Definition, SSL Concepts Connection and Service, SSL Architecture, SSL Record Protocol, Record Format, Higher Layer Protocol, Handshake Protocol- Change Cipher Specification and lert Protocol
3. Secure Socket Layer (SSL) Protocol
• SSL was originated by Netscape
•Secure Sockets Layer (SSL) is a computer networking protocol for securing
connections between network application clients and servers over an insecure
network, such as the internet.
•SSL is designed to make use of TCP to provide reliable end-to-end secure service.
4. The two important SSL Concepts are
Connection: A connection is a transport that provides a suitable type
of service, such connections are peer-peer relationship.
Every connection is associated with one session
Session: An SSL session is an associated between a client and a
server. Sessions are created by Handshake protocol.
Sessions are used to avoid the expensive negotiation of new security
parameters.
Web client
Web server
5. SSL Architecture
HTTP provides the
transfer service for web
client/server
interaction.
The three higher layer
protocols (handshake,
change cipher spec and
Alert) of SSL is used in
the management of SSL
exchanges.
6. Provides basic security services to various higher-layer
protocols.
o HTTP
o Handshake Protocol
o Change Cipher Spec Protocol
o Alert Protocol
Provides 2 services for SSL connections:
o Confidentiality: Handshake protocol defines a shared
secret key used for conventional encryption of SSL
payloads.
o Message Integrity: Handshake protocol also defines a
shared secret key used to form a Message
Authentication Code (MAC).
SSL Record Protocol
7. SSL Record Protocol Operation
1. The first step is fragmentation into block(214 bytes)
2. Compression must be lossless or may not increase the content of the
length. So the default compression algorithm is null
3. MAC shared the secret key.
4. The compression msg + MAC are encrypted using symmetric
encryption.
5.SSL is to prepared a header consisting of following fields
8. SSL Record Format
Content type(8 bits)-used to process the enclosed fragment.
Major version(8 bits)- indicates the major version of SSL
Minor version(8 bits) - indicates the minor version of SSL
Compressed length – the length of the bytes of plaintext
9. The most complex part of SSL.
Allows the server and client to authenticate each other.
Negotiate encryption, MAC algorithm and cryptographic
keys.
Used before any application data are transmitted.
Higher-Layer Protocols
11. 2. Change Cipher Spec Protocol
• Use SSL record protocol
• Update the cipher suite to be used on this
connection
• It consists of single msg with single byte
with the value 1
3. Alert Protocol
• Used to convey SSL-related alerts to the peer
entity.
• It consists of 2 bytes.
The first bytes takes the value warning or fatal. If
level is fatal means the SSL terminates the
connection.
The second byte contains code that indicates the
specific alert.