How SSL works

 

Key words: SSL, PKI, Mac

Abstract: SSL uses data encryption, authentication, and message integrity verification mechanisms to provide security assurance for application-layer protocols based on TCP and other reliable connections. This section describes the background, security mechanism, working process, and typical networking applications of SSL.

Abbreviations:

Abbreviations	Full English name	Explanation
AES	Advanced Encryption Standard	Advanced Encryption Standard
CA	Certificate Authority	Certificate Authority
Des	Data Encryption Standard	Data Encryption Standard
HTTPS	Hypertext Transfer Protocol Secure	Secure Hypertext Transfer Protocol
Mac	Message authentication code	Message Verification Code
MD5	Message Digest 5	Message Digest algorithm 5
PKI	Public Key Infrastructure	Public Key Infrastructure
RSA	Rivest Shamir and Adleman	An Asymmetric Key Algorithm
Sha	Secure Hash Algorithm	Security Hash Algorithm
SSL	Secure Sockets Layer	Secure Sockets Layer
VPN	Virtual Private Network	Virtual Private cloud

 

 

 

Contents

1 Overview... 3

1.1 Background... 3

1.2 technical advantages... 3

2 Protocol Security Mechanism... 3

2.1 confidentiality of data transmission... 4

2.2 authentication mechanism... 4

2.3 message integrity verification... 5

2.4 use asymmetric key algorithms to ensure the security of the Key itself... 6

2.5 use PKI to ensure the authenticity of public keys... 7

3. Protocol work process... 8

3.1 layer structure of SSL... 8

3.2 SSL handshake process... 8

3.2.1 only verify the SSL handshake process of the server... 9

3.2.2 verify the SSL handshake process between the server and the client... 11

3.2.3 restore the SSL handshake process for the original session... 12

4 typical networking applications... 13

4.1 http://dt.ap-southeast-1.maxcompute.aliyun-inc.com/api

4.2 ssl vpn. 13

5 references... 14

 

 

1 Overview 1.1 Background

Emerging applications such as World Wide Web-based e-commerce and online banking have greatly facilitated people's daily lives and are favored by people. Because these applications require online transactions on the network, they have higher requirements on the security of network communication. The traditional World Wide Web protocol does not have a security mechanism-data is transmitted in plain text, the identity of both parties cannot be verified, and the transmitted data cannot be prevented from being tampered, as a result, HTTP cannot meet the security requirements of e-commerce and online banking applications.

The security protocol SSL proposed by Netscape uses data encryption, identity authentication, and message integrity verification mechanisms to ensure the security of data transmission over the network. SSL can provide secure connections for HTTP, greatly improving the security of the world wide web.

1.2 technical advantages

SSL has the following advantages:

L provides high security. SSL uses data encryption, authentication, and message integrity verification mechanisms to ensure the security of data transmission over the network.

L supports various application layer protocols. Although SSL was designed to solve the security problem of the World Wide Web, because it is located between the application layer and the transport layer, it can provide security assurance for any application layer protocol based on TCP and other reliable connections.

L simple deployment. Currently, SSL has become a global standard for identifying the identity of websites and web page viewers and encrypted communication between browser users and web servers. The SSL protocol has been integrated into most browsers, such as IE, Netscape, and Firefox. This means that almost any computer with a browser supports SSL connection and does not need to install additional client software.

2 Protocol Security Mechanism

The security mechanisms implemented by the SSL protocol include:

L data transmission confidentiality: Use symmetric key algorithms to encrypt transmitted data.

L authentication mechanism: the digital signature method is used to authenticate the server and client based on the certificate. The client authentication is optional.

L message integrity verification: The Mac algorithm is used to verify message integrity during message transmission.

2.1 confidentiality of data transmission

Data transmitted over the network is easily stolen by illegal users. SSL uses an encrypted channel between the communication parties to ensure the confidentiality of data transmission.

The so-called encrypted channel means that before sending data, the sender uses the encryption algorithm and encryption key to encrypt the data and then sends the data to the other party. After receiving the data, the Receiver, use the decryption algorithm and decryption key to obtain the plaintext from the ciphertext. A third party without a decryption key cannot restore the ciphertext to plain text to ensure the confidentiality of data transmission.

Encryption and decryption algorithms are divided into two types:

L symmetric key algorithm: the same key is used for data encryption and decryption.

L asymmetric key algorithm: different keys are used for data encryption and decryption. One is the public key and the other is the private key secretly saved by the user. Data encrypted using the public key (or private key) can only be decrypted using the corresponding private key (or public key.

Compared with asymmetric key algorithms, symmetric key algorithms have the advantage of high computing speed and are usually used to encrypt a large amount of information (such as all packets). asymmetric key algorithms, it is generally used for digital signatures and encryption of a small amount of information.

