How SSL works

Key words: SSL, PKI, Mac

Abstract: SSL uses data encryption, authentication, and message integrity verification mechanisms to provide security assurance for application-layer protocols based on TCP and other reliable connections. This section describes the background, security mechanism, working process, and typical networking applications of SSL.

Abbreviations:

Abbreviations	Full English name	Explanation
AES	Advanced Encryption Standard	Advanced Encryption Standard
CA	Certificate Authority	Certificate Authority
Des	Data Encryption Standard	Data Encryption Standard
HTTPS	Hypertext Transfer Protocol Secure	Secure Hypertext Transfer Protocol
Mac	Message authentication code	Message Verification Code
MD5	Message Digest 5	Message Digest algorithm 5
PKI	Public Key Infrastructure	Public Key Infrastructure
RSA	Rivest Shamir and Adleman	An Asymmetric Key Algorithm
Sha	Secure Hash Algorithm	Security Hash Algorithm
SSL	Secure Sockets Layer	Secure Sockets Layer
VPN	Virtual Private Network	Virtual Private cloud

 

 

 

Contents

1 Overview... 3

1.1 Background... 3

1.2 technical advantages... 3

2 Protocol Security Mechanism... 3

2.1 confidentiality of transmitted data... 4

2.2 authentication mechanism... 4

2.3 Message Integrity Verification... 5

2.4 use asymmetric key algorithms to ensure the security of the Key itself... 6

2.5 use PKI to ensure the authenticity of public keys... 7

3. Protocol work process... 8

3.1 layer structure of SSL... 8

3.2 SSL handshake process... 8

3.2.1 verify server SSL handshake only... 9

3.2.2 verify the SSL handshake process between the server and client... 11

3.2.3 restore the SSL handshake process of the original session... 12

4 typical networking applications... 13

4.1 https. 13

4.2 SSL VPN. 13

5. Exam documents... 14

 

 

1 Overview 1.1 Background

Emerging applications such as World Wide Web-based e-commerce and online banking have greatly facilitated people's daily lives and are favored by people. Because these applications require online transactions on the network, they have higher requirements on the security of network communication. The traditional World Wide Web protocol HTTP does not have a security mechanism-the scheme transmits data in plain text format, cannot verify the identity of the communication parties, and cannot prevent the transmitted data from being tampered, as a result, HTTP cannot meet the security requirements of e-commerce and online banking applications.

The security protocol SSL proposed by Netscape uses data encryption, identity authentication, and message integrity verification mechanisms to ensure the security of data transmission over the network. SSL can provide secure connections for HTTP, greatly improving the security of the world wide web.

1.2 technical advantages

SSL has the following advantages:

L provides high security. SSL uses data encryption, authentication, and message integrity verification mechanisms to ensure the security of data transmitted over the network.

L supports various application layer protocols. Although SSL was designed to solve the security problem of the World Wide Web, because it is located between the application layer and the transport layer, it can provide security assurance for any application layer protocol based on TCP and other reliable connections.

L simple deployment. At present, SSL has become a global standard for identifying websites and web page viewers on the network and conducting encrypted communication between browser users and webservers. The SSL protocol has been integrated into most browsers, such as IE, Netscape, and Firefox. This means that almost all computers with browsers support SSL connections without installing additional client software.

2 Protocol Security Mechanism

The security mechanisms implemented by the SSL protocol include:

L data transmission confidentiality: Use symmetric key algorithms to encrypt the transmitted data.

L authentication mechanism: the server and client are authenticated by digital signature method based on the certificate. The client authentication is optional.

L message integrity verification: The Mac algorithm is used to verify message integrity during message transmission.

2.1 confidentiality of transmitted data

The data transmitted over the network is very easy to steal by illegal users. the SSL protocol is used to establish an encrypted channel between the communication parties to ensure the confidentiality of the transmitted data.

The so-called encrypted channel means that before sending data, the sender uses the encryption algorithm and encryption key to encrypt the data and then sends the data to the other party. After receiving the data, the Receiver, use the decryption algorithm and decryption key to obtain the plaintext from the ciphertext. A third party without a decryption key cannot restore the ciphertext to plain text to ensure the confidentiality of the transmitted data.

Encryption and decryption algorithms are divided into two types:

L symmetric key algorithm: the same key is used for data encryption and decryption.

L asymmetric key algorithm: different keys are used for data encryption and decryption. One is the public key and the other is the private key secretly saved by the user. Data encrypted using the public key (or private key) can only be decrypted using the corresponding private key (or public key.

Compared with asymmetric key algorithms, symmetric key algorithms have the advantages of high computing speed. They are often used to encrypt a large amount of information (such as encrypting all packets). asymmetric key algorithms, it is generally used for digital signatures and encryption of a small amount of information.

