TKK | Tietoverkkolaboratorio | Opetus
[intro]
[cryptography] [schemes] [protocols] [implementations] [authors] |
Secure Sockets Layer (SSL)Secure Sockets Layer (SSL) is a protocol that establishes and maintains secure communication between servers and www-browsers across the Internet. SSL supports the creation and use of secure communications channels, which ensure both data integrity and confidentiality for transferred data. In addition, SSL prevents message forgery by allowing the server and the user to authenticate each other during the establishment of the secure connection.The SSL protocol is based on the public key authentication principle. It trusts certificate authorities to prove the identities of the server, and optionally the user. SSL is developed by Netscape but nowadays it has become a de facto standard in secure WWW-connections. Both Netscape Navigator and Internet Explorer support SSL. How it worksBoth the server and the user must first obtain a digital ID (certificate) from a certificate authority. Upon establishing the connection the server first sends it certificate to the browser. The browser checks if the certificate is out of date or issued by an authority that it does not recognize. If not, the browser then uses the issuer´s public key to decrypt the digital signature in the certificate and by calculating a message digest from the certificate verifies that the certificate is valid. The browser has the certificates of the issuing authorities it recognizes, and therefore has access to their public keys.If user authentication is needed for the connection, the user sends his certificate to the server along with a signed piece of information that is known to both the user and the server. The server can then first check the certificate and then verify the signature. At this point the user has been authenticated. The actual session is encrypted using one of various symmetric algorithms. The strongest cipher that both the browser and the server can use is selected. A special session key is used. The browser randomly generates the session key. This is then encrypted using the servers public key (found from the certificate it sent) and sent to the server. If the server can decrypt the session key, it must be have the corresponding private key and is thus authenticated. If another server tries to masquerade as the server the browser is trying to reach, it is revealed at this point. All further exhange of information is then encrypted using the session key. If any of the stages described above is not completed succesfully (for example, if a certificate cannot be verified), the connection is closed. A considrably more extensive but still very readable document of SSL can be found here. Plusses and minuses of SSLSSL, e.g. compared to Kerberos, has the usual advantages of public key authentication over trusted-third-party authentication system. Disadvantages include
|
Tietoverkkolaboratorio on nyt osa Tietoliikenne- ja tietoverkkotekniikan laitosta. Tällä sivulla oleva tieto voi olla vanhentunutta.
Kurssien ajantasainen tieto on MyCourses-palvelussa.
Tämä sivu on tehty oppilaiden harjoitustyönä. Tietoverkkolaboratorio ei
vastaa sivun oikeellisuudesta, ajantasaisuudesta tai ylläpidosta.
Vakavissa tapauksissa yhteyshenkilöinä toimivat ja
Webmaster.
Sivua on viimeksi päivitetty 15.11.1999 16:45. URI: http://www.netlab.tkk.fi/opetus/s38118/s99/htyo/1/ssl.shtml [ TKK > Sähkö- ja tietoliikennetekniikan osasto > Tietoverkkolaboratorio > Opetus ] |