next up previous
Next: 4.1.3 Other Factors Up: 4.1 Security Assessment of Previous: 4.1.1 Introduction

4.1.2 Security Service Requirements

* Transaction confidentiality

SSL provides confidentiality for all data exchanged between the two systems. In SSLv2, encryption (i.e. confidentiality) is mandatory for all associations. In SSLv3 confidentiality is an optional service.

* Selective field confidentiality

No selective field confidentiality is provided by SSL. When confidentiality is provided, all data exchanged between the parties is encrypted.

* Privacy/anonymity

SSL decouples server and client authentication. Server authentication is a mandatory part of security association establishment processing. Client authentication is an optional service which may be required and invoked by certain servers. If client authentication is not performed, the client's identity need not be disclosed.

Server authentication is performed as part of the establishment of any new association. Authentication is based on the validation of the server certificate from which the server's public key is used as part of the master key generation process.

* Client authentication

Client authentication may optionally be requested by the server. Authentication is based on the validation of the client certificate which is used as part of checking the signature on the client's response to an optional challenge issued by the server.

* Data integrity

SSL performs a keyed MAC calculation for all data exchanged. The MAC is based on a shared secret (created during session establishment), the data, and a sequence number. The MAC is mandatory for all information exchanged.

Data origin authentication

Data origin authentication is provided as a consequence of the authentication performed during session establishment and ensures continuity during a session lifetime based on the key management (i.e. based on possession of the keys derived from the authenticated session establishment.).


No non-repudiation services are provided by SSL.

* Message Stream integrity

There are two levels of message stream integrity addressed within SSL. The MAC calculated for each record within a session includes a sequence number and prevents any modification (insertion, deletion, or reordering) of the sequence of records. Multiple sessions may be established under a single master key created during the authenticated association establishment exchanges. SSL prevents replays of entire sessions by exchanging per-session values provided by each party for each session and incorporating them into the generation of the per-session key.

* Denial of Service

Denial of service concerns with SSL relate primarily to consumption of resources at the server. An active attacker can readily force a reset of a security association and force a new association establishment exchange. An attacker could also try to overflow a server's session cache and force each new session to repeat the complete association establishment exchange. There is little that can be done about either of these concerns and neither is significant in the context of what an active attacker can do to disrupt communication.

next up previous
Next: 4.1.3 Other Factors Up: 4.1 Security Assessment of Previous: 4.1.1 Introduction
Denis Arnaud