Secure sessions are used for managing the security of a message transmission on a network such as the Internet. Secure Sockets Layer (SSL) and Transport Layer Security (TLS), which are based on SSL, are protocols typically used for managing the security of a message transmission. SSL uses a program layer located between the Internet's Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers. The “sockets” part of the term refers to the sockets method of passing data back and forth between a client and a server program in a network or between program layers in the same computer. SSL uses the public-and-private key encryption system, which also includes the use of a digital certificate. While the following description references the use of SSL, it should be understood that TLS or other secure protocols could also be used.
Transferring sensitive information over a network can be risky due to several issues. A person cannot always be sure that the entity with whom the person is communicating is really the entity the person thinks they are dealing with. Network data can be intercepted, so it is possible that it can be read by an unauthorized third party, sometimes known as an attacker. If an attacker can intercept the data, the attacker may also be able to modify the data before sending it on to the receiver.
The use of SSL addresses these issues, as SSL allows each of two communicating parties to ensure the identity of the other party in a process called authentication. Once the parties are authenticated, SSL provides an encrypted connection between the two parties for secure message transmission. Encrypting the communication between the two parties provides privacy. The encryption algorithms used with SSL include a secure hash function to ensure that data is not modified in transit.
SSL is typically used in e-commerce transactions, and allows sensitive information, such as credit card numbers, to be transmitted securely over the Internet. One of the reasons SSL is effective is that it uses several different cryptographic processes. SSL uses public key cryptography to provide authentication, and secret key cryptography and digital signatures to provide for privacy and data integrity.
The primary purpose of cryptography is to make it difficult for an unauthorized third party to access and understand private communication between two parties. It is not always possible to restrict all unauthorized access to data, but private data can be made unintelligible to unauthorized parties through the process of encryption. Encryption uses complex algorithms to convert the original message, or cleartext, to an encoded message, called ciphertext. The algorithms used to encrypt and decrypt data that is transferred over a network typically come in two categories: secret key cryptography and public key cryptography.
Both secret key cryptography and public key cryptography depend on the use of an agreed-upon cryptographic key or pair of keys. A key is a string of bits that is used by the cryptographic algorithm or algorithms during the process of encrypting and decrypting the data. Safely transmitting a key between two communicating parties is not a trivial matter. A public key certificate allows a party to safely transmit its public key, while ensuring the receiver of the authenticity of the public key.
With secret key cryptography, both the client and the server use the same key to encrypt and decrypt the messages. Before any encrypted data can be sent over the network, both Client and Server must have the key and must agree on the cryptographic algorithm that they will use for encryption and decryption.
Secret key cryptography is also called symmetric cryptography because the same key is used to both encrypt and decrypt the data. Well-known secret key cryptographic algorithms include the Data Encryption Standard (DES), triple-strength DES (3DES), Rivest Cipher 2 (RC2), and Rivest Cipher 4 (RC4).
Public key cryptography utilizes both a public key and a private key. The public key can be sent openly through the network while the private key is kept private by one of the communicating parties. The public and the private keys are cryptographic inverses of each other; what one key encrypts, the other key will decrypt.
Public key cryptography is also called asymmetric cryptography because different keys are used to encrypt and decrypt the data. A well-known public key cryptographic algorithm often used with SSL is the Rivest Shamir Adleman (RSA) algorithm. Another public key algorithm used with SSL that is designed specifically for secret key exchange is the Diffie-Hellman (DH) algorithm. Public key cryptography requires extensive computations, making it compute intensive. It is therefore typically used only for encrypting small pieces of data, such as secret keys, rather than for the bulk of encrypted data communications.
When sending encrypted data, SSL typically uses a cryptographic hash function to ensure data integrity. The hash function prevents a nefarious user from tampering with the data that a client sends to a server. When data is processed by a cryptographic hash function, a small string of bits, known as a hash, is generated. The slightest change to the message typically makes a large change in the resulting hash. A cryptographic hash function does not require a cryptographic key. Two hash functions often used with SSL are Message Digest 5 (MD5) and Secure Hash Algorithm (SHA-1). A Message Authentication Code (MAC) is similar to a cryptographic hash, except that it is based on a secret key. When secret key information is included with the data that is processed by a cryptographic hash function, the resulting hash is known as a Hashed Message Authentication Code (HMAC).
Communication using SSL begins with an exchange of information between the client and the server. This exchange of information is referred to as the SSL handshake. The three main purposes of the SSL handshake are to negotiate the cipher suite, to authenticate identity, and to establish information security by agreeing on encryption mechanisms.
An SSL session begins with a negotiation between a client and a server as to which cipher suite they will use. A cipher suite is a set of cryptographic algorithms and key sizes that a computer can use to encrypt data. The cipher suite includes information about available public key exchange algorithms, secret key encryption algorithms, and cryptographic hash functions. The client tells the server which cipher suites it has available, and the server chooses the best mutually acceptable cipher suite.
In SSL, the authentication step is optional, but in the example of an e-commerce transaction over the Web, the client will generally want to authenticate the server. Authenticating the server allows the client to be sure that the server represents the entity that the client believes the server represents.
To prove that a server belongs to the organization that it claims to represent, the server presents its public key certificate to the client. If this certificate is valid, the client can be sure of the identity of the server.
The client and server exchange information that allows them to agree on the same secret key. For example, with RSA, the client uses the server's public key, obtained from the public key certificate, to encrypt the secret key information. The client sends the encrypted secret key information to the server. Only the server can decrypt this message since the server's private key is required for this decryption.
Both the client and the server now have access to the same secret key. With each message, they use the cryptographic hash function, chosen in the first step of this process, and share secret information, to compute a Hashed Message Authorization Code (HMAC) that gets append to the message. The client and server then use the secret key and the secret key algorithm negotiated in the first step of this process to encrypt the secure data and the HMAC. The client and server can now communicate securely using their encrypted and hashed data.
Failover is a backup operational mode in which the functions of a system component (such as a processor, server, network, or database, for example) are assumed by secondary system components when the primary component becomes unavailable through either failure or scheduled down time. Failover is used to make systems more fault-tolerant, and is typically an integral part of mission-critical systems that must be constantly available. The procedure involves automatically offloading tasks to a standby system component (also referred to as a failover device) so that the procedure is as seamless as possible to the end user. Failover can apply to any aspect of a system: within a personal computer, for example, failover might be a mechanism to protect against a failed processor; within a network, failover can apply to any network component or system of components, such as a connection path, storage device, or web server.