25-01-2013, 04:46 PM
Secure Sockets Layer (SSL)
Secure Sockets.ppt (Size: 196.5 KB / Downloads: 132)
Security Achieved by the Secure Sockets Layer (SSL)
Confidentiality
Encrypt data being sent between client and server, so that passive wiretappers cannot read sensitive data.
Integrity Protection
Protect against modification of messages by an active wiretapper.
Authentication
Verify that a peer is who they claim to be. Servers are usually authenticated, and clients may be authenticated if requested by servers.
Cryptography
Cryptography makes it difficult for an unauthorized third party to access and understand private communication between two parties. Private data can be made unintelligible to unauthorized parties through the process of encryption. Encryption uses complex algorithms to convert the original message, or cleartext, to an encoded message, called ciphertext. Decryption does the reverse.
A key is a bit string that is used by the algorithms for encryption or decryption.
Encryption Algorithms
Parties
Alice and Bob want to communicate.
Charlie, the unauthorized third party, is known as the attacker.
Secret key
Alice and Bob agree on an algorithm, and have the same secret key, which they use to encrypt plaintext and decrypt cyphertext.
Well-known secret key cryptographic algorithms include the Data Encryption Standard (DES), triple-strength DES (3DES), Rivest Cipher 2 (RC2), Rivest Cipher 4 (RC4) and the Advanced Encryption Standard (AES).
Public key
Alice and Bob agree on an algorithm, and Alice creates a pair of keys—public and private—and sends the public key to Bob and other people. Bob (or anyone else) encrypts with the public key, but only Alice can decrypt with the secret private key.
Well-known public key algorithms include Rivest Shamir Adleman (RSA) and Diffie-Hellman (DH).
Because they require extensive computations, these algorithms run slowly. Therefore they’re only used for encrypting small pieces of data, such as secret keys or signatures.
How SSL Achieves Confidentiality
Create a secret key
Based on information generated by the client with a secure random number generator
Use public keys to exchange the secret key
The server sends its public key to the client
The client encrypts the secret key with the server's public key and sends it to the server
The server decrypts the secret key information with the server’s private key
Encrypt and decrypt data with the secret key
The client and server use the negotiated algorithm
Cryptographic Hash Functions
Q: How can we prevent Charlie from tampering with data that Alice sends to Bob?
A: Make any change in the data detectable.
A cryptographic hash function is like a checksum.
A cryptographic hash function generates, a small string of bits, known as a hash, from a message. Any slight change to the message should make a change in the resulting hash.
Widely used hash functions are Message Digest 5 (MD5) and Secure Hash Algorithm (SHA).
Message Authentication Code
A message authentication code (MAC) is like a cryptographic hash, but it uses a secret key.
Including a secret key with the data processed by a cryptographic hash produces a hash called an HMAC.
Here’s how we prevent Charlie from tampering with data that Alice sends to Bob.
Alice calculates an HMAC for her message and append the HMAC to her original message. She encrypts the message plus the HMAC using a secret key she shares with Bob.
Bob decrypts the message and recalculates the HMAC. If his HMAC differs from the one Alice sent then the message was modified in transit.