- The document discusses SSL (Secure Sockets Layer), which is a standard security technology for establishing an encrypted link between a web server and browser. It provides key details on SSL including its architecture, protocols (SSL Record and Handshake), certificates, encryption, and history/development. SSL uses public/private keys to encrypt data during transmission and provides authentication and security for web applications.

2. 2My Presentation
Main Contents:
• Introduction
• Key Scheme
• History and Development
• Why use SSL?
• SSL Certificate
• SSL Architecture
• SSL Protocols
• SSL Record Protocol
• SSL Handshake Protocol

3. Introduction:
• SSL (Secure Sockets Layer) is the standard security technology for
establishing an encrypted link between a web server and a browser.
• SSL is transport layer protocol.
• SSL resides beneath of Application layer and above the network
layer.
Application Layer
Transport Layer
Network Layer
3

4. Key Scheme:
SSL uses a cryptographic system that uses two keys to encrypt data
•Each client-server pair uses
• 2 public keys
• one for client (browser)
• created when browser is installed on client machine
• one for server (http server)
• created when server is installed on server hardware
• 2 private keys
• one for client browser
• one for client browser
4

5. 5My Presentation
History and Development:
Invention
• The Netscape company created the SSL protocol in 1994.
Versions
• SSL 1.0
• Internal Netscape design, early 1994.
• Lost in the mists of time and was never publically released.
• SSL 2.0
• Published by Netscape, November 1994.
• 40 bit key uses for encryption and it was badly broken.
• SSL 3.0
• Designed by Netscape and Paul Kocher, November 1996.
• It relies on MAC’s that are encrypted at 128 bits.

6. 6My Presentation
History and Development:
• TLS 1.0
• The Internet Engineering Task Force (IETF) began work to
develop a standard protocol that provided the same
functionality [as SSL]. They used SSL 3.0 as the basis for that
work, which became the TLS protocol in
• IETF develop TLS 1.0 in January 1999 was defined in RFC
2246.
• TLS 1.1 was defined in RFC 2346 in April 2006.
• TLS 1.2 was defined in RFC 5246 in August 2008.

7. Why use SSL?
• The primary reason why SSL is used is to keep sensitive information sent
across the Internet encrypted so that only the intended recipient can
understand it.
• A proper SSL certificate also provides authentication.
• SSL providers will also give you a trust seal that instills more trust in your
customers.
• SSL protects from phishing
7

8. SSL Certificate:
• An SSL certificate is a digital certificate using SSL technology perform
Two specific functions.
• Authentication
• SSL certificate has information about the authenticity of certain details
regarding the identity of a person.
• Data Encryption
• SSL certificate also enables encryption which means that the sensitive
information exchanged via the website cannot be intercepted and
read by anyone other than the intended recipient.
8

9. Valid SSL Certificate:
9

10. SSL Architecture:
• The SSL is a method for providing security for web based applications.
• SSL is not a single protocol but rather two layers of protocols
as shown in figure
10

11. SSL Protocols:
• In particular the HTTP, which provides the transfer service for web
client/server interaction, can operate on top SSL.
• Three Higher layer protocols are defined as part of SSL:
• The Change Cipher Spec Protocol
• The Alert Protocol
• Handshake Protocol
11

12. 12My Presentation
SSL Change Cipher Spec Protocol:
• The change cipher spec Protocol is one of 3 SSL specific protocols which use
the SSL Record protocol.
• This protocol consists of a single message , which consists of a single byte with
value 1.
• The purpose of message is to
• Cause copy of pending state to current state.
• Updates cipher suite to be used on the current connection .

