SL/https De-Encryption SSL/https Is Widely Dissertation

PAGES
63
WORDS
17577
Cite
Related Topics:

It is possible to break the security by a person having adequate technical expertise and access to the network at hardware level. In view of this the SSL method with right configuration is considered perfectly sufficient for all commercial purposes.5In order to safeguard the data while in transit it is customary to adopt a practical SSL protocol covering all network services that use TCP/IP to support typical application tasks of communication between servers and clients. (Secure Socket Layer- (www.windowsecurity.com)Communication over the internet passes through multiple program layers on a server prior to actually getting to the requested data like web page or cgi scripts. The requests first hit the outer layers. The high level protocols like HTTP that is the web server, IMAP -- the mail server, and FTP the file transfer are included as outer layer protocol. Determination of the outer layer protocol that will manage the requests depends on the type of request made by the client. The requests are then processed by this high level protocol through the Secure Socket Layer. (How does SSL work? Detailed SSL - Step 1 Determine Secure Communication) a socket refers to the logical link between the client and the server and refers to the encrypting that takes place at a very low level of communication. It implies that there won't have to be different methods for encrypting text, images, sounds, Java applets, etc. All the communication between the client and the server is encrypted in the similar methods. (Secure Servers) the Secure Socket Layer is a method for encrypting the transit data over the Internet. Its real significance lies in respect of data transfer in an e-commerce environment where it is increasingly required to transfer information like credit card information and other sensitive data. The SSL creates a Virtual Private Networking as a substitute for the traditional technologies of IP Sec and PPTP. (SSL Acceleration and Offloading: What Are the Security Implications?)

The main operations of SSL can be explained as follows: Server Authentication: Server Authentication permits a user to substantiate the server identity embroiled in any doubtful business dealings. This is achieved by employing a public key method that confirms the authenticity of the certificate of the server that has been approved by a reliable certificate authority. While sending confidential information like the credit card number, this utility confirms the identification of the server. Client Authentication: Client authentication permits a server to verify the identification of a user in the identical method as server verification. Client verification might be done by banks and Internet-based brokers to make sure that the transaction is made with the rightful user before executing secret dealings like purchase of shares or transfer of monies. Encrypted Communication Connection: SSL manages the method of encryption and decoding information sent between the client and a server. Information sent through an encrypted SSL connection stays private and free from intrusion guaranteeing that the data received is untouched and was not viewed by others. (the Secure Sockets Layer Protocol - Enabling Secure Web Transactions)

The SSL protocol was first introduced by Netscape in order to provide data security while on transit through HTTP, LDAP or POP3 application layers. (Secure Socket Layer- (www.windowsecurity.com) the initial version of the protocol was released in its crudest form during the summer of 1994 to be used in the Mosaic browser. Its V2.0 known as the second version was perceived as integration with the Original Netscape Navigator Web Browser and was released towards the end of 1994. Within the first year of introduction of Netscape Navigator, Microsoft introduced the Web browser Internet Explorer at the end of 1995. Microsoft brought out its Private Communication Technology (PCT) specification, after few months of introduction of Explorer. The PCT specification was first introduced in order to overcome the weaknesses of SSL 2.0. The SSL v3.0 was released by Netscape Navigator during the winter of 1995. (the Secure Sockets Layer Protocol - Enabling Secure Web Transactions)

Various writers have examined the SSL protocol suite, mentioning in unanimity that starting with v3.0, it is stable enough and devoid of any significant defects in the design. According to Wagner and Schneier who wound up their analysis that overall, SSL 3.0 gives exceptional safety against snooping and other indirect attacks. Even though exports-reduced methods present just minimal safeguarding of private information,...

...

