SlideShare a Scribd company logo

The Fundamental of Secure Socket Layer (SSL)

Download as PPTX, PDF
Vishal Kumar
Vishal Kumar

"The Fundamental of SSL" it is the first part of this Topic in which we covered covers the deep understanding of Secure Socket Layer, its position in the TCP/IP suit, its sub protocols and the working or Handshake Protocol.

Education
1 of 33
“The Fundamental of Secure Socket Layer (SSL)” By: -Vishal Kumar (CEH, CHFI, CISE, MCP) info@prohackers.in Part - 1
Topics to be Covered in this Presentation • Introduction of Secure Socket Layer SSL • The Position of SSL in the TCP/IP Suit • Working of Secure Socket Layer • Working of Handshake Protocol • Phases of Handshake protocol • Establish Security Capabilities • Server Authentication and Key Exchange • Client Authentication and Key Exchange • Finish
Introduction: The Secure socket Layer (SSL) protocol is an Internet protocol for the secure exchange of information between a Web browser and a Web server. It provides two basic security services: Authentication and Confidentiality. SSL is developed by the Netscape Corporation in 1994. Since then, it is become most popular Web-Security mechanism. Currently SSL comes in three versions 2, 3 and 3.1; the most popular of them is version 3 which is released in 1995.
The Position of SSL in TCP/IP Protocol Suit The SSL layer is located between the application layer and the transport layer. It is consider as an additional layer in TCP/IP Suit. As such, the communication between the various TCP/IP protocol layers is now as shown below
The Position of SSL in TCP/IP Protocol Suit Fig: SSL is located between application and transport layer
The Position of SSL in TCP/IP Protocol Suit As we can see in the above image, the application layer of the sending computer (X) prepares the data to be sent to receiving computer (Y), as usual. However, unlike what happens in the normal case, the application layer is not passed directly to the transport layer now. Instead the application-layer data is passed to the SSL layer. Here the SSL layer performs encryption on the data received from the application layer (indicated by the Dark Gray color), and also add its own encryption information header, called SSL Header (SH) to the encryption data. We will later study what exactly happens in this process.
The Position of SSL in TCP/IP Protocol Suit After this, the SSL layer data (L5) become the input for the transport layer. It adds its own header (H4) and passes it on to the internet layer, and so on. This process happens exactly the way it happens in the case of normal TCP/IP data transfer. Finally, when the data reaches the physical layer, it is sent in the form of voltage pulses across the transmission medium. At the receiver’s end the process happens pretty similar to how it happens in the case of normal TCP/IP connection, until it reaches the new SSL layer. The SSL layer at the receiver’s end remove the SSL Header (SH), decrypt the encrypted data and give the plain- text data back to the application layer of the receiving computer. Thus, only the application layer data is encrypted by the SSL.
Working of Secure Socket layer (SSL) The SSL contains three sub protocols.
1. The Handshake Protocol The handshake protocol of SSL is the first sub-protocol used by the client and the server to communicate using an SSL-enabled connection. This is similar to how Alice and Bob would first shake hands with each other accompanied with a hello before they start conversing. SSL tunnel ..Hello hi Bob Alice
Content of Handshake Protocol The handshake protocol consists of a series of messages between the client and the server. Each of these massages has the format showing below. Fig: format for the handshake protocol messages As shown in the above figure, each handshake messages has three fields, as follows:
Content of Handshake Protocol (A). Type (1 byte): this fields indicate one of the ten possible message types, mention in below table S. No Message Type Parameters 1 Hello Request None 2 Client Hello Version, Random number, Session ID, Cipher Suit, Compression Method 3 Server Hello Version, Random number, Session ID, Cipher Suit, Compression Method 4 Certificate Chain of X05.9V3 Certificates 5 Server-Key Exchange Parameters, Signature 6 Certificate Request Type, Authorities 7 Server Hello Done None 8 Certificate verify Signature 9 Client-key Exchange Parameters, Signatures 10 Finished Hash Values
Content of Handshake Protocol (B). Length (3 bytes): this field indicates the length of the message in bytes. (C). Content (1 or more bytes): this field contain the parameter associated with the message, depending on the message type, as listed in above table.
Phases of Handshake Protocol: There are four phases of handshake protocol as shown in the below image:
Phase 1. Establish Security Capabilities Phase 1. Establish Security Capabilities – this first phase of SSL Handshake protocol is used to initiate a logical connection and establish the security capabilities associated with the connection. This consists of two messages, the client hello and the server hello.
Phase 1. Establish Security Capabilities As shown in the above figure, the process starts with a client hello message from the client to server. It consists of the following parameter: • Version - This fields identify the highest version of SSL that the client can support, this can be 2, 3, or 3.1. • Random – This field is useful for later, actual communication between the client and the server, it contains two sub-fields: • A 32-bit date-time field that identifies the current system date and time on the client computer. • A 28-byte random number generated by the random-number generator software built in the client computer.
Phase 1. Establish Security Capabilities • Session Id – This is a variable-length session identifier. If these fields contain non-zero value, it means that there is already a connection between the client and the server, and the client wishes to update the parameters of that connection. A zero value in this field indicates that the client wants to create a new connection with the server. • Cipher Suit – This list contains a list of cryptographic algorithms supported by the client (e.g. RSA, Diffie-Hellman, etc.) in the decreasing order of preference.
Phase 1. Establish Security Capabilities • Compression Method – This field contains a list of compression algorithms supported by the client. The client sends the client hello message to the server and wait for the server’s response. Accordingly, the server sends back a server hello message to the client. This message also contains the same fields as in the client hello message. The server hello message consists of the following fields:
