MTU Cork Library Catalogue

Syndetics cover image
Image from Syndetics

SSL and TLS essentials : securing the web / Stephen A. Thomas.

By: Thomas, Stephen A, 1962-.
Material type: materialTypeLabelBookPublisher: New York ; Chichester : Wiley, 2000Description: xiii, 197 p. : ill. ; 24 cm. + pbk.ISBN: 0471383546.Subject(s): Computer networks -- Security measures | World Wide Web -- Security measures | Computer network protocolsDDC classification: 005.8
Contents:
Introduction -- Basic Cryptography -- SSL Operation -- Message Formats -- Advanced SSL.
Holdings
Item type Current library Call number Copy number Status Date due Barcode Item holds
General Lending MTU Bishopstown Library Lending 005.8 (Browse shelf(Opens below)) 1 Available 00075289
Total holds: 0

Enhanced descriptions from Syndetics:

"Great writing . . . a clear introduction to the most widely deployed security technology in the Internet."-Paul Lambert, former co-chair of IETF IPSEC working group

The Secure Sockets Layer (SSL) and Transport Layer Security(TLS) protocols form the foundation for e-commerce security on the World Wide Web, verifying the authenticity of Web sites, encrypting the transfer of sensitive data, and ensuring the integrity of information exchanged. Now-for the first time the details of these critical security protocols are available in a complete, clear, and concise reference. SSL and TLS Essentials provides complete documentation of the SSL and TLS protocols, including advanced and proprietary extensions never before published. The book thoroughly covers the protocols in operation, including the contents of their messages, message formats, and the cryptographic calculations used to construct them. The text also includes an introduction to cryptography and an explanation of X.509 public key certificates. Stephen Thomas, author of IPng and the TCP/IP Protocols, presents this complex material in a clear and reader-friendly manner. The book includes more than 80 figures and illustrations to supplement its text, and it describes SSL in the context of real-world, practical applications. Readers will immediately understand not only the academic principles behind he security protocols, but how those principles apply to their own network security challenges.

The book includes:
* Full details of Netscape's SSL and the IETF's TLS protocols, with differences between the two clearl highlighted and explained
* A concise tutorial in cryptography
* Complete coverage of Netscape's International Step-Up and Microsoft's Server Gated Cryptography implementations
* A description of X.509 public key certificates
* Details on implementing backwards compatibility among previous versions of SSL and TLS
* A thorough security checklist with explanations of all known attacks on SSL implementations, along with appropriate countermeasures.

The CD-ROM contains convenient electronic versions of the book for:
* Windows(r) CE handheld computers
* Adobe(r) Acrobat Reader for PCs

Visit our Web site at www.wiley.com/compbooks/

Includes bibliographical references (pages 175-178) and index.

Introduction -- Basic Cryptography -- SSL Operation -- Message Formats -- Advanced SSL.

