The document provides an overview of the Secure Socket Layer (SSL) protocol in 3 phases:
1. It explains how SSL works as an additional layer between the application and transport layers in the TCP/IP model to encrypt data in transit.
2. It describes the SSL handshake protocol which involves a series of messages to establish security capabilities, authenticate the server, and exchange encryption keys.
3. It outlines the 4 phases of the handshake protocol: establishing capabilities, server authentication and key exchange, client authentication and key exchange, and finishing the handshake by generating symmetric keys for encryption.
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)Vishal Kumar
Pretty Good privacy. we will discuss in this document about the E-mail security protocol number 2 which is PGP, you will learn about the working of PGP, PGP Algorithms, PGP Key Rings, PGP Certificates and about the Web Trust in PGP.
Improving the Secure Socket Layer by Modifying the RSA AlgorithmIJCSEA Journal
Secure Socket Layer (SSL) is a cryptographic protocol which has been used broadly for making secure connection to a web server. SSL relies upon the use of dependent cryptographic functions to perform a secure connection. The first function is the authentication function which facilitates the client to identify the server and vice versa [1]. There have been used, several other functions such as encryption and integrity for the imbuement of security. The most common cryptographic algorithm used for ensuring security is RSA. It still has got several security breaches that need to be dealt with. An improvement over this has been implemented in this paper. In this paper, a modification of RSA has been proposed that switches from the domain of integers to the domain of bit stuffing to be applied to the first function of SSL that would give more secure communication. The introduction of bit stuffing will complicate the access to the message even after getting the access to the private key. So, it will enhance the security which is the inevitable requirement for the design of cryptographic protocols for secure communication.
Distribution of Symmetric and Asymmetric Key
Digital Signature: DSA
X.509 Certificate
Man-in-the Middle Attack
Check a digital certificate while accessing a secure website and compare its structure with X.509 standard
User/Entity Authentication
Kerberos
Authentication with Digital Certificate
o Review of PGP - Authentication and Confidentiality.
o Review of MIME and S/MIME with a short review of SMTP.
o Review of S/MIME in MS-Outlook - worksheet.
o Review of SSL Protocols.
o Review of SSH, its phases and its supported channel types.
o Demonstration SSL through Wireshark
o Demonstration SSH Channel
o Need for IPSec
o Details of ESP and brief idea of AH.
o SAD and SPD with inbound/outbound packet processing.
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)Vishal Kumar
Pretty Good privacy. we will discuss in this document about the E-mail security protocol number 2 which is PGP, you will learn about the working of PGP, PGP Algorithms, PGP Key Rings, PGP Certificates and about the Web Trust in PGP.
Improving the Secure Socket Layer by Modifying the RSA AlgorithmIJCSEA Journal
Secure Socket Layer (SSL) is a cryptographic protocol which has been used broadly for making secure connection to a web server. SSL relies upon the use of dependent cryptographic functions to perform a secure connection. The first function is the authentication function which facilitates the client to identify the server and vice versa [1]. There have been used, several other functions such as encryption and integrity for the imbuement of security. The most common cryptographic algorithm used for ensuring security is RSA. It still has got several security breaches that need to be dealt with. An improvement over this has been implemented in this paper. In this paper, a modification of RSA has been proposed that switches from the domain of integers to the domain of bit stuffing to be applied to the first function of SSL that would give more secure communication. The introduction of bit stuffing will complicate the access to the message even after getting the access to the private key. So, it will enhance the security which is the inevitable requirement for the design of cryptographic protocols for secure communication.
Distribution of Symmetric and Asymmetric Key
Digital Signature: DSA
X.509 Certificate
Man-in-the Middle Attack
Check a digital certificate while accessing a secure website and compare its structure with X.509 standard
User/Entity Authentication
Kerberos
Authentication with Digital Certificate
o Review of PGP - Authentication and Confidentiality.
o Review of MIME and S/MIME with a short review of SMTP.
o Review of S/MIME in MS-Outlook - worksheet.
o Review of SSL Protocols.
o Review of SSH, its phases and its supported channel types.
o Demonstration SSL through Wireshark
o Demonstration SSH Channel
o Need for IPSec
o Details of ESP and brief idea of AH.
o SAD and SPD with inbound/outbound packet processing.
