Crestron CP3N Technical Information PDF herunterladen (Seite 41)

Crestron 3-Series Control Systems Reference Guide

Reference Guide – DOC. 7150A 3-Series Control Systems • 37

Secure Sockets Layer (SSL)

Introduction

Ethernet-enabled control systems provide built-in support for Secure Sockets Layer

(SSL), the standard for protecting web-based communication between clients and

servers. SSL is a protocol that provides a secure channel for communication between

two machines. The secure channel is transparent, which means that it passes the data

through, unchanged. The data is encrypted between the client and the server, but the

data that one end writes is exactly what the other end reads. The SSL protocol uses

TCP as the medium of transport.

SSL ensures that the connection between a web browser and web server is secure by

providing authentication and encryption. Authentication confirms that servers, and

sometimes clients, are who they say they are. Encryption creates a secure “tunnel”

between the two, which prevents unauthorized access to the system.

The secure tunnel that SSL creates is an encrypted connection that ensures that all

information sent between the client and server remains private. SSL also provides a

mechanism for detecting if someone has altered the data in transit. If at any point

SSL detects that a connection is not secure, it terminates the connection and the

client and server have to establish a new, secure connection.

SSL uses both public-key and symmetric-key encryption techniques. Public keys are

a component of public-key cryptographic systems. The sender of a message uses a

public key to encrypt data; the recipient of the message can only decrypt the data

with the corresponding private key. Public keys are known to everybody, while

private keys are secret and only known to the recipient of the message. Since only

the server has access to its private key, only the server can decrypt the information.

This is how the information remains confidential and tamper-proof while in transit

across the network.

An SSL transaction consists of two distinct parts: the key exchange and the bulk data

transfer. The SSL Handshake Protocol handles key exchange and the SSL Record

Protocol handles the bulk data transfer.

The key exchange (SSL handshake protocol) begins with an exchange of messages

called the SSL handshake. During the handshake, the server authenticates itself to

the client using public-key encryption techniques. Then the client and the server

create a set of symmetric keys that they use during that session to encrypt and

decrypt data and to detect if someone has tampered with the data. Symmetric key

encryption is much faster than public-key encryption, while public-key encryption

provides strong authentication techniques.

Once the key exchange is complete, the client and the server use this session key to

encrypt all communication between them. They do this encryption with a cipher, or

symmetric key encryption algorithm, such as RC4 or DES. This is the function of the

SSL Record Protocol. There are two types of ciphers, symmetric and asymmetric.

Symmetric ciphers require the same key for encryption and decryption, whereas with

asymmetric ciphers, data can be encrypted using a public key, but decrypted using a

private key.

SSL supports a variety of ciphers that it uses for authentication, transmission of

certificates, and establishing session keys. SSL-enabled devices can be configured to

support different sets of ciphers, called cipher suites.

1 2 ... 36 37 38 39 40 41 42 43 44 45 46 ... 85 86

Kommentare zu diesen Handbüchern

Keine Kommentare

Crestron CP3N Technical Information Seite 41

Kommentare zu diesen Handbüchern

Verwandte Produkte und Handbücher für Software Crestron CP3N