Secured Ecommerce Carts through 128 bit Secured Socket Layers
Description
SSL provides endpoint authentication and communications
privacy over the Internet using cryptography. In typical
use, only the server is authenticated (i.e. its identity
is ensured) while the client remains unauthenticated; mutual
authentication requires public key infrastructure (PKI)
deployment to clients. The protocols allow client/server
applications to communicate in a way designed to prevent
eavesdropping, tampering, and message forgery.
SSL involves a number of basic phases:
Peer negotiation for algorithm support
Public key encryption-based key exchange and certificate-based
authentication
Symmetric cipher-based traffic encryption
During the first phase, the client and server negotiate
which cryptographic algorithms will be used. Current implementations
support the following choices:
for public-key cryptography: RSA, Diffie-Hellman, DSA or
Fortezza;
for symmetric ciphers: RC2, RC4, IDEA, DES, Triple DES or
AES;
for one-way hash functions: MD5 or SHA.
How it works
The SSL protocol exchanges records; each record can be optionally
compressed, encrypted and packed with a message authentication
code (MAC). Each record has a content_type field that specifies
which upper level protocol is being used.
When the connection starts, the record level encapsulates
another protocol, the handshake protocol, which has content_type
22.
The client sends and receives several handshake structures:
It sends a ClientHello message specifying the list of cipher
suites, compression methods and the highest protocol version
it supports. It also sends random bytes which will be used
later.
Then it receives a ServerHello, in which the server chooses
the connection parameters from the choices offered by the
client earlier.
When the connection parameters are known, client and server
exchange certificates (depending on the selected public
key cipher). These certificates are currently X.509, but
there's also a draft specifying the use of OpenPGP based
certificates.
The server can request a certificate from the client, so
that the connection can be mutually authenticated.
Client and server negotiate a common secret called "master
secret", possibly using the result of a Diffie-Hellman
exchange, or simply encrypting a secret with a public key
that is decrypted with the peer's private key. All other
key data is derived from this "master secret"
(and the client- and server-generated random values), which
is passed through a carefully designed "Pseudo Random
Function".
TLS/SSL have a variety of security measures:
Numbering all the records and using the sequence number
in the MACs.
Using a message digest enhanced with a key (so only with
the key can you check the MAC). This is specified in RFC
2104).
Protection against several known attacks (including man
in the middle attacks), like those involving a downgrade
of the protocol to previous (less secure) versions, or weaker
cipher suites.
The message that ends the handshake ("Finished")
sends a hash of all the exchanged data seen by both parties.
The pseudo random function splits the input data in 2 halves
and processes them with different hashing algorithms (MD5
and SHA), then XORs them together. This way it protects
itself in the event that one of these algorithms is found
vulnerable.
Applications
SSL runs on layers beneath application protocols such as
HTTP, FTP, SMTP and NNTP and above the TCP or UDP transport
protocol, which form part of the TCP/IP protocol suite.
While it can add security to any protocol that uses reliable
connections (such as TCP), it is most commonly used with
HTTP to form HTTPS. HTTPS is used to secure World Wide Web
pages for applications such as electronic commerce. It uses
public key certificates to verify the identity of endpoints.
While an increasing number of client and server products
can support SSL natively, many still do not. In these cases,
a user may wish to use standalone SSL products like Stunnel
to provide encryption. However, the Internet Engineering
Task Force recommended in 1997 that application protocols
offer a way to upgrade to TLS from a plaintext connection,
rather than use a separate port for encrypted communications
- this prevents use of wrappers such as Stunnel.
SSL can also be used to tunnel an entire network stack
to create a VPN, as is the case with OpenVPN.
History and development
Developed by Netscape, SSL version 3.0 was released in 1996,
which later served as a basis to develop TLS version 1.0,
an IETF standard protocol first defined in RFC 2246. Visa,
MasterCard, American Express and many leading financial
institutions have endorsed SSL for commerce over the Internet.
SSL operates in modular fashion: its authors designed it
for extendability, with support for forwards and backwards
compatibility and negotiation between peers.
