The Secure Socket Layer (SSL) protocol provides a framework for passing information through an authenticated and encrypted tunnel. Each SSL connection defines a point-to-point tunnel between a client and a server. The SSL protocol operates within the presentation layer and allows the client and server to negotiate authentication, encryption, and checksum algorithms.
The SSL protocol was originally developed by Netscape. Version 1.0 was never publicly released; version 2.0 was released in February 1995 but "contained a number of security flaws which ultimately led to the design of SSL version 3.0", which was released in 1996 (Rescorla 2001). This later served as the basis for TLS version 1.0, an Internet Engineering Task Force (IETF) standard protocol first defined in RFC 2246 in January 1999. Visa, MasterCard, American Express and many leading financial institutions have endorsed SSL for commerce over the Internet. SSL operates in modular fashion. It is extensible by design, with support for forward and backward compatibility and negotiation between peers. SSL, by itself, is a system for negotiating protocols. SSL does not provide security nor natively include cryptography; there is no security from SSL by itself. The security in SSL comes from the negotiated protocols. For example, the client may support DES, 3DES, and AES encryption, whereas the server supports 3DES and RC2. Using SSL, both systems can negotiate communication using their common 3DES encryption algorithm. A variety of authentication, encryption, and checksum functions may be incorporated into SSL. SSL is used to tunnel plaintext data through an encrypted tunnel. Application-layer protocols that normally transmit unencrypted data gain encryption, authentication, validation, and nonrepudiation by using SSL. For example, the Web uses HTTP for transmitting and receiving HTML data normally via plaintext transfers. HTTP over SSL is called HTTPS. It uses SSL to encrypt the Web requests and replies. HTTPS is the most common use of SSL. Other uses include stelnet and sftp—telnet and FTP over SSL. Because SSL is a presentation-layer protocol, any application-layer protocol
may use SSL. Although most SSL-enabled applications explicitly link to an SSL library,stand-alone SSL applications can proxy application data through an SSL connection. Example generic proxies include s_client and s_server from OpenSSL, and the stand-alone Stunnel application (http://www.stunnel.org/).
Several versions of the protocols are in wide-spread use in applications like web browsing, electronic mail, Internet faxing, instant messaging and voice-over-IP (VoIP).
SSL v2 is flawed in a variety of ways:
* Identical cryptographic keys are used for message authentication and encryption.
* MACs are unnecessarily weakened in the "export mode" required by U.S. export restrictions (symmetric key length was limited to 40 bits in Netscape and Internet Explorer).
* SSL v2 has a weak MAC construction and relies solely on the MD5 hash function.
* SSL v2 does not have any protection for the handshake, meaning a man-in-the-middle downgrade attack can go undetected.
* SSL v2 uses the TCP connection close to indicate the end of data. This means that truncation attacks are possible: the attacker simply forges a TCP FIN, leaving the recipient unaware of an illegitimate end of data message (SSL v3 fixes this problem by having an explicit closure alert).
* SSL v2 assumes a single service, and a fixed domain certificate, which clashes with the standard feature of virtual hosting in webservers. This means that most websites are practically impaired from using SSL. TLS/SNI fixes this but is not deployed in webservers as yet.
The SSL protocol was originally developed by Netscape. Version 1.0 was never publicly released; version 2.0 was released in February 1995 but "contained a number of security flaws which ultimately led to the design of SSL version 3.0", which was released in 1996 (Rescorla 2001). This later served as the basis for TLS version 1.0, an Internet Engineering Task Force (IETF) standard protocol first defined in RFC 2246 in January 1999. Visa, MasterCard, American Express and many leading financial institutions have endorsed SSL for commerce over the Internet. SSL operates in modular fashion. It is extensible by design, with support for forward and backward compatibility and negotiation between peers. SSL, by itself, is a system for negotiating protocols. SSL does not provide security nor natively include cryptography; there is no security from SSL by itself. The security in SSL comes from the negotiated protocols. For example, the client may support DES, 3DES, and AES encryption, whereas the server supports 3DES and RC2. Using SSL, both systems can negotiate communication using their common 3DES encryption algorithm. A variety of authentication, encryption, and checksum functions may be incorporated into SSL. SSL is used to tunnel plaintext data through an encrypted tunnel. Application-layer protocols that normally transmit unencrypted data gain encryption, authentication, validation, and nonrepudiation by using SSL. For example, the Web uses HTTP for transmitting and receiving HTML data normally via plaintext transfers. HTTP over SSL is called HTTPS. It uses SSL to encrypt the Web requests and replies. HTTPS is the most common use of SSL. Other uses include stelnet and sftp—telnet and FTP over SSL. Because SSL is a presentation-layer protocol, any application-layer protocol
may use SSL. Although most SSL-enabled applications explicitly link to an SSL library,stand-alone SSL applications can proxy application data through an SSL connection. Example generic proxies include s_client and s_server from OpenSSL, and the stand-alone Stunnel application (http://www.stunnel.org/).
Several versions of the protocols are in wide-spread use in applications like web browsing, electronic mail, Internet faxing, instant messaging and voice-over-IP (VoIP).
SSL v2 is flawed in a variety of ways:
* Identical cryptographic keys are used for message authentication and encryption.
* MACs are unnecessarily weakened in the "export mode" required by U.S. export restrictions (symmetric key length was limited to 40 bits in Netscape and Internet Explorer).
* SSL v2 has a weak MAC construction and relies solely on the MD5 hash function.
* SSL v2 does not have any protection for the handshake, meaning a man-in-the-middle downgrade attack can go undetected.
* SSL v2 uses the TCP connection close to indicate the end of data. This means that truncation attacks are possible: the attacker simply forges a TCP FIN, leaving the recipient unaware of an illegitimate end of data message (SSL v3 fixes this problem by having an explicit closure alert).
* SSL v2 assumes a single service, and a fixed domain certificate, which clashes with the standard feature of virtual hosting in webservers. This means that most websites are practically impaired from using SSL. TLS/SNI fixes this but is not deployed in webservers as yet.
No comments :
Post a Comment