The handshaking procedure triggers when a connection is initiated between Web servers and a client. During this phase, a server and a client authenticate each other and negotiate encryption algorithms and the required session keys using an asymmetric key algorithm such as RSA before they send or receive data. Since all data between a server and a client are encrypted using symmetric keys, the channel between them is private. The bulk data encryption offers two services: data encryption and message digest. Data encryption is done with a symmetric key algorithm such as Triple- DES or RC4. Message transport includes a message integrity check using a keyed message authentication code (MAC). A secure hash function such as the Secure Hash Algorithm Version 1.0 (SHA1) or Message Digest 5 (MD5) is used for MAC computations. The detailed handshaking procedure required to initiate a new session. A client initiates a connection with a server by sending a Client Hello message that includes the session ID, a random number, cipher suites, and other required information. After receiving the Client Hello, the server sends a Server Hello including its certificate and other information as a reply. With the certification of the server, the client finishes the authentication of the server. Depending on the server side configuration, the next procedure for the client authentication is optional. If it is requested, the client needs to send its certificate to the server for verification. After the authenticating procedures, the client generates session keys for the encryption and decryption of data. The session is identified by the session ID that is shared between the clients and server.
Wednesday, February 27, 2008
Netwoks Introduction
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment