Open Access Open Access  Restricted Access Subscription or Fee Access

Secure Socket Layer and its Security Analysis

Deepika Bansal, Priya Sethi, Shipra Kataria


The Internet is an insecure medium for communication which leads to substantial security breaches, that is, a possible loss of confidentiality, integrity or site authentication which affects the user severely. To mitigate these insecure communication problems, secure socket layer (SSL) comes into consideration. But SSL is vulnerable to many criminal activities like attackers can hide malware in encrypted content and launch various attacks.  This arises the need to rethink about the security and privacy provided by the SSL. So the paper provides detailed description of SSL, its vulnerabilities, various attacks and their countermeasures. It also discusses the ways to scan the SSL traffic for malware detection.


Secure Socket Layer, Vulnerabilities, Scanning, Protocols.

Full Text:



Holly Lynne McKinley,” SSL and TLS: A Beginners’ Guide”, SANS Institute, 2003.

M S.Bhiogade, “Secure Socket Layer”, Informing Science, June 2002.

Aurora Bataclan,” Exploring SSL and Its Related Components”, SANS Institute, 2004.

J. Michael Butler,” Finding Hidden Threats by Decrypting SSL”, SANS Institute, 2013.

Mr. Pradeep Kumar Panwar and Mr. Devendra Kumar,” Security through SSL”, International Journal of Advanced Research in Computer Science and Software Engineering, Volume 2, Issue 12, December 2012.



Understanding the working of secure socket layer,

Tomasz Onyszko, “Secure Socket Layer ",

Insufficient Transport Layer Security (HTTPS, TLS and SSL),

Martin Georgiev, Subodh Iyengar, and Suman Jana,” The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software”, ACM, 2012.

Thawatchai Chomsiri, HTTPS Hacking Protection ,Advanced Information Networking and Applications Workshops, 2007

Jeremy Clark and Paul C. van Oorschot,” SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements”, IEEE Symposium on Security and Privacy, 2013.

Pratik Guha Sarkar and Shawn Fitzgerald,” ATTACKS ON SSL A COMPREHENSIVE STUDY OF BEAST, CRIME, TIME, BREACH, LUCKY 13 & RC4 BIASES”, iSEC Partners, 2013.

Olivier Levillain, Baptiste Gourdin, and Hervé Debar, “TLS Record Protocol: Security Analysis and Defense-in-depth Countermeasures for HTTPS”, ACM, 2015.


E Brad Casey,” Making SSL decryption and other networking choices in cloud deployments”, 2013.

Eyesight to the Blind SSL Decryption for Network Monitoring, ””.

Akira Yamada, Yutaka Miyake, Keisuke Takemori, Ahren Studer and Adrian Perrig, "Intrusion Detection for Encrypted Web Accesses", in Proceedings of 21st International Conference on Advanced Information Networking and Applications Workshops, IEEE, 2007.

Spamina Cloud Email Services - End User Privacy,

12 Things Effective Intrusion Prevention Systems Should Do,

Dave Shackleford, “Supporting Packet Decryption for Security Scanning ", SANS Institute, November 2012.

The pros and cons of SSL decryption for enterprise network monitoring,

Maha TEBAA, Saïd EL HAJJI, Abdellatif EL GHAZI, "Homomorphic Encryption Applied to the Cloud Computing Security", in Proceedings of the World Congres on Engineering, London, U.K, Vol I, July 2012.


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.