Implementing SSL / TLS Using Cryptography and PKI
eBook - ePub

Implementing SSL / TLS Using Cryptography and PKI

  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

Implementing SSL / TLS Using Cryptography and PKI

About this book

Hands-on, practical guide to implementing SSL and TLS protocols for Internet security

If you are a network professional who knows C programming, this practical book is for you. Focused on how to implement Secure Socket Layer (SSL) and Transport Layer Security (TLS), this book guides you through all necessary steps, whether or not you have a working knowledge of cryptography. The book covers SSLv2, TLS 1.0, and TLS 1.2, including implementations of the relevant cryptographic protocols, secure hashing, certificate parsing, certificate generation, and more.

Coverage includes:

  • Understanding Internet Security
  • Protecting against Eavesdroppers with Symmetric Cryptography
  • Secure Key Exchange over an Insecure Medium with Public Key Cryptography
  • Authenticating Communications Using Digital Signatures
  • Creating a Network of Trust Using X.509 Certificates
  • A Usable, Secure Communications Protocol: Client-Side TLS
  • Adding Server-Side TLS 1.0 Support
  • Advanced SSL Topics
  • Adding TLS 1.2 Support to Your TLS Library
  • Other Applications of SSL
  • A Binary Representation of Integers: A Primer
  • Installing TCPDump and OpenSSL
  • Understanding the Pitfalls of SSLv2

Set up and launch a working implementation of SSL with this practical guide.

Trusted by 375,005 students

Access to over 1 million titles for a fair monthly price.

Study more efficiently using our study tools.

Information

Publisher
Wiley
Year
2011
Print ISBN
9780470920411
eBook ISBN
9781118038772
Edition
1
Topic
Computer Science
Subtopic
Cyber Security
Index
Computer Science
Chapter 1
Understanding Internet Security
How secure is the data that you transmit on the Internet? How vulnerable is your personal data to hackers? Even computer-literate, experienced programmers find it's hard to answer these questions with certainty. You probably know that standard encryption algorithms are used to protect data — you've likely heard of public-key algorithms such as RSA and DSA — and you may know that the U.S. government's Data Encryption Standard has been replaced by an Advanced Encryption Standard. Everybody knows about the lock icon in their browsers that indicates that the session is protected by HTTPS. You've most likely heard of PGP for e-mail security (even if you gave up on it after failing to convince your friends to use it).
In all likelihood, though, you've also heard of man in the middle attacks, timing attacks, side-channel attacks, and various other attacks that aim to compromise privacy and security. Anybody with a web browser has been presented with the ominous warning message that “This site's security cannot be trusted — either the certificate has expired, or it was issued by a certificate authority you have chosen not to trust.” Every week, you can read about some new zero-day exploit uncovered by security researchers that requires a round of frantic patching. As a professional programmer, you may feel you ought to know exactly what that means — yet trying to decipher these messages and determine whether you should really be worried or not takes you down the rabbit hole of IETF, PKCS, FIPS, NIST, ITU, and ASN. You may have tried to go straight to the source and read RFC 2246, which describes TLS, but you may have discovered, to your chagrin, that RFC 2246 presumes a background in symmetric cryptography, public-key cryptography, digital signature algorithms, and X.509 certificates. It's unclear where to even begin. Although there are a handful of books that describe SSL and “Internet Security,” none are targeted at the technically inclined reader who wants, or needs, to know the details.
A mantra among security professionals is that the average programmer doesn't understand security and should not be trusted with it until he verses himself in it. This is good, but ultimately unhelpful, advice. Where does one begin? What the security professionals are really trying to tell you is that, as a practitioner rather than a casual user, it's not enough to treat security as a black box or a binary property; you need to know what the security is doing and how it's doing it so that you know what you are and aren't protected against. This book was written for you — the professional programmer who understands the basics of security but wants to uncover the details without reading thousands of pages of dry technical specifications (only some of which are relevant).
This book begins by examining sockets and socket programming in brief. Afterward, it moves on to a detailed examination of cryptographic concepts and finally applies them to SSL/TLS, the current standard for Internet security. You examine what SSL/TLS does, what it doesn't do, and how it does it. After completing this book, you'll know exactly how and where SSL fits into an overall security strategy and you'll know what steps yet need to be taken, if any, to achieve additional security.

What Are Secure Sockets?

The Internet is a packet-switching network. This means that, for two hosts to communicate, they must packetize their data and submit it to a router with the destination address prepended to each packet. The router then analyzes the destination address and routes the packet either to the target host, or to a router that it believes is closer to the target host. The Internet Protocol (IP), outlined in RFC 971, describes the standard for how this packetization is performed and how addresses are attached to packets in headers.
A packet can and probably will pass through many routers between the sender and the receiver. If the contents of the data in that packet are sensitive — a password, a credit card, a tax identification number — the sender would probably like to ensure that only the receiver can read the packet, rather than the packet being readable by any router along the way. Even if the sender trusts the routers and their operators, routers can be compromised by malicious individuals, called attackers in security terminology, and tricked into forwarding traffic that's meant for one destination to another, as shown in http://www.securesphere.net/download/papers/dnsspoof.htm. If you'd like to get an idea just how many different hosts a packet passes through between you and a server, you can use the traceroute facility that comes with every Internet-capable computer to print a list of t...

Table of contents

  1. Cover
  2. Title Page
  3. Copyright
  4. Dedication
  5. About the Author
  6. About the Technical Editor
  7. Credits
  8. Acknowledgments
  9. Introduction
  10. Chapter 1: Understanding Internet Security
  11. Chapter 2: Protecting Against Eavesdroppers with Symmetric Cryptography
  12. Chapter 3: Secure Key Exchange over an Insecure Medium with Public Key Cryptography
  13. Chapter 4: Authenticating Communications Using Digital Signatures
  14. Chapter 5: Creating a Network of Trust Using X.509 Certificates
  15. Chapter 6: A Usable, Secure Communications Protocol: Client-Side TLS
  16. Chapter 7: Adding Server-Side TLS 1.0 Support
  17. Chapter 8: Advanced SSL Topics
  18. Chapter 9: Adding TLS 1.2 Support to Your TLS Library
  19. Chapter 10: Other Applications of SSL
  20. Appendix A: Binary Representation of Integers: A Primer
  21. Appendix B: Installing TCPDump and OpenSSL
  22. Appendix C: Understanding the Pitfalls of SSLv2
  23. Index

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 990+ topics, we’ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access Implementing SSL / TLS Using Cryptography and PKI by Joshua Davies in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.