In public key encryption a server can publish a public key KS, any browser can then send a message M containing private information to it that has been encrypted using KS:[M]KS. This is essentially a simplified version of the service performed by Secure Sockets Layer (SSL). SSL can perform encryption and authentication in both directions. As a result http requests and responses can be protected from eavesdropping and manipulation.

Simple Version of SSL as implemented on a secure web site. 1. Client sends client hello message to the server. This contains its name C, transaction serial number C#, and a random nounce NC. 2. Server responds with a server hello message. This contains its name S, transaction serial number S#, a random nounce NS, and a certificate CS containing its public key KS. The client verifies the certificate CS using a root certificate issued by a company such as Thawt and stored in the browser. 3. The client sends a key exchange message containind a premaster-secret key K0, enciphered the server public key KS. It also sends a finished message with a message authentication code (MAC) computed on all messages to date. The key for this MAC is the master-secret K1. This key is computes by hashing the pre-master-secret key with the nounces sent by the client and server: K1 = h (KCS, NC, NS). From this point on the traffic is encrypted {} KCS in the client to server direction and {} KSC in the server to client direction. The keys are generated in turn by hashing the nounces with K1. 4. The server also sends a finished message with a MAC computed on all the messages to date. It then finally starts sending the data.

C - S: C, C#, NC S - C: S, S#, NS, CS C - S: {K0} KS C - S: {finished, MAC (K1, everything_to_date)} KCS S - C: {finished, MAC (K1, everything_to_date)} KSC

assume we try visiting a web site that is password-protected and uses SSL to protect privacy. We will examine the sequence of HTTP messages exchanged. The URL XXX.ca is encrypted and password protected. The username is ABCD, and the password is 1234. So lets access this secure password-protected site. Do the following:

Start up the Ethereal packet sniffer Enter the following URL into your browser: XXX.caAccept the certificate and type the requested user name and password into the pop up box: Stop Ethereal packet capture, and enter tcp in the displayfilter-specification window, so that only captured HTTPS messages will be displayed later in the packet-listing window.

Carefully examine the sequence of events that sets up the SSL connection.

Questions 1. Is the sequence exactly as described in the SSL explanation listed above? If not how is it different?

2. Can you locate the client to server packet containing the user name and password? If so explain why and how, and if not explain why and how.

3. Can you think of additional steps that you would take to make this protocol more secure?

4. The certificate on this site was not acquired from a CA but was compiled by the site administrator. With regard to this do you consider this site is safe to use for credit card transactions? Explain.