SSL and TLS
Theory and Practice
1st Edition
Published on 1. January 2009
284 pages
978-1-59693-448-1 (ISBN)
Description
SSL (secure socket layer) and TLS (Transport Layer Security) are widely deployed security protocols that are used in all kinds of web-based e-commerce and e-business applications and are part of most contemporary security systems available today. This practical book provides a comprehensive introduction to these protocols, offering you a solid understanding of their design. You find discussions on the advantages and disadvantages of using SSL/TLS protocols compared to other Internet security protocols. This authoritative resource shows how to properly employ SSL and TLS and configure security solutions that are based on the use of the SSL/TLS protocols.
More details
Other editions
Additional editions
Rolf Oppliger
SSL and TLS: Theory and Practice
Book
10/2009
Artech House Publishers
€96.75
Shipment within 10-20 days
Content
- Intro
- SSL and TLS: Theory and Practice
- Contents
- Foreword
- Preface
- Acknowledgments
- Chapter 1 Introduction
- 1.1 OSI SECURITY ARCHITECTURE
- 1.1.1 Security Services
- 1.1.2 Security Mechanisms
- 1.2 SECURITY DEFINITION
- 1.3 FINAL REMARKS
- References
- Chapter 2 Cryptography Primer
- 2.1 INTRODUCTION
- 2.1.1 Preliminary Remarks
- 2.1.2 Cryptographic Systems
- 2.1.3 Classes of Cryptographic Systems
- 2.1.4 Secure Cryptosystems
- 2.1.5 Historical Background Information
- 2.1.6 Legal Situation
- 2.2 CRYPTOSYSTEMS OVERVIEW
- 2.2.1 Unkeyed Cryptosystems
- 2.2.2 Secret Key Cryptosystems
- 2.2.3 Public Key Cryptosystems
- 2.3 FINAL REMARKS
- References
- Chapter 3 Transport Layer Security
- 3.1 INTRODUCTION
- 3.2 PROTOCOL EVOLUTION
- 3.3 FINAL REMARKS
- References
- Chapter 4 SSL Protocol
- 4.1 INTRODUCTION
- 4.2 PROTOCOLS
- 4.2.1 SSL Record Protocol
- 4.2.2 SSL Handshake Protocol
- 4.2.3 SSL Change Cipher Spec Protocol
- 4.2.4 SSL Alert Protocol
- 4.2.5 SSL Application Data Protocol
- 4.3 TRAFFIC ANALYSIS OF AN SSL SESSION
- 4.4 SECURITY ANALYSIS
- 4.5 FINAL REMARKS
- References
- Chapter 5 TLS Protocol
- 5.1 INTRODUCTION
- 5.1.1 TLS PRF
- 5.1.2 Generation of KeyingMaterial
- 5.2 TLS 1.0
- 5.2.1 Cipher Suites
- 5.2.2 CertificateManagement
- 5.2.3 Alert Messages
- 5.2.4 Other Differences
- 5.3 TLS 1.1
- 5.3.1 Preliminary Remarks
- 5.3.2 Cipher Suites
- 5.3.3 CertificateManagement
- 5.3.4 Alert Messages
- 5.3.5 Other Differences
- 5.4 TLS 1.2
- 5.4.1 TLS Extensions
- 5.4.2 Cipher Suites
- 5.4.3 CertificateManagement
- 5.4.4 Alert Messages
- 5.4.5 Other Differences
- 5.5 TRAFFIC ANALYSIS OF A TLS SESSION
- 5.6 SECURITY ANALYSIS
- 5.7 FINAL REMARKS
- References
- Chapter 6 DTLS Protocol
- 6.1 INTRODUCTION
- 6.2 DTLS 1.0
- 6.2.1 Record Protocol
- 6.2.2 Handshake Protocol
- 6.3 DTLS 1.2
- 6.4 SECURITY ANALYSIS
- 6.5 FINAL REMARKS
- References
- Chapter 7 Firewall Traversal
- 7.1 INTRODUCTION
- 7.2 SSL/TLS TUNNELING
- 7.3 SSL/TLS PROXYING
- 7.4 FINAL REMARKS
- References
- Chapter 8 Public Key Certificates and PKIs
- 8.1 INTRODUCTION
- 8.1.1 PGP Certificates
- 8.1.2 X.509 Certificates
- 8.2 SERVER CERTIFICATES
- 8.2.1 Wildcard Certificates
- 8.2.2 International Step-Up and SGC Certificates
- 8.2.3 Extended Validation Certificates
- 8.3 CLIENT CERTIFICATES
- 8.4 FINAL REMARKS
- References
- Chapter 9 Conclusions and Outlook
- 9.1 DEPLOYMENT
- 9.2 RESEARCH CHALLENGES
- 9.2.1 Performance Optimization
- 9.2.2 Protection Against MITM Attacks
- 9.2.3 Trust Management
- 9.3 FUTURE DEVELOPMENTS
- References
- Appendix Standardized TLS Cipher Suites
- Abbreviations and Acronyms
- About the Author
- Index
