Explain with any case study, at which layer SSL protocols works and how it is used to provide security?

 

First of all we understand what SSL is and where it is used in real life. So now the term

SSL (Secure Sockets Layer) is a networking protocol designed for securing connections between web clients and web servers over an insecure network, such as the internet. After being formally introduced in 1995, SSL made it possible for a web server to securely enable online transactions between consumers and businesses. Due to numerous protocol and implementation flaws and vulnerabilities, SSL was deprecated for use on the internet by the Internet Engineering Task Force (IETF) in 2015 and has been replaced by the Transport Layer Security (TLS) protocol.

For the case, let us consider a user “Rahul” who wants to access his Google account. To ensure security and confidentiality, Google forces high-grade encryption across their website. When Rahul goes to log in, their browser automatically exchanges keys with Google’s servers. These keys are then used to exchange encrypted messages between both systems, preventing anyone from eavesdropping or intercepting sensitive information. When SSL is enabled on a webpage, the URL will have an “https” prefix instead of an “http” prefix. Most browsers also display a padlock icon or a green bar near the URL, depending on the level of encryption.

SSL certificates are issued through Certificate Authorities (CAs), which are entities entrusted with selling and distributing SSL certificates. CAs form the backbone of SSL, providing new certificates and verification of existing certificates.

So, at which layer does SSL protocol works?

SSL runs above the transport layer and the network layer, which are responsible for the transport of data between processes and the routing of network traffic over a network between client and server, respectively, and below application layer protocols, such as HTTP and the Simple Mail Transport Protocol (SMTP). The sockets part of the term refers to the sockets method of passing data between a client and a server program in a network or between processes in the same computer.

 

Now How does SSL work to provide security?

SSL uses a combination of public key encryption and private key encryption and other cryptographic functions to secure a connection between two machines, typically a web server or mail server and a client system, communicating over the internet or another TCP/IP network. SSL provides a mechanism for encrypting and authenticating data sent between processes running on a client and server, as well as mediating the secure exchange of private keys for session encryption through the use of an SSL certificate issued by a trusted certificate authority.

 

It does this in 4 steps –

1.     Firstly user connects to an SSL-enabled service such as a website.

2.     Then the user’s application requests the server’s public key in exchange for its own public key. This public key exchange provides ways for both parties to encrypt messages that only the other party can read.

3.     When the user sends a message to the server, the application uses the server’s public key to encrypt the message.

4.     At last the server receives the user’s message and decrypts it using its private key. Messages sent back to the browser are encrypted in a similar way using a public key generated by the user’s application.

~ Thank you for reading this post ~

🙏