Improved SSL Application using Session Key based Double Key Encryption/Decryption (SDKED)

G. Kbar (UAE)

Keywords

Public Key Infrastructure, Cryptography, Certification Authority, SSL, Digital Signature, and MAC.

Abstract

: Businesses are deploying Public Key Infrastructures (PKIs) using Secure Socket Layer (SSL) to secure web networking. A question would be asked, how this network is secure when it deals with sending credential information using the web? It is clear that SSL is providing high-level security in terms of preventing spoofing attackers from reading the content of their messages. However, did SSL protocol prevent attackers from coming in line during the connection establishment between client and server and trying to attack one of the two parties? There was some improvement been developed for SSL to address a problem related to an attack that is trying to modify the messages been sent during the connection between client and server using the technique known as "the use of message authentication code (MAC) with the SSL protocol". However, an intruder sitting in the middle between client and server and listing to the connection is still capable of coming on line, during the exchange of session key that is used to encrypt data following the receive of digital certificates, and make one of the party busy (eg. Client) and send its own session key to the server who can't verify the sender using the normal or improved SSL protocol. Fortunately, a modified SSL that is based on Session key based Double Key Encryption/Decryption (SDKED) is proposed to resolve this problem. This article describes the new technique, known as SDKED that improves the security and avoid a possible attack by an intruder.

Important Links:



Go Back