Book Image

TLS Cryptography In-Depth

By : Dr. Paul Duplys, Dr. Roland Schmitz

Book Image

TLS Cryptography In-Depth

By: Dr. Paul Duplys, Dr. Roland Schmitz

Overview of this book

TLS is the most widely used cryptographic protocol today, enabling e-commerce, online banking, and secure online communication. Written by Dr. Paul Duplys, Security, Privacy & Safety Research Lead at Bosch, and Dr. Roland Schmitz, Internet Security Professor at Stuttgart Media University, this book will help you gain a deep understanding of how and why TLS works, how past attacks on TLS were possible, and how vulnerabilities that enabled them were addressed in the latest TLS version 1.3. By exploring the inner workings of TLS, you’ll be able to configure it and use it more securely. Starting with the basic concepts, you’ll be led step by step through the world of modern cryptography, guided by the TLS protocol. As you advance, you’ll be learning about the necessary mathematical concepts from scratch. Topics such as public-key cryptography based on elliptic curves will be explained with a view on real-world applications in TLS. With easy-to-understand concepts, you’ll find out how secret keys are generated and exchanged in TLS, and how they are used to creating a secure channel between a client and a server. By the end of this book, you’ll have the knowledge to configure TLS servers securely. Moreover, you’ll have gained a deep knowledge of the cryptographic primitives that make up TLS.

