Ensuring security with secure sockets layer (SSL)

What is SSL?

SSL stands for Secure Sockets Layer and is a security protocol invented by Taher Elgamal, the chief computer scientist at Netscape Communications. The first release of SSL was version 2.0 ( Feb 1995 ), Having been reinvented half a dozen times and rebranded once, SSL in its current state is referred to as TLS 1.3. Today, SSL/TLS is used in various applications primarily between users (via a mobile device, laptop, etc) accessing application resources where the application resources may be on-premise, cloud-based (in an AWS VPC or Azure VNET) or an E-commerce site.

The concept behind SSL was to provide confidentiality and integrity to message transmission for users who wanted to make purchases online using their credit card or let site visitors maintain their privacy from others sharing the network. Encrypting data and sending it over the wire is not a complex task, but if you don’t know the person sending you data and you don’t have the decryption keys, there is not a lot you can do when the buffer fills up with several megabytes of hexadecimal junk. The industry needed a way to distribute encryption keys to people who didn’t know they needed them…

How SSL Works: Building a Shared Secret over a Public Medium

Two parties who have never met, decide they want to send some information to each other over a public medium. This public medium is made up of several segments of a home LAN network, the local loop of the ISP, about a dozen interconnected fiber optic backbone providers such as Centurylink, AT&T, and Verizon, and finally another local loop of an ISP that powers the co-location facility that hosts the second party’s website. Because of the variety of the network interconnections and authority governing each of those network segments, the need for encryption as a matter of practicality becomes painfully obvious. But for two parties who have never met before, and are not able to communicate privately, a method for arriving at a shared secret doesn’t exactly jump off the page. Here is where the story turns to a mathematical marvel known as the Diffie-Hellman Key Exchange protocol.

An actual computation of sample values using the mathematical operations might be a bit of mind bender for someone not well versed in algebraic solutions, but a dehydrated version goes something like this:

The two parties are going to choose two random numbers and communicate them in the open, unfrazzled by the idea of someone listening in. Now both parties have the two numbers. Each person is going to choose another number and keep that number to themselves. Now the fun part: each party is going to take their secret number and the two shared numbers and tie a mathematical knot in them. This new ‘knotted’ number is sent over the wire to the other person. The other person does the same trick with the two known numbers and THEIR secret number, then they send their own ‘knot’ back over to the first party. Then each party takes the ‘knotted’ number sent to them in the open and unties it with their secret number. At the end of this knotty fiasco, each party has arrived at the same number and no one in the middle is able to calculate that number from what they know in a reasonable amount of time.

This new value that they both have is the shared secret. It can be used as an encryption key, or a way to arrive at another encryption key. This forms the basis of what is known as SSL.