Data encryption and decryption on the SSL encryption channel uses symmetric key algorithms. Currently, the main supported algorithms include des, 3DES, and AES. These algorithms can effectively prevent interaction data from being eavesdropped.

The symmetric key algorithm requires that the decryption key be exactly the same as the encryption key. Therefore, before using symmetric key algorithms to encrypt data transmission, you must deploy the same key on both ends of the communication. For more information about how to deploy symmetric keys, see "2.4 using asymmetric key algorithms to ensure the security of keys themselves ".

2.2 authentication mechanism

E-commerce, online banking, and other applications must ensure that the Web servers to be logged on are authentic, so as to avoid illegal theft of important information. SSL uses digital signatures to verify the identity of the Communication peer.

Asymmetric key algorithms can be used to implement digital signatures. Since the data encrypted with the private key can only be decrypted using the corresponding public key, you can determine the sender's identity based on whether the decryption is successful, as if the sender has signed the data ". For example, Alice uses her own private key to encrypt a fixed piece of information and then sends it to Bob. Bob uses Alice's public key for decryption. If the decryption result is the same as the fixed information, the sender of the message is Alice, which is called a digital signature.

The ssl client must verify the identity of the SSL server. Whether the SSL server verifies the identity of the SSL client is determined by the SSL server. For the authentication process between the ssl client and the SSL server, see "3.2 SSL handshake process ".

When using a digital signature to authenticate an identity, make sure that the authenticated Public Key is authentic. Otherwise, an invalid user may impersonate the authenticated user to communicate with the authenticated user. 1. As shown in, Cindy impersonates Bob, sends her public key to Alice, and uses her private key to calculate and send the signature to Alice, alice uses the "Bob" Public Key (actually the Cindy Public Key) to successfully verify the signature. Alice considers Bob's Identity Authentication successful, while Alice actually communicates with Bob's Cindy. SSL uses the mechanism provided by PKI to ensure the authenticity of public keys. For details, see "2.5 using PKI to ensure the authenticity of public keys ".

Figure 1 counterfeit Public Key

2.3 Message Integrity Verification

To prevent unauthorized tampering of data transmitted over the network, SSL uses MD5 or Sha-based MAC algorithms to ensure message integrity.

The MAC Algorithm is a data digest algorithm involving keys. It can convert keys and data of any length to data of a fixed length. The Mac algorithm is used to verify message integrity. With the participation of the key, the sender uses the Mac algorithm to calculate the MAC value of the message and adds it to the message and sends it to the receiver. The receiver uses the same key and Mac algorithm to calculate the MAC value of the message and compare it with the received MAC value. If the two are the same, the message is not changed; otherwise, the message is modified during transmission, and the receiver discards the message.

Figure 2 MAC Algorithm

Mac algorithms have the following features to verify message integrity:

L any change in the message will lead to changes in the output of fixed-length data. By comparing the MAC value, you can ensure that the receiver can detect changes in messages.

L The Mac algorithm requires the participation of the key. Therefore, illegal users without the key cannot add the correct MAC value after changing the message content, so that the illegal users cannot modify the message content at will.

The Mac algorithm requires both parties to have the same key; otherwise, the MAC value verification will fail. Therefore, before using the MAC Algorithm to verify message integrity, you must deploy the same key on both ends of the communication. For more information about how to deploy Mac keys, see "2.4 using asymmetric key algorithms to ensure the security of keys themselves ".

2.4 use asymmetric key algorithms to ensure the security of the Key itself

Symmetric Key Algorithms and Mac algorithms require both parties to have the same key; otherwise, decryption or MAC value verification will fail. Therefore, to establish an encrypted channel or verify message integrity, you must first deploy a consistent key on both parties.

SSL uses asymmetric key algorithms to encrypt keys for key exchange, so that a third party cannot obtain the key. 3. The ssl client (such as a web browser) uses the public key of the SSL server (such as the Web server) to encrypt the key and send it to the SSL server, only the SSL server with the corresponding private key can obtain the original key from the secret. SSL uses the RSA algorithm to encrypt the transmission key.

Figure 3 key exchange

L in fact, the key sent by the ssl client to the SSL server cannot be directly used to encrypt data or calculate the MAC value. This key is used to calculate the information of the symmetric key and Mac key, called the premaster secret. The ssl client and the SSL server use the premaster secret to calculate the same master secret, and then use the master secret to Generate Keys for symmetric key algorithms and Mac algorithms. Premaster secret is the key for calculating symmetric keys and MAC Algorithm keys.

L The algorithm used to implement key exchange is called the key exchange algorithm. Asymmetric Key algorithm RSA is also called a key exchange algorithm when used for key exchange.

