SlideShare a Scribd company logo

Fundamental of Secure Socket Layer (SSl) | Part - 1

Download as PPTX, PDF
Vishal Kumar
Vishal Kumar

The document provides an overview of the Secure Socket Layer (SSL) protocol in 3 phases: 1. It explains how SSL works as an additional layer between the application and transport layers in the TCP/IP model to encrypt data in transit. 2. It describes the SSL handshake protocol which involves a series of messages to establish security capabilities, authenticate the server, and exchange encryption keys. 3. It outlines the 4 phases of the handshake protocol: establishing capabilities, server authentication and key exchange, client authentication and key exchange, and finishing the handshake by generating symmetric keys for encryption.

Education
1 of 33
“The Fundamental of Secure Socket Layer (SSL)” By: -Vishal Kumar (CEH, CHFI, CISE, MCP) info@prohackers.in Part - 1
Topics to be Covered in this Presentation • Introduction of Secure Socket Layer SSL • The Position of SSL in the TCP/IP Suit • Working of Secure Socket Layer • Working of Handshake Protocol • Phases of Handshake protocol • Establish Security Capabilities • Server Authentication and Key Exchange • Client Authentication and Key Exchange • Finish
Introduction: The Secure socket Layer (SSL) protocol is an Internet protocol for the secure exchange of information between a Web browser and a Web server. It provides two basic security services: Authentication and Confidentiality. SSL is developed by the Netscape Corporation in 1994. Since then, it is become most popular Web-Security mechanism. Currently SSL comes in three versions 2, 3 and 3.1; the most popular of them is version 3 which is released in 1995.
The Position of SSL in TCP/IP Protocol Suit The SSL layer is located between the application layer and the transport layer. It is consider as an additional layer in TCP/IP Suit. As such, the communication between the various TCP/IP protocol layers is now as shown below
The Position of SSL in TCP/IP Protocol Suit Fig: SSL is located between application and transport layer
The Position of SSL in TCP/IP Protocol Suit As we can see in the above image, the application layer of the sending computer (X) prepares the data to be sent to receiving computer (Y), as usual. However, unlike what happens in the normal case, the application layer is not passed directly to the transport layer now. Instead the application-layer data is passed to the SSL layer. Here the SSL layer performs encryption on the data received from the application layer (indicated by the Dark Gray color), and also add its own encryption information header, called SSL Header (SH) to the encryption data. We will later study what exactly happens in this process.
The Position of SSL in TCP/IP Protocol Suit After this, the SSL layer data (L5) become the input for the transport layer. It adds its own header (H4) and passes it on to the internet layer, and so on. This process happens exactly the way it happens in the case of normal TCP/IP data transfer. Finally, when the data reaches the physical layer, it is sent in the form of voltage pulses across the transmission medium. At the receiver’s end the process happens pretty similar to how it happens in the case of normal TCP/IP connection, until it reaches the new SSL layer. The SSL layer at the receiver’s end remove the SSL Header (SH), decrypt the encrypted data and give the plain- text data back to the application layer of the receiving computer. Thus, only the application layer data is encrypted by the SSL.
Working of Secure Socket layer (SSL) The SSL contains three sub protocols.
1. The Handshake Protocol The handshake protocol of SSL is the first sub-protocol used by the client and the server to communicate using an SSL-enabled connection. This is similar to how Alice and Bob would first shake hands with each other accompanied with a hello before they start conversing. SSL tunnel ..Hello hi Bob Alice
Content of Handshake Protocol The handshake protocol consists of a series of messages between the client and the server. Each of these massages has the format showing below. Fig: format for the handshake protocol messages As shown in the above figure, each handshake messages has three fields, as follows:
Content of Handshake Protocol (A). Type (1 byte): this fields indicate one of the ten possible message types, mention in below table S. No Message Type Parameters 1 Hello Request None 2 Client Hello Version, Random number, Session ID, Cipher Suit, Compression Method 3 Server Hello Version, Random number, Session ID, Cipher Suit, Compression Method 4 Certificate Chain of X05.9V3 Certificates 5 Server-Key Exchange Parameters, Signature 6 Certificate Request Type, Authorities 7 Server Hello Done None 8 Certificate verify Signature 9 Client-key Exchange Parameters, Signatures 10 Finished Hash Values
Content of Handshake Protocol (B). Length (3 bytes): this field indicates the length of the message in bytes. (C). Content (1 or more bytes): this field contain the parameter associated with the message, depending on the message type, as listed in above table.
Phases of Handshake Protocol: There are four phases of handshake protocol as shown in the below image:
Phase 1. Establish Security Capabilities Phase 1. Establish Security Capabilities – this first phase of SSL Handshake protocol is used to initiate a logical connection and establish the security capabilities associated with the connection. This consists of two messages, the client hello and the server hello.
Phase 1. Establish Security Capabilities As shown in the above figure, the process starts with a client hello message from the client to server. It consists of the following parameter: • Version - This fields identify the highest version of SSL that the client can support, this can be 2, 3, or 3.1. • Random – This field is useful for later, actual communication between the client and the server, it contains two sub-fields: • A 32-bit date-time field that identifies the current system date and time on the client computer. • A 28-byte random number generated by the random-number generator software built in the client computer.
Phase 1. Establish Security Capabilities • Session Id – This is a variable-length session identifier. If these fields contain non-zero value, it means that there is already a connection between the client and the server, and the client wishes to update the parameters of that connection. A zero value in this field indicates that the client wants to create a new connection with the server. • Cipher Suit – This list contains a list of cryptographic algorithms supported by the client (e.g. RSA, Diffie-Hellman, etc.) in the decreasing order of preference.
Phase 1. Establish Security Capabilities • Compression Method – This field contains a list of compression algorithms supported by the client. The client sends the client hello message to the server and wait for the server’s response. Accordingly, the server sends back a server hello message to the client. This message also contains the same fields as in the client hello message. The server hello message consists of the following fields:
Phase 1. Establish Security Capabilities • Version – This fields identifies the lower of the version suggested by the client and the highest supported by the server. For example, if the client has suggested version 3, but the server also supports version 3.1, the server will select 3. • Random – This field has the same structure as the Random filed of the client. • Session id – If the session id value sent by the client was non- zero, the server use the same value. Otherwise, the server creates a new session id and put it in this field.
Phase 1. Establish Security Capabilities • Cipher Suit – It contains the single cipher suit, which the server selects from the list sent earlier by the client. • Compression Method – It contains compression algorithms, which the server selects from the list sent earlier by the client.
Phase 2. Server Authentication and Key- Exchange Phase 2. Server Authentication and Key-Exchange – The server initiates the second phase of the SSL handshake protocol, and it is the sole sender of all the messages in this phase. And the client is the sole recipient of all the massages. This phase contains four steps as shown in the below figure:
Phase 2. Server Authentication and Key- Exchange Let us discuss the four steps of this phase: 1. Certificate - In the first step (Certificate), the server sends its digital certificate and the entire chain leading up to root CA (Certificate Authority) to the client. This will help the client to authenticate the server using the server’s public key from the server’s certificate. The server’s certificate is mandatory in all situations, except if the key is being agreed upon by using Diffie-Hellman.
Phase 2. Server Authentication and Key- Exchange 2. Server Key Exchange – This step is optional. It is used only if the server does note sends its digital certificate to the client in step 1. In this step the server sends its public key to client (as the certificate is not available) 3. Certificate Request – In this step, the server can request for the client’s digital certificate. The client authentication in SSL is optional, and server may not always expect the client to be authenticated. Therefore, this step is optional.
Phase 2. Server Authentication and Key- Exchange 4. Server hello done – This message indicates to the client that its portion of the hello message (the server hello message) is complete. This indicated to the client that the client can now (optionally) verify the certificates sent by the server, and ensure that all the parameters sent by the server are acceptable. This message does not have any parameters. After sending this message, server waits for the client’s response.
Phase 3. Client Authentication and Key- Exchange Phase 3. Client Authentication and Key-Exchange – The Client initiate this third phase of SSL handshake protocol, and is the sole sender of all the messages of this phase. The server is the sole recipient of all messages. The phase contains three steps which are shown in the below figure.
Phase 3. Client Authentication and Key- Exchange Step 1: Certificate – This step is optional, this step is performed only if the server has requested for the client’s digital certificate. If the server has requested the client’s certificate, and if the client does not have one, the client sends a No Certificate message, instead of a Certificate message. It then is up to the server to decide if it wants to still communicate or not. Step 2: Client Key Exchange – Like the Server Key Exchange message, this step allows the client to send information to server, but in the opposite direction. This information related to the
Phase 3. Client Authentication and Key- Exchange symmetric key that both the parties will use in this session. Here the client creates a 48-byte pre-master secret, and encrypts it with the server’s public key and send this encrypted pre-master secret to the server.
Phase 3. Client Authentication and Key- Exchange Step 3: Certificate Verify – This step is necessary only if the server had demanded client authentication. As we know, if this is the case, the client has already sent it’s certificate to the server. However, additionally, the client also needs to prove to the server that it is the correct and authorized holder of the private key crossponding to the certificate. For this purpose, in this optional step, the client combine the pre-master secret with the random numbers exchange by the client and the server earlier (in Phase 1: Establish Security Capabilities) after hashing them together using MD5 and SHA-1, and signs the results its private key.
Phase 4. Finish Phase 4. Finish – The Client initiate the fourth of the SSL handshake protocol, which the server ends. This phase contains four steps as shown in the below image. The first two messages are from the client: Change cipher specs, Finished. The server responds back with two identical messages: Change cipher specs, Finished.
Phase 4. Finish Based on the pre-master secret that was created and sent by the client in the Client key exchange message, both the client and server create a master secret. Before secure encryption and integrity verification can be performed on records, the client and server need to generate shared secret information known only to them. This value is 48- byte quantity called the master secret. The master secret is used to generate keys and secrets for encryption and MAC (Message Authentication Code) computation. The master secret is calculated after computing message digest of the pre-master secret, client random and server random as shown in the below figure.
Phase 4. Finish
Phase 4. Finish The technical specification of calculation master secret is as follows: Finally, the symmetric keys to be used by the client and the server are generated. The conceptual process is shown below: Fig: Symmetric-key generation concept
Phase 4. Finish After this the first step (Change cipher specs) is confirmation form the client that all is well its end, which is strengthens with the Finished message. The server sends the same message to client.
Feedback Thanks for reading this presentation Please give us your feedback at info@prohackers.in Your feedback is most valuable for us for improving the presentation You can also suggest the topic on which you want the presentation Website: www.prohackers.in FB page: www.facebook.com/theprohackers2017 Join FB Group: www.facebook.com/groups/group.prohackers/ Watch us on: www.youtube.com//channel/UCcyYSi1sh1SmyMlGfB-Vq6A