Data encryption and decryption on the SSL encryption channel uses symmetric key algorithms. Currently, the main supported algorithms include des, 3DES, and AES. These algorithms can effectively prevent interaction data from being eavesdropped.

The symmetric key algorithm requires that the decryption key and the encryption key are completely consistent. Therefore, before using symmetric key algorithms to encrypt data transmission, you must deploy the same key on both ends of the communication. For details about how to deploy symmetric keys, refer to "2.4 using asymmetric key algorithms to ensure the security of keys themselves ".

2.2 authentication mechanism

E-commerce, online banking, and other applications must ensure that the webserver to be logged on is authentic, so as to avoid illegal theft of important information. SSL uses digital signatures to verify the identity of the Communication peer.

Asymmetric key algorithms can be used to implement digital signatures. Because the data encrypted with the private key can only be decrypted using the corresponding public key, the sender's identity can be inferred based on whether the decryption is successful, just as the sender has signed the data ". For example, Alice uses her own private key to encrypt a fixed piece of information and then sends it to Bob. Bob uses Alice's public key for decryption. Assume that the decryption result is the same as the fixed information, the sender of the message is Alice, which is called a digital signature.

Sslclient must verify the identity of sslserver. sslserver determines whether to verify the identity of sslclient. For details about the authentication process between sslclient and sslserver, refer to "3.2 SSL handshake process ".

When using a digital signature to authenticate an identity, make sure that the authenticated Public Key is authentic. Otherwise, illegal users may impersonate the Authenticated Key to communicate with the Authenticated Key. 1. As you can see, Cindy impersonates Bob, sends her public key to Alice, and uses her private key to calculate the signature and send it to Alice, alice uses the "Bob" Public Key (actually the Cindy Public Key) to successfully verify the signature. Alice thinks Bob's identity authentication is successful, while Alice actually communicates with Bob's Cindy. SSL uses the mechanism provided by PKI to ensure the authenticity of public keys. For details, refer to "2.5 using PKI to ensure the authenticity of public keys ".

Figure 1 counterfeit Public Key

2.3 Message Integrity Verification

To prevent unauthorized tampering of data transmitted over the network, SSL uses MD5 or Sha-based MAC algorithms to ensure message integrity.

The MAC Algorithm is a data digest algorithm between the secret key and the lower key. It can convert the data of the key and the arbitrary length to the data of the fixed length. The Mac algorithm is used to verify the message integrity process 2. The sender uses the Mac algorithm to calculate the MAC value of the message in the secret and then adds it to the message and sends it to the receiver. The receiver uses the same key and Mac algorithm to calculate the MAC value of the message and compares it with the received MAC value. If the two are the same, the message is not changed; otherwise, the message is changed during transmission, and the receiver discards the message.

Figure 2 MAC Algorithm

Mac algorithms have the following features to verify message integrity:

L no matter what the message changes, it will cause changes to the output fixed-length data. Compared with the half MAC value, the receiver can detect changes in messages.

L The Mac algorithm requires secret and key. Therefore, an invalid user without a key cannot add the correct MAC value after changing the message content, so that the invalid user cannot modify the message content at will.

The Mac algorithm requires that the communication parties have the same key; otherwise, the MAC value verification will fail. Therefore, before the Mac algorithm is used to verify message integrity, the same key must be deployed on both ends of the communication. For details about how to deploy a Mac key, refer to "2.4 using asymmetric key algorithms to ensure the security of the Key itself ".

2.4 use asymmetric key algorithms to ensure the security of the Key itself

The symmetric key algorithm and MAC Algorithm require that the communications parties have the same key; otherwise, decryption or MAC value verification will fail. Therefore, to establish an encrypted channel or verify message integrity, you must first deploy a consistent key on both parties.

SSL uses asymmetric key algorithms to encrypt keys for key exchange, so that a third party cannot obtain the key. 3. As you can see, sslclient (such as a web browser) uses the public key encryption key of sslserver (such as webserver) to send the Encrypted Key to sslserver, only sslserver with the corresponding private key can obtain the original key from the secret. SSL generally uses the RSA algorithm to encrypt the transmission key.

Figure 3 key exchange

L in fact, the key sent by sslclient to sslserver cannot be directly used to encrypt data or calculate MAC values. This key is used to calculate information about symmetric keys and Mac keys, called premaster secret. Sslclient and sslserver use the premaster secret to calculate the same master secret, and use the master secret to Generate Keys for symmetric key algorithms and Mac algorithms. Premaster secret is the key for calculating symmetric keys and MAC Algorithm keys.

L The algorithm used to implement key exchange is called the key exchange algorithm. Asymmetric Key algorithm RSA is also called a key exchange algorithm when used for key exchange.