Phase 1. Establish Security Capabilities • Version – This fields identifies the lower of the version suggested by the client and the highest supported by the server. For example, if the client has suggested version 3, but the server also supports version 3.1, the server will select 3. • Random – This field has the same structure as the Random filed of the client. • Session id – If the session id value sent by the client was non- zero, the server use the same value. Otherwise, the server creates a new session id and put it in this field.
Phase 1. Establish Security Capabilities • Cipher Suit – It contains the single cipher suit, which the server selects from the list sent earlier by the client. • Compression Method – It contains compression algorithms, which the server selects from the list sent earlier by the client.
Phase 2. Server Authentication and Key- Exchange Phase 2. Server Authentication and Key-Exchange – The server initiates the second phase of the SSL handshake protocol, and it is the sole sender of all the messages in this phase. And the client is the sole recipient of all the massages. This phase contains four steps as shown in the below figure:
Phase 2. Server Authentication and Key- Exchange Let us discuss the four steps of this phase: 1. Certificate - In the first step (Certificate), the server sends its digital certificate and the entire chain leading up to root CA (Certificate Authority) to the client. This will help the client to authenticate the server using the server’s public key from the server’s certificate. The server’s certificate is mandatory in all situations, except if the key is being agreed upon by using Diffie-Hellman.
Phase 2. Server Authentication and Key- Exchange 2. Server Key Exchange – This step is optional. It is used only if the server does note sends its digital certificate to the client in step 1. In this step the server sends its public key to client (as the certificate is not available) 3. Certificate Request – In this step, the server can request for the client’s digital certificate. The client authentication in SSL is optional, and server may not always expect the client to be authenticated. Therefore, this step is optional.
Phase 2. Server Authentication and Key- Exchange 4. Server hello done – This message indicates to the client that its portion of the hello message (the server hello message) is complete. This indicated to the client that the client can now (optionally) verify the certificates sent by the server, and ensure that all the parameters sent by the server are acceptable. This message does not have any parameters. After sending this message, server waits for the client’s response.
Phase 3. Client Authentication and Key- Exchange Phase 3. Client Authentication and Key-Exchange – The Client initiate this third phase of SSL handshake protocol, and is the sole sender of all the messages of this phase. The server is the sole recipient of all messages. The phase contains three steps which are shown in the below figure.
Phase 3. Client Authentication and Key- Exchange Step 1: Certificate – This step is optional, this step is performed only if the server has requested for the client’s digital certificate. If the server has requested the client’s certificate, and if the client does not have one, the client sends a No Certificate message, instead of a Certificate message. It then is up to the server to decide if it wants to still communicate or not. Step 2: Client Key Exchange – Like the Server Key Exchange message, this step allows the client to send information to server, but in the opposite direction. This information related to the
Phase 3. Client Authentication and Key- Exchange symmetric key that both the parties will use in this session. Here the client creates a 48-byte pre-master secret, and encrypts it with the server’s public key and send this encrypted pre-master secret to the server.
Phase 3. Client Authentication and Key- Exchange Step 3: Certificate Verify – This step is necessary only if the server had demanded client authentication. As we know, if this is the case, the client has already sent it’s certificate to the server. However, additionally, the client also needs to prove to the server that it is the correct and authorized holder of the private key crossponding to the certificate. For this purpose, in this optional step, the client combine the pre-master secret with the random numbers exchange by the client and the server earlier (in Phase 1: Establish Security Capabilities) after hashing them together using MD5 and SHA-1, and signs the results its private key.
Phase 4. Finish Phase 4. Finish – The Client initiate the fourth of the SSL handshake protocol, which the server ends. This phase contains four steps as shown in the below image. The first two messages are from the client: Change cipher specs, Finished. The server responds back with two identical messages: Change cipher specs, Finished.
Phase 4. Finish Based on the pre-master secret that was created and sent by the client in the Client key exchange message, both the client and server create a master secret. Before secure encryption and integrity verification can be performed on records, the client and server need to generate shared secret information known only to them. This value is 48- byte quantity called the master secret. The master secret is used to generate keys and secrets for encryption and MAC (Message Authentication Code) computation. The master secret is calculated after computing message digest of the pre-master secret, client random and server random as shown in the below figure.
Phase 4. Finish
Phase 4. Finish The technical specification of calculation master secret is as follows: Finally, the symmetric keys to be used by the client and the server are generated. The conceptual process is shown below: Fig: Symmetric-key generation concept
Phase 4. Finish After this the first step (Change cipher specs) is confirmation form the client that all is well its end, which is strengthens with the Finished message. The server sends the same message to client.
Feedback Thanks for reading this presentation Please give us your feedback at info@prohackers.in Your feedback is most valuable for us for improving the presentation You can also suggest the topic on which you want the presentation Website: www.prohackers.in FB page: www.facebook.com/theprohackers2017 Join FB Group: www.facebook.com/groups/group.prohackers/ Watch us on: www.youtube.com//channel/UCcyYSi1sh1SmyMlGfB-Vq6A