Recommended

E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
Vishal Kumar
 
Internet security protocol
Internet security protocolInternet security protocol
Internet security protocolMousmi Pawar
 
Improving the Secure Socket Layer by Modifying the RSA Algorithm
Improving the Secure Socket Layer by Modifying the RSA AlgorithmImproving the Secure Socket Layer by Modifying the RSA Algorithm
Improving the Secure Socket Layer by Modifying the RSA Algorithm
IJCSEA Journal
 
Network security cs8
Network security cs8Network security cs8
Network security cs8
Infinity Tech Solutions
 
Web Security
Web SecurityWeb Security
Web Security
Ram Dutt Shukla
 
Ch13
Ch13Ch13
Ch13Joe Christensen
 
Network security cs9 10
Network security cs9 10Network security cs9 10
Network security cs9 10
Infinity Tech Solutions
 
Security
SecuritySecurity
Securitymajstors
 

Recommended

E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
Vishal Kumar
 
Internet security protocol
Internet security protocolInternet security protocol
Internet security protocolMousmi Pawar
 
Improving the Secure Socket Layer by Modifying the RSA Algorithm
Improving the Secure Socket Layer by Modifying the RSA AlgorithmImproving the Secure Socket Layer by Modifying the RSA Algorithm
Improving the Secure Socket Layer by Modifying the RSA Algorithm
IJCSEA Journal
 
Network security cs8
Network security cs8Network security cs8
Network security cs8
Infinity Tech Solutions
 
Web Security
Web SecurityWeb Security
Web Security
Ram Dutt Shukla
 
Ch13
Ch13Ch13
Ch13Joe Christensen
 
Network security cs9 10
Network security cs9 10Network security cs9 10
Network security cs9 10
Infinity Tech Solutions
 
Security
SecuritySecurity
Securitymajstors
 
Network security unit 4,5,6
Network security unit 4,5,6 Network security unit 4,5,6
Network security unit 4,5,6
WE-IT TUTORIALS
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
Emprovise
 
Web Security and SSL - Secure Socket Layer
Web Security and SSL - Secure Socket LayerWeb Security and SSL - Secure Socket Layer
Web Security and SSL - Secure Socket Layer
Akhil Nadh PC
 
Web Security
Web SecurityWeb Security
Web Security
Dipika Bambhaniya
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
Pawan Arya
 
Efficient Multi Server Authentication and Hybrid Authentication Method
Efficient Multi Server Authentication and Hybrid Authentication MethodEfficient Multi Server Authentication and Hybrid Authentication Method
Efficient Multi Server Authentication and Hybrid Authentication Method
IJCERT
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYMonodip Singha Roy
 
Computer security module 4
Computer security module 4Computer security module 4
Computer security module 4
Deepak John
 
Network and internet security
Network and internet security Network and internet security
Network and internet security
SabthamiS1
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesSSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
JaroslavChmurny
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
Naveen Kumar
 
Authentication in Different Scenarios
Authentication in Different ScenariosAuthentication in Different Scenarios
Authentication in Different Scenarios
Raj Sikarwar
 
Authentication Protocols
Authentication ProtocolsAuthentication Protocols
Authentication Protocols
Trinity Dwarka
 
Information and network security 45 digital signature standard
Information and network security 45 digital signature standardInformation and network security 45 digital signature standard
Information and network security 45 digital signature standard
Vaibhav Khanna
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
Ch15
Ch15Ch15
Ch15raja yasodhar
 
Unit 4
Unit 4Unit 4
Unit 4Vinod Kumar Gorrepati
 
Guillou-quisquater protocol for user authentication based on zero knowledge p...
Guillou-quisquater protocol for user authentication based on zero knowledge p...Guillou-quisquater protocol for user authentication based on zero knowledge p...
Guillou-quisquater protocol for user authentication based on zero knowledge p...
TELKOMNIKA JOURNAL
 
Authentication in Different Scenarios
Authentication in Different ScenariosAuthentication in Different Scenarios
Authentication in Different Scenarios
Raj Sikarwar
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer Security
Huda Seyam
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
Jyothishmathi Institute of Technology and Science Karimnagar
 

More Related Content

What's hot

Network security unit 4,5,6
Network security unit 4,5,6 Network security unit 4,5,6
Network security unit 4,5,6
WE-IT TUTORIALS
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
Emprovise
 