(Heinrich, Secure Socket Layer (SSL)) the Internet Engineering Task Force -IETF tried to make SSL an international standard in May 1996. Similar tasks with the TCP and IP protocol standards were achieved by IETF. IETF at the beginning of the year 1999 names SSL as Transport Layer Security - TLS Protocol. The version 1.0 of TLS is considered to be an extension of the SSL 3.0. Presently, all the major Web browser applications and Web servers are compatible to SSL. This is being used as universal Web browser in transaction from ordering of books to electronic fund transfers. The implementation of SSL in Web browsers is very clear to the users with a limitation of https as a prefix to the Web address and an icon signifying secured connection. (the Secure Sockets Layer Protocol - Enabling Secure Web Transactions)
The SSL 2.0 is considered to be a real standard for cryptographic safeguard of Web http traffic. However, it has its own exceptions both in respect of the cryptographic security and functionality resulting in up gradation to SSL 3.0 incorporating several improvements. This new version of SSL will soon introduce the widespread deployment. The Transport Layer Security, introduced by IETF is also utilizing the SSL 3.0 as a base for their standards efforts. The SSL 3.0 thus endeavors to cater to the Internet client/server applications with a practical, widely applicable connection-oriented communications security mechanism. The SSL 2.0 had many security weaknesses that is attempted to be overcome by SSL 3.0. The SSL 2.0 is seen to have weakened the authentication keys to 40 bits in export weakened modes. (How does SSL work? Simplified SSL - About Secure Sockets Layer and HTTPS) weak Mac construction is used by SSL 2.0, even though the post encryption also combats attacks. It is quite visible in case of the SSL 2.0 that leaves the padding length unauthenticated, while feeding the padding bytes in the MAC in block cipher modes. This makes possible the active attackers to delete bytes from the end of messages. In case of the cipher-suite rollback attack, the attacker resort to editing of the list of cipher-suite preferences in the hello messages so as to induce both the endpoints to use a less strong encryption than otherwise would have been chosen. This flaw is considered as a limitation of the strength of the SSL 2.0 to least common denominator security and vulnerable to active attacks. Some of these weaknesses have also been found out by some others. Dan Simon specifically emphasized on the cipher-suit attack roll back. These concerns have been have also been emphasized by Paul Kocher and the PCT 1.0 protocol was examined and found out to counter some of these weaknesses but not all. (How does ssl work? Simplified SSL - About Secure Sockets Layer and HTTPS)

The goals of the SSL are to validate the client and server to each other by supporting to the use of standard key cryptographic techniques for authentication of the communicating parties to each other. SSL also resort to the use of the common application in authentication of the service clients on the basis of a certificate. The next objective of the SSL is to ensure data integration so that the data is not possible to be tampered with intentionally or unintentionally during a session. The third objective is securing of data privacy. The transit data between the client and server is required to be safeguarded from unauthorized capture and be decipherable only be the intended recipients. This precondition is essential for both the data associated with the protocol securing traffic during negotiations and the application data that is sent during the session itself. SSL is not considered a single protocol. (the Secure Sockets Layer Protocol - Enabling Secure Web Transactions)

In reality it is a set of protocols that can further be fragmented in two layers. One is to restore the data security and integrity, consisting of the SSL Record Protocol and the protocols designed to establish an SSL connection. This layer uses three protocols viz. SSL Handshake Protocol, the SSL Change Cipher Spec Protocol and the SSL Alert Protocol. (Secure Socket Layer- (www.windowsecurity.com) in order to comprehend the most widely accepted protocol for secured transmission of the data through the Web, it is crucial to know the relationship between SSL and other Web protocols at a very high level. The Internet architecture is consists of the layers of protocols that depend upon groundwork of protocols beneath them. To illustrate, the use of feet and legs analogous to this it can be…

Sources Used in Documents:

References

About SSL/TLS. Retrieved at http://www.cs.bham.ac.uk/~mdr/teaching/modules03/security/students/SS8a/SSLTLS.html. Accessed on 1 September, 2004

Analysis of the SSL 3.0 Protocol. Retrieved at http://www.pdos.lcs.mit.edu/6.824-2001/lecnotes/ssl96.txt. Accessed on 2 September, 2004

Beginners Guides: Encryption and Online Privacy. Retrieved at http://www.pcstats.com/articleview.cfm?articleid=252&page=2Accessed on 1 September, 2004