Recommended

Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Sandeep Gupta
 
Chap 12 tcp
Chap 12 tcpChap 12 tcp
Chap 12 tcpSparsh Samir
 
Overview of data communication and networking
Overview of data communication and networkingOverview of data communication and networking
Overview of data communication and networkingSisir Ghosh
 
HiperLAN.ppt
HiperLAN.pptHiperLAN.ppt
HiperLAN.pptSwarnaKumariChinni
 
DES.ppt
DES.pptDES.ppt
DES.pptRizwanBasha12
 
Link state protocols.ppt
Link state protocols.pptLink state protocols.ppt
Link state protocols.pptEdgardo Scrimaglia
 
Token bus
Token busToken bus
Token busDenver Rockfreak
 
IGMP
IGMPIGMP
IGMPRaghavendra Hamilpure
 

Recommended

Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Sandeep Gupta
 
Chap 12 tcp
Chap 12 tcpChap 12 tcp
Chap 12 tcpSparsh Samir
 
Overview of data communication and networking
Overview of data communication and networkingOverview of data communication and networking
Overview of data communication and networkingSisir Ghosh
 
HiperLAN.ppt
HiperLAN.pptHiperLAN.ppt
HiperLAN.pptSwarnaKumariChinni
 
DES.ppt
DES.pptDES.ppt
DES.pptRizwanBasha12
 
Link state protocols.ppt
Link state protocols.pptLink state protocols.ppt
Link state protocols.pptEdgardo Scrimaglia
 
Token bus
Token busToken bus
Token busDenver Rockfreak
 
IGMP
IGMPIGMP
IGMPRaghavendra Hamilpure
 
Secure electronic transaction
Secure electronic transactionSecure electronic transaction
Secure electronic transactionNishant Pahad
 
Computer Networks basics and OSI
Computer Networks basics and OSIComputer Networks basics and OSI
Computer Networks basics and OSICS_GDRCST
 
TCP/IP 3-way Handshake
TCP/IP 3-way Handshake TCP/IP 3-way Handshake
TCP/IP 3-way Handshake Alok Tripathi
 
Link state routing protocol
Link state routing protocolLink state routing protocol
Link state routing protocolAung Thu Rha Hein
 
IP Sec - Basic Concepts
IP Sec - Basic ConceptsIP Sec - Basic Concepts
IP Sec - Basic ConceptsAvadhesh Agrawal
 
TOKEN BUS & TOKEN RING.ppt
TOKEN BUS & TOKEN RING.pptTOKEN BUS & TOKEN RING.ppt
TOKEN BUS & TOKEN RING.pptshanthishyam
 
Module15: Sliding Windows Protocol and Error Control
Module15: Sliding Windows Protocol and Error Control Module15: Sliding Windows Protocol and Error Control
Module15: Sliding Windows Protocol and Error Control gondwe Ben
 
Switching
SwitchingSwitching
SwitchingShankar Gangaju
 
Chapter 2 - Network Models
Chapter 2 - Network ModelsChapter 2 - Network Models
Chapter 2 - Network ModelsWayne Jones Jnr
 
Chap 10 igmp
Chap 10 igmpChap 10 igmp
Chap 10 igmpNoctorous Jamal
 
Arp and rarp
Arp and rarpArp and rarp
Arp and rarpराहुल खेडेकर
 
Understanding TCP/IP
Understanding TCP/IPUnderstanding TCP/IP
Understanding TCP/IPmatthew_jenkins
 
Datalinklayer tanenbaum
Datalinklayer tanenbaumDatalinklayer tanenbaum
Datalinklayer tanenbaumMahesh Kumar Chelimilla
 
Presentation Routing algorithm
Presentation Routing algorithmPresentation Routing algorithm
Presentation Routing algorithmBasit Hussain
 
