By: John Michael PierobonJohn Michael Pierobon is an Internet consultant based in Fort Lauderdale.
Sending encoded messages through a network of third parties has been done for centuries. Julius Caesar encoded messages by shifting the alphabet. The Incas tied knots on to a "quipu" which only they could decode, and runners would transport their secrets across the vast Incan empire.
Today when you are in a face-to-face negotiation with someone you take for granted that you have "availability", "authenticity", "integrity", and "privacy" during the conversation. Let me define these four terms, for they all necessary to insure a secure electronic transaction over the Internet.
- Availability is sending and receiving information without interruption. You want to be sure that not only did you get the entire message, but that the other party got your message as well. During a conversation you can tell when the other party is not listening to you.
- Authenticity is making sure that the person you are talking to is really who they are. As human beings we are very good at recognizing faces and voices, so we know who we are talking to. Even if we do not know someone, we can ask for some form of identification such as a driver's license.
- Integrity is sending and receiving information without modification. Your data should not be tampered with.
- Privacy is not having people eavesdropping on your conversation. Intercepting messages during World War II lead to the United States of America winning at least one naval battle.
Your credit card information will travel over the Internet, being relayed from computer to computer in a manner similar to the Incan runners. On the Internet you want to have availability so that you can access the Web server and complete your transaction. You must have authenticity to be sure the merchant you are dealing with is legitimate. You need integrity so that zeros do not get added to invoice amounts. You need privacy so that no one intercepts your credit card number. This is accomplished by using Secure Socket Layer (SSL).
What is SSL
SSL is the most widely used security protocol on the Internet. SSL was developed by Netscape and resides at the transport layer. Because SSL resides at the transport layer it is application independent, meaning it can work transparently with other Internet protocols such as http, ftp, and telnet. SSL is composed of two layers. At the lowest level is the SSL record protocol which is layered on top of the transport protocol. It is used for encapsulation of the SSL handshake protocol.
The SSL handshake protocol enables the client and the server to authenticate each other. It also negotiates an encryption algorithm and cryptographic keys before the application protocol (https) starts transmitting or receiving. The SSL handshake protocol has two phases, server authentication and client authentication. The client authentication phase is optional.
SSL works with a pair of asymmetric keys for encryption and decryption, and certificate authorities (CA). The asymmetric keys make it possible to communicate without a pre-established relationship. They are made up of a public key which is freely distributed, and a private key which never goes across the Internet. A public key and private key pair are mathematically related. Cryptography is the mathematics of security.
A certificate authority is a trusted third party. One could say the State of Florida is a CA, because it issues driver's licenses. A driver's license is a certificate because it says that the person matching the picture and the signature on the driver's license is indeed the name that appears on the driver's license.
On the Internet, before a CA will issue a certificate it will run a background check. How thorough the background check is depends on what kind of certificate you want and are willing to pay for. For example, VeriSign, a leading CA, will issue you a client certificate which costs US$9.95 per year. All you need to supply is your first name, last name, and electronic mail address of which only the last one is verified. In exchange, you get up to US$1000 protection against economic loss caused by corruption, loss, or misuse of your digital certificate. It can be revoked or replaced for free if it is lost or corrupted. Of course there are more expensive certificates, with stricter background checks, which merchants on the Internet use for electronic commerce.
How SSL works
SSL works in the following way. A browser connects to a Web server. The Web server responds by sending its digital certificate. The server's digital certificate contains the server's public key, the CA's public key, the server's digital signature algorithm, the CA's digital signature, and other pertinent information.
The browser can prove the identity of the server and verify the message digest of the server by using the public key taken from the certificate and checking the result against the certificate of the CA that it has. Browsers contain certificates of several CA. You can view them by clicking on the appropriate browser configuration option. The browser recognizes the CA certificate, and since the CA is a trusted third party guaranteeing the identity of the Web server, the Web server is authenticated.
SSL generates four session keys, which are only valid for that session. The keys usually expire within 20 to 30 minutes. The keys are: an encryption key for data sent from the browser to the server, an encryption key for data sent from the server to the browser, an authentication key for data sent from the browser to the server, an authentication key for data sent from the server to the browser. This is known as the SSL handshake, and once established, encrypted data is sent across the Internet.
The data is encrypted using a symmetric cipher algorithm. This strengthens security by using the secret as another key.
At this point someone cannot discover the secret, but they could interrupt the communication by damaging the secret. Someone could pass most of the information back and forth unmodified, but if lucky could successfully garble an important message after the client and the server shared a secret. The side receiving the message will trust and probably believe the garbled message, and act on it. If this does not produce a valid message, the communication can stop immediately.
The browser and the Web server can add a Message Authentication Code (MAC) which is a piece of data computed by using a secret and some transmitted data. The message digest algorithm is a way to build a MAC function. Now the chance of a message being intercepted and modified is extremely small. For example, with an MD5 digest algorithm using 128-bit MAC values the chances are 1 in 2128. Your chances of winning the Florida lottery are slightly better than 1 in 224. With these odds one can feel pretty confident that communication between browser and Web server is secure.
© 1999 - 2006 John Michael Pierobon