Professional Documents
Culture Documents
INTRODUCTION
Position of SSL(Continue)
Application Layer Data is passed to SSL Layer
SSL Layer Performs encryption on the data received from application
layer, and also adds its own encryption information header, called
SSL Header
SSL Layer at receivers end removes the SSL Header, decrypts the
encrypted data and gives plain-text data back to the application
layer.
Only Application Data is encrypted by SSL.
Question
Can SSL be positioned below data-link Layer?
It would lead to problems.
If SSL encrypted all the lower layer headers, even the IP
and physical addresses of the computers would be
encrypted , and become unreadable.
Services
5. Confidentiality
Original data and MAC are encrypted using symmetric-key cryptography
6. Framing
Header is added to encrypted payload
Payload passed to transport layer
4. Ephemeral Diffie-Hellman
Each party sends Diffie-Hellman key signed by its private key.
Receiver verify the signature using public key of the sender.
Public keys for the verification are exchanged using either RSA or DSS digital
signature certificates
5. Fixed Diffie-Hellman
No key exchange messages are passed in this method, only certificates are
exchanged.
Each entity create half key and insert it into a certificate verified by CA.
Two parties do not directly exchange the half keys, CA sends the half keys in an
RSA or DSS special certificates
Encryption/Decryption Algorithms
Encryption/Decryption Algorithms
Hash Algorithms
Hash Algorithms
Cipher Suite
Cipher Suite
The combination of key exchange, hash and encryption algorithms defines a
cipher suite for each SSL session.
Format:
Cipher Suite:
SSL_Key Exchange Method_WITH_ Encryption/Decryption Algo_Hash Algo
Compression Algorithms
Compression Algorithms
Compression is optional
No specific compression algorithm is defined for SSLv3
Default compression method is NULL
System can use whatever compression algorithm it desires
Steps:
1.Exchange two random numbers
2.Exchange Pre-master Secret
3.Create 48-Byte Master Secret
4.Master Secret is used to create variable length Key material.
5.Extract 6 different keys
3rd step
4th step
5th Step
Four Protocols
Handshake Protocol
ChangeCipherSpec Protocol
Handshake Protocol:
1. Negotiation of cipher Suite
2. Generation of Cryptographic Secrets
For using these parameters, special message (ChangeCipherSpec
message) should be exchanged between them.
Active and pending states
Each State has:
1. Read (Inbound) - Receiving
2. Write (Outbound) -Writing
Alert Protocol
SSL uses the Alert Protocol for reporting errors and abnormal
conditions.
Record Protocol
Thanks