BOOTP and DHCP.ppt
BOOTP and DHCP.pptBOOTP and DHCP.ppt
BOOTP and DHCP.pptanik301
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tlsRana assad ali
 
chap1 transmission-generalités
chap1 transmission-generalitéschap1 transmission-generalités
chap1 transmission-generalitésBAKKOURY Jamila
 
OSI Model
OSI ModelOSI Model
OSI ModelRahul Bandhe
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS HandshakeArpit Agarwal
 
Diffie-hellman algorithm
Diffie-hellman algorithmDiffie-hellman algorithm
Diffie-hellman algorithmComputer_ at_home
 
Internet security protocol
Internet security protocolInternet security protocol
Internet security protocolMousmi Pawar
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer SecurityHuda Seyam
 

More Related Content

What's hot

Secure electronic transaction
Secure electronic transactionSecure electronic transaction
Secure electronic transactionNishant Pahad
 
Computer Networks basics and OSI
Computer Networks basics and OSIComputer Networks basics and OSI
Computer Networks basics and OSICS_GDRCST
 
TCP/IP 3-way Handshake
TCP/IP 3-way Handshake TCP/IP 3-way Handshake
TCP/IP 3-way Handshake Alok Tripathi
 
TOKEN BUS & TOKEN RING.ppt
TOKEN BUS & TOKEN RING.pptTOKEN BUS & TOKEN RING.ppt
TOKEN BUS & TOKEN RING.pptshanthishyam
 
Module15: Sliding Windows Protocol and Error Control
Module15: Sliding Windows Protocol and Error Control Module15: Sliding Windows Protocol and Error Control
Module15: Sliding Windows Protocol and Error Control gondwe Ben
 
Chapter 2 - Network Models
Chapter 2 - Network ModelsChapter 2 - Network Models
Chapter 2 - Network ModelsWayne Jones Jnr
 
Presentation Routing algorithm
Presentation Routing algorithmPresentation Routing algorithm
Presentation Routing algorithmBasit Hussain
 
BOOTP and DHCP.ppt
BOOTP and DHCP.pptBOOTP and DHCP.ppt
BOOTP and DHCP.pptanik301
 
chap1 transmission-generalités
chap1 transmission-generalitéschap1 transmission-generalités
chap1 transmission-generalitésBAKKOURY Jamila
 

What's hot (20)

Secure electronic transaction
Secure electronic transactionSecure electronic transaction
Secure electronic transaction
 
Computer Networks basics and OSI
Computer Networks basics and OSIComputer Networks basics and OSI
Computer Networks basics and OSI
 
TCP/IP 3-way Handshake
TCP/IP 3-way Handshake TCP/IP 3-way Handshake
TCP/IP 3-way Handshake
 
Link state routing protocol
Link state routing protocolLink state routing protocol
Link state routing protocol
 
IP Sec - Basic Concepts
IP Sec - Basic ConceptsIP Sec - Basic Concepts
IP Sec - Basic Concepts
 
TOKEN BUS & TOKEN RING.ppt
TOKEN BUS & TOKEN RING.pptTOKEN BUS & TOKEN RING.ppt
TOKEN BUS & TOKEN RING.ppt
 
Module15: Sliding Windows Protocol and Error Control
Module15: Sliding Windows Protocol and Error Control Module15: Sliding Windows Protocol and Error Control
Module15: Sliding Windows Protocol and Error Control
 
Switching
SwitchingSwitching
Switching
 
Chapter 2 - Network Models
Chapter 2 - Network ModelsChapter 2 - Network Models
Chapter 2 - Network Models
 
Chap 10 igmp
Chap 10 igmpChap 10 igmp
Chap 10 igmp
 
Arp and rarp
Arp and rarpArp and rarp
Arp and rarp
 
Understanding TCP/IP
Understanding TCP/IPUnderstanding TCP/IP
Understanding TCP/IP
 
Datalinklayer tanenbaum
Datalinklayer tanenbaumDatalinklayer tanenbaum
Datalinklayer tanenbaum
 
Presentation Routing algorithm
Presentation Routing algorithmPresentation Routing algorithm
Presentation Routing algorithm
 
BOOTP and DHCP.ppt
BOOTP and DHCP.pptBOOTP and DHCP.ppt
BOOTP and DHCP.ppt
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tls
 
chap1 transmission-generalités
chap1 transmission-generalitéschap1 transmission-generalités
chap1 transmission-generalités
 
OSI Model
OSI ModelOSI Model
OSI Model
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS Handshake
 
Diffie-hellman algorithm
Diffie-hellman algorithmDiffie-hellman algorithm
Diffie-hellman algorithm
 

Similar to The Fundamental of Secure Socket Layer (SSL)

Internet security protocol
Internet security protocolInternet security protocol
Internet security protocolMousmi Pawar
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer SecurityHuda Seyam
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layerAhmed Elnaggar
 
Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL)Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL)BGSBU Rajouri
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
Fundamental of Secure Socket Layer (SSL) | Part - 2
Fundamental of Secure Socket Layer (SSL) | Part - 2 Fundamental of Secure Socket Layer (SSL) | Part - 2
Fundamental of Secure Socket Layer (SSL) | Part - 2 Vishal Kumar
 
Improving the Secure Socket Layer by Modifying the RSA Algorithm
Improving the Secure Socket Layer by Modifying the RSA AlgorithmImproving the Secure Socket Layer by Modifying the RSA Algorithm
Improving the Secure Socket Layer by Modifying the RSA AlgorithmIJCSEA Journal
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4limsh
 
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptWEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptSonukumarRawat
 
1643129870-internet-security.pptx
1643129870-internet-security.pptx1643129870-internet-security.pptx
1643129870-internet-security.pptxMARIA401634
 

Similar to The Fundamental of Secure Socket Layer (SSL) (20)

Internet security protocol
Internet security protocolInternet security protocol
Internet security protocol
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer Security
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
 
Web Security
Web SecurityWeb Security
Web Security
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
 
Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL)Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL)
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
 
Web security
Web securityWeb security
Web security
 
Transportsec
TransportsecTransportsec
Transportsec
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS
 
Fundamental of Secure Socket Layer (SSL) | Part - 2
Fundamental of Secure Socket Layer (SSL) | Part - 2 Fundamental of Secure Socket Layer (SSL) | Part - 2
Fundamental of Secure Socket Layer (SSL) | Part - 2
 
Unit 6
Unit 6Unit 6
Unit 6
 
Improving the Secure Socket Layer by Modifying the RSA Algorithm
Improving the Secure Socket Layer by Modifying the RSA AlgorithmImproving the Secure Socket Layer by Modifying the RSA Algorithm
Improving the Secure Socket Layer by Modifying the RSA Algorithm
 
SSL-image
SSL-imageSSL-image
SSL-image
 
Wireshark lab ssl v7 solution
Wireshark lab ssl v7 solutionWireshark lab ssl v7 solution
Wireshark lab ssl v7 solution
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4
 
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptWEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
 
Secure socket later
Secure socket laterSecure socket later
Secure socket later
 
1643129870-internet-security.pptx
1643129870-internet-security.pptx1643129870-internet-security.pptx
1643129870-internet-security.pptx
 
Web Security
Web SecurityWeb Security
Web Security
 

More from Vishal Kumar

Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
 
The Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallThe Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallVishal Kumar
 
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)Vishal Kumar
 
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) ProtocolE-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) ProtocolVishal Kumar
 
Privileges Escalation by Exploiting Client-Side Vulnerabilities Using Metasploit
Privileges Escalation by Exploiting Client-Side Vulnerabilities Using MetasploitPrivileges Escalation by Exploiting Client-Side Vulnerabilities Using Metasploit
Privileges Escalation by Exploiting Client-Side Vulnerabilities Using MetasploitVishal Kumar
 
Exploiting Client-Side Vulnerabilities and Establishing a VNC Session
Exploiting Client-Side Vulnerabilities and Establishing a VNC SessionExploiting Client-Side Vulnerabilities and Establishing a VNC Session
Exploiting Client-Side Vulnerabilities and Establishing a VNC SessionVishal Kumar
 
Auditing System Password Using L0phtcrack
Auditing System Password Using L0phtcrackAuditing System Password Using L0phtcrack
Auditing System Password Using L0phtcrackVishal Kumar
 
Dumping and Cracking SAM Hashes to Extract Plaintext Passwords
Dumping and Cracking SAM Hashes to Extract Plaintext PasswordsDumping and Cracking SAM Hashes to Extract Plaintext Passwords
Dumping and Cracking SAM Hashes to Extract Plaintext PasswordsVishal Kumar
 
The Fundamental of Electronic Mail (E-mail)
The Fundamental of Electronic Mail (E-mail)The Fundamental of Electronic Mail (E-mail)
The Fundamental of Electronic Mail (E-mail)Vishal Kumar
 
Fundamental of Secure Socket Layer (SSl) | Part - 1
Fundamental of Secure Socket Layer (SSl) | Part - 1Fundamental of Secure Socket Layer (SSl) | Part - 1
Fundamental of Secure Socket Layer (SSl) | Part - 1Vishal Kumar
 
Hawkeye the Credential Theft Maalware
Hawkeye the Credential Theft MaalwareHawkeye the Credential Theft Maalware
Hawkeye the Credential Theft MaalwareVishal Kumar
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionVishal Kumar
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threatsVishal Kumar
 
Exploiting parameter tempering attack in web application
Exploiting parameter tempering attack in web applicationExploiting parameter tempering attack in web application
Exploiting parameter tempering attack in web applicationVishal Kumar
 
