Network Security Report: Analyzing HTTPS and Security Technologies

Verified

Added on 2023/06/08

AI Summary

This report provides a detailed analysis of the security processes and technologies used when accessing websites via HTTPS. It explores the mechanisms that prevent attackers from modifying communication between users and web servers, focusing on authentication, confidentiality, integrity, and protection against replay attacks. The report includes discussions on how browsers ensure communication with the correct server through certificate authorities, the workings and role of digital signatures in authentication, and how servers verify the right client. It further elaborates on SSL's use of asymmetric and symmetric encryption for confidentiality, the role of hash algorithms in ensuring data integrity, and the SSL handshake protocol for cipher suite agreement. Practical aspects are illustrated with screenshots, and the report concludes by summarizing the effectiveness of SSL communication in maintaining network security.

Running head: NETWORK SECURITY
Subject Name
Network Security
Student name
Student ID
Submission Date

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1NETWORK SECURITY
Table of Contents
Introduction......................................................................................................................................2
Discussion........................................................................................................................................2
Authentication Process................................................................................................................2
Confidentiality and Integrity Process..........................................................................................5
Protection against Replay Attacks in SSL...................................................................................7
Conclusion.......................................................................................................................................8
References........................................................................................................................................9

2NETWORK SECURITY
TABLE OF FIGURES
Figure 1 screenshot of secure connection........................................................................................4
Figure 2 Non secured Connection...................................................................................................4
Figure 3Digital Signature................................................................................................................5
Figure 4 Hash Algorithm and Symmetric Encryption.....................................................................8

3NETWORK SECURITY
Introduction
This paper intends to discuss the processes and the security technologies while accessing
websites which uses HTTPS. The communication between the user and web server are likely to
be attacked and thus there is a need to analyze the technologies that are required to prevent
attackers from modifying communication. The central idea of this paper is to discuss
authentication, confidentiality and integrity and Anti-Replay in order to address the requirements
of the report. It would also provide the evidence of the practical part associated with specific
topics with the help of screenshots. It can be concluded that this paper would be effective in
addressing all the requirements.
Discussion
Authentication Process
Communication of Web Browser with the Right Server
The communication of web browser and web server is achieved with the web server with
the help of TCP/IP. The communication protocol in a hypertext transfer protocol secure (Https)
is encrypted with the help of a secured socket layer (SSL). The browser ensures that it is
communicating to a right server with the help of the certificate authorities. These certificate
authorities are pre-installed in the software of the websites [1]. For instance, the certificate
authorities of Global Sign and Go Daddy provides certificates, and they are considered as the
trusted by the web browsers. The fig 1 and fig 2 shows the secured and not secured connection
for better illustration.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4NETWORK SECURITY
Figure 1 screenshot of secure connection
Figure 2 Non secured Connection.

5NETWORK SECURITY
Working of Digital Signature
Digital Signature is the electronic fingerprints. It uses a standard format for providing
higher security which is called public key infrastructure (PKI). It works on the PKI protocol and
uses a mathematical algorithm to generate two numbers or keys which are the public key and
private key [2]. This private key is used to create the signature whenever a user signs the
document as shown in fig3. The mathematical algorithm is used for matching the signed
documents which are called hash. The resulting encrypted data is the required digital signature.
Any further change in the document results in invalidation of the digital signature.
Figure 3Digital Signature

6NETWORK SECURITY
Role of Digital Signature in Authentication Process
The role of the digital signature is that it can be used for the authentication of message
source. The private key of a specific digital signature is bound to the user, and thus a valid
signature can prove that the message is sent by the user [3]. For instance, if the branch bank
sends the instruction of updating the balance to the central bank, then the central office would
not consider the request until it is sent from the authorized source.
Communication of server with the Right Client
The server makes sure that it is communicating with the right client with the help of a
public key certificate. A certificate is created by the site administrator for each server for the
authentication of the users. It consists of email id and the name of the authorized user. The server
uses this details to verify the client at the time of communicating.
Confidentiality and Integrity Process
Confidentiality
SSL uses both asymmetric and symmetric encryption to confirm the confidentiality of
message. At the time of SSL handshake, the SSL server and client agree on a shared secret key
and encryption algorithm to be used for a single session. The privacy of the message is ensured
at the time of transmission of the message between the server and the client [4]. The SSL
supports the cryptographic algorithm for the encryption process.
Integrity

