Scribd
Upload
112 views21 pages

Secure Socket Layer

SSL (Secure Sockets Layer) is an internet security protocol that provides encrypted communication between a client and server. It has three main functions - authentication, which verifies identities; confidentiality, which encrypts data; and integrity, which prevents tampering. SSL works by establishing a secure connection in four phases - first establishing security capabilities between client and server, then server authentication and key exchange, followed by client authentication and key exchange, and finishing with a change cipher to indicate the secure connection. It uses handshake, record, and alert protocols to negotiate encryption parameters and exchange application data in a secure manner.

Uploaded by

vaio23
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
112 views21 pages

Secure Socket Layer

SSL (Secure Sockets Layer) is an internet security protocol that provides encrypted communication between a client and server. It has three main functions - authentication, which verifies identities; confidentiality, which encrypts data; and integrity, which prevents tampering. SSL works by establishing a secure connection in four phases - first establishing security capabilities between client and server, then server authentication and key exchange, followed by client authentication and key exchange, and finishing with a change cipher to indicate the secure connection. It uses handshake, record, and alert protocols to negotiate encryption parameters and exchange application data in a secure manner.

Uploaded by

vaio23
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd

SSL

SECURE SOCKET LAYER

SSL
Internet security protocol used to provide a secure

connection between client and web server. Secure means encrypted connection. Provides two services:

Authentication Confidentiality

Layers in TCP/IP

Position of SSL in TCP/IP

Application Layer Transport Layer Internet Layer Data Link layer Physical layer

Application Layer SSL Layer Transport Layer

Internet Layer
Data Link layer Physical layer

How SSL works


SSL has three protocols: Handshake protocol Record protocol Alert protocol

Handshake protocol
First sub-protocol used to establish the connection

between client (Web browser) and Web Server. Consists of series of messages of the following format:

Type (1 byte)

Length (3 bytes)

Content (1 or more bytes)

Message types

Phases

Phase 1: Establish security capabilities


First phase to establish the connection between

browser and server Consists of two messages:

Client Hello Server Hello.

Client random number :32-bit date-time field and 28 bytes random number Server random number : Same structure

Phase 2: Server Authentication and Key exchange


Server initiates this phase Sole sender of all messages. Client is sole receiver of all message.

Four messages Certificate Server Key Exchange Certificate Request Sever Hello Done

Phase 3: Client Authentication and Key Exchange


Client initiates this phase Sole sender of all the messages. Contains three steps:

Certificate (No certificate)


Client Key Exchange (48 bytes pre-master value and

encrypts it with the servers public key and send it to the server) Certificate Verify (Sends pre-master secret value with random numbers after hashing them together using MD5 and SHA-1 and signs it with its private key.)

Phase 4: Finished
Client initiates it , which server ends. 4 steps: By Client
Change Cipher Specs Finished

By Server
Change Cipher Specs Finished

Keys Generation
Master Key generation concept.
Pre-master secret Client Random Server Random

Message Digest Algorithms (MD-5 and SHA-1)

Master Key

Concept to generate Symmetric key for encryption


Master secret Client Random server Random

Message Digest Algorithms (MD-5 and SHA-1)

Symmetric Key

Record protocol
After authentication deciding which cipher to be

used for encryption Provides two services:

Confidentiality Integrity

Fragmentation: Size of each block is less than or

equal to 2^14 bytes. Compression: No loss of data. Loss-less compression MAC: For integrity Encryption: Confidentiality Append SSL header:
Content type(8 bits) Major version (8 bits) Minor version (8 bits) Compressed length (16 bits)

Content type

Major version

Minor version

Compressed length

Encryption

Plain text (Optional Compressed)

MAC

Alert protocol
When either client or server detects an error, an alert

message is sent by detecting party to another party. Alert Message consists of 2 bytes only.

Severity(Byte 1)

Cause (Byte 2)

Severity

Value 1 : Warning
Dont result in the termination of connection, handles the error and continue

Value 2 : Fatal error


Close all the connections, destroy all the information associated with connection.

Fatal errors Unexpected message Bad record MAC Decompression failure Handshake failure Illegal Parameters

Non-fatal errors No certificate Bad certificate (no able to verify DS) Unsupported certificate Certificate revoked Certificate expired Certificate unknown Close notify

You might also like