Categories

A sample text widget

Etiam pulvinar consectetur dolor sed malesuada. Ut convallis euismod dolor nec pretium. Nunc ut tristique massa.

Nam sodales mi vitae dolor ullamcorper et vulputate enim accumsan. Morbi orci magna, tincidunt vitae molestie nec, molestie at mi. Nulla nulla lorem, suscipit in posuere in, interdum non magna.

What is a Secure Socket Layer?

– Cryptography cannot be achieved without cryptographic protocols.
– These protocols are responsible for providing the communication security on internet.
– Examples of such protocols are transport layer security (TLS) and secure sockets layer (SSL).

In this article we talk about the latter one i.e., the secure sockets layer.
– For authenticating the key exchange, this protocol relies up on the asymmetric authentication codes.
– For confidentiality, it uses the symmetric encryption and for message integrity, message authentication codes are deployed.
There are a number of versions of this protocol and have found use in a number of applications such as:

  • Web browsing
  • Electronic mail
  • Internet faxing
  • Instant messaging
  • VoIP (voice over internet protocol)

– From the point of view of the TCP/ IP model, the data of the network connections is encrypted by the SSL at the lowest sub – layer of the application layer.
– However, in the OSI model, the initialization of SSL takes place at the session layer i.e., the 5th layer and then it is operated at the presentation layer i.e., the 6th layer.
– Firstly, the session layer makes a handshake with an asymmetric cipher for configuring the cipher and a shared key.
– This key remains valid for one session only.
– After this, the rest of the communication is encrypted by the presentation layer by means of a symmetric cipher and the previously generated session key.
– Whichever model it is, the SSL works on the part of the 4th layer i.e., the transportation layer which carries the encrypted data in its segments.
– The earlier SSL specifications form the basis for the TLS.
– Netscape communications developed the SSL protocol so that they could add the HTTPS protocol to their web browser i.e., the Netscape navigator.
– The SSL permits the client server application to establish communication over the network in such a way that there is no tampering and eavesdropping.
– Protocols do not require SSL or TLS for operating.
– However, it is important that the client must send an indication to the server if it requires setting up a TLS connection.

This can be achieved following either of the two ways:

  • Using a different port number for setting TLS connections.
  • Using a regular port number and on the same port the client can request to switch to the TLS connection. But for this a protocol specific mechanism is required such as for news and email protocols “STARTTLS” will do.

– Once the client is ready to use the TSL, a state-ful connection is negotiated by between the server and the client by means of the handshaking procedure.

Parameters for Establishing Security of connection

They have to agree up on a number of parameters in order to establish the security of the connection:

  • The SSL version number of the client is sent to the server along with session specific data, cipher settings and some other related data that is required for communicating using the SSL connection.
  • The certificate of the server is also sent and if the client makes a request for a server resource, then it has to produce its certificate for authentication purpose.
  • The information sent by the server is then used by the client for authenticating it. If any problem occurs during authentication, a warning is sent to the user stating the failure in setting an encrypted connection. If the server is authenticated successfully, the client follows the next step.
  • All this data is then used by the client for creating pre – master session secret encrypting it with the public key.
  • If the client authentication is requested and it fails to authenticate, the session is ended.
  • The master secret is then used by both the client and the server for generating the session keys. These symmetric keys will be used in the encryption and decryption of the information that will be exchanged over SSL connection and for the verification of the integrity. This completes the handshake.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>