ThePlace

Home ] Search ] Resources ] Site Map ] Contact Me ]
Dave's Information Technology Resource

Up ]

Web and Computer Security ] Privacy and Security ] [ SSL ] Digital Signatures and Certificates ] Digital Payments ] Controlling Web Access ] Protecting a Web Server ]

--- SSL ---

SSL - Secure Sockets Layer

bulletDeveloped by Netscape (a very good article on SSL can be found here).
bulletCurrently, SSL is in version 3.0.
bulletIt is a client/server security scheme, it runs in transport layer (OSI) between HTTP and TCP/IP).
bulletSSL handles the encryption automatically as part of the data transmission process.
bulletBecause SSL runs in the transport layer it can be used to support e-mail, FTP, and other services.
bulletIt works as follows:
  1. Client issues CLIENT-HELLO message that includes a list of ciphers supported by the client.
  2. The server responds with SERVER-HELLO with a list of ciphers and a digital certificate (including the servers public key).  
  3. The client may or may not validate the certificate (typically the certificates are pre-loaded on the client).
  4. A session specific symmetric secret key is established based on random numbers generated by the client and verified by the server..
  5. The encrypted session is run (data is exchanged) between the client and server.
  6. When the session is over the secret key is discarded.

SSL Features

bulletSeparate algorithms for encryption, authentication, and data integrity with separate keys.
bulletEfficiency is improved by encrypting the "connection" that moves the data.
bulletCertificate-based authentication is enabled between the client and server.
bulletNot dependent on a specific protocol; although designed for TCP/IP, it can run on X.25, OSI.  It cannot run on IP UDP
bulletIs noticeably slower due to encryption/decryption process.

 

TLS - Transport Layer Security

bulletFormalizes the SSL protocol.
bulletRFC 2246
bulletFrom RFC 2246: 
bulletThe primary goal of the TLS Protocol is to provide privacy and data integrity between two communicating applications. 
bulletThe protocol is composed of two layers:
  1. TLS Record Protocol - used for encapsulation of various higher  level protocols.
  2. TLS Handshake Protocol - allows the server and client to authenticate each other and    to negotiate an encryption algorithm and cryptographic keys before the application protocol transmits or receives its first byte of data.
bulletAt the lowest level, layered on top of some reliable transport protocol (e.g., TCP/IP]), is the TLS Record Protocol. 
bulletThe TLS Record Protocol provides connection security that has two basic properties: 
  1. The connection is private. Symmetric cryptography is used for data encryption (e.g., DES [DES], RC4 [RC4], etc.) The keys for this symmetric encryption are generated uniquely for each connection and are based on a secret negotiated by another protocol (such as the TLS Handshake Protocol). The Record Protocol can also be used without encryption. 
  2. The connection is reliable. Message transport includes a message integrity check using a keyed MAC. Secure hash functions (e.g., SHA, MD5, etc.) are used for MAC computations. The Record Protocol can operate without a MAC, but is generally only used in Dierks & Allen Standards Track this mode while another protocol is using the Record Protocol as a transport for negotiating security parameters.

 

 

 

Home ] Up ] Computer Architecture ] Programming Bootcamp ] Database Bootcamp ] Visual BasicS ] Web Basics ] Web Multimedia ] Web Programming ] Advanced Web Topics ] Developing Web Sites ] XML Technology ] Web Glossary ]

Copyright © 1999 - 2005 
ThePlace - Written and Sponsored by Dave Hillman