Scribd
Upload
231 views

SSL Presentation

SSL (Secure Socket Layer) provides privacy, authenticity, and integrity for application data through symmetric encryption, certificate authentication, and message digest technologies. It operates in layers, with the record protocol applying fragmentation, compression, encryption, and hashing between the TCP layer and applications. The handshake protocol authenticates hosts and establishes encryption settings before real data transmission.

Uploaded by

treesachandt
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
231 views

SSL Presentation

SSL (Secure Socket Layer) provides privacy, authenticity, and integrity for application data through symmetric encryption, certificate authentication, and message digest technologies. It operates in layers, with the record protocol applying fragmentation, compression, encryption, and hashing between the TCP layer and applications. The handshake protocol authenticates hosts and establishes encryption settings before real data transmission.

Uploaded by

treesachandt
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 10

SSL

Secure Socket Layer

Why SSL ?
Privacy- Application data can be encrypted with symmetric cryptography technologies. Authenticity - Remote host can be authenticated with certificate technologies Integrity- Application data's integrity can be checked with message digest technologies

Terms used in ssl


A certificate-Certificate Authority signs individual messages which contain both the name of key owner and his public key Signing a message, means authenticating that you have yourself assured the authenticity of the message (To sign a message, you create its hash, and then encrypt the hash with your private key, you then add the encrypted hash and your signed certificate with the message ) A message digest is derived from the random message in a way that has the following useful properties: The digest is difficult to reverse. An impersonator would have a hard time finding a different message that computed to the same digest value. MAC (Message Authentication code)- The MAC uses a mapping function to represent the message data as a fixed-length, preferably smaller, value and then hashes the message. The MAC ensures that the data has not been modified during transmission.

SSL
layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later refitted as IETF standard TLS (Transport Layer Security) TLS 1.0 very close to SSL 3.1

SSL Architecture
SSl Handshake Change Cipher spec SSl Aert Application Data

SSL Record Protocol

TCP/IP Protocol

SSL sub Protocols


Handshake Protocol - Operates on top of the record protocol layer before any real application data transmission to authenticate remote host, exchange encryption settings and initializing the record protocol layer. Record Protocol - Operates between the TCP/IP layer and application layer to apply fragmentation, compression, encryption, and message digest operations. Change Cipher Spec Protocol - Operates on top of the record protocol layer to inform remote host to change security settings in the record protocol layer. Alert Protocol - Operates on top of the record protocol layer to send alerts to the remote host.

SSL Handshaking
Hanshsake:Client Hello Server Hello Certificate Client ServerHelloDone Client Key Exchange Handshake:Finished Handshake Finished Server

SSL Record Protocol


4 steps by sender (reversed by receiver) Fragmentation Compression MAC Encryption

SSL Record
each SSL record contains content type: change_cipher_spec alert handshake application_data protocol version number length: max 16K bytes data payload: optionally compressed and encrypted Message authentication code (MAC)

Questions?
1.Main design goals of ssl? 2.How is handshaking done in ssl?

You might also like