WWW: Beyond the Basics

18. WWW Security

18.3. Secure Sockets Layer

The Secure Sockets Layer is an intermediate layer between the application and the transport protocol with the purpose of creating secure and reliable communication. The current version of the protocol (3.0) is defined in IETF, 1996. The SSL Protocol provides connection security that has three basic properties:

  1. the connection is private. Encryption is used after an initial handshake to define the cryptographic protocol. Secret-key cryptography is used for data encryption (e.g. DES, RC4, etc.);
  2. the peer's identity can be authenticated using public-key cryptography;
  3. the connection is reliable. Message transport includes a message integrity check using secure hash functions (e.g. SHA, MD5).

The Secure Sockets Layer Protocol has two parts. First, the SSL Handshake Protocol establishes the secure channel. Next, the SSL Application Data Protocol is used to exchange data over the channel.

18.3.1. SSL Handshake Protocol

The goal of the protocol is to create an agreement between a client and a server on a set of cryptographic protocols, algorithms and parameters used for communication between them.

The protocol consists of a sequence of steps:

  1. Client Hello - In this step the client sends to the server a message that contains the names of the cryptographic algorithms implemented in the client, the names of the compression algorithms and a random number:
    ClientHello(CypherSuite[], CompressionMethod[], ClientRandom)
    

    One CypherSuite defines three encryption protocols:

    1. the key exchange protocol: RSA, Diffie-Hellman;
    2. the secret-key algorithm: null, rc4, rc2, des, des40, fortezza;
    3. the one-way hash algorithm: null, md5, sha;

  2. Server Hello - After receiving the message from the client, the server chooses the first suite of cryptographic algorithms that was in the client's list and is also implemented by the server. It also takes the first option provided by the client for the compression algorithm and a random number used in the protocol. After that, the server sends to the client a message that contains the server's decisions:
    ServerHello(CypherSuite, CompressionMethod, ServerRandom)
    

    After these steps, the server and the client have agreed on the suite of cryptographic and compression algorithms. The next step is to decide on some parameters for the algorithms of which the most important is the key used in the secret-key encryption. There are two alternatives for how the protocol continues depending on whether or not the server has a public key certificate.

    If the server has a public key certificate it sends the certificate to the client:

    ServerCertificate(Certificate)
    

    and then, the client generates a master secret and sends it to the server encrypted with the public key of the server:

    encrypt(ClientMasterSecret, ServerPublicKey)
    

    The master secret is the basis from which the partners derive the keys used in the cryptographic algorithms. It has 48 bytes (time + random) and is used for one secure session.

    If the server does not have a certificate, it initiates a Key Exchange Protocol using for example the Diffie-Hellman protocol. After the exchange of three messages, the server and the client have a master secret. Based on the master secret both parties create the keys used in communication.

  3. Finished - This is the final step in the handshake protocol. Both the client and the server send to each other the digest of the messages sent so far, encrypted with the key generated from the master secret. The messages are:

    Client to Server

    hash(AllMessagesSentByClient+MasterSecret)
    

    Server to Client

    hash(AllMessagesSentByServer+MasterSecret)
    

At the end of the handshake protocol both the client and the server are ready to communicate information in a secure way. They agreed on the cryptographic and compression algorithms and the parameters for the protocol.

18.3.2. SSL Application Data Protocol

When the client wants to send to the server a message, he computes the digest, encrypts the message and the digest and sends them to the server:

encrypt(ClientRequest + hash(ClientRequest+MasterSecret), ClientWriteKey);

When the server receives the messages it decrypts it using the agreed key and verifies the integrity using the same hash function. Then, the server responds to the client using the same cryptographic procedure:

encrypt(ServerResponse + hash(ServerResponse), ServerWriteKey);

This concludes the description of SSL. A number of aspects that were not presented above are worth mentioning:

The SSL Protocol is described in several documents available on the Internet. The reader can find out more details about SSL in: IETF, 1996, SSL, 1996, Netscape, 1996a.

[PREV][NEXT][UP][HOME][VT CS]

Copyright © 1996 Calin Groza, All Rights Reserved

Calin Groza <cgroza@cs.vt.edu>
Last modified: Dec. 16 12:00:00 1996