Computer Science

SSL encryption

SSL encryption, or Secure Sockets Layer encryption, is a security protocol used to establish an encrypted link between a web server and a browser. It ensures that data transmitted between the two remains private and secure. SSL encryption is commonly used to protect sensitive information such as login credentials, credit card details, and personal data during online transactions.

Written by Perlego with AI-assistance

7 Key excerpts on "SSL encryption"

Index pages curate the most relevant extracts from our library of academic textbooks. They’ve been created using an in-house natural language model (NLM), each adding context and meaning to key research topics.
  • Cybersecurity Fundamentals
    eBook - ePub

    Cybersecurity Fundamentals

    A Real-World Perspective

    • Kutub Thakur, Al-Sakib Khan Pathan(Authors)
    • 2020(Publication Date)
    • CRC Press
      (Publisher)
    If you want to use different types of plugins and other third-party apps, then choose either Mozilla Firefox or Google Chrome browsers. They are easy to use with a wide range of plugins.
  • Download the browser of your choice once you decided the best fit for you.
  • Install the browser and go surfing the Internet.

    • 8.9 Secure Sockets Layer

    SSL is a type of security protocol for secure data transfer from web server to the browser and vice versa. The SSL is a recognized and standard security protocol that establishes a secure and encrypted link between the web server and the browser so that the transactions of data between the client and the server are fully secure and reliable (Figure 8.60 ).
    FIGURE 8.60    Secure Sockets Layer.
    There are two most commonly used types of data encryption methods. They are given below:
    • Symmetric encryption
    • Asymmetric encryption
    Symmetric encryption uses the same key for the encryption and decryption of the data as shown in Figure 8.61 .
    FIGURE 8.61    Symmetric encryption.
    On the other hand, the asymmetric encryption uses two separate keys for encryption and decryption, respectively. Asymmetric encryption uses 2,048-bit keys nowadays. Previously, it also used the 1,024-bit key, but now, it is not considered as very safe encryption. Figure 8.62 shows the asymmetric encryption, which uses two separate keys for encryption and decryption.
    FIGURE 8.62    Asymmetric encryption.
    SSL protocol works on certain data encryption algorithms. The most commonly used public and private key-based encryption uses the following encryption algorithms:
    • Rivest, Shamir, Adleman (RSA) algorithm
    • Elliptic Curve Cryptography (ECC) algorithm
    The SSL encryption is based on the SSL certificate, which is normally installed on the web server. The SSL certificate is purchased from the issuing authorities commonly known as Certificate Authority (CA) after proper verification of the business and websites.
    First of all, you need to generate a certificate signing request (CSR) via local browser on the web server. This report is a file of data, which includes web server information and private key. This CSR is submitted to the certificate authorities for issuance of certificate. The web administrator and developer request for SSL certificate. When it is received from the issuing authorities, it is installed on the web server.
Sign up to read
Learn more about book
  • Surviving Security
    eBook - ePub

    Surviving Security

    How to Integrate People, Process, and Technology

    That is, SSL is simply another layer in the network protocol stack that rides on top of the TCP/IP stack. SSL provides secure (encrypted) communications, authentication of the server (and sometimes the client), and data integrity of the message. Because SSL resides on top of the TCP/IP layers (see Exhibit 8), it can potentially secure the communications of any number of application-level protocols that communicate over the Net. SSL secures the channel by providing end-to-end encryption of the data that is sent between a Web client and Web server. Although a sniffer might be able to see the data in transmission, the encryption will effectively scramble the data so that it cannot be intelligently interpreted. However, before it is encrypted and after it is decrypted, data that resides on the Web client’s machine and on the Web server’s machine is only as secure as the host machines. Customer credit cards have been compromised many times because a company stored them on an insecure Web server. SSL can be used to encrypt more than just Web sessions, although that is the application with which most people are familiar. It can be used to encrypt almost any TCP/IP connections, as well as FTP sessions and some legacy applications. Exhibit 8. The SSL/TLS protocol sits on top of the TCP/IP stack. SSL uses public-key (asymmetric) encryption and secret-key (symmetric) encryption to authenticate the Web server or client and to encrypt the communication channel. Public-key encryption exchanges a private session key between the Web server and client, making fast symmetric encryption possible in secure communications. The strict use of publickey encryption to conduct secure sessions would be too slow and impractical for Web sessions. SSL/TLS Accelerators The encryption-decryption process uses an extraordinary amount of system resources
    Sign up to read
    Learn more about book
  • Artificial Intelligence and Cybersecurity
    eBook - ePub

    Artificial Intelligence and Cybersecurity

    Advances and Innovations

    • Ishaani Priyadarshini, Rohit Sharma, Ishaani Priyadarshini, Rohit Sharma(Authors)
    • 2022(Publication Date)
    • CRC Press
      (Publisher)
    5 ].

