See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/344781801

Secure Socket Layer (SSL) in the Network and Web Security

Article  in  International Journal of Computer and Information Sciences · October 2020

CITATIONS READS

15 2,519

2 authors:

Roza Dastres Mohsen Soori

Near East University University of Kyrenia
11 PUBLICATIONS   106 CITATIONS    79 PUBLICATIONS   688 CITATIONS   

SEE PROFILE SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Computer Aided Process Planning View project

Modern CAD/CAM Systems View project

All content following this page was uploaded by Mohsen Soori on 23 October 2020.

The user has requested enhancement of the downloaded file.

World Academy of Science, Engineering and Technology
International Journal of Computer and Information Engineering
Vol:14, No:10, 2020

Secure Socket Layer in the Network and Web Security

Roza Dastres, Mohsen Soori

 the security of the data sharing via the web is studied and an
Abstract—In order to electronically exchange information advanced system of secured data sharing is also developed. As
between network users in the web of data, different software such as a result, security and reliability of the network systems can be
outlook is presented. So, the traffic of users on a site or even the increased in order to increase benefits of information
floors of a building can be decreased as a result of applying a secure
technology in human life.
and reliable data sharing software. It is essential to provide a fast,
secure and reliable network system in the data sharing webs to create Review of research works is presented in Section II.
an advanced communication systems in the users of network. In the Application of the SSL in the network and web security is
present research work, different encoding methods and algorithms in presented in Section II. The developed software in the study is
data sharing systems is studied in order to increase security of data presented in Section IV. Finally, the obtained results are
sharing systems by preventing the access of hackers to the transferred presented in Section V.
data. To increase security in the networks, the possibility of textual
Open Science Index, Computer and Information Engineering Vol:14, No:10, 2020 waset.org/Publication/10011526

conversation between customers of a local network is studied.

Application of the encryption and decryption algorithms is studied in II. REVIEW OF RESEARCH WORKS IN APPLICATION OF THE SSL
order to increase security in networks by preventing hackers from IN THE NETWORK AND WEB SECURITY
infiltrating. As a result, a reliable and secure communication system To provide public key certificate based authentication,
between members of a network can be provided by preventing secure session key establishment, and symmetric key based
additional traffic in the website environment in order to increase
speed, accuracy and security in the network and web systems of data
traffic confidentiality, on the security of Secure Socket
sharing. Layer/Transport Layer Security (SSL/TLS)-enabled
applications is presented by [1]. Secure communication using
Keywords—Secure Socket Layer, Security of networks. DNA cryptography with SSL protocol in wireless sensor
networks is presented by [2] to provide a secure channel with
I. INTRODUCTION more secure exchange of information in wireless sensor

T HE software such as Outlook Software are presented in networks. To provide an advanced Network Security
order to provide the electronically exchanging information Processor in the webs of data, A Gbps IPSec SSL security
between users in the web. The need to use this new connection processor design is investigated by [3]. A usability analysis of
reduces the traffic of users on a site or even the floors of a Java Secure Socket Extension API is presented by [4] to
building. In the meantime, an example such as face, security, prevent the security vulnerabilities in software development
and reliability is very important. Security and reliability are applications. SSL certificate verification is investigated by [5]
important issues that messages are sent to the destination with to verify SSL certificates using the concepts of learning
the least error. automata (LA). To increase security in the data sharing
Encryption is the science of codes and codes. It is an systems in the networks, the most recent SSL security attacks
ancient art and has been used for centuries to protect messages is analyzed by [6]. Design and implementation of a high
exchanged between commanders, spies, lovers, and others in performance network security processor is presented by [7] to
order to keep their messages confidential. When dealing with develop network security processors (NSPs) in data sharing
data security, it is essential to prove the identity of the sender systems. A combined approach to ensure data security in
and receiver of the message. Also, it is necessary to make sure cloud computing is presented by [8] to increase security in
that the content of the message does not change in the data data sharing networks.
transferring process. These three issues, privacy,
authentication, and comprehensiveness, are at the heart of III. SSL
modern data security and can be used for encryption. SSL is a standard, registered technology for secure
In this paper, various encryption algorithms are presented in communication between a web server and an Internet browser
order to prevent hackers from infiltrating. The aim is to or a mail server and a mail client (e.g., Outlook). This secure
provide a complete and coherent defense model that can be connection protects all the information that we transfer
exploited according to the organization's capabilities. between the web server and the Internet browser (user) so that
Application of the Secure Socket Layer (SSL) in increasing it remains confidential and intact. SSL is an industry standard
and is used by millions of websites around the world to ensure
data security. The SSL is a solution for secure communication
R. D. is with the Department of Computer Engineering, Cyprus between a server and a service provider, provided by
International University, North Cyprus, Turkey (e-mail:
[email protected]). Netscape. In fact, SSL is a protocol that is lower than the
M. S. is with the Department of Mechanical Engineering, Eastern application layer (TCP/IP layer 4 in the TCP/IP model). The
Mediterranean University, Famagusta, Via Mersin 10, North Cyprus, Turkey advantage of using this protocol is the use of its embedded
(corresponding author, e-mail: [email protected] ).

