SlideShare a Scribd company logo

SSL Layer

Download as PPTX, PDF
Trinh Phuc Tho
Trinh Phuc Tho

The Secure Socket Layer (SSL) protocol provides transport layer security to TCP applications like web browsers and servers for e-commerce. It offers security services like server authentication, data encryption, and optional client authentication. During the SSL handshake, the client authenticates the server via a certificate signed by a Certificate Authority. A master secret key is then generated and used to derive separate encryption and MAC keys to securely transmit data in both directions.

1 of 6
The Secure Socket Layer (SSL Protocol)
8: Network Security 8-2 Secure sockets layer (SSL) • provides transport layer security to any TCP-based application using SSL services. – e.g., between Web browsers, servers for e-commerce (shttp) • security services: – server authentication, data encryption, client authentication (optional) TCP IP TCP enhanced with SSL TCP socket Application TCP IP TCP API SSL sublayer Application SSL socket
TCP Handshake & SSL Handshake 1. Handshake: • Bob establishes TCP connection to Alice • authenticates Alice via CA signed certificate • creates, encrypts (using Alice’s public key), sends master secret key to Alice decrypt using KA - to get MS create Master Secret (MS)
8-4 2. Key Derivation: • Alice, Bob use shared secret (MS) to generate 4 keys: – EB: Bob->Alice data encryption key – MB: Bob->Alice MAC key – EA: Alice->Bob data encryption key – MA: Alice->Bob MAC key Used for sending data from Bob to Alice Used for sending data from Alice to Bob Now, both Bob and Alice share the same 4 keys (Ea,Ma,Eb,Mb)
H( ). MB b1b2b3 … bn d d H(d) d H(d) H( ). EB byte stream: block n bytes together SSL seq. # d H(d)Type Ver Len SSL record encrypted using EBunencrypted b1b2b3 … bn d d H(d) d H(d) decrypt using EB & SSL seq.# d H(d)Type Ver Len encrypted using EBunencrypted TCP/IP Transmission Check for integrity MB 3. Data Transfer
8-6 4. Connection Closure • SSL 2.0 terminates the underlying TCP connection by simply sending TCP FIN segment => give chances for Truncation Attack • Solution: SSL 3.0 (TLS) introduces closing handshake, the recipient knows the message has not ended until this action has been performed.

More Related Content

SSL Layer

  • 1. The Secure Socket Layer (SSL Protocol)
  • 2. 8: Network Security 8-2 Secure sockets layer (SSL) • provides transport layer security to any TCP-based application using SSL services. – e.g., between Web browsers, servers for e-commerce (shttp) • security services: – server authentication, data encryption, client authentication (optional) TCP IP TCP enhanced with SSL TCP socket Application TCP IP TCP API SSL sublayer Application SSL socket
  • 3. TCP Handshake & SSL Handshake 1. Handshake: • Bob establishes TCP connection to Alice • authenticates Alice via CA signed certificate • creates, encrypts (using Alice’s public key), sends master secret key to Alice decrypt using KA - to get MS create Master Secret (MS)
  • 4. 8-4 2. Key Derivation: • Alice, Bob use shared secret (MS) to generate 4 keys: – EB: Bob->Alice data encryption key – MB: Bob->Alice MAC key – EA: Alice->Bob data encryption key – MA: Alice->Bob MAC key Used for sending data from Bob to Alice Used for sending data from Alice to Bob Now, both Bob and Alice share the same 4 keys (Ea,Ma,Eb,Mb)
  • 5. H( ). MB b1b2b3 … bn d d H(d) d H(d) H( ). EB byte stream: block n bytes together SSL seq. # d H(d)Type Ver Len SSL record encrypted using EBunencrypted b1b2b3 … bn d d H(d) d H(d) decrypt using EB & SSL seq.# d H(d)Type Ver Len encrypted using EBunencrypted TCP/IP Transmission Check for integrity MB 3. Data Transfer
  • 6. 8-6 4. Connection Closure • SSL 2.0 terminates the underlying TCP connection by simply sending TCP FIN segment => give chances for Truncation Attack • Solution: SSL 3.0 (TLS) introduces closing handshake, the recipient knows the message has not ended until this action has been performed.