SSL makes headway as an encryption standard

The open and non-proprietary nature of SSL is what makes it the preferred choice for TCP/IP application developers to secure data. So far, SSL's parent vendor Netscape has been committed to keeping it an open standard. Netscape has submitted SSL to the World Wide Web Consortium (W3C) working group on security for consideration as a standard protocol for browsers and servers. In addition, Netscape has made the entire protocol available to the public.

But make no mistake, SSL is not perfect. Recent discoveries in SSL v2.0 have proven that the technology is not infallible. For example, the protocol is vulnerable to hyperlink spoofing, an attack on the SSL server authentication. In addition, weaknesses have been found in the MD5 hash algorithm used in SSL authentication and integrity. But despite its vulnerabilities, when properly implemented, SSL can be a formidable means of securing your Web-based application's sensitive data.

Hashing it out
What exactly does SSL provide? SSL offers the core components needed to give your applications the capability to transmit sensitive data securely and to the appropriate person. SSL accomplishes this by offering authentication at both the client and server sides, encryption, and integrity.

SSL works between the Transport and the Application layers in your network stack. This makes it a flexible and widely applicable protocol that can be used in a variety of TCP/IP applications.

SSL uses both public and secret key cryptography. Public key cryptography has been available since the late 70's, and secret key cryptography has been used since before World War I. Public key cryptography uses a pair of keys, one private and one public. In comparison, secret key cryptography uses only one key for encryption. The advantage of the dual key technique is it allows you to give away your public key to someone who wants to send you a message. The sender can then encrypt the message with your public key and send it to you over the Internet or any other open network; you can then use your private key to decrypt the message. Your private key is not publicly known. SSL uses public key cryptography extensively for its authentication mechanisms.

Authentication begins when a client requests a connection to an SSL server. The client sends its public key to the server, which in turn generates a random message and sends it back to the client. Next, the client uses its private key to encrypt the message from the server and sends it back. All the server has to do at this point is decrypt the message and compare it to the original one sent to the client. If the messages match, then the server knows that it's talking to the correct client.

Once the client has been authenticated, the server sends out the all-important session key that will be used to encrypt and decrypt all communications between the two machines for that session. Many secret key algorithms can be used for the session key, including Data Encryption Standard (DES), RSA's RC4, or the more internationally popular IDEA algorithm. Most browsers today support at least 40-bit RC4 encryption, and some (including Netscape's Navigator 4.x and Microsoft's Internet Explorer 4.x) can support DES and up to 128-bit RC4.

SSL can also be used to confirm the integrity of a message. SSL does this by using an MD5 message authentication code (MAC) scheme. By using MAC, the server can compare the message digest with its own digest of the message sent. If the two message digests are the same, then the stream has not been tampered with. Otherwise, the server can notify the client that its data stream has been corrupted and request that the client resend the data.

Where to start with SSL
Implementing SSL in your Web server is a relatively easy task. The basic steps include generating a key pair on your server, requesting a certificate from a certification authority, installing the certificate, and activating SSL on a security folder or directory. It's not a good idea to activate SSL on all your directories because the encryption overhead it adds can significantly decrease your response times.

SSL's strength lies in its ability to add encryption capabilities to many kinds of applications, not just Web servers and browsers. To start developing applications using SSL, start by applying for SSLRef and buying SSLPlus. SSLRef 3.0 is a free reference toolkit co-developed by Netscape Communications Corp. and Consensus Development Corp. SSLRef is a collection of ANSI C code that can be compiled and used to design your applications quickly.

SSLPlus 3.0 is a software toolkit sold by Consensus Development Corp. It was developed as a derivative of SSLRef 3.0 and can be used in conjunction with SSLRef to develop SSL-enabled TCP/IP applications. And when you're ready to test your SSL-enabled TCP/IP applications, Netscape offers an interoperability test server to help you give your application a test run.

The future of SSL
SSL is not without its limitations. Certificates and keys that originate from a computer can be stolen over a network or by other electronic means. One possible solution to this weakness is to use hardware tokens instead. Hardware tokens improve security tremendously because these tokens are more difficult to steal and they can be made to recognize only the person for which they were created. This can be done in a number of ways, including biometric means like fingerprint or retinal scan matching.

Netscape has moved forward with its hardware-enhanced security services by incorporating the U.S. Government's Fortezza initiative, which outlines a PC-card-based encryption scheme. The Fortezza initiative has ties to the government's earlier Clipper initiative, which proposed a nationwide standard for encryption hardware using a classified algorithm with built-in law enforcement access -- a move which makes the cryptography community and civil rights champions a bit nervous and may prevent widespread adoption.

About the article
This article is from the January 1998 issue of Netscape Enterprise Developer.