How Does SSL Protect Against IP Spoofing?by Jacob Andrew
Secure Socket Layer, or SSL, connections use an encryption key and digital certificate to verify that a website’s communications originate from a reliable source. Though there are many reasons to use SSL connections, SSL also help stop attackers from “spoofing.” Spoofing occurs when an unauthorized computer masquerades as an authorized one.
Types of SSL
There are two different kinds of SSL: symmetric and asymmetric. Though symmetric keys have the lowest overhead, they require both computers to have their encryption key already installed. Asymmetric keys, the ones typically used for Web servers, make use of a two-part system to create unique pairs; a private key generated by the requesting party, and a “public” key maintained by the server. Both types of SSL use signatures. By its very nature, SSL is a client-server style of system, with one host initiating the connection and the other providing the majority of the security.
Importance of Certificates with SSL
Even if a server seems to have offer an SSL connection, that fact does not fully confirm that the connection is authentic. To fully ensure an unspoofed connection, SSL uses certificates. Certificates are small files stored on the SSL server; they assert that server’s authenticity. The certificates are only as strong as authority issuing them, with the most prominent being VeriSign Inc. Independently signed certificates, which must be regularly renewed and bound to a specific IP, ensure that the SSL connection is being established with a reputable and known server. When a third-party-signed certificate accompanies an SSL Web connection, then the connection is seamlessly established. Certificates not verified by any authority will often cause your Web browser to warn you, forcing you to proactively choose whether to connect to the unverified server.
How SSL Stops Man-in-the-Middle Spoofing
Spoofing happens whenever an untrusted computer pretends to be a trusted computer or, in the case of a man-in-the-middle spoof, cannot be seen at all. In successfully doing this, a man-in-the-middle spoof machine acts as an intermediary between your computer and the server. The computer intercepts the communications, copies it and passes it along as if nothing happened. SSL stops this kind of attack by first encrypting all communication. The spoofing machine would need the SSL encryption key to decrypt any intercepted data. Even if the spoofing machine has a means to break the cryptography, every packet of data on an SSL connection generates a difficult-to-reverse hash tag that verifies that the packet has been delivered unaltered. Interception alters this hash tag, and causes the authorized parties to end the spoofed connection.
How SSL Stops Blind and Non-blind Spoofing
Some spoofers simply sniff, or monitor, communications between to computers in an attempt to figure out how to mimic their communication scheme. In this way, a spoofer can “enter” an in-progress, digital conversation without being authorized. When the spoofer comes from outside the network, this is called "blind" spoofing. When the spoofer within the network is attacked, it is called "non-blind." In both symmetrical and asymmetrical SSL setups, all communication is encrypted. Encryption is done using a key uniquely generated between the two computers, thus preventing the spoofer from “seeing” how the two machines are communicating.