Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Transcript of SSL Protocol
Sam Echikson Secure Sockets Layer (SSL) History and Motivation Emergence of Internet creates a need for privacy.
Netscape builds original Protocol in 1994, although not released to public until version 2.0 in 1995.
Provides a way of communication between a client and a server, where the server is authenticated.
It is an "application protocol independent" - can be layered on top of regular application. The Handshake Client Server Client Initiates Handshake • Requests secure connection
• Presents supported ciphers and versions Web Servers with SSL enabled.
Common ones include Apache or Microsoft IIS. Server Responds • Chooses the most secure common encryption
• Sends the Client the server's digital certificate
• Requests client authentication
• Sends Session ID An application that wants to send information securely to a server.
An application accessing content secure by SSL. Internet Client Verifies Server's identity Client verifies that the digital certificate is valid.
Client confirms that the Certificate Authority is trustworthy. Client Sends Secrets Client Generates a master key of at least 1024 bits.
Encrypts it with the server's public key
Sends results to server. Server Decrypts Master Key Server decrypts master key using private key.
Server establishes master key as the symmetric key common to the client.
Key is hidden from third-parties. Secure Tunnel Concludes Handshake: client and server can communicate by the chosen symmetric key protocol using the master key. Speed Digital Certificates Certificate Authorities (CA) issue digital certificates linked to specific public keys.
Standardized in accordance with X.509
The CAs form a hierarchical system of trusted root certificates
Each intermediate certificate can trace its certification down to a root certificate
Web browsers come with a preloaded certificate bundle Sources RFC 6101 - The Secure Sockets Layer (SSL) Protocol Version 3.0 - A. Freier, P. Karlton, Netscape Communications, P. Kocher - August 2011.
The SSL Protocol - Kipp E.B. Hickman (Netscape Communications) - November 1994.
SSL Pulse - Trustworthy internet Movement - April 2013.
Technology Primer: Secure Sockets Layer (SSL) - Blue Coat Systems.
SSL handshake latency and HTTPS optimizations - semicomplete - June 2010. Security Insecure channel allows attackers to have access to all ciphertext and information about the handshake. This leads to man-in-the-middle attacks.
“Replay”: attacker records a client-server SSL session and attempts to duplicate the clients actions.
BEAST attack: exploits cookies in web browsers to simulate client. 3.5x slower because of handshake
4 round-trips from client to server
Multiple keys for different encryptions and decryptions
Certificate Authentication lag
Can be sped up by:
Faster Certificate Verification
Store more session IDs
Faster dedicated hardware