International Scholarly and Scientific Research & Innovation 14(10) 2020 330 ISNI:0000000091950263
World Academy of Science, Engineering and Technology
International Journal of Computer and Information Engineering
Vol:14, No:10, 2020

security features to secure insecure application layer protocols exchanged information between the server and the receiver
such as HTTP and HTTPS. Based on that, cryptographic will be encrypted by the developed software in the study.
algorithms are applied to plain text that is supposed to pass Then, the sent data will be decrypted on the opposite side in
through an insecure communication channel such as the order to maximize confidentiality in data sending systems via
Internet, and ensures that data are kept confidential throughout the webs of data. The developed algorithm of the presented
the transmission channel. An SSL certificate is required for a software is described in this section.
website to have a secure SSL connection. The connection unit unfrmMain;
between the web browser and webserver using the SSL system interface
is shown in Fig. 1 [9]. uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls,
forms,
Dialogs, StdCtrls, ExtCtrls, Sockets, IdBaseComponent,
IdComponent,
IdIPWatch, Menus, ScktComp;
type
TfrmClientSocket = class(TForm)
Panel1: TPanel;
Fig. 1 The connection between the web browser and webserver using Panel2: TPanel;
Open Science Index, Computer and Information Engineering Vol:14, No:10, 2020 waset.org/Publication/10011526

the SSL system [9] btnSendText: TButton;

Label3: TLabel;
To create security in the websites, the https security level is edPortNo: TEdit;
provided by using the server identification system. The btnChangeServer: TButton;
server’s public key is sent to the browser in order to secure the Panel3: TPanel;
content of the website. Then, it is controlled by the browser to Memo1: TMemo;
check the validation of the used certificate. So, the edSendText: TEdit;
edHostName: TEdit;
authentication and validation of the considered certificate is
Label1: TLabel;
approved by the browser in order to get a feedback from the TcpClient: TTcpClient;
used key in the server of the website [9]. TcpServer: TTcpServer;
To authenticated clients and server, the SSL operates by procedure btnChangeServerClick(Sender: TObject;)
authenticating clients and servers using digital certificates, and procedure btnSendTextClick(Sender: TObject;)
by encrypting/decrypting correspondence using specific keys procedure FormShow(Sender: TObject;)
which needs to be validated in the Cortication Authority (CA) procedure TcpServerAccept(Sender: TObject;
certification center. The CA's job is to identify the parties to ClientSocket: TCustomIpClient;)
the relationship, the addresses, the bank accounts and the private
{ Private declarations }
expiration date of the certificate, and to determine the
Function Encode(InParam:String): String;
identities based on them. By using the developed feature in function Decode(InParam:String): String;
SSL, a user is assured of the authenticity of a server. public
SSL-based software on the receiving side (for example, a { Public declarations}
web browser such as Internet Explorer) of a standard key- End;
based encryption technique and comparing the public keys of var
a server (such as a web service provider such as IIS) can be frmClientSocket: TfrmClientSocket;
used in order to identify the user in the website. Then, the user Implementation
can enter their information such as credit card numbers or Uses ConvUtils;
passwords with a high level of security and reliability. The main dialogue box of the developed software is shown
The SSL system can use a combination of symmetrical and in Fig. 2. Then, the port number of the server will be entered
asymmetric encryption. Symmetric key encryption is faster by the user as is shown in Fig. 3.
TcpServer.LocalPort:= edPortNo.Text;
than public key encryption, and on the other hand, public key
Then, the server will be activated.
encryption offers more robust authentication techniques. A TcpServer.Active:= True;
secured SSL connection as “SSL Handshake” is generated Finally
when the users are trying to access to the secured content in Show Message (The connection to the server is established.)
the website. The process and the generated keys in the security Next, the name of the server will be entered as is shown in
operations are not visible to the user. In order to encrypt all Fig. 4. So, it will be defined that the user is connected to the
transmitted data, anything encrypted with the public key can server in the web.
only be decrypted with the private key, and vice versa [9]. After that, the files and text will be sent by the user as is
shown in Figs. 5 and 6 respectively. The sent data will be
IV. THE DEVELOPED NETWORK SYSTEM encoded by the developed system in order to be secured in the
In the developed software in the study, a small sample of 2 data transferring process via the web.
computer conversations on the network is examined. All Procedure TfrmClientSocket.TcpServerAccept (Sender:

