SSL (Secure Sockets Layer) is a protocol for transmitting data using cryptography.
The SSL protocol provides several levels of security:
- Key exchange is performed using authentication and symmetric cryptography;
- Confidentiality is maintained through symmetric encryption;
- The integrity of the information is verified by authentication codes.
The SSL protocol is used for authentication with the server before transferring data from applications, as well as for negotiating cryptography algorithms and session keys.
Features of SSL
The SSL protocol was designed to provide a secure connection between specified users. SSL works at several levels, where connection verification, error reporting, and work with encrypted data and key sets happen.
SSL is used as a security filter for information at the transport layer of the TCP/IP protocol and various programs with the HTTP, TELNET, and FTP protocols.
To verify public keys for compliance with the current owner, SSL uses digital certificates. SSL uses several types of certificates.
- Trusted. It is issued by specific certification authorities, which act as trusted intermediaries and confirm that the public key belongs to the owner.
- Self-signed. This one is custom made by the user. It provides connection protection, just like the trusted one does.
- Empty. With random data to verify SSL settings.
SSL certificates are widely used to encrypt HTTP connections between the browser and the site, which require the secure transfer of passwords and other sensitive data.
SSL cryptography methods
The SSL protocol uses asymmetric and symmetric cryptography.
Asymmetric encryption allows you to encode data using a public key (which is most often indicated in the certificate) and a private key to decrypt the data. RSA can be considered the most common asymmetric encryption algorithm.
Symmetric encryption takes place using identical keys, which must be kept by the sender and receiver. This method is used for cases with large amounts of data, since it is faster than the asymmetric one. Example: AES, 3-DES, RC4.
Public key cryptography is used for the sender and receiver authentication (using digital certificates). In turn, faster symmetric encryption algorithms are used to create session keys.
To verify the integrity of information in SSL, hash functions are used. Currently, SHA256 is considered one of the most reliable algorithms.
Where SSL is used
When developing various applications requiring encryption, SSL is built on top of different application protocols, such as SMTP, HTTP, FTP. Previously, SSL has always been used with a reliable layer of TCP transport protocols. Subsequently, SSL interactions with UDP datagrams were implemented.
Almost all popular browsers (Chrome, Firefox, Opera, Safari) support SSL/TLS protocols. SSL is widely used in virtual private network settings (VPN using IPsec), as well as when working with e-mail.
Many websites often used the SSL protocol to provide data encryption. On the basis of it, the HTTPS protocol was subsequently created, which provides a secure connection for payment services and programs.
The presence of an SSL certificate at the website during the established secure connection is confirmed by a lock icon in the status bar of the browser and the prefix “https.” A more reliable sign of a secure connection is the presence of the company’s name written in green next to the lock icon in the status bar. Such a sign indicated a passed check with a certification authority with confirmation of the ownership of the company’s website.
The SSL protocol can be attacked using a dictionary (by searching through a list of possible passwords) of the attacker knows about the type of messages sent. One can combat this vulnerability by increasing the key length to 128 bits.
Another widespread type of attack is the SSL attack that targets the SSL handshake protocol at the moment of establishing a connection between the client and the server. It is done in order to achieve the choice of various less reliable encryption algorithms. Such actions are identified by mismatching the message sum hash, and an attack is detected.
At the state level, an attack on SSL connection is possible when special services can install tracking equipment in data processing centers (DPC). At the same time, interception is performed after external SSL traffic is decrypted inside the DPC and transmitted in an open way between application servers. Now, all types of encryption included in SSL that require storing the key on the server can be hacked in case of access to the data processing center is gained.
Currently, it is recommended to replace the SSL protocol by a more robust TLS protocol.