The boom of internet, web technologies bring the whole world under a single roof. Transferring information through e-ways leads security to be an important aspect to deal with. In recent years, there has been tremendous development in Internet. Right from retrieving information about any subject, you can use Internet for many purposes. But when two parties like client and a server are communicating over the Internet. Secure Socket layer (SSL) is vital to Web security. It provides a strong sense of confidentiality, message integrity, and server authentication to users.
Overview of SSL
SSL stands for Secure Sockets Layer protocol developed by Netscape and is the standard Internet protocol for secure communications. SSL (Secure Sockets Layer) is a standard security protocol for establishing an encrypted link between a server and a web browser. This link ensures that all data exchanged between the browser and the server remains secure. SSL allows your website and your visitor’s browser to transmit private, sensitive information without the worry of eavesdropping, web forgery, and data tampering.
The main role of Secure Socket layer (SSL) is to provide security for Web traffic. Security includes confidentiality, message integrity, and authentication. SSL achieves these elements of security through the use of cryptography, digital signatures, and certificates.
SSL allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely. Normally, data sent between browsers and web servers is sent in plain text—leaving you vulnerable to eavesdropping. If an attacker is able to intercept all data being sent between a browser and a web server, they can see and use that information.
More specifically, SSL is a security protocol. Protocols describe how algorithms should be used. In this case, the SSL protocol determines variables of the encryption for both the link and the data being transmitted. All browsers have the capability to interact with secured web servers using the SSL protocol. However, the browser and the server need what is called an SSL Certificate to be able to establish a secure connection.
Secure Socket layer (SSL) secures millions of peoples’ data on the Internet every day, especially during online transactions or when transmitting confidential information. Internet users have come to associate their online security with the lock icon that comes with an SSL-secured website or green address bar that comes with an Extended Validation SSL-secured website. SSL-secured websites also begin with https rather than http.
Figure 1: SSL Depiction
Why SSL is important?
The primary importance of installing an SSL Certificate is to initiate a secure session between a web server and a browser. Once a secure connection is established, all information passed between the web server and the visitor will be kept private and encrypted
Other SSL advantages:
- Improves customer’s trust. The little padlock assures customers that their information will not be compromised. The data will be sent to the intended target servers, and it will not be redirected to unauthorized third parties. Before getting your certificate, the CA will verify your authenticity as it only distributes SSL certificates to genuine companies and businesses.
- Protects information against phishing attacks. Phishing sites are fraudulent copies of famous websites whose purpose is to trick you into submitting valuable information like your credit card or social security numbers. Phishing sites often have the same look and feel as the original site, but the website address is different and it is usually not secured with an SSL certificate. PayPal.com, for example, is a popular target for these fake, copy-cat phishing sites. Extended validation certificates protect you against phishing attacks by showing the full business name of the website owner in the address bar. Phishing site operators cannot obtain an EV certificate due to the extensive validation requirements.
- Better search engine rankings. HTTPS is now considered as a ranking signal by one of the biggest search engines in the world, Google. If you’re doing optimization, you should consider getting an SSL certificate to help boost your rankings, especially for ecommerce sites.
How does SSL work?
The following is a step-by-step outline of the Secure Socket layer (SSL) connection process:
- A user requests a web address beginning with https:// using their internet browser. The browser requests that the server identifies itself.
- The server replies by sending a copy of its SSL certificate, which includes its public key.
- The browser checks the certificate root to find if it belongs from a trusted CA. It also checks if the SSL certificate is unexpired and unrevoked. Moreover, it checks if its common name is valid for the website itself.
- Once the browser confirms that it can trust the website, it creates, encrypts, and sends back a symmetric session key using the server’s public key.
- Now, the server decrypts the symmetric session key using its private key.
- In return, the server sends back an acknowledgment encrypted with the session key to start the encrypted session.
- Now, all data transmitted between the server and the browser is encrypted.
Figure 2: Working of SSL
 “Introduction to Secure Sockets Layer”, white paper, Cisco Systems, Inc.
 “What is an SSL certificate”, available online at: https://www.digicert.com/ssl/
 Dipti S.Charjan and Priyanka S. Bochare “An Overview of Secure Sockets Layer”, International Journal of Computer Science and Applications, Vol. 6, No.2, Apr 2013
 “What is SSL (Secure Sockets Layer)?” available online at: https://ssl.comodo.com/ssl.php