CS-308 - Cryptography and Network Security

Today’s Topics

1. Secure Socket Layers(SSL)

2. SHTTP

Manoj Paliwal
GPC, Dungarpur
 Secure Socket Layer(SSL)

The SSL Protocol is an internet protocol for the secure exchange of information
between a web browser and a web server . It provides two basic security services
1)Authentication 2) Confidentiality. Logically, it provides a secure pipe between the
web browser and web server. SSL layer is located between the application and
transport layer.
Communication Using SSL
Why SSL Layer is placed after application layer

Only application layer data is encrypted by SSL. The lower level headers are not

encrypted if SSL has to encrypt all headers, it must be placed after data link layer.

That leads to problems .If SSL encrypt all lower level headers, even the IP and

physical addresses of sender , receiver and all intermediate nodes will be encrypted

and thus became unreadable. Then the problem arise where to deliver these

packets
 Secure Hypertext Transfer Protcol(SHTTP)

It is a set of security mechanisms defined for protecting the internet traffic. This
includes the data entry forms and internet based transactions. HTTP request
sent by using SSL is identified as HTTPS, Whereas this is known as SHTTP. SHTTP
works at application layer and therefore tightly coupled with HTTP unlike, SSL.
The main difference between SSL and SHTTP is that SHTTP works at the level of
individual message. It can encrypt and sign individual messages. But SSL does
not differentiate between different messages instead it aims at making
connection between client and server, regardless of the message they are
exchanging. SSL, also it can not perform digital signatures.