Preface

Who is this book for

What this book covers

To get the most out of this book

Conventions used

Share Your Thoughts

Download a free PDF copy of this book

Part I Getting Started

Part I Getting Started

Free Chapter

Chapter 1: The Role of Cryptography in the Connected World

Chapter 1: The Role of Cryptography in the Connected World

1.1 Evolution of cryptography

1.2 The advent of TLS and the internet

1.3 Increasing connectivity

1.4 Increasing complexity

1.5 Example attacks

Chapter 2: Secure Channel and the CIA Triad

Chapter 2: Secure Channel and the CIA Triad

2.1 Technical requirements

2.2 Preliminaries

2.3 Confidentiality

2.5 Authentication

2.6 Secure channels and the CIA triad

Chapter 3: A Secret to Share

Chapter 3: A Secret to Share

3.1 Secret keys and Kerckhoffs’s principle

3.2 Cryptographic keys

3.5 Crypto-agility and information half-life

3.6 Key establishment

3.7 Randomness and entropy

Chapter 4: Encryption and Decryption

Chapter 4: Encryption and Decryption

4.1 Preliminaries

4.2 Symmetric cryptosystems

4.3 Information-theoretical security (perfect secrecy)

4.4 Computational security

4.5 Pseudorandomness

Chapter 5: Entity Authentication

Chapter 5: Entity Authentication

5.1 The identity concept

5.2 Authorization and authenticated key establishment

5.3 Message authentication versus entity authentication

5.4 Password-based authentication

5.5 Challenge-response protocols

Chapter 6: Transport Layer Security at a Glance

Chapter 6: Transport Layer Security at a Glance

6.1 Birth of the World Wide Web

6.2 Early web browsers

6.3 From SSL to TLS

6.4 TLS overview

6.5 TLS version 1.2

6.6 TLS version 1.3

6.7 Major differences between TLS versions 1.3 and 1.2

Part II Shaking Hands

Part II Shaking Hands

Chapter 7: Public-Key Cryptography

Chapter 7: Public-Key Cryptography

7.1 Preliminaries

7.3 The Diffie-Hellman key-exchange protocol

7.4 Security of Diffie-Hellman key exchange

7.5 The ElGamal encryption scheme

7.6 Finite fields

7.7 The RSA algorithm

7.8 Security of the RSA algorithm

7.9 Authenticated key agreement

7.10 Public-key cryptography in TLS 1.3

7.11 Hybrid cryptosystems

Chapter 8: Elliptic Curves

Chapter 8: Elliptic Curves

8.1 What are elliptic curves?

8.2 Elliptic curves as abelian groups

8.3 Elliptic curves over finite fields

8.4 Security of elliptic curves

8.5 Elliptic curves in TLS 1.3

Chapter 9: Digital Signatures

Chapter 9: Digital Signatures

9.1 General considerations

9.2 RSA-based signatures

9.3 Digital signatures based on discrete logarithms

9.4 Digital signatures in TLS 1.3

Chapter 10: Digital Certificates and Certification Authorities

Chapter 10: Digital Certificates and Certification Authorities

10.1 What is a digital certificate?

10.2 X.509 certificates

10.3 Main components of a public-key infrastructure

10.5 Digital certificates in TLS

Chapter 11: Hash Functions and Message Authentication Codes

Chapter 11: Hash Functions and Message Authentication Codes

11.1 The need for authenticity and integrity

11.2 What cryptographic guarantees does encryption provide?

11.3 One-way functions

11.4 Hash functions

11.5 Message authentication codes

11.6 MAC versus CRC

11.7 Hash functions in TLS 1.3

Chapter 12: Secrets and Keys in TLS 1.3

Chapter 12: Secrets and Keys in TLS 1.3

12.1 Key establishment in TLS 1.3

12.2 TLS secrets

12.3 KDFs in TLS

12.4 Updating TLS secrets

12.6 TLS key exchange messages

Chapter 13: TLS Handshake Protocol Revisited

Chapter 13: TLS Handshake Protocol Revisited

13.1 TLS client state machine

13.2 TLS server state machine

13.3 Finished message

13.4 Early data

13.5 Post-handshake messages

13.6 OpenSSL s_client

Part III Off the Record

Part III Off the Record

Chapter 14: Block Ciphers and Their Modes of Operation

Chapter 14: Block Ciphers and Their Modes of Operation

14.1 The big picture

14.2 General principles

14.3 The AES block cipher

14.4 Modes of operation

14.5 Block ciphers in TLS 1.3

Chapter 15: Authenticated Encryption

Chapter 15: Authenticated Encryption

15.1 Preliminaries

15.2 Authenticated encryption – generic composition

15.3 Security of generic composition

15.4 Authenticated ciphers

15.5 Counter with cipher block chaining message authentication code (CCM)

15.6 AEAD in TLS 1.3

Chapter 16: The Galois Counter Mode

Chapter 16: The Galois Counter Mode

16.1 Preliminaries

16.2 GCM security

16.3 GCM performance

Chapter 17: TLS Record Protocol Revisited

Chapter 17: TLS Record Protocol Revisited

17.1 TLS Record protocol

17.2 TLS record layer

17.3 TLS record payload protection

17.4 Per-record nonce

17.5 Record padding

17.6 Limits on key usage

17.7 An experiment with the OpenSSL s_client

Chapter 18: TLS Cipher Suites

Chapter 18: TLS Cipher Suites

18.1 Symmetric cipher suites in TLS 1.3

18.2 Long-term security

18.5 ChaCha20-Poly1305 AEAD construction

18.6 Mandatory-to-implement cipher suites

Part IV Bleeding Hearts and Biting Poodles

Part IV Bleeding Hearts and Biting Poodles

Chapter 19: Attacks on Cryptography

Chapter 19: Attacks on Cryptography

19.1 Preliminary remarks

19.2 Passive versus active attacks

19.3 Local versus remote attacks

19.4 Interactive versus non-interactive attacks

19.5 Attacks on cryptographic protocols

19.6 Attacks on encryption schemes

19.7 Attacks on hash functions

Chapter 20: Attacks on the TLS Handshake Protocol

Chapter 20: Attacks on the TLS Handshake Protocol

20.1 Downgrade attacks

20.4 Padding oracle attacks on TLS handshake

20.5 Bleichenbacher attack

20.6 Improvements of Bleichenbacher’s attack

20.7 Insecure renegotiation

20.8 Triple Handshake attack

Chapter 21: Attacks on the TLS Record Protocol

Chapter 21: Attacks on the TLS Record Protocol

21.5 Compression-based attacks

Chapter 22: Attacks on TLS Implementations

Chapter 22: Attacks on TLS Implementations

22.3 Truncation attacks

22.4 Heartbleed

22.5 Insecure encryption activation

22.6 Random number generation

22.7 BERserk attack

22.8 Cloudbleed

22.9 Timing attacks

Bibliography

Index

Other Books You Might Enjoy

Other Books You Might Enjoy

Packt is searching for authors like you

Share Your Thoughts

Download a free PDF copy of this book

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

3.1 Secret keys and Kerckhoffs’s principle