    Secure Sockets Layer (SSL)

    Secure sockets layer (SSL) is a convention for PCs organising the relationship between customers and servers through a web as well as being like an unstable network. The use of SSL was rejected for web use by the Internet Technology Task Force (ITTF) [4 ] and replaced with the ‘transportation layer security’ (TLS) protocol because of different protocols, usage flaws and vulnerabilities, although TLS and SSL are not interoperable and TLS with SSL 3.0 is in reverse. It is the first convention that is regularly used and is commonly employed in the industry. It meets certain security criteria such as: verification, encryption and integrity [4 , 5 ].
    SSL could be a logical disciplinary convention giving a safe relationship between a customer and a server. SSL was [1 5 ] at first developed by the Netscape Communications Corporation. This convention protects secure data exchange between a customer and a server that allocates TCP/IP with an ‘open key unbalanced calculation rule’ utilised for the encryption strategy. The SSL arrangement includes two subcontracts: one for the SSL record and the other for the SSL handshake. The former defines the transmission location of the knowledge. The SSL convention incorporates a handshake with the SSL record convention to enable the flexible exchange of messages between a server and a customer.
    The SSL convention builds up a protected channel with three fundamental features: i) all messages are territory encrypted, ii) authentication ought to be on server side as it is discretionary on the client side, iii) it gives guaranteed quality. Not only does SSL provide reliable information on the internet, but it also authenticates the server and customers. The SSL convention’s basic aims are: i) cryptographic security – it offers a secure means of remotely exchanging data without any third-party impedance, ii) consistency – it is compatible with any stage, iii) expandability – new procedures might be implemented without any problem, iv) productivity – it transfers data through an open channel between two clients, or between server and client [5
    Sign up to read
    Learn more about book
  • Internet Security
    eBook - ePub

    Internet Security

    A Jumpstart for Systems Administrators and IT Managers

    • Tim Speed, Juanita Ellis(Authors)
    • 2003(Publication Date)
    • Digital Press
      (Publisher)
    SSL can encrypt a session between a client and a server so that applications can exchange and authenticate user names and passwords without exposing them to eavesdroppers. Hackers can use IP sniffers and scanners to capture copies of all packets that pass between a client and server during a session. This information is then available in an unencrypted, cleartext format. One example could be a basic authentication between a browser and a server. The browser attempts to access a page that requires authentication, a user name, and a password. The server will return a status code back to the browser (for example, 401). This status code tells the browser to generate a prompt for the user name and password. The user then enters the user name and password, and this data is sent back to the server. In this example of basic HTTP authentication, the password is passed over the network, not encrypted, but not as plaintext either; it is “unencoded.” Anyone watching packet traffic on the network will not see the password in the clear, but the password will be easily decoded by anyone who happens to catch the right network packet, and this is very easy to do. With SSL, however, all transmissions following the initial handshake are encrypted to prevent transmissions from being captured. The client and server prove their identities by exchanging certificates. All traffic between the SSL server and the SSL client is encrypted using a key and an encryption algorithm negotiated during the SSL handshake, which occurs at session initialization. Next, the SSL protocol ensures that messages between the sender system and receiving system have not been tampered with during the transmission. This ensures a secure channel between the client and server. SSL uses a combination of mathematical functions known as hash functions. (Hashing was discussed in Chapter 3.) Also, a shared secret is used to encrypt the data with a strong cipher
    Sign up to read
    Learn more about book
  • Network Security
    eBook - ePub

    Network Security

    • André Pérez(Author)
    • 2014(Publication Date)
    • Wiley-ISTE
      (Publisher)

    5

    SSL, TLS and DTLS Protocols

    5.1. Introduction

    Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols are used to create a secure session between a host, which initializes the session, and a security gateway acting as a server, localized in the protected Local Area Network (LAN).
    SSL/TLS protocols provide an alternative solution to the Internet Protocol Security (IPSec) mechanism described in Chapter 4. Secure data transport is implemented between a client (the host) initializing the session and a server (the security gateway), localized in the LAN network protected by SSL/TLS protocols.
    The TLS protocol is standardized by the Internet Engineering Task Force (IETF). It succeeds the SSL protocol developed by the Netscape, the original purpose of which was to secure exchanges between a navigator and a web server.
    SSL/TLS protocols correspond to a Record header inserted between the transport layer and the messages of the application layer, or the following SSL/TLS messages (Figure 5.1 ):
    – the change_cipher_spec message indicates a modification of security parameters;
    – the alert message indicates an error in communication between the host and the security gateway;
    – the handshake messages negotiate the security parameters between the host and the security gateway.
    Figure 5.1. SSL/TLS protocol architecture
    SSL/TLS protocols impose a reliable transport protocol (for example, Transmission Control Protocol (TCP)), which enables the exchange of messages without errors or risks of desequencing.
    SSL/TLS protocols delimit messages determining the start and end of each message. Message delimitation is obtained via an indication of length contained in the message. This also enables the transport of multiple SSL/TLS messages in a TCP segment.
    The Datagram TLS (DTLS) protocol reuses the main functionalities of SSL/TLS protocols. The modifications it contributes arise from the use of User Datagram Protocol (UDP), Datagram Congestion Control Protocol (DCCP), Stream Control Transmission Protocol (SCTP) and Secure Real-time Transport Protocol (SRTP).
    Sign up to read
    Learn more about book
  • Implementing Information Security in Healthcare
    eBook - ePub

