Book Image

TLS Cryptography In-Depth

By : Dr. Paul Duplys, Dr. Roland Schmitz
Book Image

TLS Cryptography In-Depth

By: Dr. Paul Duplys, Dr. Roland Schmitz

Overview of this book

TLS is the most widely used cryptographic protocol today, enabling e-commerce, online banking, and secure online communication. Written by Dr. Paul Duplys, Security, Privacy & Safety Research Lead at Bosch, and Dr. Roland Schmitz, Internet Security Professor at Stuttgart Media University, this book will help you gain a deep understanding of how and why TLS works, how past attacks on TLS were possible, and how vulnerabilities that enabled them were addressed in the latest TLS version 1.3. By exploring the inner workings of TLS, you’ll be able to configure it and use it more securely. Starting with the basic concepts, you’ll be led step by step through the world of modern cryptography, guided by the TLS protocol. As you advance, you’ll be learning about the necessary mathematical concepts from scratch. Topics such as public-key cryptography based on elliptic curves will be explained with a view on real-world applications in TLS. With easy-to-understand concepts, you’ll find out how secret keys are generated and exchanged in TLS, and how they are used to creating a secure channel between a client and a server. By the end of this book, you’ll have the knowledge to configure TLS servers securely. Moreover, you’ll have gained a deep knowledge of the cryptographic primitives that make up TLS.
Table of Contents (30 chapters)
1
Part I Getting Started
8
Part II Shaking Hands
16
Part III Off the Record
22
Part IV Bleeding Hearts and Biting Poodles
27
Bibliography
28
Index

22.1 SMACK

In 2015, a group of French security researchers with Benjamin Beurdouche systematically tested the then-popular open source TLS implementations for state-machine-related bugs and uncovered multiple critical security vulnerabilities that have been dormant in these libraries for years [28]. They called these vulnerabilities State Machine Attacks on TLS (SMACK).

In several previous chapters, for example, in Chapter 6 Transport Layer Security at a Glance, Chapter 8 Elliptic Curves, Chapter 12 Secrets and Keys in TLS 1.3, and Chapter 18 TLS Cipher Suites, we learned that TLS supports a variety of protocol versions, authentication modes, key exchange alternatives, and protocol extensions.

TLS implementations typically consist of functions for parsing and generating messages, and for performing cryptographic operations. The message sequence – which message to expect or which message to generate as a response – is managed by the TLS peer’...