Table of contents provided by Syndetics

  • Chapter 1 Introduction (p. 1)
  • 1.1 Web Security and Electronic Commerce (p. 2)
  • 1.2 History of SSL and TLS (p. 4)
  • 1.3 Approaches to Network Security (p. 6)
  • 1.3.1 Separate Security Protocol (p. 8)
  • 1.3.2 Application-Specific Security (p. 9)
  • 1.3.3 Security within Core Protocols (p. 10)
  • 1.3.4 Parallel Security Protocol (p. 11)
  • 1.4 Protocol Limitations (p. 12)
  • 1.4.1 Fundamental Protocol Limitations (p. 12)
  • 1.4.2 Tool Limitations (p. 13)
  • 1.4.3 Environmental Limitations (p. 14)
  • 1.5 Organization of This Book (p. 14)
  • Chapter 2 Basic Cryptography (p. 17)
  • 2.1 Using Crytography (p. 18)
  • 2.1.1 Keeping Secrets (p. 18)
  • 2.1.2 Proving Identity (p. 19)
  • 2.1.3 Verifying Information (p. 20)
  • 2.2 Types of Cryptography (p. 21)
  • 2.2.1 Secret Key Cryptography (p. 22)
  • 2.2.2 Public Key Cryptography (p. 24)
  • 2.2.3 Combining Secret and Public Key Cryptography (p. 27)
  • 2.3 Key Management (p. 29)
  • 2.3.1 Public Key Certificates (p. 29)
  • 2.3.2 Certificate Authorities (p. 31)
  • 2.3.3 Certificate Hierarchies (p. 33)
  • 2.3.4 Certificate Revocation Lists (p. 35)
  • Chapter 3 SSL Operation (p. 37)
  • 3.1 SSL Roles (p. 37)
  • 3.2 SSL Messages (p. 38)
  • 3.3 Establishing Encrypted Communications (p. 39)
  • 3.3.1 ClientHello (p. 41)
  • 3.3.2 ServerHello (p. 43)
  • 3.3.3 ServerKeyExchange (p. 45)
  • 3.3.4 ServerHelloDone (p. 45)
  • 3.3.5 ClientKeyExchange (p. 45)
  • 3.3.6 ChangeCipherSpec (p. 46)
  • 3.3.7 Finished (p. 51)
  • 3.4 Ending Secure Communications (p. 52)
  • 3.5 Authenticating the Server's Identity (p. 52)
  • 3.5.1 Certificate (p. 55)
  • 3.5.2 ClientKeyExchange (p. 56)
  • 3.6 Separating Encryption from Authentication (p. 56)
  • 3.6.1 Certificate (p. 59)
  • 3.6.2 ServerKeyExchange (p. 59)
  • 3.6.3 ClientKeyExchange (p. 59)
  • 3.7 Authenticating the Client's Identity (p. 60)
  • 3.7.1 CertificateRequest (p. 61)
  • 3.7.2 Certificate (p. 62)
  • 3.7.3 CertificateVerify (p. 63)
  • 3.8 Resuming a Previous Session (p. 64)
  • Chapter 4 Message Formats (p. 67)
  • 4.1 Transport Requirements (p. 68)
  • 4.2 Record Layer (p. 69)
  • 4.3 ChangeCipherSpec Protocol (p. 71)
  • 4.4 Alert Protocol (p. 72)
  • 4.4.1 Severity Level (p. 72)
  • 4.4.2 Alert Description (p. 73)
  • 4.5 Handshake Protocol (p. 74)
  • 4.5.1 HelloRequest (p. 76)
  • 4.5.2 ClientHello (p. 77)
  • 4.5.3 ServerHello (p. 79)
  • 4.5.4 Certificate (p. 80)
  • 4.5.5 ServerKeyExchange (p. 81)
  • 4.5.6 CertificateRequest (p. 84)
  • 4.5.7 ServerHelloDone (p. 85)
  • 4.5.8 ClienKeyExchange (p. 85)
  • 4.5.9 Certificate Verify (p. 88)
  • 4.5.10 Finished (p. 90)
  • 4.6 Securing Messages (p. 92)
  • 4.6.1 Message Authentication Code (p. 93)
  • 4.6.2 Encryption (p. 95)
  • 4.6.3 Creating Cryptographic Parameters (p. 96)
  • 4.7 Cipher Suites (p. 102)
  • 4.7.1 Key Exchange Algorithms (p. 103)
  • 4.7.2 Encryption Algorithms (p. 104)
  • 4.7.3 Hash Algorithms (p. 104)
  • Chapter 5 Advanced SSL (p. 105)
  • 5.1 Compatibility with Previous Versions (p. 105)
  • 5.1.1 Negotiating SSL Versions (p. 106)
  • 5.1.2 SSL Version 2.0 ClientHello (p. 109)
  • 5.1.3 SSL Version 2.0 Cipher Suites (p. 110)
  • 5.2 Netscape International Step-Up (p. 111)
  • 5.2.1 Server Components (p. 112)