Web Security and SSL - Secure Socket LayerAkhil Nadh PC
Transport Layer Security (TLS), and its now-deprecated predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network. Several versions of the protocols find widespread use in applications such as web browsing, email, instant messaging, and voice over IP (VoIP). Websites can use TLS to secure all communications between their servers and web browsers.
Pgp-Pretty Good Privacy is the open source freely available tool to encrypt your emails then you can very securely send mails to others over internet without fear of eavesdropping by cryptanalyst.
Efficient Multi Server Authentication and Hybrid Authentication MethodIJCERT
Password is used for authentication on many major client-server system, websites etc. Client and a server share a password using Password-authenticated key exchange to authenticate each other and establish a cryptographic key by exchanging generated exchanges. In this scenario, all the passwords are stored in a single server which will authenticate the client. If the server stopped working or compromised, for example, hacking or even insider attack, passwords stored in database will become publicly known. This system proposes that setting where multiple servers which are used to, so that the password can be split in these servers authenticate client and if one server is compromised, the attacker still cannot be able to view the client’s information from the compromised server. This system uses the Advance encryption standard algorithm encryption and for key exchange and some formulae to store the password in multiple server. This system also has the hybrid authentication as another phase to make it more secure and efficient. In the given authentication schema we also use SMS integration API for two step verification.
Network Security: Authentication Applications, Electronic Mail Security, IP Security, Web
Security, System Security: Intruders, Malicious Software, Firewalls
SSL (Secure Socket Layer) and TLS (Transport Layer Security) are popular cryptographic protocols that are used to imbue web communications with integrity, security, and resilience against unauthorized tampering.
Module 4: Key Management and User Authentication
X.509 certificates- Public Key infrastructure-remote user authentication principles-remote user
authentication using symmetric and asymmetric encryption-Kerberos V5
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesJaroslavChmurny
As some of my colleagues are solving various SSL/TLS problems for one of our customers, I have prepared the above mentioned training for them. The training is divided to three parts:
- Brief Introduction to Public Key Infrastructure (PKI)
- Introduction to SSL/TLS Protocols
- Practical Examples and Hints
The last part primarily consists of hands-on exercises with Wireshark, covering variety of successful and failed SSL/TLS handshakes. The hands-on exercises are based on easily configurable dummy SSL client and server implemented in Java (available at https://github.com/Jardo72/SSL-Sandbox).
Different types of Authentications described in different scenarios. Basically a survey paper on Different kinds of authentications in different scenarios.
Information and network security 45 digital signature standardVaibhav Khanna
The Digital Signature Standard is a Federal Information Processing Standard specifying a suite of algorithms that can be used to generate digital signatures established by the U.S. National Institute of Standards and Technology in 1994
Guillou-quisquater protocol for user authentication based on zero knowledge p...TELKOMNIKA JOURNAL
Authentication is the act of confirming the validity of someone’s personal data. In the traditional
authentication system, username and password are sent to the server for verification. However, this
scheme is not secure, because the password can be sniffed. In addition, the server will keep the user’s
password for the authentication. This makes the system vulnerable when the database server is hacked.
Zero knowledge authentication allows server to authenticate user without knowing the user’s password. In
this research, this scheme was implemented with Guillou-Quisquater protocol. Two login mechanisms
were used: file-based certificate with key and local storage. Testing phase was carried out based on the
Open Web Application Security Project (OWASP) penetration testing scheme. Furthermore, penetration
testing was also performed by an expert based on Acunetix report. Three potential vulnerabilities were
found and risk estimation was calculated. According to OWASP risk rating, these vulnerabilities were at the
medium level.
