OSI stack security: Layer 2-Encryption

 

Previous Article:

OSI stack security: Layer 2-physical layer security threats

OSI stack security: Layer 4-understanding the role of ARP

OSI stack security: Role of Layer 2-ICMP

OSI stack security: Layer 4-Fingerprint Recognition

OSI stack security: Layer 2-session hijacking

 

[TechTarget China original] Layer 1 of OSI Mode is the presentation layer. The presentation layer is the only information that the OSI model is responsible. It is used as a data converter to convert data from one format to another. If you know these formats, such as ASCII, EBCDIC, or JPEG, It is correct. However, the expression layer can also be used for encryption. One example is the Secure Socket Layer (SSL ). This protocol is an encryption solution that protects the security of transmitted data. SSL is located on the transport layer and under the application layer. As SSL plays an important role in data security, this chapter focuses on it.

First, let's take a look at some background knowledge. Netscape developed SSL in 1994 and uses it as a network communication security method. Specifically, SSL is used to protect data security between Web browsers and Web servers. SSL provides secure e-commerce means for applications. However, SSL is not an industrial standard-it is developed by Netscape-and Transport Layer Security (TLS) is. TLS is developed by the Internet Engineering Promotion Team (Internet Engineering Task Force, IETF. The current TLS version is 1.1, which is described in RFC4346. Programs that use TLS are similar to programs that use SSL. In general, SSL and TLS can communicate with each other. Both services use a standard handshake process to establish communication:

1. You can use a Web browser to connect to a Web server with a secure URL.

2. The Web server responds to the client request and sends the server's digital certificate to the Web browser. X.509 is the most common certificate type.

3. Then the client verifies that the certificate is valid and correct. Certificates are issued by well-known authorities, such as Thawte and Verisign. This step is important because the certificate proves that the organization of the Web server is legal.

4. Once the certificate is confirmed valid, the client generates a one-time session key, which is used to encrypt all communications with the Web server.

5. The client then encrypts the session key with the public key of the Web server and transmits it with the digital certificate. The session key of the Web server ensures that only the Web server can decrypt data.

6. Now, a secure session is established and both parties can communicate through a secure channel.

The handshake program allows both parties to perform trusted communications. In fact, the client and the Web server still use TCP to transmit data back and forth as usual. The difference is that the transmitted data streams are encrypted. In addition, some controls are included to ensure information integrity. In this way, mutual trust between the two parties is ensured and the information in transmission is not changed.

Presentation Layer threats

Although SSL and TLS have a high level of credibility, the threats still exist. There are two most likely threats: pseudo-certificate attacks and man-in-the-middle attacks. A pseudo-certificate attack means an attacker provides a fake certificate to the client. The client should be aware of this attack-they will receive a dialog box warning about certificate issues. This certificate is very similar to a real certificate, but it is not issued by a trusted certification body. Man-in-the-middle attacks are difficult because attackers must intercept communication between the client and the server. Then, attackers can replace valid keys with their own keys.

 

Although these attacks against SSL are all possible, the bigger threat is that business units that do not use any encryption means at all. They simply transmit their customer information in plain text. Protocols such as SSL and TLS have considered all possible threats and have been proven to be sufficient to ensure information security. This is evidenced by thousands of millions of security data exchanges every day. If the SSL discussion here causes your learning