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7NETWORK SECURITY
The SSL provides data integrity by the calculation of the message digest. The condition
for ensuring data integrity is the use of the hash algorithm in the cipher spec of the channel [5]. It
can be said that the choice of chipper spec is responsible for the level of integrity of the data.
Agreement of Server and Client on Cipher Suite
The client and server are required to agree on a single cipher suite for exchanging
messages. The selection of cipher suite is done in SSL handshake protocol. The client first sends
a Hello message which includes a list of cipher suite in accordance with the preference of the
client. The server replies the hello with the selected cipher suite and the session id. The next step
includes the exchange of digital certification for the identification of the client and the server.
The pre-shared keys, and the encrypted messages are used by the client and server for calculating
the secret key [6]. The next step is the authentication of the server by the client followed by
sending a finish message which indicates the completion of the handshake process. This shows
the agreement of client and server on a cipher suite for SSL communication.
Role of Symmetric Encryption and Hash Algorithm
The role of symmetric encryption in SSL communication is that it can both encrypt and
decrypt the data. The symmetric key is of 128 bit or 256 bit, and it increases the difficulty of
cracking this key. The size of the key is dependent on the capability of the software of server and
client. The role of the hash algorithm in SSL communication is that it creates the value of the
keys used for encryption [7]. It is a complex algorithm which makes a number of unique
combination of the values.

8NETWORK SECURITY
Figure 4 Hash Algorithm and Symmetric Encryption
Protection against Replay Attacks in SSL
A replay attack is the type of network attack in which effective data transmission is
delayed or repeated. The mitigation of replay attacks in SSL communication can be achieved by
tagging each encrypted component with a component number and a session ID. The combination
of this solutions does not enable any operation that is interdependent. The lack of
interdependency can be effective in decreasing the number of vulnerabilities [8]. As a result of
the uniqueness of each random session id the difficulty for attackers in replicating increases.
Thus attackers would be unable to perform the replay attack.

9NETWORK SECURITY
Conclusion
It can be concluded that this report is effective in discussing the network security in SSL
communication. It explains the authentication process, confidentiality and integrity process and
mitigation of the replay attacks in a proper manner. It also provides the screenshots of the
relevant practical aspects of SSL. It provides description of the cipher suite with the help of SSL
handshake protocol, the concepts of the digital signature and function of hash algorithm and
symmetric encryption. Thus this paper meets all the requirements of the report in an adequate
manner.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

10NETWORK SECURITY
References
[1] Kizza, Joseph Migga, Guide to computer network security, London: Springer, 2013.
[2] Rewagad, Prashant and Yogita Pawar. "Use of digital signature with diffie hellman key
exchange and AES encryption algorithm to enhance data security in cloud computing."
In Communication Systems and Network Technologies (CSNT), 2013 International
Conference on, pp. 437-439. IEEE, 2013.
[3] K. Ganeshkumar and D. Arivazhagan, "Generating a digital signature based on new
cryptographic scheme for user authentication and security." Indian Journal of Science
and Technology 7, no. S6, 2014: 1-5.
[4] Clark, Jeremy, and Paul C. van Oorschot, "SoK: SSL and HTTPS: Revisiting past
challenges and evaluating certificate trust model enhancements," In Security and Privacy
(SP), 2013 IEEE Symposium on, pp. 511-525. IEEE, 2013.
[5] Meyer, Christopher, and Jörg Schwenk, "SoK: Lessons learned from SSL/TLS attacks,"
In International Workshop on Information Security Applications, pp. 189-209. Springer,
Cham, 2013.
[6] Herzberg, Amir, and Haya Shulman, "Cipher-Suite Negotiation for DNSSEC: Hop-by-
Hop or End-to-End?." IEEE Internet Computing 1, 2015: 80-84.
[7] Cash, David, Stanislaw Jarecki, Charanjit Jutla, Hugo Krawczyk, Marcel-Cătălin Roşu,
and Michael Steiner, "Highly-scalable searchable symmetric encryption with support for
boolean queries," In Advances in cryptology–CRYPTO 2013, pp. 353-373. Springer,
Berlin, Heidelberg, 2013.
[8] Cash, David, Stanislaw Jarecki, Charanjit Jutla, Hugo Krawczyk, Marcel-Cătălin Roşu,
and Michael Steiner, "Highly-scalable searchable symmetric encryption with support for