    Implementing Information Security in Healthcare

    Building a Security Program

    • Terrell Herzig, Tom Walsh(Authors)
    • 2020(Publication Date)
    • HIMSS Publishing
      (Publisher)
    Application encryption. Data are encrypted by the application before it is stored in the database. Database queries return encrypted data that they can only be decrypted by the application. Key management and access management is handled by the application, or by an external cryptographic engine through an application-programming interface. Application-level encryption can be difficult to manage, difficult to program and varies widely in the applications that offer it. However, it ensures that the data are encrypted from acquisition to storage.
    Column-level encryption and most forms of application encryption offer the protections of file encryption, and they can restrict authorized users from seeing restricted data without compromising these users’ ability to otherwise use the database. For example, column-level encryption can separate database administration and security administration functions.
    Database encryption is an effective tool but only as a component of an overall comprehensive information security program. The appropriate encryption strategy should be applied in combination with overall security practices and database access controls. Once again, conducting a risk analysis will provide a good understanding on the appropriateness of database encryption.

    Secure Sockets Layer

    Secure sockets layer (SSL) technology continues to be an essential component of web-based operations. Healthcare organizations increasingly rely on the Internet to reach their patient population with online patient records and bill paying. With this increase in web traffic, along with transmission of confidential information, SSL is no longer just a nice-to-have capability, but an absolute necessity. At the same time, Internet security threats are escalating every year. Readily available Internet session hacking tools like Firesheep pose a serious security threat to online operations. To combat these threats, organizations should implement SSL for all Internet traffic.
    Simply encrypting login and checkout pages is no longer sufficient. Healthcare organizations should expand the use of SSL to cover the entire user session, which better protects themselves and their patients against security threats. This allows SSL to encrypt not only the sensitive components of the application such as the login page, but the entire application surface area. In addition to using SSL, the strength of encryption is also important. NIST has issued a security notification, SP 800-131A Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, which advocates that organizations stop using 1024-bit keys between 2011 and 2013. It also advises against the use of 1024-bit keys beginning in 2014.18
    Sign up to read
    Learn more about book
  • Handbook of e-Business Security
    eBook - ePub

    Handbook of e-Business Security

    • João Manuel R.S. Tavares, Brojo Kishore Mishra, Raghvendra Kumar, Noor Zaman, Manju Khari, João Manuel R.S. Tavares, Brojo Kishore Mishra, Raghvendra Kumar, Noor Zaman, Manju Khari(Authors)
    • 2018(Publication Date)
    • Auerbach Publications
      (Publisher)
    In this mechanism, a trusted third party is selected to have control over the entire conversation. It assures nonrepudiation, which means that the sender cannot deny later that he/she has sent the data earlier (Table 2.1). 2.2  Techniques to Achieve Security Goals Cryptography: The word cryptography comes from the Greek words kryptos meaning “secret writing” and graphein meaning “writing.” Cryptography mainly concerns the security of digital data and information (Coron, 2006). It includes the techniques based on mathematical algorithms that offer essential Internet security services. According to William Stallings (2011), “Cryptography is defined as the subpart of cryptology dealing with the design of algorithms for encryption and decryption, planned to guarantee the secrecy and/or authenticity of message. So, it is the skill of succeeding in terms of security by encoding the messages to make them in a format that is completely non-readable. Earlier, cryptography meant only the encryption and decryption of messages using secret keys, but nowadays it is well defined as containing three different mechanisms: symmetric key encipherment, asymmetric key encipherment, and hashing (Fiskiran and Lee, 2002; Mandal et al., 2012). Symmetric key encipherment: In this mechanism, the encryption and decryption procedures can be done using the identical key. Symmetric key is famous for conventional encryption. Sometimes, it is also known as secret key encipherment or secret key cryptography. In this encipherment, a sender, say A, can send information to another object, say B, over an uncertain channel with the hypothesis that an opponent, say C, cannot understand the contents of the sanded information by simply snooping over the channel. A can encrypt the message using the encryption algorithm and B can decrypt the information using the decryption algorithm. It uses a single secret key for both encryption and decryption
    Sign up to read
    Learn more about book
    • Explore more topic indexes
    View all