Web Security and SSL - Secure Socket LayerAkhil Nadh PC
Transport Layer Security (TLS), and its now-deprecated predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network. Several versions of the protocols find widespread use in applications such as web browsing, email, instant messaging, and voice over IP (VoIP). Websites can use TLS to secure all communications between their servers and web browsers.
Pgp-Pretty Good Privacy is the open source freely available tool to encrypt your emails then you can very securely send mails to others over internet without fear of eavesdropping by cryptanalyst.
Efficient Multi Server Authentication and Hybrid Authentication MethodIJCERT
Password is used for authentication on many major client-server system, websites etc. Client and a server share a password using Password-authenticated key exchange to authenticate each other and establish a cryptographic key by exchanging generated exchanges. In this scenario, all the passwords are stored in a single server which will authenticate the client. If the server stopped working or compromised, for example, hacking or even insider attack, passwords stored in database will become publicly known. This system proposes that setting where multiple servers which are used to, so that the password can be split in these servers authenticate client and if one server is compromised, the attacker still cannot be able to view the client’s information from the compromised server. This system uses the Advance encryption standard algorithm encryption and for key exchange and some formulae to store the password in multiple server. This system also has the hybrid authentication as another phase to make it more secure and efficient. In the given authentication schema we also use SMS integration API for two step verification.
Network Security: Authentication Applications, Electronic Mail Security, IP Security, Web
Security, System Security: Intruders, Malicious Software, Firewalls
SSL (Secure Socket Layer) and TLS (Transport Layer Security) are popular cryptographic protocols that are used to imbue web communications with integrity, security, and resilience against unauthorized tampering.
Module 4: Key Management and User Authentication
X.509 certificates- Public Key infrastructure-remote user authentication principles-remote user
authentication using symmetric and asymmetric encryption-Kerberos V5
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesJaroslavChmurny
As some of my colleagues are solving various SSL/TLS problems for one of our customers, I have prepared the above mentioned training for them. The training is divided to three parts:
- Brief Introduction to Public Key Infrastructure (PKI)
- Introduction to SSL/TLS Protocols
- Practical Examples and Hints
The last part primarily consists of hands-on exercises with Wireshark, covering variety of successful and failed SSL/TLS handshakes. The hands-on exercises are based on easily configurable dummy SSL client and server implemented in Java (available at https://github.com/Jardo72/SSL-Sandbox).
Different types of Authentications described in different scenarios. Basically a survey paper on Different kinds of authentications in different scenarios.
Information and network security 45 digital signature standardVaibhav Khanna
The Digital Signature Standard is a Federal Information Processing Standard specifying a suite of algorithms that can be used to generate digital signatures established by the U.S. National Institute of Standards and Technology in 1994
Guillou-quisquater protocol for user authentication based on zero knowledge p...TELKOMNIKA JOURNAL
Authentication is the act of confirming the validity of someone’s personal data. In the traditional
authentication system, username and password are sent to the server for verification. However, this
scheme is not secure, because the password can be sniffed. In addition, the server will keep the user’s
password for the authentication. This makes the system vulnerable when the database server is hacked.
Zero knowledge authentication allows server to authenticate user without knowing the user’s password. In
this research, this scheme was implemented with Guillou-Quisquater protocol. Two login mechanisms
were used: file-based certificate with key and local storage. Testing phase was carried out based on the
Open Web Application Security Project (OWASP) penetration testing scheme. Furthermore, penetration
testing was also performed by an expert based on Acunetix report. Three potential vulnerabilities were
found and risk estimation was calculated. According to OWASP risk rating, these vulnerabilities were at the
medium level.
It is an IETF standardization initiative whose goal is to come out with an Internet standard Version of SSL. The presentation discusses all. Happy Learning. :)
Fundamental of Secure Socket Layer (SSL) | Part - 2 Vishal Kumar
In this presentation we will learn about the Record Protocol, Alert Protocol, Closing and Resuming SSL Connections and Attacks on SSL.
