Secure Sockets Layer (SSL)

1
Secure Sockets Layer (SSL)

• James Wann
• Verizon Corporation
• November 27, 2000

2
What is SSL?

• SSL is a separate network protocol that runs on
  top of TCP
• Acts as a layer between the application layer and
  the transport layer (TCP)
• Ensures that any application layer can run on top
  of it

3
Networking Layers Using SSL
HTTP
SSL
TCP
IP
4
Uses of Cryptography

• Confidentiality prevents eavesdropping of
  messages
• Authentication proves the identity of the
  sender and recipient of the message
• Message Integrity prevents a message from being
  altered

5
Types of Cryptography

• Secret Key Cryptography
• Public Key Cryptography

6
Secret Key Cryptography

• Based on a shared secret between two parties
• The shared secret key is utilized in mathematical
  transformations of the data to be encrypted
• How do the two parties know about the secret to
  begin with?

7
Public Key Cryptography

• Uses two separate keys
• Public key publicly known key used for
  encryption
• Private key known only by the person holding
  the key used for decryption

8
Public Key Cryptography Illustrated
1. Create keys
2. Publish public key
3. Encipher message with public key
4. Send encrypted message
5. Decipher message with private key
9
Public Key Cryptography Illustrated (contd)
1. Create keys
2. Publish public key
3. Encipher message with private key
4. Send message
5. Decipher message with public key
10
Combining Secret and Public Key Cryptography
1. Publish public key
2. Encrypt secret key with public key
3. Send secret key
4. Decipher secret key with private key
5. Use secret key for messages
11
Certificates

• How would anyone know that a public key is
  correctly associated with a user?
• Certificates provide the proper user credentials,
  as well as the users public key
• How does one know that a certificate is
  legitimate?

12
Certificate Authorities

• Issues certificates on behalf of the user
• Digitally signs the certificate using the CAs
  private key
• The CAs public key is used to verify the
  signature

13
SSL Operation
1. Client initiates the session
2. Server sets the security services
3. Server presents its certificate
4. Server presents public key for encryption
5. Server concludes message
14
SSL Operation (contd)
6. Client presents the secret key
7. Begin security services
8. Client concludes message
9. Begin security services
10. Server concludes message
15
Client Authentication

• The server, in presenting its certificate can ask
  to see the clients certificate
• In response, the client would present its
  certificate.
• Included in the message is a cryptographic hash
  of shared information signed by the clients
  private key

16
Conclusion

• SSL provides a security layer that is extensible
  to any networked application
• SSL also ensures authentication for a given party
  via a commonly trusted authority
• Encryption algorithms are extremely hard to
  break!
• If CAs private key is known, there is no good
  mechanism to revoke key

17
References

• Stephen Thomas, SSL and TLS Essentials. John
  Wiley Sons, 2000.
• http//developer.netscape.com/docs/manuals/securit
  y/sslin/index.htm
• http//support.microsoft.com/support/kb/articles/Q
  245/1/52.ASP
• http//www.cs.cornell.edu/Courses/cs513/2000SP/