SSH (Secure Shell) and SSL (Secure Sockets Layer) are protocols for secure access to remote computers over insecure communication channels. Secure communication over non-secure networks generally involves three major areas of concern: privacy, authentication, and integrity.

 

Privacy

There is a possibility of an unauthorized access when transferring confidential information. To prevent the unauthorized access, data encryption is used. It is practically impossible to transform encrypted data to the initial view without the secret key if a good encryption algorithm is used. It was designed a quantity of algorithms for data encryption that differ in reliability and encryption speed. The SSH and TLS/SSL protocols support several algorithms of symmetric encryption and let using different algorithms for passed and received data.

When using these algorithms, it is necessary to have a secret session key, that is used for data encryption and decryption. Both SSH and TLS/SSL generate keys before beginning of data exchange. Also they allow regenerating this key when working to avoid cracking the key.

 

Authentication

Secure communications require that the individuals communicating know the identity of those with whom they communicate.

When the client tries to establish the connection to the server, it is necessary to be sure that the server is authentic (not supposititious). Also the server should verify whether the client is allowed co connect to it. To implement such requirements, asymmetric encrypting algorithms are used. In these algorithms a pair of keys is used. The first key, named private key, serves for encrypting or signing data blocks. The second key, named public key, serves for decryption data and signature verification. When pretty long keys are used, it is not possible to determine the private key for a reasonable time interval if the public key is known.

Each secure server must have a pair of keys. In order to authenticate the sever, the client must have a public key/certificate of the server. When creating the secure connection to authenticate the server, the client verifies the key/certificate and signature received from the server using by the public key that the client has. If the verification passes, the server is considered valid.

There are several ways to authenticate the client. The first way is when the server verifies user name password. The second way is when the client has a pair of his own keys or a certificate, and the public key has to be passed to the server. At that the client authentication is analogous to the server authentication described above.

 

Integrity

It is necessary to be sure that the data transferred through an insecure channel is not changed or lost. For that data integrity checking is required.

Integrity check of the received data is often done by sending not only the original data but also a verification message about that data. This message is called digital signature. Both the data and the verification message can be sent with a digital signature that proves the origin of both.

SecureBridge Components, Copyright © 2007-2021 Devart. All Rights Reserved. Provide Feedback Visit Forum Request Support