a day’s IT industries moving towards web based technology from software
applications. Secure communication is an
integral part of today’s world of on-line transactions. Users on the internet
exchanging financial, business or personal information, want to know whether
the information is secured or not and they wish to ensure that the information
is during transaction is not modified and disclosed. 11 We can say web
security is one of the crucial topic in both technology and everyday life. To
maintain secure communication on web, communication between client and server
must be secured by SSL (secure socket layer). SSL protocol provide security in
network layer which consist of encryption algorithms. The SSL protocol can
apply on any application that runs over TCP can also run over SSL.
is the most widely used security protocol on the Internet today. It offers
encryption, source authentication and integrity protection for data and is
flexible enough to accommodate different cryptographic algorithms for key
agreement, encryption and hashing. However, the specification describes
particular combinations of these algorithms, called cipher suites, which have
well understood security properties. Today, SSL is trusted to secure
transactions for sensitive applications ranging from web banking, to stock
trading, to e-commerce. 11 Unfortunately, the use of SSL imposes a
significant performance penalty on web servers. secure web servers running 3.4
to 9 times slower compared to regular web servers on the same hardware
platform. SSL utilizes RSA encryption to transmit a randomly chosen secret that
is used to derive keys for data encryption and authentication. The RSA
decryption operation is the most compute intensive part of an SSL transaction
for a secure web server.
Fig 1.1 System
the level of security RSA gives with larger key size can be achieved by ECC
with much smaller key size that reduced the server load and accessing the data
become much faster. 8
and ECC is compared with their key size, key generation, bandwidth and
efficiency RSA key generation is significantly slower than ECC key generation.
ECC is 10 time than that of RSA computational speed. Encryption in ECC is much
footer than RSA.ECC generate smaller key size. The improved ECC algorithm based
on network information security the algorithm based on the original dot product
operation optimization and square residual determination optimization and
transformation to the private key update to improve original operation
efficiency and safety performance. ECC is used in OpenSSL security protocol for
increasing the security and speeding the access of information on web server.
SSL normally used RSA algorithm but enchaining OpenSSL by ECC will decrease the
load of web server due to its smaller key sizes. SSL protocol higher the work
load and response time of web server but it is important for security.so that
we have RSA in SSL with ECC. which gives lesser response time of HTTPS.
comparison has a been done between RSA and ECC using file HTTPS transaction on
different sizes of file the result concludes the ECC HTTPS request handing time
is less 11.
Cryptographic algorithms is been used to ensure security in
communication channels and networks.
However, the specification describes particular combinations of these
algorithms, called cipher suites, which have well understood security
properties. Therefore, compromising security of these algorithms implies
compromising security of communication systems that are using them.
ECC cryptographic algorithm has been considered in cipher
suite for encryption between client and server. There is combination of
algorithm is included in cipher suites for handshake between client and server.
the client and server negotiate an ECC-based cipher suite, e.g. TLS ECDH ECDSA
WITH RC4 128 SHA. The Elliptic Curve Diffie Hellman (ECDH) key exchange and the
Elliptic Curve Digital Signature Algorithm (ECDSA) are elliptic curve
counterparts of the well know Diffie-Hellman and DSA algorithms, that has
replaced Diffie Hellman and DSA in cipher suite. Entire security depends on
cipher suite used in SSL. For improving the security and preventing double
attack scalar multiplication of ECC is performed. This scalar multiplication is
performed using Montgomery Ladder Algorithm that improves the efficiency and
security issues by reduction of memory requirements for elliptic curve
computations and constant execution time.
The Secure Sockets Layer (SSL) protocol uses a combination
of public-key and symmetric-key encryption. Symmetric-key encryption is much
faster than public-key encryption; however, public-key encryption provides
better authentication techniques. These two main components of SSL are the
Handshake protocol and the Record Layer protocol. The Handshake protocol allows
an SSL client and server to negotiate a common cipher suite, authenticate each
other, and establish a shared master secret using public-key algorithms. The
Record Layer derives symmetric keys from the master secret and uses them with
faster symmetric-key algorithms for bulk encryption and authentication of
application data. Since public-key operations are computationally expensive,
the protocol’s designers added the ability for a client and server to reuse a
previously established master secret. This feature is also known as “session
resumption”, “session reuse” or “session caching”. Optionally, the handshake
also allows the client to authenticate itself to the server. 11
Fig 3.1 System Flow
The steps involved in
the SSL handshake are as follows
1. The client sends the
server the client’s SSL version number, cipher settings, session-specific data,
and other information that the server needs to communicate with the client
2. The server sends the
client the server’s SSL version number, cipher settings, session-specific data,
and other information that the client needs to communicate with the server over
SSL. The server also sends its own certificate, and if the client is requesting
a server resource that requires client authentication, the server requests the
3. The client uses the
information sent by the server to authenticate the server. If the server cannot
be authenticated, the user is warned of the problem and informed that an
encrypted and authenticated connection cannot be established. If the server can
be successfully authenticated, the client proceeds towards next steps.
4. Using all data generated
in the handshake thus far, the client creates the pre-master secret for the
session, encrypts it with the server’s public key (obtained from the server’s
certificate), and then sends the encrypted pre-master secret to the server.
5. The server uses its
private key to decrypt the pre-master secret, and then performs a series of
steps (which the client also performs, starting from the same pre-master
secret) to generate the master secret.
6. Both the client and the
server use the master secret to generate the session keys, which are symmetric
keys used to encrypt and decrypt information exchanged during the SSL session
and to verify its integrity.
7. Both then sends a
separate (encrypted) message indicating that the handshake is finished. The SSL
handshake is now complete and the session begins. The client and the server use
the session keys to encrypt and decrypt the data they send to each other and to
validate its integrity.
This is the normal operation condition of
the secure channel.
multiplication is performed through a combination of point additions and
point-doublings using Montgomery ladder to improve the security level. ECC-160
provides the same security as RSA- 1024 and ECC-224 matches RSA-2048. ECC can
provide high level of security using smaller key that results in reducing the
workload of server during handshake.
above analysis suggests that the use of ECC cipher suites offers significant
performance benefits to SSL clients and servers especially as security needs
increase. As ECC provides equal security like other cryptographic system but
with less key size, it is very suitable for devices which have power, storage
and processing limitation. The use of ECC cipher suites offers significance
performance benefits to SSL clients and servers especially as security needs
increase. Key size for public-key cryptosystems used to establish AES keys will
correspondingly need to increase from current levels. This would favor the use
of ECC over RSA.
wish to thanks
our Family for supporting us
in this endeavor.
We would also
guide Mrs. Janhavi
Sangoi who is the Professor of Computer Engineering department in VIVA Institute of Technology.
We thank for her valuable suggestions and inputs that helps us to develop a such wonderful project as our academic Final Year