Securing the OSI Stack - Layer 6

Our guide to securing the OSI stack continues with a look at the presentation layer.

Layer 6 of the OSI model is the presentation layer. This layer is unique in that it is responsible for the presentation of information. Its role is to act as a translator and convert data from one format to another. If you are thinking of formats such as ASCII, EBCDIC or JPEG, you are correct; the presentation layer can also be used for encryption, however. An example of this is Secure Sockets Layer (SSL). This protocol was developed to act as a cryptographic solution for the protection of data in transit. SSL resides below the application layer but above the transport layer. Because SSL plays such an important role in securing data, it is the focus of this article.

Let's start with a little bit of history. Netscape developed SSL in 1994 as a means of securing network communication. Specifically, SSL was designed to protect data being transported between a Web browser and a Web server. SSL offers businesses a means of secure e-commerce. While SSL is not an industry standard -- in that it was developed by Netscape -- Transport Layer Security (TLS) is. TLS was developed by the Internet Engineering Task Force (IETF). The current version of TLS is 1.1 and is described in RFC 4346. Programs that use TLS work very similarly to those that use SSL. By and large, SSL and TLS are interchangeable. Both services follow a standard handshake process to establish communication:

  1. A client uses a Web browser to contact a Web server that hosts a secured URL.

  2. The Web server responds to the client's request and sends the server's digital certificate to the Web browser. The X.509 certificate is the most commonly used type.

  3. The client now verifies that the certificate is valid and correct. Certificates are issued by known authorities such as Thawte or Verisign. This step is important because the certificate authenticates the Web server's organization as legitimate.

  4. Once the certificate is validated, the client generates a one-time session key, which will be used to encrypt all communication with the Web server.

  5. The client now encrypts the session key with the Web server's public key, which was transmitted with the digital certificate. Using the Web server's session key ensures that only the Web server can decrypt the data.

  6. At this point, a secure session is established, and both parties can communicate via a secure channel.

This handshake process allows the entities to communicate with confidence. The client and Web server actually pass data back and forth just as they would normally, using TCP. The difference is that the corresponding data traffic is encrypted. A few controls are also included to ensure the integrity of the message. This gives both parties confidence that the information has not been altered in transit.

Layer 6 threats

We can place a high level of confidence in SSL and TLS, but threats do exist. Two of the most likely can be categorized as fake certificate attacks and man-in-the-middle attacks. Fake certificate attacks require the attacker to provide the client with a fake certificate. Clients should notice this attack -- they will receive a pop-up dialog warning about a problem with the certificate. The certificate is very similar to a real certificate, except that it is not signed by a trusted certification authority. Man-in-the-middle attacks are difficult because the attacker must intercept communication between the client and server. The attacker then replaces the legitimate keys with his own.

Although these attacks against SSL are possible, a far greater threat comes from businesses that have decided to use no encryption at all and simply pass their customers information in clear text. All things considered, protocols such as SSL and TLS have proven themselves to be very competent. This is witnessed by the millions upon millions of secure exchanges that occur each day. If this discussion of SSL has sparked your interest to learn more about this technology, you may want check out Stunnel. Stunnel is designed to encrypt arbitrary TCP connections inside SSL.

About the author: Michael Gregg has more than 15 years of experience in IT. He is the president of Superior Solutions Inc., a Houston-based training and consulting firm, and an expert on networking, security and Internet technologies. Michael holds two associate degrees, a bachelor's degree and a master's degree. He currently maintains the following certifications: MCSE, MCT, CTT, A+, N+, CNA, CCNA, CIW Security Analyst and TICSA.

Read more on Network security management