Many Business And Government Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

In todays world, many business and government have started having web presence, and many had to do with inputting and collection of private and confidential information, being transferred daily.

Therefore at the advent of the web, Netscape came up with the SSL which is Secure Sockets Layer. The SSL protocol was introduced and it functions in the web browser, this protocol uses a set of public-key & symmetric-key encryption to authenticate and send messages initiated within a session.

For the SSL protocol to start, it must communicate with the different hosts in the network that is requesting the service, it does this by a handshake, this handshake happens between the server and the clients and this goes through a series of messages coded for that session.

The SSL protocol is in two layers: -

(1) The Handshake Protocol Layer. (This has 3 sub-protocols known as: the Handshake Protocol, the Change Cipher Spec Protocol, and the Alert protocol).

(2) The Record Protocol Layer.


The handshake protocol in the SSL protocol allows a server to authenticate itself to a client by using public-key techniques, and allows for the exchange of symmetric keys between the server and the client to guard against eavesdropping and man-in- the- middle attacks. For a successful exchange of keys, these SSL-specified protocols must be used in all session communication.

Fig. 1, Header for the SSL Protocol


Fig.2, This shows how the handshake protocol communicates from the server to the client.

For the handshake session to commence, several states are associated with each session. There is a current operating state for both read and write. During the Handshake session, pending read and write states are created, when concluded, the pending states become current states.


The next action after the handshake is the Change CipherSpec protocol; this protocol uses the SSL record protocol and regarded as the simplest due to its function of changing states from pending to current. This is accomplished by using a coordination signal between the server and the client informing each of them of the present state in progress.


Alert Protocol. The Alert protocol provides an indicator to notify of changes in status or of an error condition from its peer session. Alert message are encrypted and compressed as accorded to the current state. Each sent alert message consist of 2 bytes, the first is a warning value and the second a fatal value. This tells the peers the severity of the transmitting medium, if it's safe to continue or not.

The first byte known as a warning gives an indication of the state of the connection, an example of such warning is the close_notify. While this warning is such that each part of the connection is about to terminate and therefore stops the write side of the connection.

The second byte is the fatal value, this byte occurs when an illegal parameter is seen or inconsistent with other values. An example of a fatal byte is illegal_parameter.

The second part of the SSL Protocol is the Record protocol.

This protocol provides two key functions, which are: 1) ensuring Confidentiality by way of encrypting the data and 2) Message integrity using Message Authentication Code (MAC).

To decrypt the a message, a shared key between the two peers have to be known, this can be sent during an handshake exchange as earlier stated. This ensures key integrity and cancels out an attacker from knowing what keys are used.

The operation of the record protocol is such that, any message to be transmitted are broken down into fragments of manageable block sizes, may compress the block size which is optional, then apply a MAC to it by way of a hash key (MD5) and encrypt the resulting block size with an header and transmit the result via a TCP segment.

At the receiving end, the data is decrypted and verified, decompressed if compression was used on it and reassembled, then delivered to the browser.

The figure below show the process message data has to undergo before reaching the destination party and the recipient uses the same process in a reverse direction.

Figure 3: SSL Record Protocol Operation


The TLS Protocol

The TLS protocol is regarded as the successor to the SSL protocol, it is a protocol that ensures, guard against eavesdrops, and helps maintain privacy of data information sent between users on the internet. It has an in-built mechanism that checks the integrity of message in transit; this acts like anti-tampering protocol. [1]

The edge TLS has over SSL is the independence of the application protocol.

The TLS has some of the features recorded in the SSL protocol. It has two sub-layer, which is the TLS Handshake protocol and, the TLS Record protocol.

The TLS Record protocol [2] does the work of encapsulation, which it uses the TLS Handshake protocol to authenticate each user present and decide which encryption algorithm and keys to use before it sends or receive any data.

The TLS Handshake protocol does the work of connection security, this is done via 3 properties:-

One of the peers must authenticate itself, using asymmetric or public keys using either RSA, DSS encryption.

Negotiation of the shared key is secure, it blocks out any unwanted intrusion that seeks to get the shared key.

The reliance of the connection, meaning an attacker can't tamper with the negotiated communication without being noticed by the parties involved.

The security measures employed in TLS are varied, and it is used to ensure confidentiality is maintained. [3]

TLS prevents a downgrade of protocol to a less secure one.

The Message digest is strengthen with a key, so only a key-holder can see the message the MAC contains.

An exchange of handshake messages is hashed and seen by all parties to confirm the end of the handshake protocol.