 

Before using an asymmetric key algorithm to encrypt a key, the sender must obtain the recipient's public key and ensure that the public key does belong to the receiver. Otherwise, the key may be stolen by illegal users. 1. As shown in, Cindy impersonates Bob and sends her own public key to Alice. Alice uses the Cindy public key to encrypt the data sent to Bob. Bob cannot decrypt the data because he does not have the corresponding private key, after Cindy intercepts the data, it can use its own private key to decrypt the data. SSL uses the mechanism provided by PKI to ensure the authenticity of public keys. For details, see "2.5 using PKI to ensure the authenticity of public keys ".

2.5 use PKI to ensure the authenticity of public keys

PKI publishes users' public keys through digital certificates, and provides a mechanism to verify the authenticity of public keys. A digital certificate (certificate for short) is a file containing the user's public key and its identity information, proving the association between the user and the public key. A digital certificate is issued by an authority-Ca, And the CA guarantees the authenticity of the digital certificate.

Before the ssl client passes the key encryption to the SSL server, the SSL server needs to send the certificate obtained from the CA to the ssl client. The ssl client determines the authenticity of the certificate through PKI. If the certificate does belong to an SSL server, use the public key in the certificate to encrypt the key and send it to the SSL server.

Before verifying the identity of the SSL server/ssl client, the SSL server/ssl client needs to send the certificate obtained from the CA to the peer, and the peer determines the authenticity of the certificate through PKI. If the certificate does belong to the SSL server/ssl client, the peer uses the public key in the certificate to verify the identity of the SSL server/ssl client.

3 Protocol Working Process 3.1 layer structure of SSL

Figure 4 SSL protocol layering

As shown in figure 4, SSL is located between the application layer and the transport layer. It can provide security for any TCP-based reliable connection application layer protocol. The SSL protocol is divided into two layers:

L The upper layer includes the SSL handshake protocol, SSL change cipher spec protocol, and SSL alert protocol );

L The underlying layer is the SSL record protocol ).

Where:

L SSL handshake protocol: it is a very important component of the SSL protocol. It is used to negotiate the cipher suite (encryption algorithm, key exchange algorithm, and MAC Algorithm) used in communication), securely exchange keys between the server and the client to implement server and client authentication.

L SSL password change Protocol: the client and server notify the peer through the password change protocol. Subsequent messages will be protected and transmitted using the new negotiated cipher suite and key.

L SSL warning protocol: Used to report alarm information to the communication peer. A message contains the severity and description of the alarm.

L SSL record Protocol: it is mainly responsible for chunking, calculating, adding MAC values, and encrypting upper-layer data (SSL handshake protocol, SSL password change protocol, SSL warning protocol, and application layer protocol packets, and transmit the processed record block to the peer end.

3.2 SSL handshake process

SSL uses the handshake to negotiate session parameters between the client and the server and establish a session. The main parameters of a session include the session ID, the certificate of the other party, the cipher suite (Key Exchange algorithm, data encryption algorithm, and MAC Algorithm), and the master secret ). Data transmitted through an SSL session will be encrypted and computed on Mac using the master key and cipher suite of the session.

There are differences in the SSL handshake process under different circumstances. The handshaking process is described in the following three cases:

L only verify the SSL handshake process of the server

L verify the SSL handshake process between the server and the client

L restore the SSL handshake of the original session

3.2.1 verify the server's SSL handshake only

Figure 5 verify the SSL handshake process of the server only

As shown in figure 5, the SSL handshake process is as follows:

(1) The ssl client sends the Supported SSL versions, encryption algorithms, key exchange algorithms, and Mac algorithms to the SSL server through the Client Hello message.

(2) the SSL server determines the SSL version and cipher suite used for this communication, and notifies the ssl client through the server hello message. If the SSL server allows the ssl client to reuse this session in future communication, the SSL server allocates a session ID for this session and sends it to the ssl client through the server hello message.

(3) the SSL server sends a digital certificate containing its own public key information to the ssl client through the certificate message.

(4) the SSL server sends the hello done message to notify the SSL Client Version to end the negotiation with the cipher suite and start key exchange.

(5) After the ssl client verifies that the certificate of the SSL server is valid, it uses the public key in the certificate to encrypt the premaster secret randomly generated by the ssl client and sends the message to the SSL server through the client key exchange.

(6) The ssl client sends the change cipher spec message, notifying the SSL server that subsequent messages will be encrypted and Mac calculated using the negotiated key and cipher suite.

(7) The ssl client calculates the hash value of the interactive handshake message (all interactive messages except the change cipher spec message, use the negotiated key and cipher suite to process the hash value (calculate and add the MAC value, encryption, etc.), and send the message to the SSL server through finished. The SSL server uses the same method to calculate the hash value of the interactive handshake message and compares it with the decryption result of the finished message. If the two are the same and the MAC value is verified successfully, the key is successfully negotiated with the cipher suite.

