The most important advantage of SSH is
its protection against packet spoofing, IP spoofing, password sniffing and
eavesdropping. SSH uses user and host key rather than IP address and implements
cryptography for both authentication and communication. Communication between client
to server is obtained by asymmetric public-key in the Authentication Protocol
where a one-time password or Kerberos is used such as RSA or DSA. The Transport
Protocol however uses data by symmetric secret key and the encryption type can
be specified by the user based on random keys that are securely negotiated by
client and server for each server. Moreover, other services such as
Diffie-Hellman key algorithm, host to client asymmetric public key and standard
ciphers are used.
Secure Socket Layer
SSL was developed by Netscape and has
been implemented in many web browsers and web servers and widely used on the
internet. The Secure Socket Layer provides a secure transport connection
between applications. Its main purpose is to encrypt the web traffic between
two sites so no one can listen in and get confidential information such as
credit card information. The secure web site includes a digital certificate
signed by some certificate authority. The certificate includes the server name,
its public key, IP number, and an expiration date. It is typically signed with
a 1024-bit key by the CA.
The security achieved by SSL is:
Confidentiality – Encrypted data is
sent between client and server, so that passive wire tappers cannot read sensitive
data. A secret key is created based on information generated by the client with
a secure random number generator. This uses public keys to exchange the secret
key. The server sends its public key to the client then the client encrypts the
secret key with the server’s public key and sends it to the server. The server
decrypts the secret key information with the server’s private key. The data is
encrypted and decrypted with the secret key once the client and server use the
Integrity Protection – Protection
against modification of messages by an active wire tapper.
Authentication – Verification that a
peer is who they claim to be. Servers
are usually authenticated, and clients may be authenticated if requested by
SSL Handshake Protocol negotiates the
security algorithms and parameters, key exchanges, server authentication and
client authentication. The SSL handshake enables the SSL client and server to
establish the secret keys with which they communicate.
SSL Record Protocol provides fragmentation,
compression, encryption, message authentication and integrity protection.
SSL Alert Protocol sends error messages such
as fatal alerts and warnings.
SSL Change Cipher Spec Protocol is a single
message that indicates the end of the SSL handshake.