Scribd
Upload
253 views14 pages

SSL

SSL provides a secure connection between a client and server through the use of encryption, authentication, and digital signatures. It uses two layers - the SSL record protocol and SSL handshake protocol. The record protocol provides basic security like confidentiality and integrity through encryption and MACs. The handshake protocol establishes the security capabilities between the client and server through phases of exchanging messages to authenticate, negotiate algorithms, and exchange keys.

Uploaded by

Tijo Emmanuel Joseph
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
253 views14 pages

SSL

SSL provides a secure connection between a client and server through the use of encryption, authentication, and digital signatures. It uses two layers - the SSL record protocol and SSL handshake protocol. The record protocol provides basic security like confidentiality and integrity through encryption and MACs. The handshake protocol establishes the security capabilities between the client and server through phases of exchanging messages to authenticate, negotiate algorithms, and exchange keys.

Uploaded by

Tijo Emmanuel Joseph
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd

SSL (Secure Socket Layer)

originally

developed by Netscape SSL use TCP to provide a reliable end to end and secure connection SSL is not a single protocol ,but two layers of protocols.

7-1

SSL Architecture

7-2

SSL Architecture
SSL

record protocol provide basic security services to higher layers HTTP provide transfer services for client server interaction. 3 specific protocols :change cipher spec, handshake and alert protocol provide management of SSL exchange
7-3

SSL Architecture
SSL

connection

a transient, peer-to-peer, communications link associated with 1 SSL session

SSL

session

an association between client & server created by the Handshake Protocol define a set of cryptographic parameters may be shared by multiple SSL connections
7-4

Session

state defined by parameters Session identifier: arbitrary byte sequence chosen by server Peer certificate: X509.v3 certificate of peer Compression method : any algorithm Cipher spec: data encryption algorithm Master secret:48 byte key shared by client and server Is resumable: flag indicating whether 7-5 new connection can be initiated

Connection

state Server and client random: byte sequence chosen by server and client Server write MAC secret: secret key used in mac operation on data sent by server Client write MAC secret: Server write key: encryption key for data encrypted by server. Client write key: Sequence number:

7-6

SSL Record Protocol Services


message

confidentiality

using a MAC with shared secret key similar to HMAC but with different padding using symmetric encryption with a shared secret key defined by Handshake Protocol AES, IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128 message is compressed before encryption
7-7

integrity

SSL Record Protocol Operation

7-8

SSL Record Format

7-9

SSL Record Protocol Payload

7-10

SSL Change Cipher Spec Protocol


one

of 3 SSL specific protocols which use the SSL Record protocol a single message causes pending state to become current hence updating the cipher suite in use

7-11

SSL Alert Protocol


conveys SSL-related alerts to peer entity severity

specific alert

warning or fatal

compressed & encrypted like all SSL data

fatal: unexpected message, bad record mac, decompression failure, handshake failure, illegal parameter warning: close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown

7-12

SSL Handshake Protocol

allows server & client to:


authenticate each other to negotiate encryption & MAC algorithms to negotiate cryptographic keys to be used

comprises a series of messages in phases


Establish Security Capabilities 2. Server Authentication and Key Exchange 3. Client Authentication and Key Exchange 4. Finish
1.
7-13

SSL Handshake Protocol

7-14

You might also like