The Part - 1 cab be founded at : https://www.slideshare.net/vishalkumar245/fundamental-of-secure-socket-layer-ssl-part-1
Threat Hunting Procedures and Measurement MatriceVishal Kumar
This document will provide the basics of Cyber Threat Hunting and answers of some Q such as; What is Threat Hunting?, What is the Importance of Threat Hunting, and How it can be start....Bla..Bla..Bla...
The Complete Questionnaires About FirewallVishal Kumar
Hello Guys, here are the answers to the most frequently asked questions in an interview about Network firewalls. you will get here the answers of all the Firewall related Question asked in the interview.
This document will make you understand the basic issues related to E-mail like, Spamming, Bombing, Malware, Email Spoofing and Email Bankruptcy, etc. after that you will learn about the first Email security protocol Privacy Enhanced Mail (PEM), step-by-step working of PEM.
Privileges Escalation by Exploiting Client-Side Vulnerabilities Using MetasploitVishal Kumar
This Document will show you how get the privileges through exploiting the vulnerabilities using the Metasploit in Kali Linux. this will help a pen-tester to examine the security level of a system.
Auditing System Password Using L0phtcrackVishal Kumar
The objective of this presentation is to help peoples to learn how to use L0htCrack tool to attain and crack the user password from any Windows Machine.
Dumping and Cracking SAM Hashes to Extract Plaintext PasswordsVishal Kumar
This Lab will show you how to dump the Windows protected password storage SAM file using the tool pwdump7 and then crack the hash with an hash cracker tool that is Ophcrack and extract the plain-text password.
The Fundamental of Electronic Mail (E-mail)Vishal Kumar
This document contain the complete information about the Electronic mail. you will learn the basic structure and flow of email message, the Header and response codes, etc.
The Fundamental of Secure Socket Layer (SSL)Vishal Kumar
"The Fundamental of SSL" it is the first part of this Topic in which we covered covers the deep understanding of Secure Socket Layer, its position in the TCP/IP suit, its sub protocols and the working or Handshake Protocol.
The presentation is contains the Overview of the Hawkeye Malware. you will find the execution working flow and how this malware spread across the network inside this presentation
Exploiting parameter tempering attack in web applicationVishal Kumar
Web Parameter Tampering attack involve the manipulation of parameter exchanged between a client and a server to modify application data such as user credentials and permissions, prices, and product quantities.
Web Site Mirroring creates a replica of an existing site. It allows you to download a website to a local directory, analyze all directories HTML, Images, Flash, Videos, and other files from the server on your computer.
Collecting email from the target domain using the harvesterVishal Kumar
The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database.
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Dr. Vinod Kumar Kanvaria
Exploiting Artificial Intelligence for Empowering Researchers and Faculty,
International FDP on Fundamentals of Research in Social Sciences
at Integral University, Lucknow, 06.06.2024
By Dr. Vinod Kumar Kanvaria
it describes the bony anatomy including the femoral head , acetabulum, labrum . also discusses the capsule , ligaments . muscle that act on the hip joint and the range of motion are outlined. factors affecting hip joint stability and weight transmission through the joint are summarized.
This slide is special for master students (MIBS & MIFB) in UUM. Also useful for readers who are interested in the topic of contemporary Islamic banking.
Normal Labour/ Stages of Labour/ Mechanism of LabourWasim Ak
Normal labor is also termed spontaneous labor, defined as the natural physiological process through which the fetus, placenta, and membranes are expelled from the uterus through the birth canal at term (37 to 42 weeks
A review of the growth of the Israel Genealogy Research Association Database Collection for the last 12 months. Our collection is now passed the 3 million mark and still growing. See which archives have contributed the most. See the different types of records we have, and which years have had records added. You can also see what we have for the future.