Early weak keys
Some early implementations of SSL could use a maximum of
only 40-bit symmetric keys because of US government restrictions
on the export of cryptographic technology. The US government
explicitly imposed a 40-bit keyspace small enough to be
broken by brute-force search by law enforcement agencies
wishing to read the encrypted traffic, while still presenting
obstacles to less-well-funded attackers. A similar limitation
applied to Lotus Notes in export versions. After several
years of public controversy, a series of lawsuits, and eventual
US government recognition of changes in the market availability
of 'better' cryptographic products produced outside the
US, the authorities relaxed some aspects of the export restrictions.
The 40-bit key size limitation has mostly gone away. Modern
implementations use 128-bit (or longer) keys for symmetric
key ciphers.
Incorrect uses
Some websites have been criticized for incorrectly using
SSL and therefore negating the security benefits [1]. Such
incorrect uses include:
Only securing the form submission page, while failing to
secure the login page [2]
Displaying a secure page mixed with non-secure media [3]
This practice has been found present in many commercial
websites such as those of Bank of America, Washington Mutual,
and JPMorgan Chase & Co. [4].
Standards
The first definition of TLS appeared in RFC 2246: "The
TLS Protocol Version 1.0". The current approved version
is 1.1, which is specified in RFC 4346: "The Transport
Layer Security (TLS) Protocol Version 1.1".
Other RFCs subsequently extended TLS, including:
RFC 2712: "Addition of Kerberos Cipher Suites to Transport
Layer Security (TLS)". The 40-bit ciphersuites defined
in this memo appear only for the purpose of documenting
the fact that those ciphersuite codes have already been
assigned.
RFC 2817: "Upgrading to TLS Within HTTP/1.1",
explains how to use the Upgrade mechanism in HTTP/1.1 to
initiate Transport Layer Security (TLS) over an existing
TCP connection. This allows unsecured and secured HTTP traffic
to share the same well known port (in this case, http: at
80 rather than https: at 443).
RFC 2818: "HTTP Over TLS", distinguishes secured
traffic from insecure traffic by the use of a different
'server port'.
RFC 3268: "AES Ciphersuites for TLS". Adds Advanced
Encryption Standard (AES) ciphersuites to the previously
existing symmetric ciphers.
RFC 3546: "Transport Layer Security (TLS) Extensions",
adds a mechanism for negotiating protocol extensions during
session initialisation and defines some extensions.
RFC 4279: "Pre-Shared Key Ciphersuites for Transport
Layer Security (TLS)", adds three sets of new ciphersuites
for the TLS protocol to support authentication based on
pre-shared keys.
RFC 4347: "Datagram Transport Layer Security"
specifies a TLS variant that works over datagram protocols
(such as UDP).
RFC 4366: "Transport Layer Security (TLS) Extensions"
describes both a set of specific extensions, and a generic
extension mechanism.
Implementation
Programmers may use the OpenSSL, NSS, or GnuTLS libraries
for SSL / TLS functionality. Delphi programmers may use
the library called Indy, which has ways of connecting components
to an SSL intercept using the OpenSSL libraries. This enables
the development of secure Web browsers and Web servers using
Delphi/Indy/OpenSSL. The protocols supported are SSLv2 SSLv3
and TLS v1.
TLS 1.1
As noted above, TLS 1.1 is the current approved version
of the TLS protocol. TLS 1.1 clarifies some ambiguities
and adds a number of recommendations. TLS 1.1 is very similar
to TLS 1.0. The main reason for the new version number is
a modified format for encrypted RSA pre-master secret, which
is part of the client key-exchange message (if RSA is used),
to use PKCS#1 v 2.1, as opposed to PKCS#1 v 1.5 in TLS 1.0.
This is done to protect against an attack discovered by
Daniel Bleichenbacher which can be launched against TLS
1.0 servers, using PKCS#1 v 1.5, which would fail in different
ways depending if the decrypted format is correct or not.
It also includes recommendations for avoiding remote timing
attacks. A full list of differences between TLS 1.0 and
TLS 1.1 is provided in RFC 4346 (Section 1.1).
TLS 1.1 is currently supported by Opera and GnuTLS.
E-commerce Features