Next: , Up: Understanding Internet Security   [Index]

1.1 What are Secure Sockets?

The Internet is a packet-switching network.

This means that, for two hosts to communicate, they must packetize their data and submit it to a router with the destination address prepended to each packet. The router then analyzes the destination address and routes the packet either to the target host, or to a router that it believes is closer to the target host.

The Internet Protocol (IP), outlined in (RFC 791), describes the standard for how this packetization is performed and how addresses are attached to packets in headers.

A packet can and probably will pass through many routers between the sender and the receiver. If the contents of the data in that packet are sensitive, the sender would probably like to ensure that only the receiver can read the packet, rather than the packet being readable by any router along the way.

Even if the sender trusts the routers and their operators, routers can be compromised by malicious individuals, called attackers in security terminology, and tricked into forwarding traffic that’s meant for one destination to another, as shown in

To get an idea how many different hosts a packet passes through betwen you and a server, you can use the traceroute facility that comes with every Internet-capable computer to print a list of the hops between you and any server on the Internet.

$ traceroute

Each router along the way is supposed to respond with a special packet called an ICMP timeout packet, as described in RFC 793, with its own address. The routers that cannot or will not do so are represented with ‘* * *’.

In network programming parlance, the tenuous connection between a sender and a receiver is referred to as a socket. When one host — the client — is ready to establish a connection with another — the server — it sends a synchronize (‘SYN’) packet to the server. If the server is willing to accept the connection, it responds with a synchronize and acknowledge (‘SYN/ACK’) packet. Finally, the client acknowledges the acknowledgment and both sides have agreed on a connection.

This three-packet exchange is referred to as the TCP handshake.

The connection is associated with a pair of numbers: the source port and the destination port, which are attached to each subsequent packet in the communication.

Because the server is sitting around, always listening for connections, it must advertise its destination port ahead of time. How this is done is protocol-specific. Some protocols are lucky enough to have "magic numbers" associated with them that are well-known (you the programmer are supposed to know them). This is the Transport Control Protocol (TCP); RFC 793 describes exactly how this works and how both sides agree on a source and destination port and how they sequence these and subsequent packets.

TCP and IP are usually implemented together and called TCP/IP. A socket refers to an established TCP connection; both sides, client and server, have a socket after the three-way handshake has been completed. If either side transmits data over this socket, TCP guarantees, to the best of its ability, that the other side sees this data in the order it was sent. As is required by IP, any intermediate router along the way also sees this data.

SSL stands for Secure Sockets Layer and was originally developed by Netscape as a way to allow the browser technology to be used for e-commerce. It has since been standardized and renamed Transport Layer Security (TLS). After a socket has been established between the client and the server, SSL defines a second handshake that can be performed to establish a secure channel over the inherently insecure TCP layer.

Next: , Up: Understanding Internet Security   [Index]