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...NelTorrente
In this research, it concludes that while the readiness of teachers in Caloocan City to implement the MATATAG Curriculum is generally positive, targeted efforts in professional development, resource distribution, support networks, and comprehensive preparation can address the existing gaps and ensure successful curriculum implementation.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
A workshop hosted by the South African Journal of Science aimed at postgraduate students and early career researchers with little or no experience in writing and publishing journal articles.
Thinking of getting a dog? Be aware that breeds like Pit Bulls, Rottweilers, and German Shepherds can be loyal and dangerous. Proper training and socialization are crucial to preventing aggressive behaviors. Ensure safety by understanding their needs and always supervising interactions. Stay safe, and enjoy your furry friends!
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
This presentation includes basic of PCOS their pathology and treatment and also Ayurveda correlation of PCOS and Ayurvedic line of treatment mentioned in classics.
"Protectable subject matters, Protection in biotechnology, Protection of othe...
Fundamental of Secure Socket Layer (SSl) | Part - 1
1. “The Fundamental of Secure
Socket Layer (SSL)”
By:
-Vishal Kumar
(CEH, CHFI, CISE, MCP)
info@prohackers.in
Part - 1
2. Topics to be Covered in this Presentation
• Introduction of Secure Socket Layer SSL
• The Position of SSL in the TCP/IP Suit
• Working of Secure Socket Layer
• Working of Handshake Protocol
• Phases of Handshake protocol
• Establish Security Capabilities
• Server Authentication and Key Exchange
• Client Authentication and Key Exchange
• Finish
3. Introduction:
The Secure socket Layer (SSL) protocol is an Internet protocol
for the secure exchange of information between a Web browser
and a Web server. It provides two basic security services:
Authentication and Confidentiality. SSL is developed by the
Netscape Corporation in 1994. Since then, it is become most
popular Web-Security mechanism. Currently SSL comes in three
versions 2, 3 and 3.1; the most popular of them is version 3
which is released in 1995.
4. The Position of SSL in TCP/IP Protocol Suit
The SSL layer is located between the application layer and the
transport layer. It is consider as an additional layer in TCP/IP
Suit.
As such, the communication between the various TCP/IP protocol
layers is now as shown below
5. The Position of SSL in TCP/IP Protocol Suit
Fig: SSL is located between application and transport layer
6. The Position of SSL in TCP/IP Protocol Suit
As we can see in the above image, the application layer of the
sending computer (X) prepares the data to be sent to receiving
computer (Y), as usual. However, unlike what happens in the
normal case, the application layer is not passed directly to the
transport layer now. Instead the application-layer data is passed
to the SSL layer. Here the SSL layer performs encryption on the
data received from the application layer (indicated by the Dark
Gray color), and also add its own encryption information header,
called SSL Header (SH) to the encryption data. We will later study
what exactly happens in this process.
7. The Position of SSL in TCP/IP Protocol Suit
After this, the SSL layer data (L5) become the input for the
transport layer. It adds its own header (H4) and passes it on to
the internet layer, and so on. This process happens exactly the
way it happens in the case of normal TCP/IP data transfer.
Finally, when the data reaches the physical layer, it is sent in the
form of voltage pulses across the transmission medium.
At the receiver’s end the process happens pretty similar to how it
happens in the case of normal TCP/IP connection, until it reaches
the new SSL layer. The SSL layer at the receiver’s end remove the
SSL Header (SH), decrypt the encrypted data and give the plain-
text data back to the application layer of the receiving computer.
Thus, only the application layer data is encrypted by the SSL.
8. Working of Secure Socket layer (SSL)
The SSL contains three
sub protocols.
9. 1. The Handshake Protocol
The handshake protocol of SSL is the first sub-protocol used by
the client and the server to communicate using an SSL-enabled
connection. This is similar to how Alice and Bob would first shake
hands with each other accompanied with a hello before they start
conversing.
SSL tunnel ..Hello
hi
Bob
Alice
10. Content of Handshake Protocol
The handshake protocol consists of a series of messages between the
client and the server. Each of these massages has the format
showing below.