Mirroring web site using ht track
Mirroring web site using ht trackMirroring web site using ht track
Mirroring web site using ht trackVishal Kumar
 
Collecting email from the target domain using the harvester
Collecting email from the target domain using the harvesterCollecting email from the target domain using the harvester
Collecting email from the target domain using the harvesterVishal Kumar
 
Information gathering using windows command line utility
Information gathering using windows command line utilityInformation gathering using windows command line utility
Information gathering using windows command line utilityVishal Kumar
 
Introduction ethical hacking
Introduction ethical hackingIntroduction ethical hacking
Introduction ethical hackingVishal Kumar
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 

More from Vishal Kumar (20)

Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
 
The Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallThe Complete Questionnaires About Firewall
The Complete Questionnaires About Firewall
 
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
 
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) ProtocolE-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
 
Privileges Escalation by Exploiting Client-Side Vulnerabilities Using Metasploit
Privileges Escalation by Exploiting Client-Side Vulnerabilities Using MetasploitPrivileges Escalation by Exploiting Client-Side Vulnerabilities Using Metasploit
Privileges Escalation by Exploiting Client-Side Vulnerabilities Using Metasploit
 
Exploiting Client-Side Vulnerabilities and Establishing a VNC Session
Exploiting Client-Side Vulnerabilities and Establishing a VNC SessionExploiting Client-Side Vulnerabilities and Establishing a VNC Session
Exploiting Client-Side Vulnerabilities and Establishing a VNC Session
 
Auditing System Password Using L0phtcrack
Auditing System Password Using L0phtcrackAuditing System Password Using L0phtcrack
Auditing System Password Using L0phtcrack
 
Dumping and Cracking SAM Hashes to Extract Plaintext Passwords
Dumping and Cracking SAM Hashes to Extract Plaintext PasswordsDumping and Cracking SAM Hashes to Extract Plaintext Passwords
Dumping and Cracking SAM Hashes to Extract Plaintext Passwords
 
The Fundamental of Electronic Mail (E-mail)
The Fundamental of Electronic Mail (E-mail)The Fundamental of Electronic Mail (E-mail)
The Fundamental of Electronic Mail (E-mail)
 
Fundamental of Secure Socket Layer (SSl) | Part - 1
Fundamental of Secure Socket Layer (SSl) | Part - 1Fundamental of Secure Socket Layer (SSl) | Part - 1
Fundamental of Secure Socket Layer (SSl) | Part - 1
 
Hawkeye the Credential Theft Maalware
Hawkeye the Credential Theft MaalwareHawkeye the Credential Theft Maalware
Hawkeye the Credential Theft Maalware
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL Injection
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threats
 
Exploiting parameter tempering attack in web application
Exploiting parameter tempering attack in web applicationExploiting parameter tempering attack in web application
Exploiting parameter tempering attack in web application
 
Mirroring web site using ht track
Mirroring web site using ht trackMirroring web site using ht track
Mirroring web site using ht track
 
Collecting email from the target domain using the harvester
Collecting email from the target domain using the harvesterCollecting email from the target domain using the harvester
Collecting email from the target domain using the harvester
 
Information gathering using windows command line utility
Information gathering using windows command line utilityInformation gathering using windows command line utility
Information gathering using windows command line utility
 
Introduction ethical hacking
Introduction ethical hackingIntroduction ethical hacking
Introduction ethical hacking
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social engineering
Social engineeringSocial engineering
Social engineering
 

Recently uploaded

Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerunnathinaik
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxsocialsciencegdgrohi
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxJiesonDelaCerna
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 

Recently uploaded (20)

Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developer
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptx
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 

The Fundamental of Secure Socket Layer (SSL)

