SL/https De-Encryption SSL/https is Widely Dissertation

Total Length: 17577 words ( 59 double-spaced pages)

Total Sources: 47

Page 1 of 59

This is however, not considered foolproof. It is possible to break the security by a person having adequate technical expertise and access to the network at hardware level. In view of this the SSL method with right configuration is considered perfectly sufficient for all commercial purposes.5In order to safeguard the data while in transit it is customary to adopt a practical SSL protocol covering all network services that use TCP/IP to support typical application tasks of communication between servers and clients. (Secure Socket Layer- (www.windowsecurity.com)

Communication over the internet passes through multiple program layers on a server prior to actually getting to the requested data like web page or cgi scripts. The requests first hit the outer layers. The high level protocols like HTTP that is the web server, IMAP -- the mail server, and FTP the file transfer are included as outer layer protocol. Determination of the outer layer protocol that will manage the requests depends on the type of request made by the client. The requests are then processed by this high level protocol through the Secure Socket Layer. (How does SSL work? Detailed SSL - Step 1 Determine Secure Communication) a socket refers to the logical link between the client and the server and refers to the encrypting that takes place at a very low level of communication. It implies that there won't have to be different methods for encrypting text, images, sounds, Java applets, etc. All the communication between the client and the server is encrypted in the similar methods. (Secure Servers) the Secure Socket Layer is a method for encrypting the transit data over the Internet. Its real significance lies in respect of data transfer in an e-commerce environment where it is increasingly required to transfer information like credit card information and other sensitive data. The SSL creates a Virtual Private Networking as a substitute for the traditional technologies of IP Sec and PPTP. (SSL Acceleration and Offloading: What Are the Security Implications?)

The main operations of SSL can be explained as follows: Server Authentication: Server Authentication permits a user to substantiate the server identity embroiled in any doubtful business dealings. This is achieved by employing a public key method that confirms the authenticity of the certificate of the server that has been approved by a reliable certificate authority. While sending confidential information like the credit card number, this utility confirms the identification of the server. Client Authentication: Client authentication permits a server to verify the identification of a user in the identical method as server verification. Client verification might be done by banks and Internet-based brokers to make sure that the transaction is made with the rightful user before executing secret dealings like purchase of shares or transfer of monies. Encrypted Communication Connection: SSL manages the method of encryption and decoding information sent between the client and a server. Information sent through an encrypted SSL connection stays private and free from intrusion guaranteeing that the data received is untouched and was not viewed by others. (the Secure Sockets Layer Protocol - Enabling Secure Web Transactions)

The SSL protocol was first introduced by Netscape in order to provide data security while on transit through HTTP, LDAP or POP3 application layers. (Secure Socket Layer- (www.windowsecurity.com) the initial version of the protocol was released in its crudest form during the summer of 1994 to be used in the Mosaic browser. Its V2.0 known as the second version was perceived as integration with the Original Netscape Navigator Web Browser and was released towards the end of 1994. Within the first year of introduction of Netscape Navigator, Microsoft introduced the Web browser Internet Explorer at the end of 1995. Microsoft brought out its Private Communication Technology (PCT) specification, after few months of introduction of Explorer. The PCT specification was first introduced in order to overcome the weaknesses of SSL 2.0. The SSL v3.0 was released by Netscape Navigator during the winter of 1995. (the Secure Sockets Layer Protocol - Enabling Secure Web Transactions)

Various writers have examined the SSL protocol suite, mentioning in unanimity that starting with v3.0, it is stable enough and devoid of any significant defects in the design. According to Wagner and Schneier who wound up their analysis that overall, SSL 3.0 gives exceptional safety against snooping and other indirect attacks. Even though exports-reduced methods present just minimal safeguarding of private information, SSL has hardly anything to do in this regard.
(Heinrich, Secure Socket Layer (SSL)) the Internet Engineering Task Force -IETF tried to make SSL an international standard in May 1996. Similar tasks with the TCP and IP protocol standards were achieved by IETF. IETF at the beginning of the year 1999 names SSL as Transport Layer Security - TLS Protocol. The version 1.0 of TLS is considered to be an extension of the SSL 3.0. Presently, all the major Web browser applications and Web servers are compatible to SSL. This is being used as universal Web browser in transaction from ordering of books to electronic fund transfers. The implementation of SSL in Web browsers is very clear to the users with a limitation of https as a prefix to the Web address and an icon signifying secured connection. (the Secure Sockets Layer Protocol - Enabling Secure Web Transactions)

The SSL 2.0 is considered to be a real standard for cryptographic safeguard of Web http traffic. However, it has its own exceptions both in respect of the cryptographic security and functionality resulting in up gradation to SSL 3.0 incorporating several improvements. This new version of SSL will soon introduce the widespread deployment. The Transport Layer Security, introduced by IETF is also utilizing the SSL 3.0 as a base for their standards efforts. The SSL 3.0 thus endeavors to cater to the Internet client/server applications with a practical, widely applicable connection-oriented communications security mechanism. The SSL 2.0 had many security weaknesses that is attempted to be overcome by SSL 3.0. The SSL 2.0 is seen to have weakened the authentication keys to 40 bits in export weakened modes. (How does SSL work? Simplified SSL - About Secure Sockets Layer and HTTPS) weak Mac construction is used by SSL 2.0, even though the post encryption also combats attacks. It is quite visible in case of the SSL 2.0 that leaves the padding length unauthenticated, while feeding the padding bytes in the MAC in block cipher modes. This makes possible the active attackers to delete bytes from the end of messages. In case of the cipher-suite rollback attack, the attacker resort to editing of the list of cipher-suite preferences in the hello messages so as to induce both the endpoints to use a less strong encryption than otherwise would have been chosen. This flaw is considered as a limitation of the strength of the SSL 2.0 to least common denominator security and vulnerable to active attacks. Some of these weaknesses have also been found out by some others. Dan Simon specifically emphasized on the cipher-suit attack roll back. These concerns have been have also been emphasized by Paul Kocher and the PCT 1.0 protocol was examined and found out to counter some of these weaknesses but not all. (How does ssl work? Simplified SSL - About Secure Sockets Layer and HTTPS)

The goals of the SSL are to validate the client and server to each other by supporting to the use of standard key cryptographic techniques for authentication of the communicating parties to each other. SSL also resort to the use of the common application in authentication of the service clients on the basis of a certificate. The next objective of the SSL is to ensure data integration so that the data is not possible to be tampered with intentionally or unintentionally during a session. The third objective is securing of data privacy. The transit data between the client and server is required to be safeguarded from unauthorized capture and be decipherable only be the intended recipients. This precondition is essential for both the data associated with the protocol securing traffic during negotiations and the application data that is sent during the session itself. SSL is not considered a single protocol. (the Secure Sockets Layer Protocol - Enabling Secure Web Transactions)

In reality it is a set of protocols that can further be fragmented in two layers. One is to restore the data security and integrity, consisting of the SSL Record Protocol and the protocols designed to establish an SSL connection. This layer uses three protocols viz. SSL Handshake Protocol, the SSL Change Cipher Spec Protocol and the SSL Alert Protocol. (Secure Socket Layer- (www.windowsecurity.com) in order to comprehend the most widely accepted protocol for secured transmission of the data through the Web, it is crucial to know the relationship between SSL and other Web.....

Need Help Writing Your Essay?