Secure Socket Layer
computer science crazy|
Joined: Dec 2008
22-09-2008, 09:26 AM
SSL is a protocol using different cryptographic algorithms to implement security-using authentication with certificates, session key exchange algorithms, encryption and integrity check. It is a common protocol, often used to ensure that the communication between WWW-server and WWW-client is safe and encrypted.
Digital certificates encrypt data using Secure Sockets layer (SSL) technology, the industry-standard method for protecting web communications developed by Netscape Communications Corporation. The SSL security protocol provides data encryption, server authentication, message integrity and optional client authentication for a TCP/IP connection. Because SSL is built into all major browsers and web servers, simply installing a digital certificate turns on their SSL capabilities.
SSL comes in two strengths, 40-bit, and 128-bit, which refer to the length of the ?session key? generated by every encrypted transaction. The longer the key, the more difficult it is to break the encryption code. Most browsers support 40-bit SSL sessions, and the latest browsers, including Netscape Communicator 4.0, enable users to encrypt transactions in 128-bit sessions ? trillions of times stronger than 40-bit sessions. Global companies that require international transactions over the web can use global server certificates program to offer strong encryption to their customers...
Use Search at http://topicideas.net/search.php wisely To Get Information About Project Topic and Seminar ideas with report/source code along pdf and ppt presenaion
smart paper boy|
Active In SP
Joined: Jun 2011
30-07-2011, 04:32 PM
493442_634186839054482500.ppt (Size: 118 KB / Downloads: 111)
PRESENTATION ON SECURE SOCKET LAYER (SSL)
Internet protocol for secure exchange of
information between the web browser and the
Developed by Netscape corporation in 1994
Versions – 2,3,3.1
Popular version – 3, released in 1995
Provides 2 basic security services :
Logically it provides a secure pipe between the web browser and the web server.
POSITION OF SSL IN TCP/IPPROTOCOL SUITE
Located between the application layer and the
COMMUNICATION BETWEEN VARIOUS LAYERS
L5 data SH
HOW SSL WORKS ?
Has 3 sub protocols :
1. THE HANDSHAKE PROTOCOL
First sub protocol used by client and the server
to communicate using SSL enabled connections
Consists of series of messages between the client and the server
MESSAGE FORMAT OF HANSHAKE PROTOCOL
Has 3 fields :
Type (1 byte) : indicates message types
Length (3 bytes) : indicates the length of
3. Content (1 or more byte) : contains the
parameters associated with message
PHASES OF HANDSHAKE PROTOCOL
There are 4 phases of handshake protocol :
Establish security capabilities
Server authentication & key exchange
Client authentication & key exchange
Phase 1: Establish security capabilities
Initiate a logical connection & establish the security capabilities
Consists of two messages : client hello & server hello
Consists of following parameters :
Version : indicates the highest version of SSL the client can support
Random : used for actual communication.
It consists of 2 sub fields :
32-bit date-time field that identifies current system date & time on the client computer
28-byte random number generated by the random number generator software built inside the client computer
CLIENT HELLO CONT.
3. Session id : variable length session identifier
It has two values :
3.1. Non zero value : shows that a connection already exists between the client and the server
3.2. Zero value :indicates that the client wants to
create a new connection with the server
4. Cipher suite : contains list of cryptographic
algorithms supported by client
5. Compression method : contains list of
compression algorithms supported by client
Contains the same fields as that of client but
with different purpose :
Version : identifies the lower of the versions suggested by the client & the highest supported by the server
Random : same structure as that of client
Session id : for non zero value - server uses the same value sent by client
For zero value – server creates a new session id & puts it in this field
Cipher suite : contains single cipher suite selected from the list sent by client
Compression method : contains a compression algorithm selected from the list sent by client
PHASE 2 : SERVER AUTHENTICATION & KEY EXCHANGE
Server initiates this phase of SSL handshake
Server is the only sender & the client is the only receiver.
This phase contains 4 steps:
Server key exchange
Server hello done
Server sends its digital certificate to the client
This helps client to authenticate the server using server’s public key from server’s certificate.
2. SERVER KEY EXCHANGE
Optional step & is used if the sender doesn’t send its digital certificate to the client
Server sends its public key to the client
3. CERTIFICATE REQUEST
Server can request for the client’s digital signatures
This step is optional because the client authentication in SSL is optional.
4. SERVER HELLO DONE
Indicates the client that its portion of hello message is complete
The client can verify the certificates sent by the server
After sending this message the server waits for the client’s response
PHASE 3: CLIENT AUTHENTICATION & KEY EXCHANGE
The client initiates this phase.
Client is the sender & the server is the receiver.
This phase consists of 3 steps:
Client key exchange
Performed only if the server had requested for the client’s certificate
If the client sends no certificate instead of a certificate message then its upto server if it still wants to continue.
2. CLIENT KEY EXCHANGE
Allows the client to send information to the server based on the symmetric key
Client creates a 48-byte pre-master secret & encrypts it with the server’s public key & sends this pre-master secret to the server.
3. CERTIFICATE VERIFY
Necessary only if the server had demanded client authentication
The client combines the pre-master secret with the random numbers exchanged by the client & server after hashing them together.
PHASE 4 : FINISH
Client initiates this phase and the server ends.
This consists of 4 steps:
The first two masseges are from client :
Change cipher specs
The server responds back with the two same identical
MASTER KEY GENERATION CONCEPT
Based on pre-master secret , both the server and the client create a 48-byte quantity called the master secret
Master key is calculated after computing message digests of pre-master secret, client random & server random.
SYMMETRIC KEY GENERATIONCONCEPT
Finally symmetric keys to be used by the client & server are generated
2. RECORD PROTOCOL
Provides 2 services :
Confidentiality : achieved by the secret key defined by handshake protocol
Integrity : shared secret key is used to ensure the message integrity
OPERATION OF RECORD PROTOCOL
DETAILS OF THE STEPS
Fregmentation: original message is broken into blocks of size less than or equal to 16,384 bytes
Compression: fregmented blocks are compressed optionally with loss less compression mechanism
Addition of MAC: MAC is calculated for each block using the shared secret key.
Encryption: using the symmetric key the output is encrypted
5. Append header: header is added to the encrypted block.
The header contains the following fields :
Content type(8 bits): specifies the protocol
used for processing the record in next higher level
Major version(8 bits): specifies the major
version of SSL protocol in use
Minor version(8 bits)pecifies the minor
version of SSL protocol in use
Compressed length(16 bits): specifies the
length of the original plain text block
3. ALERT PROTOCOL
When either the client or the server detects an
error, the detecting party sends an alert message
to the other party
For fatal error : SSL connection is immediately closed, session identifiers, secrets & keys are destroyed
For non fatal errors :parties handle the errors & continue
ALERT PROTOCOL MESSAGE FORMAT
Alert message contains 2 bytes :
Severity : signifies the type of error. If it is a warning ,this byte contains 1. If it is fatal, this contains 2.
Cause : specifies the actual errors
CLOSING AND RESUMING SSL CONNECTIONS
Before ending communication , the client & the server must inform each other
Each party sends a close notify alert to ensure graceful closure
If the SSL connection ends without a close notify alert it cant be resumed
Any SSL connection can’t be reused after 24 hours