07 Mar

Why use SSL rather than another system?

Why SSL, and how does it work?

What is it used for ?

SSL = Secure Socket Layer

It is a system that allows to exchange information between 2 computers in a safe way. It ensures 3 things:

  • Confidentiality and Integrity: It is impossible to find or spy on information exchanged.
  • Authentication: It makes it possible to make sure of the identity of the program, the person or the company with which one communicates.

It is a complement to TCP / IP and allows (potentially) to secure any protocol or program using TCP / IP.

It was created and developed by the company Netscape and RSA Security. There are now opensource versions and a similar free protocol: TLS (see below).

Why use it rather than another system?

Why use it?

  • SSL is standardized
  • It exists in free version: OpenSSL (http://www.openssl.org) that you can use in your programs without paying royalties.
  • OpenSSL is open source: everyone can control and verify the source code (The secret lies in the encryption keys, not in the algorithm itself).
  • It has been cryptanalyzed: this system has been more analyzed than any of its competitors. It has been reviewed by many cryptographic specialists. We can therefore consider it safe.

How does it work ?

  • SSL Handshake protocol: Before communicating, the two SSL programs negotiate common keys and encryption protocols.
  • SSL Record protocol: Once negotiated, they encrypt all information exchanged and perform various checks.

1.The negotiation (“handshake“)

At the beginning of the communication the client and the server are exchanged:

  • the SSL version they want to work with,
  • the list of encryption methods (symmetrical and asymmetrical) and signature that everyone knows (with key lengths),
  • compression methods everyone knows,
  • random numbers,
  • certificates.

Client and server try to use the most powerful encryption protocol and decrease until they find a protocol common to both. Once this is done, they can start exchanging data.

2. Communication  (“record“)

With SSL, the sender of the data:

  • Cut the data into packets,
  • Compress the data,
  • Cryptographically sign the data,
  • Number the data,
  • Send them.

Whoever receives the data:

  • Decrypt the data,
  • Check the signature of the data,
  • Decompresses the data,
  • Reassembles the data packets.

 

Source : sebsauvage

Partager