TRANSMISSION CONTROL PROTOCOL/INTERNET
TCP/IP is a combination of many protocols that
facilitates the communication between computer
TCP/IP protocol suite consist of 5 layers
SECURE SOCKET LAYER(SSL)
The SSL protocol is an internet protocol for secure
exchange of information between a web browser and
a web server.
It provides two basic security services: authentication
SSL can be conceptually considered as an additional
layer in TCP/IP protocol suite. It is located between
application and transport layer.
The application layer data is passed to the SSL layer,
SSL layer performs encryption on the data received
and also add its own encryption information header
called as SSL Header to encrypted data
HOW SSL WORKS
SSL has 3 sub protocols
The Handshake protocol is similar to how two
people shake hand with each other before they
Each handshake message has 3 fields
Type(1 byte): one of the 10 possible message type
Length (3 byte): length of message in bytes
Content (1 or more bytes): parameters associated
with this message.
SSL HANDSHAKE PROTOCOL PHASES
The handshake protocol is actually made up of 4
Establish security capabilities
Server authentication and key exchange
Client authentication and key exchange
PHASE 1: ESTABLISH SECURITY CAPABILITIES:
This first phase is used to initiate a logical connection and
establish the security capabilities associated with that
It consists of two messages, the “client hello” and the
Step 1: Client Hello
Step 2 Server Hello
CLIENT HELLO PARAMETERS:
Version: highest version of SSL that client supports.
Random: this field is useful for later actual
communication , it consists of 2 sub fields
A 32 bit data-time field that identifies current date and
time of clients computer
A 28 bit random number generated by the random number
Session Id: if this fields contains non-zero value, it
means that there is already a connection. A zero value
indicates that client wants to create a new connection.
Cipher Suite: list of cryptographic algorithm
supported by client
Compression method: list of compression algorithm
supported by the client
SERVER HELLO PARAMETERS
Version: highest version that server supports from the list.
Random: same structure as random field of client.
However, the random value generated is depended on
clients random value.
Session Id: server creates a new session id and puts it in
Cipher Suite: Contains a single cipher suite, which server
selects from the list sent by the client.
Compression method: contains a compression algorithm,
which the server selects from the list.
PHASE 2 SERVER AUTHENTICATION AND
The server initiates this second phase of the SSL
This phase contains four steps:
Server key exchange
Sever hello done
PHASE 3 CLIENT AUTHENTICATION AND
The client initiates this third phase of the SSL
This phase contains three steps:
Client key exchange(premaster secret key)
PHASE 4 FINISH
The client initiates this fourth phase of SSL
handshake which the server ends
First 2 messages from client
1. Change cipher specs
1. Change cipher specs,
MASTER KEY GENERATION
Client creates 48 byte pre master secret key and encrypts it with servers
public key. And sends pre master secret key to the server.
Finally the Symmetric keys to be used by the client and the server are generated
THE RECORD PROTOCOL
The record protocol in SSL comes into picture
after a successful handshake is completed.
This protocol provides 2 services
Confidentiality: achieved using secret key that is
defined by handshake protocol
Integrity: the handshake protocol also defines shared
secret Key (MAC)that is used for assuring the
SSL RECORD PROTOCOL
3. Addition of MAC
5. Append header
1. Content type
2. Major version
3. Minor version
4. Compressed length
THE ALERT PROTOCOL
When the server detects an error, the detecting
party sends an alert message to other party.
Both the parties close the SSL connection and
destroys the session id, secret keys.
Alert message is of 2 bytes
1st byte is error type
2nd byte specifies the reason for actual error.