13. SSL Alert Protocol:
• Used to conveys SSL-related alerts to peer entity(error messages fatal alerts
and warnings).
• Alert protocol consists of two bytes
• 1st
byte : warning or fatal.
• 2nd
byte: code for specific alerts.
• Specific alert types
• unexpected message, bad record mac, decompression failure,
handshake failure, illegal parameter.
• close notify, no certificate, bad certificate, unsupported
certificate, certificate revoked, certificate expired, certificate
unknown.
• Compressed & encrypted like all SSL data.
13

14. 14My Presentation
Fatal Alerts:
First , we list those alerts that are always fatal (definitions from the SSL
specification)
• Unexpected message: An inappropriate message was received.
• Bad_record _mac: An incorrect MAC was received.
• Decompression failure: The decompression function received improper
Input .
• Handshake failure: Sender was unable to negotiate an acceptable set of
security parameters given the options available.
• Illegal parameter: A field in a hand shake message was out of range or
inconsistent with other field.

15. 15My Presentation
Warnings:
• No certificate: May be sent in the response to a certificate request if no
appropriate certificate is available.
• Bad certificate: A received certificate was corrupt (e.g., contained a
signature that did not verify).
• Unsupported certificate: The type of the received certificate is not
supported .
• Certificate revoked: A certificate has been revoked by its signer.
• Certificate expired: A certificate has expired.

16. SSL Record Protocol
• The Record Protocol takes an application message to be
transmitted, fragments the data into blocks, compresses the data
(optionally), applies a MAC, encrypts, adds a header and transmits
the resulting unit.
Steps:
• Fragmentation: The record layer fragments information blocks into SSL
Plaintext records of 214
bytes or less.
• Compression: All records are compressed using the compression
algorithm. The compression algorithm translates an SSL Plaintext structure
into an SSL Compressed structure.
• Compute a MAC – All records are protected using the encryption and
MAC algorithms defined in the current Cipher Spec. A shared secret key
is used.
16

17. 17

18. 18
• Stand for message authentication code.
• A MAC function is an authentication scheme deriver by applying a
secret key to a message in some form. This does not mean the symmetric
key is used to encrypt the massage.
• MAC is responsible for the verification of integrity of the message include
in the transmitted record . It is the result of a hash function that follows a
specific hash algorithm , foe example MD5 or SHA-1 .
MAC is determined as a hash function.
MAC

19. Header:
• Content Type (8 bits):
• The higher layer protocol used to process the enclosed fragment.
• Major Version (8bits):
• Indicates major version of SSL in use. For SSL v 3, the value is 3.
• Major Version (8bits):
• Indicates minor version in use. For SSL v 3, the value is 0.
• Compressed Length (16bits):
• The length in bytes of the plaintext fragment (or compressed fragment if
compression is used)
The maximum value is 214
+2048.
19

20. SSL Handshake Protocol
• allows server & client to:
• authenticate each other
• to negotiate encryption & MAC algorithms
• to negotiate cryptographic keys to be used
• comprises a series of messages in phases
• Establish Security Capabilities
• Server Authentication and Key Exchange
• Client Authentication and Key Exchange
• Finish
20

21. 21

22. Handshake Protocol
• This protocol allows the server and client to authenticate each other
and to negotiate an encryption and MAC algorithm and
cryptographic keys to be used to protect data sent in an SSL record.
• The client sends a client hello message to which the server must
respond with a server hello message.
• The client hello and server hello are used to establish security
enhancement capabilities between client and server. The client
hello and server hello establish the following attributes: protocol
version, session ID, cipher suite, and compression method.
• After the hello messages, the server will send its certificate. A
server key exchange message may be sent. If the server is
authenticated, it may request a certificate from the client, if that
is appropriate to the cipher suite selected.
22

23. • Now the server will send the server hello done message,
indicating that the hello-message phase of the handshake is
complete. The server will then wait for a client response.
• If the server has sent a certificate request message, the client
must send the certificate message. The client key exchange
message is sent, and the content of that message will depend on
the public key algorithm selected between the client hello and
the server hello. If the client has sent a certificate with a digitally-
signed certificate, then a verify message is sent to explicitly verify
the certificate.
23

24. • Null or standard stream cipher - Stream ciphers convert SSL
Compressed fragment structures to and from stream SSL Cipher
text
• CBC block cipher - For block ciphers (such as DES), the
encryption and MAC functions convert SSL Compressed fragment
structures to and from block SSL Cipher text fragment structures.
• Record header
24

25. The End
25