Secure Sockets Layer (SSL)
Download as PPTX, PDF0 likes104 views
SSL (Secure Sockets Layer) is a standard protocol that provides secure communication between a web server and browser by encrypting data transmission. It establishes an encrypted connection through a handshake process where the server and client authenticate each other and negotiate encryption keys before transmitting secure data. The SSL/TLS record protocol then encrypts fragmented data using symmetric encryption and verifies integrity with MACs before transmission. Alert messages are used to notify errors between the client and server.
Secure Sockets Layer (SSL)
- 1. BABA GHULAM SHAH BADSHAH UNIVERSITY RAJOURI Department of Computer Science and Applications ROLL NO. 19-MCS-2015 Semester:- 5th Course Title:- Cryptography And Network Security. Presentation Topic:- Secure Sockets Layer (SSL) 1
- 2. WHAT IS SSL? SSL (Secure Sockets Layer) is a standard security protocol for establishing encrypted links between a web server and a browser in an online communication. The usage of SSL technology ensures that all data transmitted between the web server and browser remains encrypted. 2
- 3. WHAT IS SSL? it provides a secure transport connection between applications (e.g., a web server and a browser). SSL was developed by Netscape. SSL version 3.0 has been implemented in many web browsers (e.g., Netscape Navigator and MS Internet Explorer) and web servers and widely used on the Internet. TLS can be viewed as SSL v3.1 3
- 4. Cont… This link ensures that all data passed between the web server and browsers remain private and integral. It provide two basic security services 1) Authentication. 2) Confidentiality. It provide a secure pipeline between the web browser and web server. 4
- 5. Cont... SSL provides users with a secure communication channel for communication purpose between the client and the server. It encrypt data packet at the sender’s end. When these data packet arrive at the destination system, they decrypt to retrieve the original data. In short, SSL encrypt data at the sender’s end and decrypt data at the receiver’s end. 5
- 7. SSL HISTORY Netscape developed The Secure Sockets Layer Protocol (SSL) in 1994, as a response to the growing concern over security on the Internet. SSL was originally developed for securing web browser and server communications. 7
- 8. SSL VERSION There are several versions of the SSL protocol defined. SSL Version SSL Version 1.0 SSL Version 2.0 SSL Version 3.0 TLS Version 1.0 TLS Version 1.0 with SSL Version 3.0 compatibility 8
- 9. Cont… The latest version, the Transport Layer Security Protocol (TLS), is based on SSL 3.0 Version 1.0 was never publicly released; version 2.0 was released in February 1995 but "contained a number of security flaws which ultimately led to the design of SSL version 3.0" 9
- 10. Position of SSL in TCP/IP Application Layer SSL Layer Transport Layer Internet Layer Data Link Layer Physical Layer Fig. Position of SSL in TCP/IP • SSL can be conceptually considered as an additional layer in the TCP/IP protocol suite. • The SSL layer is located between the application layer and the transport layer, as shown in Figure 10
- 11. L5 Data L5 Data L5 Data L4 Data L3 Data 0101010100010101010010 SH H4 H2 H3 L5 Data L5 Data L5 Data L4 Data L3 Data 0101010100010101010010 SH H4 H2 H3 Application SSL Transport Internet Data Link Physical Fig. SSL is located between application and transport layer Transmission Medium Cont… X Y 11
- 12. How SSL Works? SSL has three sub-protocols, namely: The Handshake Protocol, The Record Protocol and The Alert Protocol. 12
- 13. Handshaking Protocol Protocol-allows server and client to authenticate negotiate encryption algorithm and cryptographic keys Type Length Contents Fig. Format of handshake protocol message 1 byte 3 bytes 1 or more bytes Indicate one of the ten possible message types Length of Message in byte Contain parameters associated with the message 13
- 14. Handshaking made up of Four Phases 14
- 15. Phase 1. Establishing Security Capabilities Fig. Phase 1. Establishing Security Capabilities • The first phase of SSL handshake is used to initiate a logical connection and establish the security capabilities associated with that connection • This consists of two message Client hello and Server hello. 15
- 16. Phase 2 :-Server Authentication and key exchange The server initiates this second phase of the SSL handshake, and is the sole sender of all the messages in the phase. The client is the sole recipient of all these message. This phase contain the four steps. 16
- 17. Phase 2. Server Authentication and key exchange Step 1. Certificates Step 4. Server Hello done Step 2. Server key exchange Step 3. Certificate request Web Browse r Web Server 17
- 18. Phase 3. Client Authentication and key exchange Step 1. Certificate Step 2. Client key exchange Step 3. Certificate verify Web Browse r Web Server 18
- 19. Phase 4. Finish Step 1. Change of cipher Step 2. Finish Step 3 Change cipher specs Step 4. Finish Web Server Web Browse r 19
- 20. Record Protocol The record protocol came into picture after the successful handshake is completed between client and server. This protocol provides two services 1) Confidentiality:- This can be achieve by using secret key that is defined by the handshake protocol 2) Integrity:- Handshake protocol also defines a shared secret key that is used for assuring message integrity. 20
- 21. Record Protocol 1. fragmentation. Each upper-layer message is fragmented into blocks of 214 bytes (16384 bytes) or less. 2. Compression:- The fragmented blocks are optionally compressed. The compression process must not result into the loss of data 3. Add MAC:- using the shared secret key the message authentication code for each block is calculated. 4. Encryption:- using the symmetric key established previously in the handshake protocol, the output of previous step is now encrypted. This may not increases the overall size of block. 5. Append Header:- Finally a header is added to encrypted block. 21
- 22. Alert Protocol When client or server detects an error, the detecting party sends an alert message to the other party. If the error is fatal, both the parties immediately close the SSL connection Other error, which are not serve, do not result in the termination of the connection. Severity Cause Byte 1 Byte 2 Fig. Alert Protocol message format • Each alert message consist of 2 bytes. . If error is fatal, byte contain 2. Fist byte signifies the type of error. If it is warning, this byte contain 1 22
- 23. Fatal alerts Fatal alerts Unexpected message: An inappropriate message was received. Bad_record_mac: An incorrect MAC was received. Decompression_failure: function rerieved an improper input Handshake_failure: 23
- 24. No Fatal Alert/ Warning No Fatal Alert/ Warning • no_certificate: • bad_certificate: received certificate was corrupt • unsupported_certificate: The type of the received certificate is not supported. • certificate_expired: • close_notify :alert before closing the write side of a connection. 24
- 25. SOURCES USED Cryptography and Network Security, Principles and Practices, 4th Ed., William Stallings. Cryptography and Network Security, Atul kahate. www.wikipedia.com A few other internet resources 25
- 26. 26