SSL (Secure Sockets Layer) is a standard protocol that provides secure communication between a web server and browser by encrypting data transmission. It establishes an encrypted connection through a handshake process where the server and client authenticate each other and negotiate encryption keys before transmitting secure data. The SSL/TLS record protocol then encrypts fragmented data using symmetric encryption and verifies integrity with MACs before transmission. Alert messages are used to notify errors between the client and server.
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Secure Sockets Layer (SSL)
1. BABA GHULAM SHAH BADSHAH UNIVERSITY RAJOURI
Department of Computer Science and Applications
ROLL NO. 19-MCS-2015
Semester:- 5th
Course Title:- Cryptography And Network Security.
Presentation Topic:- Secure Sockets Layer (SSL)
1
2. WHAT IS SSL?
SSL (Secure Sockets Layer) is a standard security
protocol for establishing encrypted links between a
web server and a browser in an online
communication.
The usage of SSL technology ensures that all data
transmitted between the web server and browser
remains encrypted.
2
3. WHAT IS SSL?
it provides a secure transport connection between
applications (e.g., a web server and a browser).
SSL was developed by Netscape.
SSL version 3.0 has been implemented in many web
browsers (e.g., Netscape Navigator and MS Internet
Explorer) and web servers and widely used on the
Internet.
TLS can be viewed as SSL v3.1
3
4. Cont…
This link ensures that all data passed between the
web server and browsers remain private and integral.
It provide two basic security services
1) Authentication.
2) Confidentiality.
It provide a secure pipeline between the web browser
and web server.
4
5. Cont...
SSL provides users with a secure communication
channel for communication purpose between the
client and the server.
It encrypt data packet at the sender’s end.
When these data packet arrive at the destination
system, they decrypt to retrieve the original data.
In short, SSL encrypt data at the sender’s end and
decrypt data at the receiver’s end.
5
7. SSL HISTORY
Netscape developed The Secure Sockets Layer
Protocol (SSL) in 1994, as a response to the growing
concern over security on the Internet.
SSL was originally developed for securing web
browser and server communications.
7
8. SSL VERSION
There are several versions of the SSL protocol defined.
SSL Version
SSL Version 1.0
SSL Version 2.0
SSL Version 3.0
TLS Version 1.0
TLS Version 1.0 with SSL Version 3.0 compatibility
8
9. Cont…
The latest version, the Transport Layer Security
Protocol (TLS), is based on SSL 3.0
Version 1.0 was never publicly released;
version 2.0 was released in February 1995 but
"contained a number of security flaws which
ultimately led to the design of SSL version 3.0"
9
10. Position of SSL in TCP/IP
Application Layer
SSL Layer
Transport Layer
Internet Layer
Data Link Layer
Physical Layer
Fig. Position of SSL in
TCP/IP
• SSL can be conceptually
considered as an
additional layer in the
TCP/IP protocol suite.
• The SSL layer is located
between the application
layer and the transport
layer, as shown in Figure
10
11. L5 Data
L5 Data
L5 Data
L4 Data
L3 Data
0101010100010101010010
SH
H4
H2
H3
L5 Data
L5 Data
L5 Data
L4 Data
L3 Data
0101010100010101010010
SH
H4
H2
H3
Application
SSL
Transport
Internet
Data Link
Physical
Fig. SSL is located between application and transport layer
Transmission Medium
Cont…
X Y
11
12. How SSL Works?
SSL has three sub-protocols, namely:
The Handshake Protocol,
The Record Protocol and
The Alert Protocol.
12
13. Handshaking Protocol
Protocol-allows server
and client to
authenticate negotiate
encryption algorithm
and cryptographic keys
Type Length Contents
Fig. Format of handshake protocol
message
1 byte 3 bytes 1 or more bytes
Indicate one of the ten
possible message types
Length of Message in
byte
Contain parameters
associated with the
message
13
15. Phase 1. Establishing Security Capabilities
Fig. Phase 1. Establishing Security Capabilities
• The first phase of SSL
handshake is used to
initiate a logical
connection and establish
the security capabilities
associated with that
connection
• This consists of two
message Client hello
and Server hello.
15
16. Phase 2 :-Server Authentication and key
exchange
The server initiates this second phase of the SSL
handshake, and is the sole sender of all the messages
in the phase.
The client is the sole recipient of all these message.
This phase contain the four steps.
16
17. Phase 2. Server Authentication and key
exchange
Step 1. Certificates
Step 4. Server Hello done
Step 2. Server key exchange
Step 3. Certificate request
Web
Browse
r
Web
Server
17
18. Phase 3. Client Authentication and key exchange
Step 1. Certificate
Step 2. Client key exchange
Step 3. Certificate verify
Web
Browse
r
Web
Server
18
19. Phase 4. Finish
Step 1. Change of cipher
Step 2. Finish
Step 3 Change cipher specs
Step 4. Finish
Web
Server
Web
Browse
r
19
20. Record Protocol
The record protocol came into picture after the
successful handshake is completed between client
and server.
This protocol provides two services
1) Confidentiality:- This can be achieve by using
secret key that is defined by the handshake protocol
2) Integrity:- Handshake protocol also defines a
shared secret key that is used for assuring message
integrity.
20
21. Record Protocol
1. fragmentation. Each upper-layer
message is fragmented into blocks of 214
bytes (16384 bytes) or less.
2. Compression:- The fragmented
blocks are optionally compressed. The
compression process must not result into
the loss of data
3. Add MAC:- using the shared secret key
the message authentication code for
each block is calculated.
4. Encryption:- using the symmetric key
established previously in the handshake
protocol, the output of previous step is now
encrypted. This may not increases the overall
size of block.
5. Append Header:- Finally a header is
added to encrypted block.
21
22. Alert Protocol
When client or server detects an error,
the detecting party sends an alert
message to the other party.
If the error is fatal, both the parties
immediately close the SSL connection
Other error, which are not serve, do not
result in the termination of the
connection.
Severity Cause
Byte 1
Byte
2
Fig. Alert Protocol
message format
• Each alert message consist of 2
bytes.
. If error is fatal, byte
contain 2.
Fist byte signifies the type of error.
If it is warning, this byte contain
1
22
23. Fatal alerts
Fatal alerts
Unexpected message: An inappropriate message was received.
Bad_record_mac: An incorrect MAC was received.
Decompression_failure: function rerieved an improper input
Handshake_failure:
23
24. No Fatal Alert/ Warning
No Fatal Alert/ Warning
• no_certificate:
• bad_certificate: received certificate was corrupt
• unsupported_certificate: The type of the received certificate is
not supported.
• certificate_expired:
• close_notify :alert before closing the write side of a connection.
24
25. SOURCES USED
Cryptography and Network Security, Principles and
Practices, 4th Ed., William Stallings.
Cryptography and Network Security, Atul kahate.
www.wikipedia.com
A few other internet resources
25