A function known as the pseudorandom function breaks the data in half and process each half with a different hash function such as AES, Null and HMAC-SHA1 which then performs an XOR operation on the half's to generate the MAC. [4]

TLS has protection against Cipher Block Chaining (CBC) by using an explicit Initialization Vector (IV) rather than using an Implicit IV and it also changes the way it handles the padding errors.


Application of Transport Layer Security

TLS has many applications that it is being used, some are worth of note and they include: -

Using TLS to protect SIP based application like VoIP, Soft phones.

TLS helps secure the World Wide Web traffic that is carried by HTTP to generate HTTPS.

It helps in securing web applications involving e-commerce and transfer of confidential information.

It is employed in the relay of Simple mail transfer protocol to guard against tampering.


Internet Protocol Security (IPsec)

Internet Protocol Security (IPsec) is one of the many ways to securing the transmission of Internet Protocol (IP) data using authentication and encryption of each IP packet in a data flow.

IPsec is an end-to-end security scheme delivered over the web between two different clients, gateways or between a client and a gateway.

It does so by establishing mutual authentication keys between clients at the start and at the end of a session and can uses any cryptographic keys or encryption methods during the session window. [5]

From RFC 4305, it states the type of cryptographic algorithm to be used to secure Ipsec data transmission, this are: Encapsulating Security Payload or (ESP) and the Authentication Header (AH), these provides two different mechanisms for protection of data to be sent, it can be used separately or combined to provide security against eavesdropping or tampering with data packets.


The AH

With Authentication, this performs what is called an Integrity Check Value (ICV) with the packet's contents, and it uses a cryptographic hash function such as MD5 or SHA-1. This makes known a secret key known by both ends, and this allows the recipient to compute the ICV accordingly. Once the recipient gets the same value, the sender has effectively authenticated itself. This rely on the property that hashes can't be reversed).

The AH uses the cryptographic keys such as the AES-XCBC-MAC-96 [RFC 3566], the HMAC-SHA1-96 [RFC 2424] and may use the HMAC-MD5-96 [RFC 2403], of note, it was discovered that MD5 has some apparent weakness, so it may affect the authentication function and can be discarded. So in general, AH always provides authentication, while ESP does so optionally. [6]

For exchanging of keys, an RFC 4307 document specifies the use of IKEv2 (Internet Key Exchange 2). This IKE is a necessary part of IPsec, which allows it to perform authentication and maintain security associations (SA) between two clients. The Security Associations or SA describes the direction in which an IP datagram would move and change its state between the source and the sink and it specifies the security values available to the datagram, with which encrypting algorithms would use to provide the requested security services. [7]



The ESP as a part of IPsec protocol provides three ways of protecting packets through confidentiality, integrity and authentication, however this can be achieved using either encryption-only or authentication-only. Using encryption-only, the packet can be attacked and tampered with causing it to lose both confidentiality and integrity and this means is discouraged due to its insecure mode of transmitting packet.

For ESP, it actually encapsulated the entire IP packet and adds its own header to it, this mostly happen when it's been used in a tunnel mode.

The types of encryption it uses are AES, 3DES, BLOWFISH; this makes it able to hide the content of the packet from eavesdroppers during transmission.

Fig 4, IPSEC in operation between hosts and gateways over the internet.


HTTPS: - HyperText Transfer Protocol with Secure Sockets Layer.

HTTPS is HTTP + SECURITY, with the security provided by the SSL or TSL protocol, this is done by layering the HTTP on top of SSL/TSL. HTTP is a web browser dependent and it's used to display information accessed on different web servers over the internet. Normal HTTP data packets are routed via port 80, while HTTPS datagram are routed through port 443

Due to the fact that HTTP is insecure and prone to Man-in-the-Middle (MITM) attacks, because ever since the advent of the web, HTTP is used to access and display sensitive information over the web, mostly sites featuring e-commerce links and identity based accounts, an exceptions had to be introduced to prevent MITM and eavesdropping attacks, giving rise to HTTPS, which is considered secured, and rides on the current versions of SSL/ TSL. Typical difference in the operation of both HTTP & HTTPS protocols is such that HTTPS is slower than HTTP, due to the processing of large amounts of data packets. [8]

Every web address pointing towards a website follows this notation: {https://}, meaning the browser in use has encrypts the session with a digital certificate to safeguard against tampering and when in session, as in communicating with the server, and after getting the required response, it displays a padlock sign either in the address field or in bottom field of the browser to indicate the session is safe and secure. [9] The action of getting response from the server, it involves a bidirectional encryption between the server and the client as it ensure each party is communicating with the other part not an imposter and makes sure the data packets can't be read, forged by any other unauthorised party.