Web Security and SSL - Secure Socket Layer
Web Security and SSL - Secure Socket LayerWeb Security and SSL - Secure Socket Layer
Web Security and SSL - Secure Socket Layer
Akhil Nadh PC
 
Web Security
Web SecurityWeb Security
Web Security
Dipika Bambhaniya
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
Pawan Arya
 
Efficient Multi Server Authentication and Hybrid Authentication Method
Efficient Multi Server Authentication and Hybrid Authentication MethodEfficient Multi Server Authentication and Hybrid Authentication Method
Efficient Multi Server Authentication and Hybrid Authentication Method
IJCERT
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYMonodip Singha Roy
 
Computer security module 4
Computer security module 4Computer security module 4
Computer security module 4
Deepak John
 
Network and internet security
Network and internet security Network and internet security
Network and internet security
SabthamiS1
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesSSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
JaroslavChmurny
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
Naveen Kumar
 
Authentication in Different Scenarios
Authentication in Different ScenariosAuthentication in Different Scenarios
Authentication in Different Scenarios
Raj Sikarwar
 
Authentication Protocols
Authentication ProtocolsAuthentication Protocols
Authentication Protocols
Trinity Dwarka
 
Information and network security 45 digital signature standard
Information and network security 45 digital signature standardInformation and network security 45 digital signature standard
Information and network security 45 digital signature standard
Vaibhav Khanna
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
Guillou-quisquater protocol for user authentication based on zero knowledge p...
Guillou-quisquater protocol for user authentication based on zero knowledge p...Guillou-quisquater protocol for user authentication based on zero knowledge p...
Guillou-quisquater protocol for user authentication based on zero knowledge p...
TELKOMNIKA JOURNAL
 
Authentication in Different Scenarios
Authentication in Different ScenariosAuthentication in Different Scenarios
Authentication in Different Scenarios
Raj Sikarwar
 

What's hot (20)

Network security unit 4,5,6
Network security unit 4,5,6 Network security unit 4,5,6
Network security unit 4,5,6
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
Web Security and SSL - Secure Socket Layer
Web Security and SSL - Secure Socket LayerWeb Security and SSL - Secure Socket Layer
Web Security and SSL - Secure Socket Layer
 
Web Security
Web SecurityWeb Security
Web Security
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
 
Efficient Multi Server Authentication and Hybrid Authentication Method
Efficient Multi Server Authentication and Hybrid Authentication MethodEfficient Multi Server Authentication and Hybrid Authentication Method
Efficient Multi Server Authentication and Hybrid Authentication Method
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
 
Computer security module 4
Computer security module 4Computer security module 4
Computer security module 4
 
Network and internet security
Network and internet security Network and internet security
Network and internet security
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
 
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesSSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Authentication in Different Scenarios
Authentication in Different ScenariosAuthentication in Different Scenarios
Authentication in Different Scenarios
 
Authentication Protocols
Authentication ProtocolsAuthentication Protocols
Authentication Protocols
 
Information and network security 45 digital signature standard
Information and network security 45 digital signature standardInformation and network security 45 digital signature standard
Information and network security 45 digital signature standard
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
 
Ch15
Ch15Ch15
Ch15
 
Unit 4
Unit 4Unit 4
Unit 4
 
Guillou-quisquater protocol for user authentication based on zero knowledge p...
Guillou-quisquater protocol for user authentication based on zero knowledge p...Guillou-quisquater protocol for user authentication based on zero knowledge p...
Guillou-quisquater protocol for user authentication based on zero knowledge p...
 
Authentication in Different Scenarios
Authentication in Different ScenariosAuthentication in Different Scenarios
Authentication in Different Scenarios
 

Similar to Fundamental of Secure Socket Layer (SSl) | Part - 1

Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer Security
Huda Seyam
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
Jyothishmathi Institute of Technology and Science Karimnagar
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layerAhmed Elnaggar
 
Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL)Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL)
BGSBU Rajouri
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
Arun Shukla
 
Web security
Web securityWeb security
Web security
Subhash Basistha
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS
Ghanshyam Patel
 
Fundamental of Secure Socket Layer (SSL) | Part - 2
Fundamental of Secure Socket Layer (SSL) | Part - 2 Fundamental of Secure Socket Layer (SSL) | Part - 2
Fundamental of Secure Socket Layer (SSL) | Part - 2
Vishal Kumar
 
Wireshark lab ssl v7 solution
Wireshark lab ssl v7 solutionWireshark lab ssl v7 solution
Wireshark lab ssl v7 solution
United International University
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4limsh
 
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptWEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
SonukumarRawat
 
1643129870-internet-security.pptx
1643129870-internet-security.pptx1643129870-internet-security.pptx
1643129870-internet-security.pptx
MARIA401634
 
Web Security
Web SecurityWeb Security
Web Security
Dr.Florence Dayana
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS Handshake
Arpit Agarwal
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
Samip jain
 

Similar to Fundamental of Secure Socket Layer (SSl) | Part - 1 (20)

Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer Security
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
 
Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL)Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL)
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
 
