SSL handshake: what it is, how it works, subprotocols?

AI Basics
Michael LewisLeave a Comment on SSL handshake: what it is, how it works, subprotocols?


As every aspect of life moves to the cloud, it’s important to have a safe space for your private data. Your next pizza purchase with your credit card could be a doorway to millions of dollars worth of bank fraud if there are any flaws in your privacy and security. The SSL handshake protocol was the first to bear this responsibility, and paved the way for everything we browse on the Internet today. Topics covered in this tutorial include:

  1. What is SSH protocol?
  2. SSL-protected
  3. What are SSL subprotocols?
  4. SSL handshake procedure
  5. Future of SSL

Before starting the SSL handshake, first understand what the SSL protocol means and what it’s for.

What is SSL protocol?

SSL stands for Secure Socket Layer Protocol. Developed by Netscape in 1994, SSL is a cryptographic layer protocol that provides privacy and security for communications between clients and Web servers.

ssl1-SSL_handshake

According to the OSI model, the secure sockets layer works below the application layer and above the transport layer. Before passing data from the application to the TCP layer, SSL acts as an intermediary to encrypt the data and preserve its value.

Below is the entire SSL protocol stack.

ssl2-SSL_handshake

This stack emphasizes building a network infrastructure where SSL authentication and verification are performed.

Now that you understand the basic concepts of SSL, let’s understand its purpose in terms of security.

PGP for cyber security using modules from MIT SCC

Your Successful Cybersecurity Career Starts Here!view the course

PGP for cyber security using modules from MIT SCC

SSL-protected

The Secure Sockets Layer Protocol is primarily responsible for storing three parameters:

ssl3-SSL_handshake.

  • Reliability: Transfer of information must be to the correct pair of client and server. There should be no misjudgment in identification and verification of certificates.
  • Integrity: To maintain data integrity, data in the tunnel should not be altered in any way by third parties throughout the transmission route.
  • Confidentiality: Encrypted information should not be seen by unauthorized personnel or malicious actors, so data content remains confidential.

They kept the above security pillars intact with four sub-protocols in the SSL protocol library. Now let’s look at each.

What are SSL subprotocols?

ssl4

  • Recording Protocol: This is the part of the protocol responsible for maintaining integrity and confidentiality. It encrypts the transmitted data using a hash function to prevent prying eyes by third parties.
  • SSL Handshake Protocol: The part of SSL that deals with maintaining trust. There are separate processes following web server and client authentication. This will be explained later in this lesson.
  • Change Cipher Spec: A layer that informs the server about the cipher method and state in effect for a particular session.
  • Alerting Protocol: Used as a defense mechanism to recognize potential problems encountered in the encryption process. Contains a specific code for the alert level that must be declared.

This was the entire family of SSL protocols. Now let’s dive into this topic, the SSL handshake protocol.

SSL handshake procedure

You can distribute the handshake into four different phases.

Phase 1:

  • The client and server each see the hello signal.
  • Client sends SSL version, cipher suite, session ID, etc.
  • The server returns a standard encryption algorithm selected from cipher suites and compression algorithms.

/sslh1

Phase 2:

  • The server sends an authentication certificate and requests client authentication.
  • The server also sends a public encryption key.
  • The phase containing the server hello completion message.

sslh2.

Phase 3:

  • The client submits an authentication certificate after validating the server with its respective Certificate Authority (CA).
  • The client also sends a secret private key encrypted using the public key previously received by the server.

sslh3.

Phase 4:

  • The client ends the handshake from the client side by sending the status of the cryptographic function along with a “done” message.
  • The server also sends the status of the cryptographic algorithms and exits with a “done” signal.
  • Encrypt the data using the symmetric key client sent in Phase 3.

sslh4

At the end of Phase 4, authentication is complete and the SSL handshake maintains the authenticity of the entire session between client and server.

Free Course: Introduction to Cybersecurity

Learn and master the basics of cybersecuritystart learning

Free Course: Introduction to Cybersecurity

Future of SSL

SSL encryption is now deprecated and its v2 and v3 were removed by the Internet Engineering Task Force (IETF) in 2011 and 2015 respectively. There were too many security vulnerabilities for any official activity using the Secure Sockets Layer protocol.

A new standard called Transport Layer Security (TLS) has become the global standard for encrypting information between web servers and Internet browsers. TLS v1.3 was ratified in early 2018, ensuring the latest security standards and updates.

Looking forward to a career in cybersecurity? Then check out our Certified Ethics Hacking Courses to build your skills. Register now!

How can SimpliLearn help me?

The SSL handshake may have become worthless over time, but the standards it set paved the way for the TLS protocol to shine and learn from past failures. With so many changes taking place in the world of cybersecurity, staying up to date on the latest market trends is critical for professionals looking to enter the field.

Simplilearn offers “Cybersecurity Experts” courses designed to keep you up to date with the latest advancements from the best instructors who know the market best. This course will be beneficial for professionals and beginners alike, providing all the basic skills needed to master concepts that will get you on the job from the moment you complete the course.

Conclusion

This tutorial started by explaining the SSL protocol, its usage, SSL sub-protocols, the SSL handshake protocol and how it works. This protocol helped shape the future of client/server cryptography, barring a few security vulnerabilities. The decline in the number of websites injecting malware is a direct result of advances in SSL-based encryption.

If you’re interested in learning more about cryptography and cybersecurity and building a successful career in cybersecurity, be sure to check out Simplilearn’s Cybersecurity Expert Master’s Program. Designed in collaboration with industry experts and delivered through a unique and effective, award-winning bootcamp learning model, this program equips you with the top cybersecurity skills, techniques and tools that today’s top companies are looking for. You can learn it all. Explore the course and take the next step today.

Do you have any questions regarding this topic? Feel free to leave your thoughts and comments below. We will get back to you as soon as possible.



Source link

Related Posts

Pillars of Eternity 2: AI in your party

Michael Lewis

Limited iMessage integration for Windows 11 exposed – Ars Technica

Michael Lewis

Minister of Education: “The basics of artificial intelligence (AI) will be taught in elementary schools from 2027''

Michael Lewis

Leave a Reply

Your email address will not be published. Required fields are marked *