 

Before using an asymmetric key algorithm to encrypt a key, the sender must obtain the recipient's public key and ensure that the public key does belong to the receiver. Otherwise, the key may be stolen by illegal users. 1. As you can see, Cindy impersonates Bob and sends her own public key to Alice. Alice uses the Cindy public key to encrypt the data sent to Bob. Bob cannot decrypt the data because there is no corresponding private key, after Cindy intercepts the data, it can use its own private key to decrypt the data. SSL uses the mechanism provided by PKI to ensure the authenticity of public keys. For details, refer to "2.5 using PKI to ensure the authenticity of public keys ".

2.5 use PKI to ensure the authenticity of public keys

PKI publishes users' public keys through digital certificates, and provides a mechanism to verify the authenticity of public keys. A digital certificate (certificate for short) is a file that includes the user's public key and its identity information, proving the association between the user and the public key. A digital certificate is issued by an authority-Ca, And the CA guarantees the authenticity of the digital certificate.

Before the sslclient passes the key encryption to the sslserver, The sslserver must send the certificate obtained from the CA to the sslclient, And the sslclient can infer the authenticity of the certificate through PKI. If the certificate does belong to sslserver, the Public Key in the certificate is used to encrypt the key and send it to sslserver.

Before verifying the identity of sslserver/sslclient, sslserver/sslclient must send the certificate obtained from the CA to the peer, and the peer can infer the authenticity of the certificate through PKI. Assuming that the certificate does belong to sslserver/sslclient, the peer uses the public key in the certificate to verify the identity of sslserver/sslclient.

3 Protocol Working Process 3.1 layer structure of SSL

Figure 4 SSL protocol layering

4. As you can see, SSL is located between the application layer and the transport layer. It can provide security for any TCP-based reliable connection application layer protocol. The SSL protocol is divided into two layers:

L The upper layer includes the SSL handshake protocol, the SSL change cipher spec protocol, and the SSL alert protocol );

L The underlying layer is the SSL record protocol ).

Medium:

L SSL handshake protocol: an important part of the SSL protocol. It is used to negotiate the cipher suite (such as the encryption algorithm, key exchange algorithm, and MAC Algorithm) used in communication) securely exchange keys between the server and client to implement authentication between the server and client.

L sslpassword change Protocol: the client and server notify the peer through the password change protocol, and subsequent messages will be protected and transmitted using the new negotiated cipher suite and key.

L SSL warning protocol: Used to report alarm information to the communication peer. The message includes the severity and description of the alarm.

L SSL record Protocol: it is mainly responsible for chunking, calculating and adding MAC values and encryption of upper-layer data (SSL handshake protocol, sslpassword protocol, SSL warning protocol, and application-layer protocol packets, and transmit the processed record block to the peer end.

3.2 SSL handshake process

SSL uses the handshake to negotiate the number of sessions between the client and the server and establish a session. Sessions include session ID, peer certificate, cipher suite (Key Exchange algorithm, data encryption algorithm and MAC Algorithm), and Master secret ). Data transmitted through an SSL session is encrypted and Mac computing is performed by the principal key and cipher suite of the session.

There are differences in the SSL handshake process under different circumstances. The handshaking process in the following three cases is described:

L only verify the SSL handshake process of the server

L verify the SSL handshake process between the server and client

L restore the SSL handshake of the original session

3.2.1 verify server SSL handshake only

Figure 5 verify the server's SSL handshake process only

5, you only need to verify the sslserver identity, do not need to verify the sslclient identity, the SSL handshake process is:

(1) The sslclient sends the Supported SSL version number, encryption algorithm, key exchange algorithm, and MAC Algorithm to the sslserver through the Client Hello message.

(2) The sslserver determines the SSL version number and cipher suite used for the current communication token, and notifies the sslclient through the server hello message. If the sslserver agrees that the sslclient will reuse this session in future communication, the sslserver will allocate the session ID for this session and send it to the sslclient through the server hello message.

(3) The sslserver sends a digital certificate carrying its own public key information to the sslclient through the certificate message.

(4) The sslserver sends the hello done message to notify the sslclient version number to end the negotiation with the cipher suite and starts key exchange.

(5) After sslclient verifies that the sslserver certificate is valid, it uses the public key in the certificate to encrypt the premaster secret randomly generated by sslclient and sends the message to sslserver through the client key exchange.

(6) The sslclient sends the change cipher spec message, notifying the sslserver that the message may be sent to encrypt and calculate the protocol using the negotiated key and cipher suite.

(7) The sslclient calculates the hash value of the interactive handshake message (all interactive messages except the change cipher spec message, use the negotiated key and cipher suite to process the hash value (calculate and add the MAC value, encryption, etc.), and send the message to the sslserver through finished. Sslserver uses the same method to calculate the hash value of the interactive handshake message and compares it with the decryption result of the finished message. If the two values are the same and the MAC value is verified successfully, the key is successfully negotiated with the cipher suite.

