Secure Socket Layer (SSL) provides security to the data that is transferred between web browser and server. SSL encrypts the link between a web server and a browser which ensures that all data passed between them remain private and free from attack.
1. Secure Socket Layer Protocols:
- SSL
record protocol
- Handshake
protocol
- Change-cipher
spec protocol
- Alert
protocol
SSL Record provides two services to SSL
connection.
- Confidentiality
- Message Integrity
In the SSL Record Protocol application data is
divided into fragments. The fragment is compressed and then encrypted MAC
(Message Authentication Code) generated by algorithms like SHA (Secure Hash
Protocol) and MD5 (Message Digest) is appended. After that encryption of the
data is done and in last SSL header is appended to the data.
Handshake Protocol:
Handshake Protocol is used to establish sessions. This protocol allows the
client and server to authenticate each other by sending a series of messages to
each other. Handshake protocol uses four phases to complete its cycle.
- Phase-1: In
Phase-1 both Client and Server send hello-packets to each other. In this
IP session, cipher suite and protocol version are exchanged for security
purposes.
- Phase-2: Server
sends his certificate and Server-key-exchange. The server end phase-2 by
sending the Server-hello-end packet.
- Phase-3: In
this phase Client reply to the server by sending his certificate and
Client-exchange-key.
- Phase-4: In
Phase-4 Change-cipher suite occurred and after this Handshake Protocol
ends.
Change-cipher Protocol:
This protocol uses the SSL record protocol. Unless Handshake Protocol is
completed, the SSL record Output will be in a pending state. After handshake
protocol, the Pending state is converted into the current state.
Change-cipher protocol consists of a single message which is 1 byte in length
and can have only one value. This protocol’s purpose is to cause the pending
state to be copied into the current state.
Alert Protocol:
This protocol is used to convey SSL-related alerts to the peer entity. Each
message in this protocol contain 2 bytes(level – 1 byte, alert – 1 byte).
The level is further classified into two
parts:
Warning:
This Alert has no impact on the connection between sender and receiver.
Fatal Error:
This Alert breaks the connection between sender and receiver.
Silent Features of Secure Socket Layer:
The advantage of this approach is that the service can be tailored to the
specific needs of the given application.
Secure Socket Layer was originated by Netscape.
SSL is designed to make use of TCP to provide
reliable end-to-end secure service.
2. Transport Layer Security (TLS)
Transport Layer Securities (TLS) are designed to
provide security at the transport layer. TLS was derived from a security
protocol called Secure Socket Layer (SSL). TLS ensures that no third party
may eavesdrop or tampers with any message.
There are several benefits of TLS:
- Encryption:
TLS/SSL can help to secure transmitted data using encryption. - Interoperability:
TLS/SSL works with most web browsers, including Microsoft Internet Explorer and on most operating systems and web servers. - Algorithm
flexibility:
TLS/SSL provides operations for authentication mechanism, encryption algorithms and hashing algorithm that are used during the secure session. - Ease
of Deployment:
Many applications TLS/SSL temporarily on a windows server 2003 operating systems. - Ease
of Use:
Because we implement TLS/SSL beneath the application layer, most of its operations are completely invisible to client.
The client connect to server (using TCP), the
client will be something. The client sends number of specification:
- Version
of SSL/TLS.
- which
cipher suites, compression method it wants to use.
The server checks what the highest SSL/TLS version
is that is supported by them both, picks a cipher suite from one of the clients
option (if it supports one) and optionally picks a compression method. After
this the basic setup is done, the server provides its certificate. This
certificate must be trusted either by the client itself or a party that the
client trusts. Having verified the certificate and being certain this server
really is who he claims to be (and not a man in the middle), a key is exchanged.
This can be a public key or simply nothing depending upon cipher suite.
Both the server and client can now compute the key
for symmetric encryption. The handshake is finished and the two hosts can
communicate securely. To close a connection by finishing. TCP connection both
sides will know the connection was improperly terminated. The connection cannot
be compromised by this through, merely interrupted.
Both Secure Socket Layer and Transport Layer
Security are the protocols used to provide the security between web browser and
web server.
SSL Vs TLS
The main differences between Secure Socket Layer and
Transport Layer Security is that in SSL (Secure Socket Layer), Message digest
is used to create master secret and It provides the basic security services
which are Authentication and confidentiality while
in TLS (Transport Layer Security), Pseudo-random function is used to create
master secret.
S.NO |
SSL |
TLS |
1. |
SSL
stands for Secure Socket Layer. |
TLS
stands for Transport Layer Security. |
2. |
SSL
(Secure Socket Layer) supports Fortezza algorithm. |
TLS
(Transport Layer Security) does not supports Fortezza algorithm. |
3. |
SSL
(Secure Socket Layer) is the 3.0 version. |
TLS
(Transport Layer Security) is the 1.0 version. |
4. |
In
SSL( Secure Socket Layer), Message digest is used to create master secret. |
In
TLS(Transport Layer Security), Pseudo-random function is used to create
master secret. |
5. |
In
SSL( Secure Socket Layer), Message Authentication Code protocol is used. |
In
TLS(Transport Layer Security), Hashed Message Authentication Code protocol is
used. |
6. |
SSL
(Secure Socket Layer) is complex than TLS(Transport Layer Security). |
TLS
(Transport Layer Security) is simple. |
7. |
SSL
(Secure Socket Layer) is less secured as compared to TLS(Transport Layer
Security). |
TLS
(Transport Layer Security) provides high security. |
No comments:
Post a Comment