INTERNET SECURITY PROTOCOLTYIT UNIT V

TCP/IP TRANSMISSION CONTROL PROTOCOL/INTERNET PROTOCOL

TCP/IP is a combination of many protocols that facilitates the communication between computer over internet.

TCP/IP protocol suite consist of 5 layers

SECURE SOCKET LAYER(SSL)

The SSL protocol is an internet protocol for secure exchange of information between a web browser and a web server.

It provides two basic security services: authentication and confidentiality

SSL can be conceptually considered as an additional layer in TCP/IP protocol suite. It is located between application and transport layer.

The application layer data is passed to the SSL layer, SSL layer performs encryption on the data received and also add its own encryption information header called as SSL Header to encrypted data

HOW SSL WORKS

SSL has 3 sub protocols Handshake protocol Record protocol Alert protocol

The Handshake protocol is similar to how two people shake hand with each other before they start conversing.

Each handshake message has 3 fields Type(1 byte): one of the 10 possible message

type Length (3 byte): length of message in bytes Content (1 or more bytes): parameters

associated with this message.

SSL HANDSHAKE PROTOCOL PHASES

The handshake protocol is actually made up of 4 phases.1. Establish security capabilities 2. Server authentication and key exchange3. Client authentication and key exchange4. Finish

PHASE 1: ESTABLISH SECURITY CAPABILITIES:

This first phase is used to initiate a logical connection and establish the security capabilities associated with that connection.

It consists of two messages, the “client hello” and the “server hello”

Step 1: Client Hello

Step 2 Server Hello

CLIENT HELLO PARAMETERS:

Version: highest version of SSL that client supports. Random: this field is useful for later actual

communication , it consists of 2 sub fields A 32 bit data-time field that identifies current date and

time of clients computer A 28 bit random number generated by the random

number generator software. Session Id: if this fields contains non-zero value, it

means that there is already a connection. A zero value indicates that client wants to create a new connection.

Cipher Suite: list of cryptographic algorithm supported by client

Compression method: list of compression algorithm supported by the client

SERVER HELLO PARAMETERS

Version: highest version that server supports from the list.

Random: same structure as random field of client. However, the random value generated is depended on clients random value.

Session Id: server creates a new session id and puts it in this field.

Cipher Suite: Contains a single cipher suite, which server selects from the list sent by the client.

Compression method: contains a compression algorithm, which the server selects from the list.

PHASE 2 SERVER AUTHENTICATION AND KEY EXCHANGE

The server initiates this second phase of the SSL This phase contains four steps:

Certificate Server key exchange Certificate request Sever hello done

PHASE 3 CLIENT AUTHENTICATION AND KEY EXCHANGE

The client initiates this third phase of the SSL This phase contains three steps:

Certificate Client key exchange(premaster secret key) Certificate verify

PHASE 4 FINISH

The client initiates this fourth phase of SSL handshake which the server endsFirst 2 messages from client 1. Change cipher specs2. FinishedServer responds3. Change cipher specs,4. Finished

MASTER KEY GENERATION

Client creates 48 byte pre master secret key and encrypts it with servers public key. And sends pre master secret key to the server.Finally the Symmetric keys to be used by the client and the server are generated

THE RECORD PROTOCOL

The record protocol in SSL comes into picture after a successful handshake is completed.

This protocol provides 2 services Confidentiality: achieved using secret key that is

defined by handshake protocol Integrity: the handshake protocol also defines

shared secret Key (MAC)that is used for assuring the message integrity.

SSL RECORD PROTOCOL

1. Fragmentations2. Compression3. Addition of MAC4. Encryption 5. Append header

1. Content type2. Major version3. Minor version4. Compressed length

THE ALERT PROTOCOL

When the server detects an error, the detecting party sends an alert message to other party.

Both the parties close the SSL connection and destroys the session id, secret keys.

Alert message is of 2 bytes 1st byte is error type 2nd byte specifies the reason for actual error.