  • 1. “The Fundamental of Secure Socket Layer (SSL)” By: -Vishal Kumar (CEH, CHFI, CISE, MCP) info@prohackers.in Part - 1
  • 2. Topics to be Covered in this Presentation • Introduction of Secure Socket Layer SSL • The Position of SSL in the TCP/IP Suit • Working of Secure Socket Layer • Working of Handshake Protocol • Phases of Handshake protocol • Establish Security Capabilities • Server Authentication and Key Exchange • Client Authentication and Key Exchange • Finish
  • 3. Introduction: The Secure socket Layer (SSL) protocol is an Internet protocol for the secure exchange of information between a Web browser and a Web server. It provides two basic security services: Authentication and Confidentiality. SSL is developed by the Netscape Corporation in 1994. Since then, it is become most popular Web-Security mechanism. Currently SSL comes in three versions 2, 3 and 3.1; the most popular of them is version 3 which is released in 1995.
  • 4. The Position of SSL in TCP/IP Protocol Suit The SSL layer is located between the application layer and the transport layer. It is consider as an additional layer in TCP/IP Suit. As such, the communication between the various TCP/IP protocol layers is now as shown below
  • 5. The Position of SSL in TCP/IP Protocol Suit Fig: SSL is located between application and transport layer
  • 6. The Position of SSL in TCP/IP Protocol Suit As we can see in the above image, the application layer of the sending computer (X) prepares the data to be sent to receiving computer (Y), as usual. However, unlike what happens in the normal case, the application layer is not passed directly to the transport layer now. Instead the application-layer data is passed to the SSL layer. Here the SSL layer performs encryption on the data received from the application layer (indicated by the Dark Gray color), and also add its own encryption information header, called SSL Header (SH) to the encryption data. We will later study what exactly happens in this process.
  • 7. The Position of SSL in TCP/IP Protocol Suit After this, the SSL layer data (L5) become the input for the transport layer. It adds its own header (H4) and passes it on to the internet layer, and so on. This process happens exactly the way it happens in the case of normal TCP/IP data transfer. Finally, when the data reaches the physical layer, it is sent in the form of voltage pulses across the transmission medium. At the receiver’s end the process happens pretty similar to how it happens in the case of normal TCP/IP connection, until it reaches the new SSL layer. The SSL layer at the receiver’s end remove the SSL Header (SH), decrypt the encrypted data and give the plain- text data back to the application layer of the receiving computer. Thus, only the application layer data is encrypted by the SSL.
  • 8. Working of Secure Socket layer (SSL) The SSL contains three sub protocols.
  • 9. 1. The Handshake Protocol The handshake protocol of SSL is the first sub-protocol used by the client and the server to communicate using an SSL-enabled connection. This is similar to how Alice and Bob would first shake hands with each other accompanied with a hello before they start conversing. SSL tunnel ..Hello hi Bob Alice
  • 10. Content of Handshake Protocol The handshake protocol consists of a series of messages between the client and the server. Each of these massages has the format showing below. Fig: format for the handshake protocol messages As shown in the above figure, each handshake messages has three fields, as follows:
  • 11. Content of Handshake Protocol (A). Type (1 byte): this fields indicate one of the ten possible message types, mention in below table S. No Message Type Parameters 1 Hello Request None 2 Client Hello Version, Random number, Session ID, Cipher Suit, Compression Method 3 Server Hello Version, Random number, Session ID, Cipher Suit, Compression Method 4 Certificate Chain of X05.9V3 Certificates 5 Server-Key Exchange Parameters, Signature 6 Certificate Request Type, Authorities 7 Server Hello Done None 8 Certificate verify Signature 9 Client-key Exchange Parameters, Signatures 10 Finished Hash Values
  • 12. Content of Handshake Protocol (B). Length (3 bytes): this field indicates the length of the message in bytes. (C). Content (1 or more bytes): this field contain the parameter associated with the message, depending on the message type, as listed in above table.
  • 13. Phases of Handshake Protocol: There are four phases of handshake protocol as shown in the below image:
  • 14. Phase 1. Establish Security Capabilities Phase 1. Establish Security Capabilities – this first phase of SSL Handshake protocol is used to initiate a logical connection and establish the security capabilities associated with the connection. This consists of two messages, the client hello and the server hello.
  • 15. Phase 1. Establish Security Capabilities As shown in the above figure, the process starts with a client hello message from the client to server. It consists of the following parameter: • Version - This fields identify the highest version of SSL that the client can support, this can be 2, 3, or 3.1. • Random – This field is useful for later, actual communication between the client and the server, it contains two sub-fields: • A 32-bit date-time field that identifies the current system date and time on the client computer. • A 28-byte random number generated by the random-number generator software built in the client computer.
  • 16. Phase 1. Establish Security Capabilities • Session Id – This is a variable-length session identifier. If these fields contain non-zero value, it means that there is already a connection between the client and the server, and the client wishes to update the parameters of that connection. A zero value in this field indicates that the client wants to create a new connection with the server. • Cipher Suit – This list contains a list of cryptographic algorithms supported by the client (e.g. RSA, Diffie-Hellman, etc.) in the decreasing order of preference.
  • 17. Phase 1. Establish Security Capabilities • Compression Method – This field contains a list of compression algorithms supported by the client. The client sends the client hello message to the server and wait for the server’s response. Accordingly, the server sends back a server hello message to the client. This message also contains the same fields as in the client hello message. The server hello message consists of the following fields:
  • 18. Phase 1. Establish Security Capabilities • Version – This fields identifies the lower of the version suggested by the client and the highest supported by the server. For example, if the client has suggested version 3, but the server also supports version 3.1, the server will select 3. • Random – This field has the same structure as the Random filed of the client. • Session id – If the session id value sent by the client was non- zero, the server use the same value. Otherwise, the server creates a new session id and put it in this field.
  • 19. Phase 1. Establish Security Capabilities • Cipher Suit – It contains the single cipher suit, which the server selects from the list sent earlier by the client. • Compression Method – It contains compression algorithms, which the server selects from the list sent earlier by the client.
  • 20. Phase 2. Server Authentication and Key- Exchange Phase 2. Server Authentication and Key-Exchange – The server initiates the second phase of the SSL handshake protocol, and it is the sole sender of all the messages in this phase. And the client is the sole recipient of all the massages. This phase contains four steps as shown in the below figure:
  • 21. Phase 2. Server Authentication and Key- Exchange Let us discuss the four steps of this phase: 1. Certificate - In the first step (Certificate), the server sends its digital certificate and the entire chain leading up to root CA (Certificate Authority) to the client. This will help the client to authenticate the server using the server’s public key from the server’s certificate. The server’s certificate is mandatory in all situations, except if the key is being agreed upon by using Diffie-Hellman.
  • 22. Phase 2. Server Authentication and Key- Exchange 2. Server Key Exchange – This step is optional. It is used only if the server does note sends its digital certificate to the client in step 1. In this step the server sends its public key to client (as the certificate is not available) 3. Certificate Request – In this step, the server can request for the client’s digital certificate. The client authentication in SSL is optional, and server may not always expect the client to be authenticated. Therefore, this step is optional.
  • 23. Phase 2. Server Authentication and Key- Exchange 4. Server hello done – This message indicates to the client that its portion of the hello message (the server hello message) is complete. This indicated to the client that the client can now (optionally) verify the certificates sent by the server, and ensure that all the parameters sent by the server are acceptable. This message does not have any parameters. After sending this message, server waits for the client’s response.
  • 24. Phase 3. Client Authentication and Key- Exchange Phase 3. Client Authentication and Key-Exchange – The Client initiate this third phase of SSL handshake protocol, and is the sole sender of all the messages of this phase. The server is the sole recipient of all messages. The phase contains three steps which are shown in the below figure.
  • 25. Phase 3. Client Authentication and Key- Exchange Step 1: Certificate – This step is optional, this step is performed only if the server has requested for the client’s digital certificate. If the server has requested the client’s certificate, and if the client does not have one, the client sends a No Certificate message, instead of a Certificate message. It then is up to the server to decide if it wants to still communicate or not. Step 2: Client Key Exchange – Like the Server Key Exchange message, this step allows the client to send information to server, but in the opposite direction. This information related to the
  • 26. Phase 3. Client Authentication and Key- Exchange symmetric key that both the parties will use in this session. Here the client creates a 48-byte pre-master secret, and encrypts it with the server’s public key and send this encrypted pre-master secret to the server.
  • 27. Phase 3. Client Authentication and Key- Exchange Step 3: Certificate Verify – This step is necessary only if the server had demanded client authentication. As we know, if this is the case, the client has already sent it’s certificate to the server. However, additionally, the client also needs to prove to the server that it is the correct and authorized holder of the private key crossponding to the certificate. For this purpose, in this optional step, the client combine the pre-master secret with the random numbers exchange by the client and the server earlier (in Phase 1: Establish Security Capabilities) after hashing them together using MD5 and SHA-1, and signs the results its private key.
  • 28. Phase 4. Finish Phase 4. Finish – The Client initiate the fourth of the SSL handshake protocol, which the server ends. This phase contains four steps as shown in the below image. The first two messages are from the client: Change cipher specs, Finished. The server responds back with two identical messages: Change cipher specs, Finished.
  • 29. Phase 4. Finish Based on the pre-master secret that was created and sent by the client in the Client key exchange message, both the client and server create a master secret. Before secure encryption and integrity verification can be performed on records, the client and server need to generate shared secret information known only to them. This value is 48- byte quantity called the master secret. The master secret is used to generate keys and secrets for encryption and MAC (Message Authentication Code) computation. The master secret is calculated after computing message digest of the pre-master secret, client random and server random as shown in the below figure.
  • 31. Phase 4. Finish The technical specification of calculation master secret is as follows: Finally, the symmetric keys to be used by the client and the server are generated. The conceptual process is shown below: Fig: Symmetric-key generation concept
  • 32. Phase 4. Finish After this the first step (Change cipher specs) is confirmation form the client that all is well its end, which is strengthens with the Finished message. The server sends the same message to client.
  • 33. Feedback Thanks for reading this presentation Please give us your feedback at info@prohackers.in Your feedback is most valuable for us for improving the presentation You can also suggest the topic on which you want the presentation Website: www.prohackers.in FB page: www.facebook.com/theprohackers2017 Join FB Group: www.facebook.com/groups/group.prohackers/ Watch us on: www.youtube.com//channel/UCcyYSi1sh1SmyMlGfB-Vq6A

Editor's Notes

  1. 1