This paper intends to discuss the processes and the security technologies while accessing websites which uses HTTPS. The communication between the user and web server are likely to be attacked and thus there is a need to analyze the technologies that are required to prevent attackers from modifying communication. The central idea of this paper is to discuss authentication, confidentiality and integrity and Anti-Replay in order to address the requirements of the report. It would also provide the evidence of the practical part associated with specific topics with the help of screenshots. It can be concluded that this paper would be effective in addressing all the requirements.
The communication of web browser and web server is achieved with the web server with the help of TCP/IP. The communication protocol in a hypertext transfer protocol secure (Https) is encrypted with the help of a secured socket layer (SSL). The browser ensures that it is communicating to a right server with the help of the certificate authorities. These certificate authorities are pre-installed in the software of the websites [1]. For instance, the certificate authorities of Global Sign and Go Daddy provides certificates, and they are considered as the trusted by the web browsers. The fig 1 and fig 2 shows the secured and not secured connection for better illustration.
Figure 1 screenshot of secure connection
Figure 2 Non secured Connection.
Digital Signature is the electronic fingerprints. It uses a standard format for providing higher security which is called public key infrastructure (PKI). It works on the PKI protocol and uses a mathematical algorithm to generate two numbers or keys which are the public key and private key [2]. This private key is used to create the signature whenever a user signs the document as shown in fig3. The mathematical algorithm is used for matching the signed documents which are called hash. The resulting encrypted data is the required digital signature. Any further change in the document results in invalidation of the digital signature.
The role of the digital signature is that it can be used for the authentication of message source. The private key of a specific digital signature is bound to the user, and thus a valid signature can prove that the message is sent by the user [3]. For instance, if the branch bank sends the instruction of updating the balance to the central bank, then the central office would not consider the request until it is sent from the authorized source.
The server makes sure that it is communicating with the right client with the help of a public key certificate. A certificate is created by the site administrator for each server for the authentication of the users. It consists of email id and the name of the authorized user. The server uses this details to verify the client at the time of communicating.
SSL uses both asymmetric and symmetric encryption to confirm the confidentiality of message. At the time of SSL handshake, the SSL server and client agree on a shared secret key and encryption algorithm to be used for a single session. The privacy of the message is ensured at the time of transmission of the message between the server and the client [4]. The SSL supports the cryptographic algorithm for the encryption process.
The SSL provides data integrity by the calculation of the message digest. The condition for ensuring data integrity is the use of the hash algorithm in the cipher spec of the channel [5]. It can be said that the choice of chipper spec is responsible for the level of integrity of the data.
The client and server are required to agree on a single cipher suite for exchanging messages. The selection of cipher suite is done in SSL handshake protocol. The client first sends a Hello message which includes a list of cipher suite in accordance with the preference of the client. The server replies the hello with the selected cipher suite and the session id. The next step includes the exchange of digital certification for the identification of the client and the server. The pre-shared keys, and the encrypted messages are used by the client and server for calculating the secret key [6]. The next step is the authentication of the server by the client followed by sending a finish message which indicates the completion of the handshake process. This shows the agreement of client and server on a cipher suite for SSL communication.
The role of symmetric encryption in SSL communication is that it can both encrypt and decrypt the data. The symmetric key is of 128 bit or 256 bit, and it increases the difficulty of cracking this key. The size of the key is dependent on the capability of the software of server and client. The role of the hash algorithm in SSL communication is that it creates the value of the keys used for encryption [7]. It is a complex algorithm which makes a number of unique combination of the values.
Figure 4 Hash Algorithm and Symmetric Encryption
A replay attack is the type of network attack in which effective data transmission is delayed or repeated. The mitigation of replay attacks in SSL communication can be achieved by tagging each encrypted component with a component number and a session ID. The combination of this solutions does not enable any operation that is interdependent. The lack of interdependency can be effective in decreasing the number of vulnerabilities [8]. As a result of the uniqueness of each random session id the difficulty for attackers in replicating increases. Thus attackers would be unable to perform the replay attack.
Conclusion
It can be concluded that this report is effective in discussing the network security in SSL communication. It explains the authentication process, confidentiality and integrity process and mitigation of the replay attacks in a proper manner. It also provides the screenshots of the relevant practical aspects of SSL. It provides description of the cipher suite with the help of SSL handshake protocol, the concepts of the digital signature and function of hash algorithm and symmetric encryption. Thus this paper meets all the requirements of the report in an adequate manner.
References
Kizza, Joseph Migga, Guide to computer network security, London: Springer, 2013.
Rewagad, Prashant and Yogita Pawar. “Use of digital signature with diffie hellman key exchange and AES encryption algorithm to enhance data security in cloud computing.” In Communication Systems and Network Technologies (CSNT), 2013 International Conference on, pp. 437-439. IEEE, 2013.
Ganeshkumar and D. Arivazhagan, “Generating a digital signature based on new cryptographic scheme for user authentication and security.” Indian Journal of Science and Technology 7, no. S6, 2014: 1-5.
Clark, Jeremy, and Paul C. van Oorschot, “SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements,” In Security and Privacy (SP), 2013 IEEE Symposium on, pp. 511-525. IEEE, 2013.
Meyer, Christopher, and Jörg Schwenk, “SoK: Lessons learned from SSL/TLS attacks,” In International Workshop on Information Security Applications, pp. 189-209. Springer, Cham, 2013.
Herzberg, Amir, and Haya Shulman, “Cipher-Suite Negotiation for DNSSEC: Hop-by-Hop or End-to-End?.” IEEE Internet Computing 1, 2015: 80-84.
Cash, David, Stanislaw Jarecki, Charanjit Jutla, Hugo Krawczyk, Marcel-C?t?lin Ro?u, and Michael Steiner, “Highly-scalable searchable symmetric encryption with support for boolean queries,” In Advances in cryptology–CRYPTO 2013, pp. 353-373. Springer, Berlin, Heidelberg, 2013.Cash, David, Stanislaw Jarecki, Charanjit Jutla, Hugo Krawczyk, Marcel-C?t?lin Ro?u, and Michael Steiner, “Highly-scalable searchable symmetric encryption with support for boolean queries,” In Advances in cryptology–CRYPTO 2013, pp. 353-373. Springer, Berlin, Heidelberg, 2013.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download