TLS former known as Secure Socket Layer (SSL) is a compley protocol for clients (webbrowser) and servers (hosts) to communicate securely, which is one essential thing for e-commerce (allows sending credit-card numbers over the network as well as personal information with some confidence that it only goes to the intended destination). It constists of 2 main parts:
TLS Handshake protocol
- used to authenticate a server to a client (and a client to a server, but this rarely happens, because the client would require a public key and this public key has to be known by the server) using a combination of symmetric and asymmetric cryptography
- agreement on cryptographic protocol, because TLS allows many different encryption algorithms. TLS can be implemented on top of many other protocols. The most commonly used implementation is on top of Hyper Transfer Text Protocol (HTTP). Combining TLS with HTTP results in Hyper Transfer Text Protocol Secure (HTTPS).
- establish shared session key, a key shared between the server and the client
a) C connect to S sending a message m, a list of ciphers c supported by C and a list of hash functions h used by C, because different browsers have different ciphers and hash-functions implemented.
b) Due to, C and S have to agree an a cipher and a hash-function, S picks the ’strongest’ cipher and hash-function from the received lists and sends the choice back to C. S also sends a certificate, which gives the public key k_US of S to C, in a way, C can trust in. The certificate includes the domain and the public key kUS of S and is signed by a Certificate Authority (CA).
c) Next C verifies the certificate, extract kUS and picks a random value r and sends EkUS (r) back to S. S can decrypt E_k_US(r) using the private key to get r, which is used as the shared key k. Now both, C and S, have a shared key k = r and can communicate over the channel using symmetric encryption with the key k. The protocol to do this is the TLS Record Protocol.
Problems
tbd
TLS record protocol
- starts after sucessfully finished the TLS Handshake Protocol
- enables communication using session key, which was established in the TLS Handshake Protocol
- using symmetric cryptography only, because a session key was established by the end of the TLS Handshake Protocol and now using symmetric encryption which is much more faster (cheaper) for encrypting all the content of a page.
So first, C requests the content of a webpage. The response is the content of some webpage, which can be quite long, so we need a way to encrypt that response and send it to C. We want both:
- confidentiality
- integrity checking
The response is M, which includes a mac using the hash-function H of M, which uses kn (the key of the hash-function) and finally we have some padding to fill up the block size.
Now we want to send this whole response over the secure channel. The way this is done with TLS Record Protocol is to use CBC mode and some encryption function.
In one session there might be multiple responses, so when the next response is done, we don’t want to do the whole TLS Handshake Protocol again. In the next response the next message block will be encrypted using CBC mode again which produces the cipher block of the next message, but we need an IV here (don’t use former IV, due to security).
In TLS the last cipherblock of the previous message is used as the IV for the first block of the next message.
TLS information leaks
tbd
Digital certificates
tbd
Certificate details
tbd
Signature validation
tbd