Introduction

SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are cryptographic protocols that are used to provide secure communication over the internet. They provide encryption and authentication mechanisms that protect sensitive data from being intercepted and compromised by third parties.

Secure Socket Layer (SSL)

Secure Sockets Layer (SSL) is a protocol that was developed by Netscape in the mid-1990s. It was designed to provide secure communication over the internet, primarily for e-commerce websites. SSL works by encrypting the data that is transmitted between the client (such as a web browser) and the server (such as a website). This ensures that any sensitive information, such as credit card details, cannot be intercepted and read by a third party.

Three versions of SSL are 1.0, 2.0, 3.0, 3.1. Version 3 designed with public input. It subsequently became Internet standard known as TLS (Transport Layer Security) First version of TLS can be viewed as an SSLv3.1 and uses TCP to provide a reliable end-to-end service.

SSL uses a combination of asymmetric and symmetric encryption to protect data. Asymmetric encryption is used to establish a secure connection between the client and server. This involves the client and server exchanging public keys, which are used to encrypt and decrypt data. Symmetric encryption is then used to encrypt the data that is transmitted between the client and server.

One of the main advantages of SSL is that it is widely supported by web browsers and servers. This means that it can be easily implemented by website owners to provide secure communication with their users. However, SSL has been largely deprecated in favor of TLS, which is a newer and more secure protocol.

SSL Architecture

SSL Architecture consists of various protocols which includes SSL Handshake Protocol, SSL Change Cipher Spec Protocol, SSL Alert Protocol, HTTP, SSL Record Protocol, TCP, IP.

• SSL Session : It creates an association between client and server and it is created by handshake protocol. Session is defined by a set of cryptographic protocols and can be shared by multiple SSL connections. Sessions are used to avoid expensive negotiation of new security parameters for each connection . There may be multiple simultaneous sessions between the same two parties, but this feature is not used in practice.
• SSL Connection : A transport that provides suitable types of service , transient, peer-to-peer, communication link and associated with one SSL session

SSL components

•SSL Handshake Protocol : Used for negotiation of security algorithms and parameters and also for key exchange along with server authentication and optionally client authentication

•SSL Record Protocol : Protocol used for fragmentation, compression, message authentication and integrity protection, Encryption

•SSL Alert Protocol : Alert protocol for –error messages (fatal alerts and warnings)

•SSL Change Cipher Spec Protocol : A single message that indicates the end of the SSL handshake

SSL Record Protocol Payload

1. Change Cipher Spec Protocol : 1 Byte
2. Handshake Protocol : Type : 1 Byte, Length : 3 Bytes, Contents : 0 Bytes
3. Alert Protocol : Level : 1 Byte, Alert : 1 Byte
4. Other Upper-Layer Protocol (Eg. HTTP) : OpaqueContent : 1 Byte

SSL Handshake Protocol

•allows server & client to:

1. authenticate each other
2. to negotiate encryption & MAC algorithms
3. to negotiate cryptographic keys to be used

•comprises a series of messages in phases

1. Establish Security Capabilities
2. Server Authentication and Key Exchange
3. Client Authentication and Key Exchange
4. Finish

•Handshake Protocol divided into 4 phases:

1. Establish Security Capabilities
2. Server Authentication and key Exchange
3. Client Authentication and key Exchange
4. Change Cipher Spec and Finish

SSL Record Protocol

Services are:

1. confidentiality

• Using symmetric encryption with a shared secret key defined by Handshake Protocol
• IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128
• Message is compressed before encryption

2. Message integrity

• Using a MAC with shared secret key
• Similar to HMAC but with different padding

3. 4 steps by sender on the application message to be transmitted (reversed by receiver)

• Fragmentation
• Compression
• MAC
• Encryption

SSL Change Cipher Spec Protocol

• One of 3 SSL specific protocols which use the SSL Record protocol
• A single message
• Single 1 byte message with value 1
• Could be considered part of handshake protocol
• Causes pending state to become current
• Hence updating the cipher suite in use

