User verification, Authentication, User verification authentication – Allied Telesis AT-S63 User Manual

Page 472

background image

Chapter 39: PKI Certificates and SSL

472

Section IX: Management Security

SSL uses asymmetrical (Public Key) encryption to establish a connection
between client and server, and symmetrical (Secret Key) encryption for
the data transfer phase.

User Verification

An SSL connection has two phases: handshake and data transfer. The
handshake initiates the SSL session, during which data is securely
transmitted between a client and server. During the handshake, the
following occurs:

The client and server establish the SSL version they are to use.

The client and server negotiate the cipher suite for the session, which
includes encryption, authentication, and key exchange algorithms.

The symmetrical key is exchanged.

The client authenticates the server (optionally, the server
authenticates the client).

SSL messages are encapsulated by the Record Layer before being
passed to TCP for transmission. Four types of SSL messages exist, they
are:

Handshake

Change Cipher Spec

Alert

Application data (HTTP, FTP or NNTP)

As discussed previously, the Handshake message initiates the SSL
session.

The Change Cipher Spec message informs the receiving party that all
subsequent messages are encrypted using previously negotiated security
options. The parties use the strongest cryptographic systems that they
both support.

The Alert message is used if the client or server detects an error. Alert
messages also inform the other end that the session is about to close. In
addition, the Alert message contains a severity rating and a description of
the alert. For example, an alert message is sent if either party receives an
invalid certificate or an unexpected message.

The Application data message encapsulates the encrypted application
data.

Authentication

Authentication is the process of ensuring that both the web site and the
end user are genuine. In other words, they are not imposters. Both the
server and an individual users need to be authenticated. This is especially
important when transmitting secure data over the Internet.