Web security
Web securityWeb security
Web security
 
Transportsec
TransportsecTransportsec
Transportsec
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS
 
Fundamental of Secure Socket Layer (SSL) | Part - 2
Fundamental of Secure Socket Layer (SSL) | Part - 2 Fundamental of Secure Socket Layer (SSL) | Part - 2
Fundamental of Secure Socket Layer (SSL) | Part - 2
 
Unit 6
Unit 6Unit 6
Unit 6
 
SSL-image
SSL-imageSSL-image
SSL-image
 
Wireshark lab ssl v7 solution
Wireshark lab ssl v7 solutionWireshark lab ssl v7 solution
Wireshark lab ssl v7 solution
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4
 
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptWEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
 
Secure socket later
Secure socket laterSecure socket later
Secure socket later
 
1643129870-internet-security.pptx
1643129870-internet-security.pptx1643129870-internet-security.pptx
1643129870-internet-security.pptx
 
Web Security
Web SecurityWeb Security
Web Security
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS Handshake
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
Sequere socket Layer
Sequere socket LayerSequere socket Layer
Sequere socket Layer
 

More from Vishal Kumar

Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
Vishal Kumar
 
The Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallThe Complete Questionnaires About Firewall
The Complete Questionnaires About Firewall
Vishal Kumar
 
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) ProtocolE-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
Vishal Kumar
 
Privileges Escalation by Exploiting Client-Side Vulnerabilities Using Metasploit
Privileges Escalation by Exploiting Client-Side Vulnerabilities Using MetasploitPrivileges Escalation by Exploiting Client-Side Vulnerabilities Using Metasploit
Privileges Escalation by Exploiting Client-Side Vulnerabilities Using Metasploit
Vishal Kumar
 
Exploiting Client-Side Vulnerabilities and Establishing a VNC Session
Exploiting Client-Side Vulnerabilities and Establishing a VNC SessionExploiting Client-Side Vulnerabilities and Establishing a VNC Session
Exploiting Client-Side Vulnerabilities and Establishing a VNC Session
Vishal Kumar
 
Auditing System Password Using L0phtcrack
Auditing System Password Using L0phtcrackAuditing System Password Using L0phtcrack
Auditing System Password Using L0phtcrack
Vishal Kumar
 
Dumping and Cracking SAM Hashes to Extract Plaintext Passwords
Dumping and Cracking SAM Hashes to Extract Plaintext PasswordsDumping and Cracking SAM Hashes to Extract Plaintext Passwords
Dumping and Cracking SAM Hashes to Extract Plaintext Passwords
Vishal Kumar
 
The Fundamental of Electronic Mail (E-mail)
The Fundamental of Electronic Mail (E-mail)The Fundamental of Electronic Mail (E-mail)
The Fundamental of Electronic Mail (E-mail)
Vishal Kumar
 
The Fundamental of Secure Socket Layer (SSL)
The Fundamental of Secure Socket Layer (SSL)The Fundamental of Secure Socket Layer (SSL)
The Fundamental of Secure Socket Layer (SSL)
Vishal Kumar
 
Hawkeye the Credential Theft Maalware
Hawkeye the Credential Theft MaalwareHawkeye the Credential Theft Maalware
Hawkeye the Credential Theft Maalware
Vishal Kumar
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL Injection
Vishal Kumar
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threats
Vishal Kumar
 
Exploiting parameter tempering attack in web application
Exploiting parameter tempering attack in web applicationExploiting parameter tempering attack in web application
Exploiting parameter tempering attack in web application
Vishal Kumar
 
Mirroring web site using ht track
Mirroring web site using ht trackMirroring web site using ht track
Mirroring web site using ht track
Vishal Kumar
 
Collecting email from the target domain using the harvester
Collecting email from the target domain using the harvesterCollecting email from the target domain using the harvester
Collecting email from the target domain using the harvester
Vishal Kumar
 
Information gathering using windows command line utility
Information gathering using windows command line utilityInformation gathering using windows command line utility
Information gathering using windows command line utility
Vishal Kumar
 
Introduction ethical hacking
Introduction ethical hackingIntroduction ethical hacking
Introduction ethical hacking
Vishal Kumar
 
Social engineering
Social engineeringSocial engineering
Social engineering
Vishal Kumar
 
Social engineering
Social engineeringSocial engineering
Social engineering
Vishal Kumar
 

More from Vishal Kumar (19)

Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
 
The Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallThe Complete Questionnaires About Firewall
The Complete Questionnaires About Firewall
 
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) ProtocolE-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
 
Privileges Escalation by Exploiting Client-Side Vulnerabilities Using Metasploit
Privileges Escalation by Exploiting Client-Side Vulnerabilities Using MetasploitPrivileges Escalation by Exploiting Client-Side Vulnerabilities Using Metasploit
Privileges Escalation by Exploiting Client-Side Vulnerabilities Using Metasploit
 
Exploiting Client-Side Vulnerabilities and Establishing a VNC Session
Exploiting Client-Side Vulnerabilities and Establishing a VNC SessionExploiting Client-Side Vulnerabilities and Establishing a VNC Session
Exploiting Client-Side Vulnerabilities and Establishing a VNC Session
 