(8) Similarly, the SSL server sends the change cipher spec message, notifying the ssl client that subsequent messages will be encrypted and Mac calculated using the negotiated key and cipher suite.

(9) The SSL server calculates the hash value of the interactive handshake message, and uses the negotiated key and cipher suite to process the hash value (calculate and add the MAC value, encryption, etc ), the finished message is sent to the ssl client. The ssl client uses the same method to calculate the hash value of the interactive handshake message and compares it with the decryption result of the finished message. If the two are the same and the MAC value is verified successfully, the key is successfully negotiated with the cipher suite.

After the ssl client receives the finished message sent by the SSL server, if the decryption is successful, it can be determined that the SSL server is the digital certificate owner, that is, the SSL server authentication is successful, only the SSL server with the private key can decrypt the client key exchange message to obtain the premaster secret, which indirectly realizes the ssl client's authentication on the SSL server.

& Note:

L change cipher spec messages belong to the SSL password change Protocol. Other messages that interact during the handshake process belong to the SSL handshake protocol, collectively referred to as the SSL handshake message.

L calculate the hash value, which refers to the use of the hash algorithm (MD5 or Sha) to convert any length of data to a fixed length of data.

 

3.2.2 verify the SSL handshake process between the server and client

Figure 6 verify the SSL handshake process between the server and client

The ssl client authentication is optional. the SSL server determines whether to verify the ssl client identity. 6. If the SSL server verifies the ssl client identity, in addition to interacting with the message negotiation Key and cipher suite in "3.2.1 only verifying the SSL handshake process of the server", the SSL server and the ssl client also need to perform the following operations:

(1) the SSL server sends the certificate request message and requests the ssl client to send the certificate to the SSL server.

(2) The ssl client sends a certificate with its own public key to the SSL server through the certificate message. The SSL server verifies the validity of the certificate.

(3) The ssl client calculates the interactive handshake message and the hash value of the master key, encrypts it with its own private key, and sends the message to the SSL server through certificate verify.

(4) the SSL server calculates the interactive handshake message and master key hash value, and decrypts the certificate verify message using the public key in the SSL client certificate, the decryption result is compared with the calculated hash value. If the two are the same, the ssl client authentication is successful.

3.2.3 restore the SSL handshake process of the original session

Figure 7 restore the SSL handshake of the original session

During the process of negotiating session parameters and establishing a session, asymmetric key algorithms are required to encrypt the key and verify the identity of the Communication peer. This requires a large amount of computing and occupies a large amount of system resources. To simplify the SSL handshake process, SSL allows reuse of negotiated sessions. The specific process is as follows:

(1) The ssl client sends the Client Hello message. The session ID in the message is set to the ID of the session to be reused.

(2) If the SSL server allows reuse of this session, it sets the same session ID in the server hello message to respond. In this way, the ssl client and the SSL server can use the original session key and cipher suite without re-negotiation.

(3) The ssl client sends the change cipher spec message, notifying the SSL server that subsequent packets will use the original session key and cipher suite for encryption and Mac computing.

(4) The ssl client calculates the hash value of the interactive handshake message, uses the key of the original session and the cipher suite to process the hash value, and sends the finished message to the SSL server, so that the SSL server can determine whether the key and cipher suite are correct.

(5) Similarly, the SSL server sends the change cipher spec message, notifying the ssl client that subsequent messages will use the original session key and cipher suite for encryption and Mac computing.

(6) the SSL server calculates the hash value of the interactive handshake message, uses the key of the original session and the cipher suite to process the hash value, and sends the finished message to the ssl client, so that the ssl client can determine whether the key and cipher suite are correct.

4 typical networking applications 4.1 https

HTTPS is an HTTP protocol based on SSL secure connections. HTTPS provides security mechanisms such as data encryption, identity authentication, and message integrity verification through SSL, which ensures web access security and is widely used in online banking, e-commerce, and other fields.

Figure 8 shows the application of HTTPS in online banking. For the convenience of customers, a bank provides online banking services. You can access the Web server of the Bank to query accounts and transfer funds. By establishing an SSL connection between the client and the Bank's Web server, you can ensure that the customer's information is not illegally stolen.

Figure 8 Application of HTTPS in Online Banking

4.2 SSL VPN

Ssl vpn is a VPN technology based on SSL. It uses the security mechanism provided by SSL to provide security assurance for users to remotely access the company's internal network. As shown in Figure 9, ssl vpn establishes an SSL secure connection between the remote access user and the ssl vpn gateway, allowing users to remotely access enterprise network resources from anywhere through various web browsers and network access methods, it can also ensure the security of Enterprise Networks and protect internal information from being stolen.

Figure 9 typical ssl vpn Networking Environment

 

How SSL works