COMP3310/6331 – Tute #10Outline of Tute/Lab:This lab will introduce you to the Secure Sockets Layer (SSL) protocol. As you should have seen bynow from the last lecture, essentially SSL introduces a level of encryption for packets to mitigateagainst bad things being done to network traffic. You will also see reference in places to TLS(Transport Layer Security) which is effectively a newer, and mo
...[Show More]
COMP3310/6331 – Tute #10
Outline of Tute/Lab:
This lab will introduce you to the Secure Sockets Layer (SSL) protocol. As you should have seen by
now from the last lecture, essentially SSL introduces a level of encryption for packets to mitigate
against bad things being done to network traffic. You will also see reference in places to TLS
(Transport Layer Security) which is effectively a newer, and more complex, version of SSL (post
SSLv3).
There are a few useful concepts to go through.
• If you’re not familiar with cryptography, and in particular public key cryptography, think of
cryptography as encoding your messages (with a special key that you and your recipient
both have) to avoid snoopers seeing what you’re sending. In public-key cryptography, there
are two keys (one private, one public, the latter you can share with everybody, but only the
private key can decrypt things encrypted with the public key, and vice-versa).
• A ‘certificate’ is effectively a document/file that somebody else formally and legally validates
that a particular public key belongs to a named individual. We say that “a certificate binds
an identity to a public key”. It usually requires some 3rd party company who sells you a
certificate, that they digitally sign. They act as a ‘certificate authority’ for your certificate. In
turn, they themselves need to have their certificate signed by a higher authority, and so on,
and we end up with a chain of certificates (up to a small number of globally trusted
Certificate Authorities or CAs)
This lab has four stages:
1. Download and build the openssl software
2. Build a trust store
3. Observe SSL Handshake with the openssl client (s_client) and wireshark
4. Program with SSL - Java and C
You will experiment with the openssl package to connect to a HTTPS (http over ssl) site and observe
the output. You will also download C and Java SSL programs to compile and run them. For some
additional background it might be helpful to watch some ‘SSL Handshaking’ – e.g. the video at
https://www.youtube.com/watch?v=sEkw8ZcxtFk or https://sites.google.com/site/ddmwsst/createyour-own-certificate-and-ca/ssl-socket- communication#TOC-SSL-with-Client-Authentication
Preparation:
[Show Less]