(8) In the same region, the sslserver sends the change cipher spec message, notifying the sslclient that the message will encrypt and calculate the protocol using the negotiated key and cipher suite.

(9) sslserver calculates the hash value of the interactive handshake message, and uses the negotiated key and cipher suite to process the hash value (calculate and add the MAC value, encryption, etc ), the finished message is sent to the sslclient. Sslclient uses the same method to calculate the hash value of the interactive handshake message and compares it with the decryption result of the finished message. If the two values are the same and the MAC value is verified successfully, the key is successfully negotiated with the cipher suite.

After the sslclient receives the finished message sent by the sslserver, assuming that the decryption is successful, it can be inferred that the sslserver is the digital certificate owner, that is, the sslserver authentication is successful, only sslserver with a private key can decrypt the client key exchange message to obtain the premaster secret, which indirectly realizes sslclient's authentication on sslserver.

& Note:

L change cipher spec messages belong to the sslpassword change Protocol. Other messages that interact during the handshake process belong to the SSL handshake protocol, collectively referred to as the SSL handshake message.

L calculate the hash value. It refers to the use of the hash algorithm (MD5 or Sha) to convert random-length data to fixed-length data.

 

3.2.2 verify the SSL handshake process between the server and client

Figure 6 verify the SSL handshake between the server and client

Sslclient authentication is optional. The sslserver determines whether to verify the sslclient identity. 6. Assume that the sslserver authenticates the sslclient, sslserver and sslclient need to perform the following operations in addition to interacting with the message negotiation Key and cipher suite in "3.2.1 only verifying the SSL handshake process of the server:

(1) The sslserver sends the certificate request message and requests the sslclient to send its certificate to the sslserver.

(2) The sslclient sends a certificate with its own public key to the sslserver through the certificate message. Sslserver verifies the validity of the certificate.

(3) The sslclient calculates the interactive handshake message and the hash value of the master key, encrypts it with its own private key, and sends the message to the sslserver through certificate verify.

(4) sslserver calculates the interactive handshake message and master key hash value, decrypts the certificate verify message using the public key in the sslclient certificate, and compares the decryption result with the calculated hash value ratio. If the two are the same, the sslclient authentication is successful.

3.2.3 restore the SSL handshake process of the original session

Figure 7 restore the SSL handshake of the original session

During the process of negotiating the number of sessions and establishing sessions, asymmetric key algorithms are required to encrypt keys and verify the identity of the Communication peer. This requires a large amount of computing and occupies a large amount of system resources. To simplify the SSL handshake process, SSL agrees to reuse the negotiated session. The detailed process is as follows:

(1) The sslclient sends the Client Hello message. The session ID in the message is set to the ID of the session to be reused.

(2) If the sslserver agrees to reuse the session, it sets the same session ID in the server hello message to respond. In this way, the sslclient and sslserver can use the key and cipher suite of the original session without further negotiation.

(3) The sslclient sends the change cipher spec message, notifying the sslserver to use the original session key and cipher suite for encryption and Mac computing.

(4) The sslclient calculates the hash value of the interactive handshake message, uses the key and cipher suite of the original session to process the hash value, and sends the finished message to the sslserver, so that sslserver can infer whether the key and cipher suite are correct.

(5) in the same region, the sslserver sends the change cipher spec message, notifying the sslclient that the message will encrypt and calculate the token using the original session key and cipher suite.

(6) The sslserver calculates the hash value of the interactive handshake message, uses the key and cipher suite of the original session to process the hash value, and sends the finished message to the sslclient, so that sslclient can infer whether the key and cipher suite are correct.

4 typical networking applications 4.1 https

HTTPS is an HTTP protocol based on SSL secure connections. HTTPS provides security mechanisms such as data encryption, authentication, and message integrity verification through SSL, which ensures the security of web hosting and is widely used in online banking, e-commerce, and other fields.

Figure 8 shows the application of HTTPS in online banking. A bank provides online banking services for customers. The customer can query accounts and transfer funds through the webserver of the bank. By establishing an SSL connection between the client and the Bank's Webserver, the customer's information can be kept confidential.

Figure 8 Application of HTTPS in Online Banking

4.2 SSL VPN

Ssl vpn is a VPN technology based on SSL. It uses the security mechanism provided by SSL to provide security assurance for users to remotely ask the company's internal network. 9. As you can see, the ssl vpn establishes an SSL secure connection between the remote access user and the ssl vpn gateway, and agrees to use various web browsers and network access methods, you can remotely seek enterprise network resources wherever you are, and ensure the security of the enterprise network, so as to protect the internal information of the enterprise from being stolen.

Figure 9 typical ssl vpn Networking Environment

 

 

 

 

 

How SSL works