Presented by

Muhammad Luqmal NulHakim Bin RosliProgram :

Bachelor Degree Of Computer Network SecurityMatric No :

BTBL17046729Supervisor :

Dr Mohd Fadzil Bin Abdul Kadir

In a Modern Network, the current internet environment without integrating with security mechanisms has a number of security problems and lacks effective protection over the network.

Security for network transmission become a vital aspect because majority security risks occur while conducting business on the network.

The very important things to focus on sending emails, store documents, serve information, or transmitted the data that contains sensitive, confidential and personal

information is on the security through the network.

USER SERVER

Authors/Years Title Method Advantages disadvantages

Manjuprasad, B.,

and Andhe

Dharani

2014

Simple Secure

Protocol for

Wireless Sensor

Networks.

Very Simple Secure

Protocol

• Less complex

• More secure

• More efficient

• More reliability

• Use strong

algorithm

• Have COUNTER

• Has one protocol

• Not all the web

browsers

support vssp

Efi Merdler Creating a

secure channel

Very simple

secure protocol

• More efficient

• More reliability

• Have

COUNTER

Krawczyk, Hugo,

Kenneth G.

Paterson, and

Hoeteck Wee

On the security of

the TLS protocol:

A systematic

analysis." Annual Cryptology Conference

Transport layer

Security

• Provide

communication

security

between client

and server

• More secure

compare to SSL

• Complex

protocol

Wesley Chou

2002

"Inside SSL: the

secure sockets

layer protocol

Secure socket

layer

• Less complex

• 2 protocol

(handshake and

record

protocol)

• Use simple

algorithm

• All crucial web

browsers

support SSL

• Not too secure

• Need to use

TLS for

improved

security and to

avoid

vulnerabilities.

Very simple secure protocol Secure socket layer Transport layer security

• Located above TCP/IP layer

(above application layer)

▪ Located between application

layer and transport layer❖ Located at top of transport layer

• Authentication uses Public Key Infrastructure(PKI), in example, certificate and only support server authentication

▪ 2 type of authentication which is server authentication and client authentication

• The PRF expands the preMaster into a new random value called the masterKey

▪ To create master card, the message digest of the pre-master

❖ Uses pseudorandom to generate master secret

• Use strong algorithm ▪ Use simple algorithm ❖ A complex protocol

Client

Server

Sending file • Handshaker protocol phase (3 phases)➢ Phase 1 : client and server

connect each other➢ Phase 2 : key exchange➢ Phase 3 : client and server

disconnect • Data transfer (segment into vssp

packet)✓ Compression (reduce the total

size)✓ Counter (avoid from retransmit

the same vssp packet)• Closure

❑ Avoid a situation where the truncation attack

Very simple secure protocol process

Receive file

TLS

• Manjuprasad, B., and Andhe Dharani. "Simple Secure Protocol for Wireless

Sensor Networks." 2014 World Congress on Computing and Communication

Technologies. IEEE, 2014.

• Efi Merdler (MAY 24, 2008). Creating a secure channel. Retrieved from

https://www.codeproject.com/Articles/26332/Creating-a-secure-channel

• Bhiogade, Mittal S. "Secure socket layer." Computer Science and Information

Technology Education Conference. 2002.

• Katz, Jonathan, Steven Myers, and Rafail Ostrovsky. "Cryptographic counters and

applications to electronic voting." International Conference on the Theory and

Applications of Cryptographic Techniques. Springer, Berlin, Heidelberg, 2001.

• TechDifferences (September 9, 2017). Difference between SSL and TLS. Retrieved

from https://techdifferences.com/difference-between-ssl-and-tls.html

• GlobalSign Blog (July 7, 2016). SSL vs. TLS - What's the Difference. Retrieved from

https://www.globalsign.com/en/blog/ssl-vs-tls-difference/

• Chou, Wesley. "Inside SSL: the secure sockets layer protocol." IT professional 4.4

(2002): 47-52.

• Rescorla, Eric. SSL and TLS: designing and building secure systems.

Vol. 1. Reading: Addison-Wesley, 2001.

• Oppliger, Rolf. SSL and TLS: Theory and Practice. Artech House,

2016.

• Krawczyk, Hugo, Kenneth G. Paterson, and Hoeteck Wee. "On the

security of the TLS protocol: A systematic analysis." Annual

Cryptology Conference. Springer, Berlin, Heidelberg, 2013.

Presented by

Muhammad Luqmal NulHakim Bin RosliProgram :

Bachelor Degree Of Computer Network SecurityMatric No :

BTBL17046729Supervisor :

Dr Mohd Fadzil Bin Abdul Kadir

Encipher Decipher

Local Area Network

Public key Private key

Cipher text

Plaintext Plaintext

Request connection

Accept connection

Data transfer phase

Request disconnection

Accept disconnection

Handshake phase

Closure

Client Server

Handshake

Data transfer

Closure

Phase 1

• Client message initiates the connection

• Its contains 2 parameter which are random value and list of supported suites

• Server replies with its own message

• Its contains 3 parameters which are random value, chosen suite and certificate

Phase 2

• Encrypt a shared secret (private key)

• Client encrypt a shared secret using the public key

• Sends it to the server• Final key used to

initialize the algorithm that were define in chosen suite.

Data transfer phase

• Data segmented into vssp packet

• Each packet has a header, payload, and a digest

• Header contains

• VSSP magic number

• VSSP version

• Message type

• Data size

• Compression used in order to reduce total size of the

packet

• Counters used to avoid retransmit the same VSSP packet

• If the message receive, the receive counter increased by

1

• When the message send, the send counter increased by 1

• Start/Run server

application

• Receive encrypted

message

• Decrypted encrypted

message using private key

• Get original message

• Exchange key with private

key and random number

• Encrypted message with

public key

• Send encrypted message

Client Server