9a:d1:5c:ea:6c:96: f5:c6:0c:7d:20:5f:4e:70:05:24:3a:de:b5:b9:cf:66:8d:4c: 74:d5:6a:a9:52:74:17:bc:b4:79:a0:58:32:78:a9:70:7c:6a: 15:ac:07:29:77:13:06:55:53:3f:0b:4c:3d:da:55:6e:ad:74: 56:01:55:c8:4c:19:8d:06:0b:f3:4c:04:d5:9a:6f:44:ad:7a: fd:3b:aa:e8:4b:84:6e:f1:c4:34:f4:a0:6a:f6:81:ae:74:b4: 46:6e:b9:2f:a6:59:f1:02:e9:58:7c:a1:8d:08:31:2b:39:ee: eb:7e Subject: C=US, ST=California, L=San Jose, O=sipit, CN=tls6.test.sipit.net X509v3 Subject Alternative Name: DNS:test.sipit.net, DNS:tls6.test.sipit.net, URI:sip:tls6.test.sipit.net
  • 11. Process for a server Generate
 Keys Pack public key
 in CSR Send CSR
 to CA CA validate
 process CA issues 
 Certificate Install cert
 in server with
 private key
  • 12. Client connection Open TCP
 connection Server sends
 certificate Client
 challenge server Server answers
 challenge Client validates
 certificate Server can issue
 cert request Client and server produce session key Symmetric encryption starts
  • 13. Protocol specifics • Given a protocol request - how do we match the request address to a certificate • SIP Uri, E-mail address, HTTPS uri
  • 14. User specifics • Which CAs do we trust? • How do we check validity of certificate, even if we trust the CA? • Do we have time for validation?
  • 15. New solutions • Anchoring the certificate in DNS • Validating the certificate in DNS • No certificate - bare keys • Oppurtunistic Security with TLS