Book Image

TLS Cryptography In-Depth

By : Dr. Paul Duplys, Dr. Roland Schmitz
Book Image

TLS Cryptography In-Depth

By: Dr. Paul Duplys, Dr. Roland Schmitz

Overview of this book

TLS is the most widely used cryptographic protocol today, enabling e-commerce, online banking, and secure online communication. Written by Dr. Paul Duplys, Security, Privacy & Safety Research Lead at Bosch, and Dr. Roland Schmitz, Internet Security Professor at Stuttgart Media University, this book will help you gain a deep understanding of how and why TLS works, how past attacks on TLS were possible, and how vulnerabilities that enabled them were addressed in the latest TLS version 1.3. By exploring the inner workings of TLS, you’ll be able to configure it and use it more securely. Starting with the basic concepts, you’ll be led step by step through the world of modern cryptography, guided by the TLS protocol. As you advance, you’ll be learning about the necessary mathematical concepts from scratch. Topics such as public-key cryptography based on elliptic curves will be explained with a view on real-world applications in TLS. With easy-to-understand concepts, you’ll find out how secret keys are generated and exchanged in TLS, and how they are used to creating a secure channel between a client and a server. By the end of this book, you’ll have the knowledge to configure TLS servers securely. Moreover, you’ll have gained a deep knowledge of the cryptographic primitives that make up TLS.

Related Content you might be interested in

Current Title:

