Professional Documents
Culture Documents
CONTENTS
Definition Brief History Services Position of SSL in TCP/IP Communication between layers Working of SSL Details of handshake protocol Details of record protocol Details of alert protocol Closing & resuming SSL connections References
2
DEFINITION
Internet protocol for secure exchange of information between the web browser and the
web server
Web browser
Web server
HISTORY
Developed by Netscape corporation in 1994
Versions 2,3,3.1 Popular version 3, released in 1995
SERVICES
Provides 2 basic security services : 1. Authentication 2. Confidentiality Logically it provides a secure pipe between the web browser and the web server.
Physical layer
6
L5 data L5 data SH
Application SSL
L5 data
L4 data L3 data
H4
H3 H2
01010101001101011
01010101001101011
Type 1 byte
Length 3 byte
Web browser
1.Establish security capabilities 2. Server authentication &key exchange 3.Client authentication & key exchange 4.Finish
Web server
11
Step 1: Client hello Web browser Step 2 : Server hello Web server
12
CLIENT HELLO
Consists of following parameters : 1. Version : indicates the highest version of SSL the client can support 2. Random : used for actual communication. It consists of 2 sub fields : 32-bit date-time field that identifies current system date & time on the client computer 28-byte random number generated by the random number generator software built inside the client computer
13
SERVER HELLO
Contains the same fields as that of client but with different purpose : 1. Version : identifies the lower of the versions suggested by the client & the highest supported by the server 2. Random : same structure as that of client 3. Session id : for non zero value - server uses the same value sent by client For zero value server creates a new session id & puts it in this field 4. Cipher suite : contains single cipher suite selected from the list sent by client 5. Compression method : contains a compression algorithm selected from the list sent by client 15
16
1.CERTIFICATE
Server sends its digital certificate to the client This helps client to authenticate the server using servers public key from servers certificate.
17
3. CERTIFICATE REQUEST
Server can request for the clients digital signatures This step is optional because the client authentication in SSL is optional.
19
1. CERTIFICATE
Optional step Performed only if the server had requested for the clients certificate If the client sends no certificate instead of a certificate message then its upto server if it still wants to continue.
3. CERTIFICATE VERIFY
Necessary only if the server had demanded client authentication The client combines the pre-master secret with the random numbers exchanged by the client & server after hashing them together.
21
PHASE 4 : FINISH
This consists of 4 steps: The first two masseges are from client : 1. Change cipher specs 2. Finished The server responds back with the two same identical messages
1. Change cipher specs
Web browse r
Web server
22
Master secret
23
Master secret
Client random
Server random
Symmetric key
24
2. RECORD PROTOCOL
Provides 2 services : 1. Confidentiality : achieved by the secret key defined by handshake protocol 2. Integrity : shared secret key is used to ensure the message integrity
25
Fregmentation
Compression
Addition of MAC
Encryption
Append header
26
27
3. ALERT PROTOCOL
When either the client or the server detects an error, the detecting party sends an alert message to the other party
For fatal error : SSL connection is immediately closed, session identifiers, secrets & keys are destroyed For non fatal errors :parties handle the errors & continue
29
Severity
Byte 1
Cause
Byte 2
30
31
REFERENCES
Cryptography and network security by Atul Kahate. Ahuja, Vijay, Network and internet security Comer, Douglas, Computer networks and internets. Kaufman, Charlie, network security Web refrences.
32
THANKS
33