Internet has made modern man's life easier and more comfortable. We can communicate with anyone around the globe, shop online, pay bills without commuting and many more regular chores by clicking a mouse. However, there is also a great deal of data threat. There are many phishing attacks where hackers steal data like credit card information, bank account details or personal information and use it illegally. Hence, protecting the identity and authentication is a great challenge. A SSL cipher is an encryption algorithm that creates a special certificate that is used as a key between two computers connected to the World Wide Web (WWW). The SSL certificate creates a secret and encrypted connection between two computers and helps in blocking the undesirable snooping of the shared data.
The Secure Socket Layer (SSL) is a method of transferring data securely over the internet. Transmitted data is encrypted. The Secure Socket Layer is used for sending and receiving sensitive information like credit card information, bank account details etc. across the internet. It was originally developed by Netscape as a secured protocol for e-commerce activities on the World Wide Web or the internet. The SSL protocol supports different encryption algorithms. These ciphers provide 40, 56 or 128 bit encryption security. The SSL is not visible to the Internet users but it appears while logging into a website with a Hypertext Transfer Protocol Secure (HTTPS) address. Some web browsers alert the users when they are entering into a secured website. This alert message popup is an indication of SSL ciphering in action. The SSL is based on the transport layer of the networked computers. Hence it is a unique security protocol. Typically, computers are connected to the Internet through telecommunication devices like the telephone or dial in modem. Deciphering or decoding the encrypted tunnel requires the SSL cipher code and encryption keys.
Generally, SSL cipher is not used for all pages on a website. It is specifically used for sending and receiving sensitive information such as credit cards information, membership ID's, customer billing information or SSN number. It needs to be used only on the "particular" page where the secured transaction or activity takes place. If the users or visitors of the website do not observe the https:// appearing on the form URL, and the "SSL Symbol" does not illuminate in their browser, then it is definitely not a safe method of transaction. If by chance, the user gives out the credit card information to such websites, there are greater chances of data misuse or theft. Hence it is always advisable to make transactions on websites using SSL cipher.
SSL implementation is very easy and has lot of advantages. SSL is placed on top of TCP/IP layers and TCP calls are substitued by SSL calls. After the connection is establised, it acts like a secure tunnel and it is safe to send any data across this. There are many implementation packages available for almost all platforms like Windows, Unix etc. SSL supports many webservers such as Apache and also browsers like Netscape Communicator and Internet Explorer. SSL helps with authentication, encryption, session key exchange with asymmetric methods, certificates etc.
The developer or the person implementing SSL must be completely aware of the OS and have in-depth knowledge of the OS, TCP/IP layer and the SSL layer. Not everyone is well versed with this and implementing SSL requires highly skilled people.
The SSL protocol supports different cryptographic algorithms that provide 40, 56, or 128 bit encryption security. Key exchange algorithms such as KEA and RSA key-exchange determine the way in which the server and client exchange symmetric keys (public/private) during an SSL session. The most commonly used SSL cipher suites uses the "RSA" key exchange. It is widely displayed on numerous websites involving credit card transactions. GeoTrust is another popular organization who issues the SSL Server Certificates. A certificate is used to identify a legitimate SSL enabled website. It displays the company’s name as the certified holder when checked by visitors.