Fig: format for the handshake protocol messages
As shown in the above figure, each handshake messages has three
fields, as follows:
11. Content of Handshake Protocol
(A). Type (1 byte): this fields indicate one of the ten possible
message types, mention in below table
S. No Message Type Parameters
1 Hello Request None
2 Client Hello Version, Random number, Session ID, Cipher Suit, Compression Method
3 Server Hello Version, Random number, Session ID, Cipher Suit, Compression Method
4 Certificate Chain of X05.9V3 Certificates
5 Server-Key Exchange Parameters, Signature
6 Certificate Request Type, Authorities
7 Server Hello Done None
8 Certificate verify Signature
9 Client-key Exchange Parameters, Signatures
10 Finished Hash Values
12. Content of Handshake Protocol
(B). Length (3 bytes): this field indicates the length of the message
in bytes.
(C). Content (1 or more bytes): this field contain the parameter
associated with the message, depending on the message type, as
listed in above table.
13. Phases of Handshake Protocol:
There are four phases of handshake protocol as shown in the
below image:
14. Phase 1. Establish Security Capabilities
Phase 1. Establish Security Capabilities – this first phase of SSL
Handshake protocol is used to initiate a logical connection and
establish the security capabilities associated with the connection.
This consists of two messages, the client hello and the server hello.
15. Phase 1. Establish Security Capabilities
As shown in the above figure, the process starts with a client hello
message from the client to server. It consists of the following
parameter:
• Version - This fields identify the highest version of SSL that the
client can support, this can be 2, 3, or 3.1.
• Random – This field is useful for later, actual communication
between the client and the server, it contains two sub-fields:
• A 32-bit date-time field that identifies the current system date and time on
the client computer.
• A 28-byte random number generated by the random-number generator
software built in the client computer.
16. Phase 1. Establish Security Capabilities
• Session Id – This is a variable-length session identifier. If these
fields contain non-zero value, it means that there is already a
connection between the client and the server, and the client
wishes to update the parameters of that connection. A zero value
in this field indicates that the client wants to create a new
connection with the server.
• Cipher Suit – This list contains a list of cryptographic algorithms
supported by the client (e.g. RSA, Diffie-Hellman, etc.) in the
decreasing order of preference.
17. Phase 1. Establish Security Capabilities
• Compression Method – This field contains a list of compression
algorithms supported by the client.
The client sends the client hello message to the server and wait
for the server’s response. Accordingly, the server sends back a
server hello message to the client. This message also contains the
same fields as in the client hello message. The server hello
message consists of the following fields:
18. Phase 1. Establish Security Capabilities
• Version – This fields identifies the lower of the version
suggested by the client and the highest supported by the server.
For example, if the client has suggested version 3, but the
server also supports version 3.1, the server will select 3.
• Random – This field has the same structure as the Random filed
of the client.
• Session id – If the session id value sent by the client was non-
zero, the server use the same value. Otherwise, the server
creates a new session id and put it in this field.
19. Phase 1. Establish Security Capabilities
• Cipher Suit – It contains the single cipher suit, which the server
selects from the list sent earlier by the client.
• Compression Method – It contains compression algorithms,
which the server selects from the list sent earlier by the client.
20. Phase 2. Server Authentication and Key-
Exchange
Phase 2. Server Authentication and Key-Exchange – The server
initiates the second phase of the SSL handshake protocol, and it is
the sole sender of all the messages in this phase. And the client is
the sole recipient of all the massages. This phase contains four
steps as shown in the below figure:
21. Phase 2. Server Authentication and Key-
Exchange
Let us discuss the four steps of this phase:
1. Certificate - In the first step (Certificate), the server sends its
digital certificate and the entire chain leading up to root CA
(Certificate Authority) to the client. This will help the client
to authenticate the server using the server’s public key from
the server’s certificate. The server’s certificate is mandatory
in all situations, except if the key is being agreed upon by
using Diffie-Hellman.