Small book image
TLS Cryptography In-Depth
Dr. Paul Duplys | Dr. Roland Schmitz
Jan, 2024 | 712 pages
Small book image
Demystifying Cryptography with OpenSSL 3.0
Alexei Khlebnikov
Oct, 2022 | 342 pages
Small book image
Cryptography Algorithms
Massimo Bertaccini
Mar, 2022 | 358 pages
Small book image
Modern Cryptography for Cybersecurity Professionals
Lisa Bock
Jun, 2021 | 286 pages
Table of Contents (30 chapters)
Preface
Preface
Who is this book for
What this book covers
To get the most out of this book
Conventions used
Get in touch
Share Your Thoughts
Download a free PDF copy of this book
1
Part I Getting Started
Part I Getting Started
Free Chapter
2
Chapter 1: The Role of Cryptography in the Connected World
Chapter 1: The Role of Cryptography in the Connected World
1.1 Evolution of cryptography
1.2 The advent of TLS and the internet
1.3 Increasing connectivity
1.4 Increasing complexity
1.5 Example attacks
1.6 Summary
3
Chapter 2: Secure Channel and the CIA Triad
Chapter 2: Secure Channel and the CIA Triad
2.1 Technical requirements
2.2 Preliminaries
2.3 Confidentiality
2.4 Integrity
2.5 Authentication
2.6 Secure channels and the CIA triad
2.7 Summary
4
Chapter 3: A Secret to Share
Chapter 3: A Secret to Share
3.1 Secret keys and Kerckhoffs’s principle
3.2 Cryptographic keys
3.3 Key space
3.4 Key length
3.5 Crypto-agility and information half-life
3.6 Key establishment
3.7 Randomness and entropy
3.8 Summary
5
Chapter 4: Encryption and Decryption
Chapter 4: Encryption and Decryption
4.1 Preliminaries
4.2 Symmetric cryptosystems
4.3 Information-theoretical security (perfect secrecy)
4.4 Computational security
4.5 Pseudorandomness
4.6 Summary
6
Chapter 5: Entity Authentication
Chapter 5: Entity Authentication
5.1 The identity concept
5.2 Authorization and authenticated key establishment
5.3 Message authentication versus entity authentication
5.4 Password-based authentication
5.5 Challenge-response protocols
5.6 Summary
7
Chapter 6: Transport Layer Security at a Glance
Chapter 6: Transport Layer Security at a Glance
6.1 Birth of the World Wide Web
6.2 Early web browsers
6.3 From SSL to TLS
6.4 TLS overview
6.5 TLS version 1.2
6.6 TLS version 1.3
6.7 Major differences between TLS versions 1.3 and 1.2
6.8 Summary
8
Part II Shaking Hands
Part II Shaking Hands
9
Chapter 7: Public-Key Cryptography
Chapter 7: Public-Key Cryptography
7.1 Preliminaries
7.2 Groups
7.3 The Diffie-Hellman key-exchange protocol
7.4 Security of Diffie-Hellman key exchange
7.5 The ElGamal encryption scheme
7.6 Finite fields
7.7 The RSA algorithm
7.8 Security of the RSA algorithm
7.9 Authenticated key agreement
7.10 Public-key cryptography in TLS 1.3
7.11 Hybrid cryptosystems
7.12 Summary
10
Chapter 8: Elliptic Curves
Chapter 8: Elliptic Curves
8.1 What are elliptic curves?
8.2 Elliptic curves as abelian groups
8.3 Elliptic curves over finite fields
8.4 Security of elliptic curves
8.5 Elliptic curves in TLS 1.3
8.6 Summary
11
Chapter 9: Digital Signatures
Chapter 9: Digital Signatures
9.1 General considerations
9.2 RSA-based signatures
9.3 Digital signatures based on discrete logarithms
9.4 Digital signatures in TLS 1.3
9.5 Summary
12
Chapter 10: Digital Certificates and Certification Authorities
Chapter 10: Digital Certificates and Certification Authorities
10.1 What is a digital certificate?
10.2 X.509 certificates
10.3 Main components of a public-key infrastructure
10.4 Rogue CAs
10.5 Digital certificates in TLS
10.6 Summary
13
Chapter 11: Hash Functions and Message Authentication Codes
Chapter 11: Hash Functions and Message Authentication Codes
11.1 The need for authenticity and integrity
11.2 What cryptographic guarantees does encryption provide?
11.3 One-way functions
11.4 Hash functions
11.5 Message authentication codes
11.6 MAC versus CRC
11.7 Hash functions in TLS 1.3
11.8 Summary
14
Chapter 12: Secrets and Keys in TLS 1.3
Chapter 12: Secrets and Keys in TLS 1.3
12.1 Key establishment in TLS 1.3
12.2 TLS secrets
12.3 KDFs in TLS
12.4 Updating TLS secrets
12.5 TLS keys
12.6 TLS key exchange messages
12.7 Summary
15
Chapter 13: TLS Handshake Protocol Revisited
Chapter 13: TLS Handshake Protocol Revisited
13.1 TLS client state machine
13.2 TLS server state machine
13.3 Finished message
13.4 Early data
13.5 Post-handshake messages
13.6 OpenSSL s_client
13.7 Summary
16
Part III Off the Record
Part III Off the Record
17
Chapter 14: Block Ciphers and Their Modes of Operation
Chapter 14: Block Ciphers and Their Modes of Operation
14.1 The big picture
14.2 General principles
14.3 The AES block cipher
14.4 Modes of operation
14.5 Block ciphers in TLS 1.3
14.6 Summary
18
Chapter 15: Authenticated Encryption
Chapter 15: Authenticated Encryption
15.1 Preliminaries
15.2 Authenticated encryption – generic composition
15.3 Security of generic composition
15.4 Authenticated ciphers
15.5 Counter with cipher block chaining message authentication code (CCM)
15.6 AEAD in TLS 1.3
15.7 Summary
19
Chapter 16: The Galois Counter Mode
Chapter 16: The Galois Counter Mode
16.1 Preliminaries
16.2 GCM security
16.3 GCM performance
16.4 Summary
20
Chapter 17: TLS Record Protocol Revisited
Chapter 17: TLS Record Protocol Revisited
17.1 TLS Record protocol
17.2 TLS record layer
17.3 TLS record payload protection
17.4 Per-record nonce
17.5 Record padding
17.6 Limits on key usage
17.7 An experiment with the OpenSSL s_client
17.8 Summary
21
Chapter 18: TLS Cipher Suites
Chapter 18: TLS Cipher Suites
18.1 Symmetric cipher suites in TLS 1.3
18.2 Long-term security
18.3 ChaCha20
18.4 Poly1305
18.5 ChaCha20-Poly1305 AEAD construction
18.6 Mandatory-to-implement cipher suites
18.7 Summary
22
Part IV Bleeding Hearts and Biting Poodles
Part IV Bleeding Hearts and Biting Poodles
23
Chapter 19: Attacks on Cryptography
Chapter 19: Attacks on Cryptography
19.1 Preliminary remarks
19.2 Passive versus active attacks
19.3 Local versus remote attacks
19.4 Interactive versus non-interactive attacks
19.5 Attacks on cryptographic protocols
19.6 Attacks on encryption schemes
19.7 Attacks on hash functions
19.8 Summary
24
Chapter 20: Attacks on the TLS Handshake Protocol
Chapter 20: Attacks on the TLS Handshake Protocol
20.1 Downgrade attacks
20.2 Logjam
20.3 SLOTH
20.4 Padding oracle attacks on TLS handshake
20.5 Bleichenbacher attack
20.6 Improvements of Bleichenbacher’s attack
20.7 Insecure renegotiation
20.8 Triple Handshake attack
20.9 Summary
25
Chapter 21: Attacks on the TLS Record Protocol
Chapter 21: Attacks on the TLS Record Protocol
21.1 Lucky 13
21.2 POODLE
21.3 BEAST
21.4 Sweet32
21.5 Compression-based attacks
21.6 Summary
26
Chapter 22: Attacks on TLS Implementations
Chapter 22: Attacks on TLS Implementations
22.1 SMACK
22.2 FREAK
22.3 Truncation attacks
22.4 Heartbleed
22.5 Insecure encryption activation
22.6 Random number generation
22.7 BERserk attack
22.8 Cloudbleed
22.9 Timing attacks
22.10 Summary
27
Bibliography
Bibliography
28
Index
Index
29
Other Books You Might Enjoy
Other Books You Might Enjoy
Packt is searching for authors like you
Share Your Thoughts
Download a free PDF copy of this book

16.2 GCM security

GCM’s biggest security risk is its fragility in case of nonce repetition. NIST’s GCM standard [57] requires the following:

The probability that the authenticated encryption function ever will be invoked with the same IV and the same key on two (or more) distinct sets of input data shall be no greater than 2−32.

Moreover, care must be taken that the nonces do not repeat: if the same nonce N is used twice in an AES-GCM computation, an attacker would be able to compute the authentication key H. With the help of H, tags for any ciphertext, associated data, or both can be fabricated.

This is easy to see with a little bit of math. The authentication tag is computed as:


T = GHASH (H, A,C )⊕ E (N ∥0) K

Now, if we have two tags T1 and T2 computed with the same nonce N, we can XOR T1 and T2 to obtain the following expression:


GHASH (H, A1,C1 )⊕ EK (N ∥0)⊕ GHASH (H,A2, C2)⊕ EK (N ∥0)

Because x x = 0, the term EK(N∥0) (the AES encryption of N∥0 under the secret key K) will vanish. As a result, the attacker obtains...

Previous Section
End of Section 3
Next Section