Ssl encryption, User verification, Ssl encryption user verification – Allied Telesis AT-S60 User Manual

AT-S60 Management Software User’s Guide

Section V: Security Features

525

SSL Encryption

SSL uses encryption to ensure the security of data transmission.
Encryption is a process that uses an algorithm to encode data so it can
only be accessed by a trusted device. An encrypted message remains
confidential.

All application data messages are authenticated by SSL with a message
authentication code (MAC). The MAC is a checksum that is created by the
sender and is sent as part of the encrypted message. The recipient re-
calculates the MAC, and if the values match, the sender’s identity is
verified. The MAC also ensures that the message has not been tampered
with by a third party because any change to the message changes the
MAC.

SSL uses asymmetrical (Public Key) encryption to establish a connection
between client and server, and symmetrical (Secret Key) encryption for
the data transfer phase. For more information about public keys and
encryption, see Chapter 25, Public Key Infrastructure (PKI) on page 501
and Chapter 23, Encryption on page 484.

User

Verification

An SSL connection has two phases: handshake and data transfer. The
handshake initiates the SSL session, during which data is securely
transmitted between a client and server. During the handshake, the
following occurs:

1. The client and server establish the SSL version they are to use.

2. The client and server negotiate the cipher suite for the session, which

includes encryption, authentication, and key exchange algorithms.

3. The symmetrical key is exchanged.

4. The client authenticates the server (optionally, the server

authenticates the client).

SSL messages are encapsulated by the Record Layer before being passed
to TCP for transmission. Four types of SSL messages exist, they are:

❑ Handshake

❑ Change Cipher Spec

❑ Alert

❑ Application data (HTTP, FTP or NNTP)

As discussed previously, the Handshake message initiates the SSL
session.