22. Phase 2. Server Authentication and Key-
Exchange
2. Server Key Exchange – This step is optional. It is used only if the
server does note sends its digital certificate to the client in step 1.
In this step the server sends its public key to client (as the
certificate is not available)
3. Certificate Request – In this step, the server can request for the
client’s digital certificate. The client authentication in SSL is
optional, and server may not always expect the client to be
authenticated. Therefore, this step is optional.
23. Phase 2. Server Authentication and Key-
Exchange
4. Server hello done – This message indicates to the client that
its portion of the hello message (the server hello message) is
complete. This indicated to the client that the client can now
(optionally) verify the certificates sent by the server, and ensure
that all the parameters sent by the server are acceptable. This
message does not have any parameters. After sending this
message, server waits for the client’s response.
24. Phase 3. Client Authentication and Key-
Exchange
Phase 3. Client Authentication and Key-Exchange – The Client
initiate this third phase of SSL handshake protocol, and is the sole
sender of all the messages of this phase. The server is the sole
recipient of all messages. The phase contains three steps which
are shown in the below figure.
25. Phase 3. Client Authentication and Key-
Exchange
Step 1: Certificate – This step is optional, this step is performed
only if the server has requested for the client’s digital
certificate. If the server has requested the client’s certificate,
and if the client does not have one, the client sends a No
Certificate message, instead of a Certificate message. It then is
up to the server to decide if it wants to still communicate or not.
Step 2: Client Key Exchange – Like the Server Key Exchange
message, this step allows the client to send information to server,
but in the opposite direction. This information related to the
26. Phase 3. Client Authentication and Key-
Exchange
symmetric key that both the parties will use in this session. Here
the client creates a 48-byte pre-master secret, and encrypts it with
the server’s public key and send this encrypted pre-master secret
to the server.
27. Phase 3. Client Authentication and Key-
Exchange
Step 3: Certificate Verify – This step is necessary only if the server
had demanded client authentication. As we know, if this is the
case, the client has already sent it’s certificate to the server.
However, additionally, the client also needs to prove to the server
that it is the correct and authorized holder of the private key
crossponding to the certificate. For this purpose, in this optional
step, the client combine the pre-master secret with the random
numbers exchange by the client and the server earlier (in Phase 1:
Establish Security Capabilities) after hashing them together using
MD5 and SHA-1, and signs the results its private key.
28. Phase 4. Finish
Phase 4. Finish – The Client initiate the fourth of the SSL handshake
protocol, which the server ends. This phase contains four steps as
shown in the below image. The first two messages are from the client:
Change cipher specs, Finished. The server responds back with two
identical messages: Change cipher specs, Finished.
29. Phase 4. Finish
Based on the pre-master secret that was created and sent by the
client in the Client key exchange message, both the client and
server create a master secret.
Before secure encryption and integrity verification can be
performed on records, the client and server need to generate
shared secret information known only to them. This value is 48-
byte quantity called the master secret. The master secret is used
to generate keys and secrets for encryption and MAC (Message
Authentication Code) computation. The master secret is calculated
after computing message digest of the pre-master secret, client
random and server random as shown in the below figure.
31. Phase 4. Finish
The technical specification of calculation master secret is as
follows:
Finally, the symmetric keys to be used by the client and the server
are generated. The conceptual process is shown below:
Fig: Symmetric-key generation concept
32. Phase 4. Finish
After this the first step (Change cipher specs) is confirmation form
the client that all is well its end, which is strengthens with the
Finished message. The server sends the same message to client.
33. Feedback
Thanks for reading this presentation
Please give us your feedback at
info@prohackers.in
Your feedback is most valuable for us for improving the presentation
You can also suggest the topic on which you want the presentation
Website: www.prohackers.in
FB page: www.facebook.com/theprohackers2017
Join FB Group: www.facebook.com/groups/group.prohackers/
Watch us on: www.youtube.com//channel/UCcyYSi1sh1SmyMlGfB-Vq6A