17-09-2014, 03:51 PM
The Transmission Control Protocol (TCP) combined with the Internet Protocol (IP) governs the transportation and routing of data over the Internet. TCP keeps track of the blocks of data to assure that all are delivered reliably to the appropriate application. The internet layer is concerned with routing data from source to destination host through one or more networks connected by routers. But the TCP/IP does not provide any security mechanism from the various web security threats such as modification of data in transit, eavesdropping on the net resulting in loss of privacy, theft of data from server or client, impersonation of users (fake users), etc. Thus, to overcome these threats we require protocols that ensure data integrity (received data is same as when sent by the sender) by use of checksum and authentication code, Confidentiality (protection of data from unauthorised disclosure) through encryption, Authentication (proof that the communicating entity is the one it pretends to be) by username/password, certificates, etc. These security aspects can be applied to the network, transport, and application layers of the internet model. In this report we discuss in detail how the SSL/TLS add authentication and confidentiality to the TCP protocol.