Bravo, Alejandro. Secure Servers with SSL in the World Wide Web. Retrieved from www.giac.org/practical/GSEC/Alex_Bravo_GSEC.pdf. Accessed on 1 September, 2004
Boone, Kevin. Secure Servers. Retrieved at http://www.ablestable.com/resources/library/articles/business/business004.html. Accessed on 1 September, 2004
Client. Retrieved at http://www.webopedia.com/TERM/c/client.html. Accessed on 2 September, 2004
Client Server / Data access Techniques. Retrieved at http://www.afpfaq.de/mirror/fox.wikis.com/Client-ServerDataAccessTechniques.htm. Accessed on 2 September, 2004
Company Overview. Retrieved at http://www.test2day.co.uk/downloads/brochure.pdf. Accessed on 2 September, 2004
Conover, J. SSL VPN: IPSec Killers or Overkill? Retrieved from Current Analysis. http://www2.cio.com/analyst/report1816.html. Accessed on 1 September, 2004
Data Security: Human Rights Act: Library Bylaws People's Network (PN) computer systems in Devon libraries. Retrieved at http://www.seered.co.uk/intern2.htm. Accessed on 2 September, 2004
Designing a Secure Messaging Server. Retrieved at http://docs.sun.com/source/817-6440/security.html. Accessed on 2 September, 2004
Dierks, T; Allen, C. The TLS Protocol Version 1.0. January 1999. Retrieved at http://www.ietf.org/rfc/rfc2246.txt. Accessed on 3 September, 2004
CIFS in Depth. 2001. Retrieved at http://www.codefx.com/eCIFS_In_Depth.pdf. Accessed on 2 September, 2004
Enabling technologies Secure Sockets Layer (SSL). Retrieved from Retrieved at http://sellitontheweb.com/ezine/tech20.shtml. Accessed on 1 September, 2004
Farrow, Rik. SSL is not a magic bullet. Retrieved at http://www.spirit.com/Network/net1100.html. Accessed on 1 September, 2004
Freier, Alan O; Karlton, Philip; Kocher, Paul C. "The SSL protocol" Retrieved at http://home.netscape.com/eng/ssl3/ssl-toc.html. Accessed on 1 September, 2004
Hetherington, Sally. Internet Security - SSL Explained. Retrieved at http://www.bizland.co.za/articles/technology/sslexplained.htm. Accessed on 2 September, 2004
15 January, 2004. Retrieved at http://www.ourshop.com/resources/ssl_step1.html. Accessed on 3 September, 2004
How does ssl work? Simplified SSL - About Secure Sockets Layer and HTTPS. Retrieved at http://www.ourshop.com/resources/ssl.html. Accessed on 2 September, 2004
Introduction to Secure Sockets Layer. Retrieved at http://www.cisco.com/en/U.S./netsol/ns340/ns394/ns50/ns140/networking_solutions_white_paper09186a0080136858.shtml. Accessed on 1 September, 2004
Introduction to SSL. Retrieved at http://developer.netscape.com/docs/manuals/security/sslin/. Accessed on 3 September, 2004
More on Remote Views: Rational Decision-making about Remote Views. Retrieved at http://www.afpfaq.de/mirror/fox.wikis.com/MoreOnRemoteViews.htm. Accessed on 2 September, 2004
Netscape. "How SSL Works" Retrieved at http://developer.netscape.com/tech/security/ssl/howitworks.html. Accessed on 3 September, 2004
Protecting Confidential Information. Retrieved From https://www.rsasecurity.com/solutionsTertiary.asp?id=1135Accessed on 2 September, 2004
Remote Views. Retrieved at http://www.afpfaq.de/mirror/fox.wikis.com/RemoteViews.htm. Accessed on 3 September, 2004
SafeEnterprise 2012. Retrieved at http://www.safenet-inc.com/products/igate/netswift2012.asp. Accessed on 2 September, 2004
Secure Socket Layer. July 19, 2002. Retrieved at http://www.windowsecurity.com/articles/Secure_Socket_Layer.html. Accessed on 1 September, 2004
Security analysis. Retrieved at http://www.ods.com.ua/win/eng/security/ssl3/appf.phtml. Accessed on 1 September, 2004
Server. Retrieved at http://www.webopedia.com/TERM/s/server.html. Accessed on 2 September, 2004
Shostack, Adam. An Overview of SSL (version 2). May 1995. Retrieved at http://www.homeport.org/~adam/ssl.html. Accessed on 3 September, 2004
SQL Pass Through. 29 September, 2002. Retrieved at http://www.afpfaq.de/mirror/fox.wikis.com/SQLPass-Through.htm. Accessed on 2 September, 2004
SSL. Retrieved at http://www.webopedia.com/TERM/S/SSL.html. Accessed on 3 September, 2004
SSL Acceleration and Offloading: What Are the Security Implications? Retrieved at http://www.windowsecurity.com/articles/SSL-Acceleration-Offloading-Security-Implications.html. Accessed on 1 September, 2004
SSL (Secure Sockets Layer). Retrieved at http://www.wedgetail.com/technology/ssl.html. Accessed on 3 September, 2004
SSL -- Supported Methods. Retrieved at http://www.ietf.org/proceedings/95apr/sec/cat.elgamal.slides.html. Accessed on 3 September, 2004
Stored Procedure. 28 October, 2001. Retrieved at http://www.afpfaq.de/mirror/fox.wikis.com/StoredProcedures.htm. Accessed on 2 September, 2004
The Secure Sockets Layer Protocol. Retrieved at http://www.cs.bris.ac.uk/~bradley/publish/SSLP/chapter4.html. Accessed on 1 September, 2004
The Secure Sockets Layer Protocol - Enabling Secure Web Transactions. 3 February, 2002 Retrieved at http://www.itsecurity.com/papers/rainbow3.htm. Accessed on 1 September, 2004
Thomson, Iain. Microsoft warns of SSL attacks. 26 April 2004. Retrieved at http://www.networkitweek.co.uk/news/1154653Accessed on 3 September, 2004
Wagner, David; Schneier, Bruce. Analysis of the SSL 3.0 protocol. Retrieved at http://www.schneier.com/paper-ssl.pdf. Accessed on 1 September, 2004