SSL Alert Protocol

• Conveys SSL-related alerts to peer entity : 2 byte message, 1 byte alert level – fatal or warning, 1 byte alert code
• Specific alert :unexpected message, bad record mac, decompression failure, handshake failure, illegal parameter, close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown
• Compressed & encrypted like all SSL data

Fatal errors

1. Un Expected Message : An inappropriate message was received
2. Bad Record MAC : Message received without correct MAC
3. Decompression Failure : Decompression function received an improper input
4. handshake Failure : Sender was unable to negotiate an acceptable set of security parameters from the available options
5. Illegal Parameters : A field in the handshake message was out of range or was in consistent with the other fields

Non Fatal Errors

1. No Certification : Sent in response to certificate request if an appropriate certificate is not available
2. Bad Certificate : A certificate was corrupt (digital signature verification failed)
3. Un Supported Certificate : Type of certificate is not supported
4. Certificate Revoked : Signer of certificate has revoked it
5. Certificate expired : Received certificate has expired

Uses of SSL

1. E-commerce websites: SSL is used to secure online transactions, such as purchases made with credit cards. SSL ensures that credit card details and other sensitive information are encrypted and cannot be intercepted by third parties.
2. Banking and financial services: SSL is used to secure online banking and financial transactions. This includes accessing account information, transferring funds, and making payments.
3. Email: SSL is used to secure email communication between servers. This ensures that messages cannot be intercepted and read by third parties.
4. Social media: SSL is used to secure communication between social media platforms and their users. This includes logging in, posting updates, and sending private messages.
5. Instant messaging: SSL is used to secure instant messaging communication, ensuring that messages cannot be intercepted and read by third parties.
6. Virtual private networks (VPNs): SSL is used to secure VPN communication between clients and servers. This ensures that the data transmitted between the client and server is encrypted and cannot be intercepted by third parties.
7. Online gaming: SSL is used to secure communication between online gaming platforms and their users. This includes logging in, playing games, and chatting with other players.

Transport Layer Security (TLS)

Transport Layer Security (TLS) is a cryptographic protocol that is used to provide secure communication over the internet. It was developed as a replacement for SSL, and is now the standard protocol used for secure communication. TLS works by encrypting the data that is transmitted between the client and server, just like SSL.

TLS uses a similar combination of asymmetric and symmetric encryption as SSL. However, it has several improvements over SSL, including stronger encryption algorithms and better key exchange methods. TLS also supports more secure protocols for establishing a secure connection, such as Diffie-Hellman key exchange and Elliptic Curve Cryptography (ECC).

SSL is so important it was adopted by the Internet Engineering Task Force (IETF). TLS Protocol 1.0 (RFC 2246)

TLS is very similar to SSL but they do not interoperate

•Goals

1. Separate record and handshaking protocols

2. Extensibility (add new cipher suites easily)

3. Efficiency (minimize network activity)

One of the main advantages of TLS is that it is more secure than SSL. This is because it uses stronger encryption algorithms and key exchange methods, making it more difficult for attackers to intercept and read data. TLS is also designed to be more flexible and extensible than SSL, allowing for easier updates and improvements.

TLS also includes mechanisms for verifying the identity of the client and server, and for protecting against attacks such as replay attacks and man-in-the-middle attacks. These mechanisms help to ensure that the communication is secure and trustworthy.

Uses of TLS

TLS is used in a wide range of applications, including:

1. E-commerce websites: TLS is used to secure online transactions, such as purchases made with credit cards.
2. Banking and financial services: TLS is used to secure online banking and financial transactions.
3. Email: TLS is used to secure email communication between servers, ensuring that messages cannot be intercepted and read by third parties.
4. Instant messaging: TLS is used to secure instant messaging communication, ensuring that messages cannot be intercepted and read by third parties.
5. Virtual private networks (VPNs): TLS is used to secure VPN communication between clients and servers.
6. Voice over IP (VoIP): TLS is used to secure VoIP communication between clients and servers.