International Scholarly and Scientific Research & Innovation 14(10) 2020 331 ISNI:0000000091950263
World Academy of Science, Engineering and Technology
International Journal of Computer and Information Engineering
Vol:14, No:10, 2020

TObject;ClientSocket: TCustomIpClient;) TcpClient.Sendln (Encode (edSendText.Text);)

Begin

Fig. 6 Text sending by the user

Fig. 2 The main dialogue box of the developed software
Open Science Index, Computer and Information Engineering Vol:14, No:10, 2020 waset.org/Publication/10011526

Next, the user will be disconnected to the network and the

field of the text sending will be cleared for the next data
sending process.
TcpClient.Disconnect;
edSendText.Text;:= ''
End;
End;
Finally, the received text by the user will be decoded by the
developed system in order to be understood.
Function TfrmClientSocket.Encode (InParam: String): String;
Var i: Integer;
Begin
Result: =InParam;
For i: = 1 to length (InParam) do
Fig. 3 The port number of the server Result[i]:= chr(ord(InParam[i]) + 110;)
End;
Function TfrmClientSocket.Decode (InParam: String): Strin;
Var i: Integer;
Begin
Result: =InParam;
For i:= 1 to length(InParam) do
Result[i]:= Chr (ord (InParam[i]) – 10;)
End;
End.

V. CONCLUSION
Advanced data sharing systems are recently presented due
to information exchange requirements between webs of data.
Fig. 4 The name of the server In this study, various encryption algorithms is presented to
prevent hackers from infiltrating. The aim of the present
research work is providing a complete and coherent defense
model which can be exploited according to the organization's
capabilities. The developed software in the study is presented
and algorithm of the system is described. By connecting
between two computers, the user can consider features such as
sending various files and voice calls and voicemail, etc., in
addition to text conversation. So, an advanced secured
communication system in the webs of data can be provided
using the developed system in the study. The obtained results
proved the reliability and capabilities of the developed
software in the study which can be used in the internet (Like
yahoo messenger software).
Fig. 5 File sending by the user In designing security patterns, the fit between the user and

International Scholarly and Scientific Research & Innovation 14(10) 2020 332 ISNI:0000000091950263
World Academy of Science, Engineering and Technology
International Journal of Computer and Information Engineering
Vol:14, No:10, 2020

the security plan is very important. Moreover, the process of

changing and updating security technology must be
anticipated in accordance with new standards and threats.
The security system buyers are still struggling with
countless security issues. Some organizations buy expensive
security equipment in order to ensure their security in the web
of data, which is much more than the organization's capacities.
A security plan which is more than the capacity of an
organization is a waste of money. Also, a security plan which
is flawed will have a small impact on the organization's
performance, and it is the erosion of forces time and energy.
As a result, it is important to provide an advanced connection
system in the web of data by considering the demands and
threats in order to increase benefits of information technology
in the human life.
Open Science Index, Computer and Information Engineering Vol:14, No:10, 2020 waset.org/Publication/10011526

REFERENCES
[1] M.L. Das, N. Samdaria, “On the security of SSL/TLS-enabled
applications” Appl. Comput. Inform. 2014, 10(1-2), pp.68-81.
[2] S. Upadhyaya, “Secure communication using DNA cryptography with
secure socket layer (SSL) protocol in wireless sensor networks” Proced.
Comput. Sci. 2015, 70, pp.808-813.
[3] H.Wang, G. Bai, and H. Chen, “A gbps ipsec ssl security processor
design and implementation in an fpga prototyping platform” J. Signal
Process. Syst. 2010, 58(3), pp.311-324.
[4] C. Wijayarathna, N.A.G. Arachchilage, “Why Johnny can’t develop a
secure application? A usability analysis of Java Secure Socket Extension
API” Comput. Secur. 2019, 80, pp.54-73.
[5] P.V Krishna, S.Misra, D. Joshi, A. Gupta and M.S. Obaidat, “Secure
socket layer certificate verification: a learning automata approach”
Secur. Commun. Networ. 2014, 7(11), pp.1712-1718.
[6] W.El‐Hajj, “The most recent SSL security attacks: origins,
implementation, evaluation, and suggested countermeasures” Secur.
Commun. Networ. 2012, 5(1), pp.113-124.
[7] H. Wang, G. Bai and H. Chen, “Design and implementation of a high
performance network security processor” Int. J. Electron. 2010, 97(3),
pp.309-325.
[8] S.K. Sood, “A combined approach to ensure data security in cloud
computing” J. Networ. Comput. Appl., 2012, 35(6), pp.1831-1838.
[9] https://www.digicert.com/ssl/

International Scholarly and Scientific Research & Innovation 14(10) 2020 333 ISNI:0000000091950263