Cite this Document:

"SL Https De-Encryption SSL Https Is Widely" (2004, October 05) Retrieved April 25, 2024, from
https://www.paperdue.com/essay/sl-https-de-encryption-ssl-https-is-widely-58186

"SL Https De-Encryption SSL Https Is Widely" 05 October 2004. Web.25 April. 2024. <
https://www.paperdue.com/essay/sl-https-de-encryption-ssl-https-is-widely-58186>

"SL Https De-Encryption SSL Https Is Widely", 05 October 2004, Accessed.25 April. 2024,
https://www.paperdue.com/essay/sl-https-de-encryption-ssl-https-is-widely-58186

Related Documents
IP Address
PAGES 2 WORDS 554

Private IP Address The use of a private IP address on a business computer network has a number of advantages, one being an improved network security as well as a corporate social responsibility of conserving public addressing space. These IP addresses are commonly used on local networks and are good for businesses that share data as well as voice information. The company's computer network will not connect to the internet with this

Ip Address and Security
PAGES 16 WORDS 3513

Kris Corporation's parent domain (kris.local) and child domain (corp.kris.local) for the organization's AD infrastructure are running on Server 2008. The following are concerns related to AD: (1) Kris Corporation is concerned about running multiple domains, and (2) automobile manufacturers are asking Kris Corporation to use a single identity to procure orders in real time. The company has five locations in Atlanta (GA), Baltimore (MD), Chicago (IL), Seattle (WA) and San

TCP IP Protocol
PAGES 3 WORDS 1088

TCP/IP Protocol Suite For the average computer user, TCP/IP probably doesn't mean a whole lot, except maybe when it comes to "configuring" their computer so they can get online, but without the TCP/IP protocol, the activity experienced on the Internet up until this point would not be possible. This paper will examine some of the components of the TCP/IP protocol and explore their uses as they apply to relevant parts

Grandmaster and Gong Er: Wong Kar Wai's Ip Man and the Women of Kung Fu Wong Kar Wai's Grandmaster begins with a stylish kung fu action sequence set in the rain. Ip Man battles a dozen or so no-names before doing a one-on-one show with another combatant who appears to be at equal skill and strength. Ip Man handily defeats him and walks away unscathed. Thanks to fight choreography by Chinese

Voice over IP (VoIP) Security Voice over Internet Protocol or VoIP refers to making use of telephone services over that of the computer networks. During the first part of the process, the VoIP makes an analog signal which is evolved from the speaker's voice. It is then transferred to a digital signal and further transfers over that of an IP network and this is well inclusive of the Internet. Voice over

China IP China's intellectual property rights protections have come a long way since 1978, but there remains room for improvement. While the de jure situation with respect to protecting intellectual property rights approaches Western standards, the enforcement or de facto situation is less encouraging. Western companies have a difficult time enforcing the patchwork of laws and often fail to win judgments significantly large to serve as a deterrent to IP thieves. There