SSL
Home Up

 

Secure Sockets Layer

The Secure Sockets Layer is an intermediate layer between the application and the transport protocol with the purpose of creating secure and reliable communication. The current version of the protocol (3.0) is defined in [IETF96]. The SSL Protocol provides connection security with three basic properties:

  1. The connection is private. Encryption is used after an initial handshake to define the cryptographic protocol. Secret-key cryptography is used for data encryption (e.g., DES, RC4).
  2. The peer's identity can be authenticated using public-key cryptography.
  3. The connection is reliable. Message transport includes a message integrity check using secure hash functions (e.g., SHA, MD5).

The Secure Sockets Layer Protocol has two parts. First, the SSL Handshake Protocol establishes the secure channel. Next, the SSL Application Data Protocol is used to exchange data over the channel.

SSL Handshake Protocol

The goal of the protocol is to create an agreement between a client and a server on a set of cryptographic protocols, algorithms and parameters used for communication between them.

The protocol consists of a sequence of steps:

  1. Client Hello - In this step the client sends to the server a message that contains two lists, naming the cryptographic and compression algorithms implemented in the client: 
    ClientHello(CypherSuite[], CompressionMethod[])

    Argument CypherSuite defines three encryption protocols to constitute a suite:

    1. the key-exchange protocol (e.g., Diffie-Hellman),
    2. the secret-key algorithm (e.g., null, RC4, RC2, DES, DES40), and
    3. the one-way hash algorithm (e.g., null, MD5, SHA).
  2. Server Hello - After receiving the message from the client, the server chooses the first suite of cryptographic algorithms that was in the client's list and is also implemented by the server. It also takes the first option provided by the client for the compression algorithm. After that, the server sends to the client a message that contains the server's decisions: 
    ServerHello(CypherSuite, CompressionMethod)

    After these steps, the server and the client have agreed on the suite of cryptographic and compression algorithms. The next step is to decide on some parameters for the algorithms, of which the most important is the key used in the secret-key encryption. There are two alternatives for how the protocol continues depending on whether or not the server has a public key certificate.

    In the first alternative (e.g., the server has a public key certificate), the server sends the certificate to the client: 

    ServerCertificate(Certificate)

    Then the client generates a master secret and sends it to the server, encrypted with the public key of the server: 

    encrypt(ClientMasterSecret, ServerPublicKey)

    The master secret is the basis from which the partners derive the keys used in the cryptographic algorithms. It has 48 bytes (i.e., the current time plus random digits) and is used for one secure session.

    In the second alternative (the server does not have a certificate), the server initiates a Key Exchange Protocol using for example the Diffie-Hellman protocol. After the exchange of three messages, the server and the client have a master secret. Based on the master secret both parties create the keys used in communication.

  3. Finished - This is the final step in the handshake protocol. Both the client and the server send to each other the digest of the messages sent so far, encrypted with the key generated from the master secret.

    The client sends to the server

    hash(AllMessagesSentByClient+MasterSecret).

    The server sends to the client

    hash(AllMessagesSentByServer+MasterSecret).

At the end of the handshake protocol both the client and the server are ready to communicate information in a secure way. They agreed on the cryptographic and compression algorithms and the parameters for the protocol.

SSL Application Data Protocol

When the client wants to send to the server a message, he computes the digest, encrypts the message and the digest and sends them to the server: 

encrypt(ClientRequest + hash(ClientRequest+MasterSecret), ClientWriteKey);

When the server receives the messages it decrypts the message using the agreed key and verifies the integrity using the same hash function. Then, the server responds to the client using the same cryptographic procedure: 

encrypt(ServerResponse + hash(ServerResponse), ServerWriteKey);

This concludes the description of SSL. A number of aspects that were not presented above are worth mentioning:

SSL is flexible. It does not specify a cryptographic algorithm, but rather defines a framework in which to apply existing algorithms to create a secure session.
SSL allows multiple forms of authentication. Probably in most cases the server will present a certificate. In some cases the server can ask the client for a certificate. It is also possible to communicate without authentication at all.
SSL has been implemented in most popular Web browsers as a method to provide secure transactions. It has been successfully used in the Web because it does not require much user intervention and the level of security provided is high.

The SSL Protocol is described in several documents available on the Internet. You can find out more details about SSL in [IETF96, CONS96, NETS96a].

Rich Aliano <raliano@shrike.depaul.edu>

 
Home    Digital Certificates    Firewalls    Cryptography    SSL    JAVA