Wednesday, April 22, 2015

What is SSL?

What is SSL?

SSL stands for Secure Sockets Layer and is one security protocol that is used on the Internet. This is the technology that will show a “lock icon” and/or a green address bar on the browser to let people know that they’re visiting a website that is secured with SSL / TLS. (Note: TLS refers to Transport Layer Security, which is a broad security protocol that SSL fits into.)


Simply, SSL is a way to encrypt data that is sent from a web browser (like Internet Explorer, Firefox, or Chrome) to the web server. While it was primarily used in the past to protect sensitive information like credit card numbers and other data, these days it’s becoming used on a wider basis.

Without encryption, any information sent from the web browser to the web server can fall prey to a man-in-the-middle attack – which refers to bad guys grabbing the data after it leaves the browser and before it reaches the server. By encrypting the data going from a browser to a server, it’s possible to make man-in-the-middle attacks more difficult to pull off successfully.

Understanding Public Key Cryptography

To understand how SSL protects sensitive data, you need to know a thing or two about public key cryptography. While this deals with a lot of very complex math, we’re going to skip over a lot of the technical details in this guide and give you just the basic information you need to know in order to understand how SSL works.
Basically, to use an SSL connection, a public key and a private key are used. The web browser uses the public key to encrypt the data and the server uses the private key to decode the information. Instead of encrypting and decrypting keys every time a connection is made – which would take a lot of processing power – a symmetric key is created after the initial communication between the browser and server.

Establishing an SSL Connection

Next, I'm going to give a very basic outline of the process of establishing an SSL connection.
  1. Browser requests a HTTPS webpage
  2. Web Server sends public key and certificate
  3. Browser examines the SSL Certificate
  4. Browser creates a symmetric key and sends it to server
  5. Web server decrypts symmetric key with its private key
  6. Web server sends browser the page with symmetric key
  7. Browser decrypts the data and displays page
What’s amazing is that all that happens very quickly – without most people even noticing it’s going on under the hood.

1 comment:

  1. More and more commerce and important web SSL transactions are being conducted over the internet today. As this migration from shopping at traditional "brick and mortar" stores into storefronts located in cyberspace, just a mouse click away, continues, security for transactions is becoming more and more of a concern. A skilled hacker can intercept information from these types of transactions, resulting in such calamities as identity theft or bank accounts being cleaned out.

    ReplyDelete

Computer Systems (FAST TRACK)

1     Data representation   1.1    Number systems   How and why computers use binary to represent all forms of data? •     Any form ...