Comprehensive Report: SSL Handshake Protocol in Cybersecurity

Verified

Added on 2023/06/07

AI Summary

This report provides a comprehensive analysis of the SSL handshake, a crucial process in cybersecurity for establishing secure communication between a client and a server. The report begins by defining SSL (Secure Sockets Layer) and its role in using public key encryption alongside symmetric keys to ensure secure data transmission. It details the handshake process, which involves authentication, cipher suite negotiation, and secret key generation to create a secure communication path. The report outlines the steps involved, including the client's initial 'hello' message, server certificate exchange, client certificate verification, secret key computation, and data encryption. Diagrams are included to visualize the process. Finally, the report references relevant sources to support the information presented, making it a valuable resource for understanding secure communication protocols in the digital landscape.

Cyber-security

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Cyber security
SSL Handshake
The SSL stands for secure sockets layer that uses a form of public key encryption
along with symmetric key to communicate. It is a way through which a secure
communication takes place between client and server (Kanekar & Udupa, 2014). SSL
protocol is used to validate the identity of users and assure that authenticated communication
takes place. It is called a handshake as it is the first time both client and server communicates
with ach other. The handshake is a process in which client and server identifies the
authentication of each other and generates a secret key so that secure communication path is
established (Tang, Zeng, Chen & Ye, 2017). It can be said as a simple communication
between two parties that are ready to accomplish the same task together. It can be said as a
time when both the parties negotiate and agree on same terms and conditions before starting
the communication. In the SSL handshake protocol it is identified which cipher suite is used
to encrypt the information. It supports in building a secure communication path before
starting with actual transfer.
Process through which server and client ensure the connection
There are certain steps that are used to enable a secure communication path between client
and server. The steps undertaken are:
 Initially client sends a hello message to the server with whom he wants to establish a
communication (Sslsecurity, 2017). The message covers the information regarding
version, order of preferences and the cipher suites that are preferred. It also includes
the data compression method that is used by client.
1 | P a g e

Cyber security
 The server receives the hello message and also sends digital certificate so that client
could be authenticated. It future sends CAs that is certified authorities in a client
certificate request (Pukkawanna, Blanc, Garcia-Alfaro,Kadobayashi & Debar, 2014).
 Later, client verifies the certificate request by offering an confidential and
authenticated path
 Now, both client and server compute the secret key that could be used by them to
encrypt their confidential data
 Then clients send the data over the network that could be decrypted only by the secret
key. Apart from that, the information that is send over the network is encrypted by the
server public key
 The client certificate is verified by the server making sure that path is authenticated.
Future, server sends a finish message to the client indicating the handshake has been
done
 Once the handshake is complete, client and server can start with their exchange of
information.
Thus, the overall scenario can be summarised as a communication between client and server
to establish a secure communication path. At first, clients send an initial message that
includes all the cipher suites. After that server responds by sending back a random and SSL
certificate that is private key (Pukkawanna, Blanc, Garcia-Alfaro,Kadobayashi & Debar,
2014). Once the certification is verified by the client, it generates public key by the means of
pre master. The server then verifies the public key and then decrypted key be transferred to
the server. Once the secret keys are exchanged a secure communication can take place
(Sslsecurity, 2017).
2 | P a g e

Cyber security
Diagrams
3 | P a g e

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Cyber security
References
Kanekar, T., & Udupa, S. (2014). U.S. Patent No. 8,793,486. Washington, DC: U.S. Patent
and Trademark Office, 55-90.
Pukkawanna, S., Blanc, G., Garcia-Alfaro, J., Kadobayashi, Y., & Debar, H. (2014,
September). Classification of SSL servers based on their SSL handshake for
automated security assessment. In Building Analysis Datasets and Gathering
Experience Returns for Security (BADGERS), 2014 Third International Workshop
on (pp. 30-39). IEEE.
Sslsecurity. (2017). The SSL/TLS handshake process simplified like never before. Retrieved
from https://cheapsslsecurity.com/blog/what-is-ssl-tls-handshake-understand-the-
process-in-just-3-minutes/.
Tang, Z., Zeng, X., Chen, J., & Ye, X. (2017, October). SSL transmission delay optimization
in multi-core processor based on network path delay prediction. In Communication
Technology (ICCT), 2017 IEEE 17th International Conference on (pp. 1012-1018).
IEEE.
4 | P a g e