Auditing System Password Using L0phtcrack
Auditing System Password Using L0phtcrackAuditing System Password Using L0phtcrack
Auditing System Password Using L0phtcrack
 
Dumping and Cracking SAM Hashes to Extract Plaintext Passwords
Dumping and Cracking SAM Hashes to Extract Plaintext PasswordsDumping and Cracking SAM Hashes to Extract Plaintext Passwords
Dumping and Cracking SAM Hashes to Extract Plaintext Passwords
 
The Fundamental of Electronic Mail (E-mail)
The Fundamental of Electronic Mail (E-mail)The Fundamental of Electronic Mail (E-mail)
The Fundamental of Electronic Mail (E-mail)
 
The Fundamental of Secure Socket Layer (SSL)
The Fundamental of Secure Socket Layer (SSL)The Fundamental of Secure Socket Layer (SSL)
The Fundamental of Secure Socket Layer (SSL)
 
Hawkeye the Credential Theft Maalware
Hawkeye the Credential Theft MaalwareHawkeye the Credential Theft Maalware
Hawkeye the Credential Theft Maalware
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL Injection
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threats
 
Exploiting parameter tempering attack in web application
Exploiting parameter tempering attack in web applicationExploiting parameter tempering attack in web application
Exploiting parameter tempering attack in web application
 
Mirroring web site using ht track
Mirroring web site using ht trackMirroring web site using ht track
Mirroring web site using ht track
 
Collecting email from the target domain using the harvester
Collecting email from the target domain using the harvesterCollecting email from the target domain using the harvester
Collecting email from the target domain using the harvester
 
Information gathering using windows command line utility
Information gathering using windows command line utilityInformation gathering using windows command line utility
Information gathering using windows command line utility
 
Introduction ethical hacking
Introduction ethical hackingIntroduction ethical hacking
Introduction ethical hacking
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social engineering
Social engineeringSocial engineering
Social engineering
 

Recently uploaded

Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Dr. Vinod Kumar Kanvaria
 
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
Priyankaranawat4
 
Group Presentation 2 Economics.Ariana Buscigliopptx
Group Presentation 2 Economics.Ariana BuscigliopptxGroup Presentation 2 Economics.Ariana Buscigliopptx
Group Presentation 2 Economics.Ariana Buscigliopptx
ArianaBusciglio
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
Jean Carlos Nunes Paixão
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
EverAndrsGuerraGuerr
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
thanhdowork
 
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptxChapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
Normal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of LabourNormal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of Labour
Wasim Ak
 
Reflective and Evaluative Practice PowerPoint
Reflective and Evaluative Practice PowerPointReflective and Evaluative Practice PowerPoint
Reflective and Evaluative Practice PowerPoint
amberjdewit93
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
Israel Genealogy Research Association
 
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...
NelTorrente
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
Academy of Science of South Africa
 
Top five deadliest dog breeds in America
Top five deadliest dog breeds in AmericaTop five deadliest dog breeds in America
Top five deadliest dog breeds in America
Bisnar Chase Personal Injury Attorneys
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
David Douglas School District
 
Reflective and Evaluative Practice...pdf
Reflective and Evaluative Practice...pdfReflective and Evaluative Practice...pdf
Reflective and Evaluative Practice...pdf
amberjdewit93
 
Digital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental DesignDigital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental Design
amberjdewit93
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.
Dr. Shivangi Singh Parihar
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
SACHIN R KONDAGURI
 

Recently uploaded (20)

Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
 
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
 
Group Presentation 2 Economics.Ariana Buscigliopptx
Group Presentation 2 Economics.Ariana BuscigliopptxGroup Presentation 2 Economics.Ariana Buscigliopptx
Group Presentation 2 Economics.Ariana Buscigliopptx
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
 
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptxChapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
 
Normal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of LabourNormal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of Labour
 
Reflective and Evaluative Practice PowerPoint
Reflective and Evaluative Practice PowerPointReflective and Evaluative Practice PowerPoint
Reflective and Evaluative Practice PowerPoint
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
 
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
 
Top five deadliest dog breeds in America
Top five deadliest dog breeds in AmericaTop five deadliest dog breeds in America
Top five deadliest dog breeds in America
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
 
Reflective and Evaluative Practice...pdf
Reflective and Evaluative Practice...pdfReflective and Evaluative Practice...pdf
Reflective and Evaluative Practice...pdf
 
Digital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental DesignDigital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental Design
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
 
PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
 

Fundamental of Secure Socket Layer (SSl) | Part - 1

  • 1. “The Fundamental of Secure Socket Layer (SSL)” By: -Vishal Kumar (CEH, CHFI, CISE, MCP) info@prohackers.in Part - 1
  • 2. Topics to be Covered in this Presentation • Introduction of Secure Socket Layer SSL • The Position of SSL in the TCP/IP Suit • Working of Secure Socket Layer • Working of Handshake Protocol • Phases of Handshake protocol • Establish Security Capabilities • Server Authentication and Key Exchange • Client Authentication and Key Exchange • Finish
  • 3. Introduction: The Secure socket Layer (SSL) protocol is an Internet protocol for the secure exchange of information between a Web browser and a Web server. It provides two basic security services: Authentication and Confidentiality. SSL is developed by the Netscape Corporation in 1994. Since then, it is become most popular Web-Security mechanism. Currently SSL comes in three versions 2, 3 and 3.1; the most popular of them is version 3 which is released in 1995.
  • 4. The Position of SSL in TCP/IP Protocol Suit The SSL layer is located between the application layer and the transport layer. It is consider as an additional layer in TCP/IP Suit. As such, the communication between the various TCP/IP protocol layers is now as shown below
  • 5. The Position of SSL in TCP/IP Protocol Suit Fig: SSL is located between application and transport layer
  • 6. The Position of SSL in TCP/IP Protocol Suit As we can see in the above image, the application layer of the sending computer (X) prepares the data to be sent to receiving computer (Y), as usual. However, unlike what happens in the normal case, the application layer is not passed directly to the transport layer now. Instead the application-layer data is passed to the SSL layer. Here the SSL layer performs encryption on the data received from the application layer (indicated by the Dark Gray color), and also add its own encryption information header, called SSL Header (SH) to the encryption data. We will later study what exactly happens in this process.
  • 7. The Position of SSL in TCP/IP Protocol Suit After this, the SSL layer data (L5) become the input for the transport layer. It adds its own header (H4) and passes it on to the internet layer, and so on. This process happens exactly the way it happens in the case of normal TCP/IP data transfer. Finally, when the data reaches the physical layer, it is sent in the form of voltage pulses across the transmission medium. At the receiver’s end the process happens pretty similar to how it happens in the case of normal TCP/IP connection, until it reaches the new SSL layer. The SSL layer at the receiver’s end remove the SSL Header (SH), decrypt the encrypted data and give the plain- text data back to the application layer of the receiving computer. Thus, only the application layer data is encrypted by the SSL.
  • 8. Working of Secure Socket layer (SSL) The SSL contains three sub protocols.
  • 9. 1. The Handshake Protocol The handshake protocol of SSL is the first sub-protocol used by the client and the server to communicate using an SSL-enabled connection. This is similar to how Alice and Bob would first shake hands with each other accompanied with a hello before they start conversing. SSL tunnel ..Hello hi Bob Alice
  • 10. Content of Handshake Protocol The handshake protocol consists of a series of messages between the client and the server. Each of these massages has the format showing below. Fig: format for the handshake protocol messages As shown in the above figure, each handshake messages has three fields, as follows:
  • 11. Content of Handshake Protocol (A). Type (1 byte): this fields indicate one of the ten possible message types, mention in below table S. No Message Type Parameters 1 Hello Request None 2 Client Hello Version, Random number, Session ID, Cipher Suit, Compression Method 3 Server Hello Version, Random number, Session ID, Cipher Suit, Compression Method 4 Certificate Chain of X05.9V3 Certificates 5 Server-Key Exchange Parameters, Signature 6 Certificate Request Type, Authorities 7 Server Hello Done None 8 Certificate verify Signature 9 Client-key Exchange Parameters, Signatures 10 Finished Hash Values
  • 12. Content of Handshake Protocol (B). Length (3 bytes): this field indicates the length of the message in bytes. (C). Content (1 or more bytes): this field contain the parameter associated with the message, depending on the message type, as listed in above table.
  • 13. Phases of Handshake Protocol: There are four phases of handshake protocol as shown in the below image:
  • 14. Phase 1. Establish Security Capabilities Phase 1. Establish Security Capabilities – this first phase of SSL Handshake protocol is used to initiate a logical connection and establish the security capabilities associated with the connection. This consists of two messages, the client hello and the server hello.
  • 15. Phase 1. Establish Security Capabilities As shown in the above figure, the process starts with a client hello message from the client to server. It consists of the following parameter: • Version - This fields identify the highest version of SSL that the client can support, this can be 2, 3, or 3.1. • Random – This field is useful for later, actual communication between the client and the server, it contains two sub-fields: • A 32-bit date-time field that identifies the current system date and time on the client computer. • A 28-byte random number generated by the random-number generator software built in the client computer.
  • 16. Phase 1. Establish Security Capabilities • Session Id – This is a variable-length session identifier. If these fields contain non-zero value, it means that there is already a connection between the client and the server, and the client wishes to update the parameters of that connection. A zero value in this field indicates that the client wants to create a new connection with the server. • Cipher Suit – This list contains a list of cryptographic algorithms supported by the client (e.g. RSA, Diffie-Hellman, etc.) in the decreasing order of preference.
  • 17. Phase 1. Establish Security Capabilities • Compression Method – This field contains a list of compression algorithms supported by the client. The client sends the client hello message to the server and wait for the server’s response. Accordingly, the server sends back a server hello message to the client. This message also contains the same fields as in the client hello message. The server hello message consists of the following fields:
  • 18. Phase 1. Establish Security Capabilities • Version – This fields identifies the lower of the version suggested by the client and the highest supported by the server. For example, if the client has suggested version 3, but the server also supports version 3.1, the server will select 3. • Random – This field has the same structure as the Random filed of the client. • Session id – If the session id value sent by the client was non- zero, the server use the same value. Otherwise, the server creates a new session id and put it in this field.
  • 19. Phase 1. Establish Security Capabilities • Cipher Suit – It contains the single cipher suit, which the server selects from the list sent earlier by the client. • Compression Method – It contains compression algorithms, which the server selects from the list sent earlier by the client.
  • 20. Phase 2. Server Authentication and Key- Exchange Phase 2. Server Authentication and Key-Exchange – The server initiates the second phase of the SSL handshake protocol, and it is the sole sender of all the messages in this phase. And the client is the sole recipient of all the massages. This phase contains four steps as shown in the below figure:
  • 21. Phase 2. Server Authentication and Key- Exchange Let us discuss the four steps of this phase: 1. Certificate - In the first step (Certificate), the server sends its digital certificate and the entire chain leading up to root CA (Certificate Authority) to the client. This will help the client to authenticate the server using the server’s public key from the server’s certificate. The server’s certificate is mandatory in all situations, except if the key is being agreed upon by using Diffie-Hellman.
  • 22. Phase 2. Server Authentication and Key- Exchange 2. Server Key Exchange – This step is optional. It is used only if the server does note sends its digital certificate to the client in step 1. In this step the server sends its public key to client (as the certificate is not available) 3. Certificate Request – In this step, the server can request for the client’s digital certificate. The client authentication in SSL is optional, and server may not always expect the client to be authenticated. Therefore, this step is optional.
  • 23. Phase 2. Server Authentication and Key- Exchange 4. Server hello done – This message indicates to the client that its portion of the hello message (the server hello message) is complete. This indicated to the client that the client can now (optionally) verify the certificates sent by the server, and ensure that all the parameters sent by the server are acceptable. This message does not have any parameters. After sending this message, server waits for the client’s response.
  • 24. Phase 3. Client Authentication and Key- Exchange Phase 3. Client Authentication and Key-Exchange – The Client initiate this third phase of SSL handshake protocol, and is the sole sender of all the messages of this phase. The server is the sole recipient of all messages. The phase contains three steps which are shown in the below figure.
  • 25. Phase 3. Client Authentication and Key- Exchange Step 1: Certificate – This step is optional, this step is performed only if the server has requested for the client’s digital certificate. If the server has requested the client’s certificate, and if the client does not have one, the client sends a No Certificate message, instead of a Certificate message. It then is up to the server to decide if it wants to still communicate or not. Step 2: Client Key Exchange – Like the Server Key Exchange message, this step allows the client to send information to server, but in the opposite direction. This information related to the
  • 26. Phase 3. Client Authentication and Key- Exchange symmetric key that both the parties will use in this session. Here the client creates a 48-byte pre-master secret, and encrypts it with the server’s public key and send this encrypted pre-master secret to the server.
  • 27. Phase 3. Client Authentication and Key- Exchange Step 3: Certificate Verify – This step is necessary only if the server had demanded client authentication. As we know, if this is the case, the client has already sent it’s certificate to the server. However, additionally, the client also needs to prove to the server that it is the correct and authorized holder of the private key crossponding to the certificate. For this purpose, in this optional step, the client combine the pre-master secret with the random numbers exchange by the client and the server earlier (in Phase 1: Establish Security Capabilities) after hashing them together using MD5 and SHA-1, and signs the results its private key.
  • 28. Phase 4. Finish Phase 4. Finish – The Client initiate the fourth of the SSL handshake protocol, which the server ends. This phase contains four steps as shown in the below image. The first two messages are from the client: Change cipher specs, Finished. The server responds back with two identical messages: Change cipher specs, Finished.
  • 29. Phase 4. Finish Based on the pre-master secret that was created and sent by the client in the Client key exchange message, both the client and server create a master secret. Before secure encryption and integrity verification can be performed on records, the client and server need to generate shared secret information known only to them. This value is 48- byte quantity called the master secret. The master secret is used to generate keys and secrets for encryption and MAC (Message Authentication Code) computation. The master secret is calculated after computing message digest of the pre-master secret, client random and server random as shown in the below figure.
  • 31. Phase 4. Finish The technical specification of calculation master secret is as follows: Finally, the symmetric keys to be used by the client and the server are generated. The conceptual process is shown below: Fig: Symmetric-key generation concept
  • 32. Phase 4. Finish After this the first step (Change cipher specs) is confirmation form the client that all is well its end, which is strengthens with the Finished message. The server sends the same message to client.
  • 33. Feedback Thanks for reading this presentation Please give us your feedback at info@prohackers.in Your feedback is most valuable for us for improving the presentation You can also suggest the topic on which you want the presentation Website: www.prohackers.in FB page: www.facebook.com/theprohackers2017 Join FB Group: www.facebook.com/groups/group.prohackers/ Watch us on: www.youtube.com//channel/UCcyYSi1sh1SmyMlGfB-Vq6A

Editor's Notes

  1. 1