Secure Socket Layers

By Paladion

August 16, 2005

What kind of attacks does SSL prevent?

  1. SQL Injection
  2. Sniffing
  3. Variable Manipulation
  4. Phishing Attacks

The best response to the quiz is 2. Sniffing.

SSL (Secure Sockets Layer) is a protocol used to create a secure connection between the client and the server. This is done with the help of Digital certificates that allow the client to authenticate the server prior to establishing an SSL session. These Digital Certificates are signed by a Certificate Authority (CA), such as VeriSign, to ensure the authenticity of the server. A site using SSL will display the image of a lock in the status bar of the browser on the client side.

To establish a secure connection, the client requests for an SSL page to which the server replies by sending a digital certificate that contains the public key of the server. The client then generates a random number (a session key), encrypts it using the server’s public key and sends it across to the server. This ensures that the session key is known only to this particular client and server. Finally this session key is used to encrypt and decrypt all the data flowing on the SSL channel.

Option 1: SQL injection is an attack by which the attacker manipulates the input to the application (like for example a login page) and is then able to change the existing SQL query to get hold of data from the backend database. The manipulated input is simply encrypted and sent across to the server, where it is decrypted and then executed on the database. So, having an SSL connection established between the client and the server does not serve any purpose in preventing such an attack.

Option 2: Sniffing is an attack where the attacker is able to read data flowing on the channel between the client and the server. SSL can prevent such an attack since this channel is encrypted.

Option 3: Variable Manipulation is usually done by intercepting the traffic between the client and the server with the help of a proxy such as Achilles. This is different from sniffing since in this case, the proxy establishes 2 SSL connections: one with the client and the other with the server. When the client requests for an SSL page from the server, this proxy sends the request, as is, to the server. On receiving the public key from the server, the proxy generates its own session key and thus establishes the server side SSL channel. It then sends its own public key to the client and even though the client browser displays a warning of the certificate being from an un-trusted site, the attacker goes ahead and accepts it, thus establishing the client side SSL channel. So, although both these channels are encrypted, the proxy can view the data as clear text and can hence manipulate it.

Option 4: In case of Phishing attacks, the attacker creates an imitation of a valid site and steals the information entered by the customer on it. This fake site generally does not use SSL but creates a false impression of the site being secured by, say, inserting an image of the lock in the web page itself. So even if the valid site is using SSL, it does not prevent the user from being phished by this fake site.

Tags: Quiz