  • 5.2.2 Client Components (p. 112)
  • 5.2.3 Controlling Full-Strength Encryption (p. 113)
  • 5.3 Microsoft Server Gated Cryptography (p. 115)
  • 5.3.1 Server Gated Cryptography Certificates (p. 115)
  • 5.3.2 Cipher Suite Renegotiation (p. 115)
  • 5.4 The Transport Layer Security Protocol (p. 117)
  • 5.4.1 TLS Protocol Version (p. 118)
  • 5.4.2 Alert Protocol Message Types (p. 118)
  • 5.4.3 Message Authentication (p. 121)
  • 5.4.4 Key Material Generation (p. 123)
  • 5.4.5 Certificate Verify (p. 125)
  • 5.4.6 Finished (p. 126)
  • 5.4.7 Baseline Cipher Suites (p. 126)
  • 5.4.8 Interoperability with SSL (p. 128)
  • 5.5 The Future of SSL and TLS (p. 128)
  • Appendix A X.509 Certificates (p. 131)
  • A.1 X.509 Certificate Overview (p. 132)
  • A.1.1 Version (p. 132)
  • A.1.2 Serial Number (p. 133)
  • A.1.3 Algorithm Identifier (p. 133)
  • A.1.4 Issuer (p. 133)
  • A.1.5 Period of Validity (p. 133)
  • A.1.6 Subject (p. 134)
  • A.1.7 Subject's Public Key (p. 134)
  • A.1.8 Issuer Unique Identifier (p. 134)
  • A.1.9 Subject Unique Identifier (p. 134)
  • A.1.10 Extensions (p. 135)
  • A.1.11 Signature (p. 135)
  • A.2 Abstract Syntax Notation One (p. 135)
  • A.2.1 Primitive Objects (p. 136)
  • A.2.2 Constructed Objects (p. 136)
  • A.2.3 The Object Identifier Hierarchy (p. 137)
  • A.2.4 Tagging (p. 139)
  • A.2.5 Encoding Rules (p. 142)
  • A.3 X.509 Certificate Definition (p. 145)
  • A.3.1 The Certificate Object (p. 145)
  • A.3.2 The Version Object (p. 146)
  • A.3.3 The CertificateSerialNumber Object (p. 147)
  • A.3.4 The AlgorithmIdentifier Object (p. 147)
  • A.3.5 The Validity Object (p. 148)
  • A.3.6 The SubjectPublicKeyInfo Object (p. 148)
  • A.3.7 The Time Object (p. 149)
  • A.3.8 The Extensions Object (p. 149)
  • A.3.9 The UniqueIdentifier Object (p. 150)
  • A.3.10 The Name Object (p. 150)
  • A.4 Example Certificate (p. 152)
  • Appendix B SSL Security Checklist (p. 161)
  • B.1 Authentication Issues (p. 161)
  • B.1.1 Certificate Authority (p. 162)
  • B.1.2 Certificate Signature (p. 163)
  • B.1.3 Certificate Validity Times (p. 163)
  • B.1.4 Certificate Revocation Status (p. 163)
  • B.1.5 Certificate Subject (p. 163)
  • B.1.6 Diffie-Hellman Trapdoors (p. 164)
  • B.1.7 Algorithm Rollback (p. 164)
  • B.1.8 Dropped ChangeCipherSpec Messages (p. 165)
  • B.2 Encryption Issues (p. 166)
  • B.2.1 Encryption Key Size (p. 166)
  • B.2.2 Traffic Analysis (p. 167)
  • B.2.3 The Bleichenbacher Attack (p. 168)
  • B.3 General Issues (p. 170)
  • B.3.1 RSA Key Size (p. 170)
  • B.3.2 Version Rollback Attacks (p. 171)
  • B.3.3 Premature Closure (p. 171)
  • B.3.4 SessionID Values (p. 172)
  • B.3.5 Random Number Generation (p. 172)
  • B.3.6 Random Number Seeding (p. 173)
  • References (p. 175)
  • Protocol Standards (p. 175)
  • Certificate Formats (p. 176)
  • Cryptographic Algorithms (p. 177)
  • SSL Implementations (p. 178)
  • Glossary (p. 179)
  • Index (p. 191)

Author notes provided by Syndetics

STEPHEN THOMAS is CTO of TransNexus, a leading provider of e-commerce solutions for Internet telecommunications. He has been actively involved in Internet protocol development for nearly 20 years and has contributed to numerous Internet Drafts and RFCs. Thomas is also the author of IPng and the TCP/IP Protocols (also from Wiley).

Powered by Koha