## Secure Socket Layer (SSL) & Transport Layer Security (TLS)


Algorithms using one key that is:
* shared by sending and receiving parties
* assumed to be transferred over secure means
* generally fast<br>
are called **symmetric key encryption algorithms**.

Algorithms that use multiple keys which are:
* shared by sending and receiving parties
* assumed to be transferred over insecure means
* generally slow<br>
are called **asymmetric key encryption algorithms**.

### Secure Socket Layer (SSL)

Design goals of SSL include:
* Secure transmission at the socket level
    * Protocol is built on top of TCP
* Peer Authentication
* Efficiency
* Extendibility
    * It should be able to use numerous cipher algorithms
* User transparent
* Provide data integrity<br>

**SSL** is a layered protocol, which:
1. Takes the message
2. Fragments it into manageable blocks (optional compression)
3. Applies a MAC (Message Authentication Code)
4. Encrypts the message<br>

**SSL** connects on **port 443** by default.<br>
**Session-identifier cache timeout** value is **100 seconds**.<br>

#### SSL v3.0 Protocol Stack
IP << TCP << SSL Record Protocol << SSL Handshake Protocol << SSL Change Cipher Spec << SSL Alert Protocol << HTTP << Telnet<br>
<br>
*Alert layer*: is where the alert messages are conveyed<br>
<br>
*Change Cipher Spec*: is used to change the cipher algorithm<br>
<br>
*Record Layer Protocol*: Header contains three parts; MAC (ensures data integrity), Actual Data and Padding Data (creates pads of data for block ciphers)
* Fragments the data
* Compresses the fragments, if necessary<br>


*Handshaking Protocol*: Cryptographic parameters such as protocol version, cryptographic algorithms etc. are produced by this protocol.<br>
Protocol simply happens as follows:
* Client and server exchange hello messages with their cryptographic parameters
* Client and server authenticate each other with pre-master secret (also client can send its certificate, if needed)
* Server creates master key and sends it to the client
* Client decodes the master key and uses it to encode the session<br>


#### Problems of SSL
*People have cracked SSL encryption* and many users still use *SSL 2.0 instead of SSL 3.0*. Also, *firewalls can't regulate the data* and *proxies can't cache the information*.

### Transport Layer Security (TLS)

TLS provides transport layer security for web applications. It provides confidentiality and data integrity between two end points. TLS is layered into:
* TLS Record Protocol
* TLS Handshake Protocol<br>

#### Advantages of TLS

Web Apps can use it transparently for secure communication.<br>

*TLS Record Protocol*: layers on top of TCP, *provides data confidentiality* using **symmetric key cryptography**  and also *provides data integrity* using a **message authentication checksum**.<br>

The keys for TLS are uniquely generated for each TLS session.<br>

**Basic Operations of the TLS Records Protocol**
1. Read messages
2. Fragment messages into manageable chunks
3. Optional compression
4. Calculate a MAC
5. Encrypt the send the data

At the **receiving end**, the **exact operations are repeated** in **reverse order**.<br>

*TLS Handshake Protocol*: is layered on top of TLS Record Protocol. It is used to:
1. Authenticate the client and the server
2. Exchange keys
3. Negotiate the encryption and data integrity algorithms (*Change cipher spec*)

**TLS Handshake takes place as shown in the image below:**
<img src="https://www.researchgate.net/profile/Wazen_Shbair/publication/298065605/figure/fig1/AS:357056767905792@1462140375566/TLS-handshake-protocol.png"/>