Secure Socket layer Protocol
Vision
This project deals with the implementation of the Secure Socket Layer protocol. Here we are mainly concerned With the implementation of the client and server entities and the SSL transaction between them. This transaction comprises of the authentication, key exchange and bulk data transfer. Our implementation guarantees secure and reliable communication (message exchange) and data transfer (files) between the two entities.
Deliverables / Functional Specifications
Today, we rely heavily on the Internet for electronic data transfer, financial transactions, communication, and information retrieval and so on. Be it the success and smooth operation of a business enterprise or the convenience of the general public, the Internet has become the answer for many of our needs. But any breach in the confidentiality and integrity of the data transferred over the Internet can nullify the advantages offered and cause great loss and inconvenience to the user. Thus, the growing use of Internet necessitates the development of a protocol that would make ‘secure and reliable transfer of data’ possible and at the same time, would be flexible enough to incorporate changes as the need arises. Secure Socket layer (SSL) is one such protocol that has gained widespread popularity because of its various attractions like efficiency, cryptographic security, interoperability, and extensibility.
Introduction to the project
Secure Socket Layer (SSL) is the predominant method of securing Internet transactions over the World Wide Web (WWW). Introduced in 1994, SSL was quickly incorporated into popular web browsers, such as from Netscape and Microsoft, primarily to protect the confidentiality of on-line purchases by consumers. In addition to securing E-commerce, SSL has now evolved into the preferred way of transferring many types of sensitive data such as bill payments, banking statements, tax returns and stock purchases over the Internet.
Through the many forms of Internet eavesdropping, unauthorized people can steal credit card numbers, PIN numbers, personal data, and other confidential information. To transfer information privately and securely across the Internet, the Secure Socket Layer (SSL) protocol was developed. SSL is placed between Transport layer and application layer. Application protocols such as HTTP, ftp, telnet, gopher, Network News Protocol (NTTP), and Simple Mail Transport Protocol (SMTP) can be layered easily and transparently on top of SSL, with the TCP/IP layered beneath it.
Working of SSL
When a client and server communicate, SSL ensures that the connection is private and secure by providing authentication and encryption. Authentication confirms that the server and the client are who they say they are. Encryption then creates a secure “tunnel” between the two, which prevents any unauthorized system from reading the data. SSLenabled clients (such as a Netscape or Microsoft browser) and SSL-enabled servers (such as Apache or IIS) confirm each other’s identities using digital certificates. Digital certificates are issued by trusted third parties called Certificate Authorities (or CAs) and provide information about an individual’s claimed identity, as well as their public key. By validating digital certificates both parties can ensure that an imposter has not intercepted a transmission.
SSL uses both public-key and symmetric key encryption.. The secure tunnel that SSL creates is an encrypted connection that ensures that all information sent between an SSLenabled client and an SSL-enabled server remains private. SSL also provides a Demonstration of SSL May 2007 Page 12 of 105 mechanisms for detecting if someone has altered the data in transit. These message integrity checks ensure that the connection is reliable. If, at any point during a transmission, SSL detects that a connection is not secure, it will terminate the connection and the client and server will establish a new secure connection.
SSL Transactions
SSL is comprised of two protocols: the SSL Handshake protocol and the SSL Record
protocol. These protocols work together to secure an SSL transaction. The SSL
Handshake Protocol handles key exchange and the SSL Record Protocol handles the bulk
data transfer. The SSL Handshake Protocol does the following:
• authenticates the server to the client (optionally, the client to the server)
• allows the client and server to negotiate the cipher suite to be used
• allows the client and the server to generate symmetric session keys
• establishes the encrypted SSL connection
Once the key exchange is complete, the client and the server use this key to encrypt
all communication between them. The encryption is done with a symmetric key encryption
algorithm, such as RC4 or DES. This is the function of the SSL Record Protocol. To
illustrate how SSL works, assume a user wants to make a purchase over the Internet and
needs to send a credit card number to a secure web site. The server sends its digital certificate which if valid, results in the transmission of client’s credit card number.
Crypto Algorithms
SSL supports a variety of different cryptographic algorithms, or ciphers, that it uses
for authentication, transmission of certificates, and establishing session keys. SSL-enabled
devices can be configured to support different sets of ciphers, called cipher suites. If an SSLenabled client and an SSL-enabled server support multiple cipher suites, the client and server may negotiate which cipher suites they will use in an attempt to use the strongest possible security supported by both parties. SSL supports the following cipher suites:
Key exchange algorithms are
- RSA (Rivest, Shamir and Adleman)
- Fixed Diffie Hellman
Symmetric key algorithms:
- DES(Data Encryption Standard)
- 3 DES(Data Encryption Standard)
Hash algorithms
- MD5 (Message Digest)
- SHA-1(Secure Hash Algorithm)
The key exchange algorithms are used to establish the master secret, while the symmetric key
algorithms are used for encryption of bulk data. The hash algorithms are used for message
authentication.
HARDWARE AND SOFTWARE REQUIREMENTS
HARDWARE REQUIREMENTS
PROCESSOR : Intel 2.0 GHz or above
HARD DISK : 80 GB
RAM : 512 MB RAM.
SOFTWARE REQUIREMENTS
OPERATING SYSTEM : WINDOWS XP with SP2.
LANGUAGE (FRONT END) : JAVA (JDK1.5/1.6)
TECHNOLOGY : APPLETS, AWT, SWINGS.
ARCHITECTURE : WINDOW BASEDED ARCHITECTURE
No comments:
Post a Comment