Be able to explain the role of TLS and HTTPS in the TCP/IP stack
Network Stack with HTTP(application layer)
HTTP, Mail(MIME), FTP- cleartext
pass through SSL/TLS(inserting a new layer- converting plaintext into securing text)
→HTTPS, S/MIME,SFTP
Transport layer(TCP) segments
Network layer(IP) packets
Datalink (Ethernet) frames
Physical (bits)
TLS
- Developed by Netscape
- TLS 1.3 latest version
Services of SSL/TLS-
- Server authentication- server’s identity is confirmed to the client, by a valid certification(digitally signed) or public key.
- important for financial transaction - Client authentication- user’s identity is confirmed to server(browser certificate)
untrusted site (does not have certificate), can compromise your communication.
- Confidentiality- data items transferred(e.g reference no) in the session are encrypted to protect against eavesdropping
- Integrity- MAC is attached to the message
- There are two sublayers b/w app layer and transport layer?
- SSL handshake- establish connection
SSL handshake protocol - establish connection and session between client(browser) and server(e.g netbank), authenticating and negotiating encryption algorithm and keys
- SSL change cipher- keep randomly changed
SSL Change Cipher Spec- change ciphering strategy. random time, change encrpyiton algorithm and keys. same session but diff ciphering strategy - SSL Alert - keep alerting detect weakness
SSL Alert Protocol- alert messages for client and server w information if critical. e.g certificate expired, algoruthm not working, key expired. ensuring secure connection
- SSL Record protocol- encrypting
SSL Record Protocol - application data is broken up into fragments(HTTP), compressed(lossless), generated MAC(message authentication code) using a hash function like SIHAC256 using a secure encryptrion key. encrypt the data. append SSL record header(HTTPS) sent to TCP layer(becomes segments), Network (becomes packets), Data link layer(becomes frames).
SSL Record Protocol(is important) converts application data encrypted - encryption, decryption, checking message authentication, compression, decompress, application data breaks from segments into fragments.
SSL uses which what echange protocol?
- Uses diffie-hellman key exchange to create the shared secret(public key) between client and server. keep create keys and change key using cipher spec protocol. several keys needed for each party (encypt with AES, message authenticiation code) exchange the keys for secure communication
Explain diffie-hellman key exchange
DIFFIE-HELLMAN KEY EXCHANGE
- Alice and Bob(i.e Client and Server) have common information(large prime integer q and primitive root a) prior to creating session key(this has to be secure 4. is not an issue)
- Alice and Bob(Web and Serve)each generate the private keys (X = number less than q) within milliseconds
- Mix private keys with information- to generate public keys for each party.(yalice = a^X % q)(ybob = a^X % q)→ primitive root to the power of private key mod large prime integer
4.Exchange public keys- does not matter if public key is hacked as well
5.Mix public key with common code for common secret key(used for securing the information)
Secret common key = K = y^X % q
they exchange public keys and power it with their private keys % q. will be same for both.(used for secure communication.)
-Works so well due to Discrete logarithms as it hard to decode and reverse
TLS PHASES
1.SSL/TLS Handshake
Client and server authenticate each other by exchanging certificate, session ID ,and shared key.
2.TLS Record-
After exahgne of Change Cipher Spec ,
there is encryption of data generating message authentication code for integrity check.
- TLS Alert-
alert when communication issue
Authentication with Certificates-
igital certificates are in public key, help to initialize the SSL/TLS connections
certificate helps to provide additional info for public
owner of matching private key used to decrypt
Every certificate checks:
validity(expiry date)
subject name
issuer name
other paramters
TRUSTED CERTIFICATE AUTHORITY-
e.g verisign
A Certificate Authority(CA) is a trusted entity issuing digital trusted certificates
help to link an entity(useer,browser,device,etc) with a public key.
authenticates entity with certificate
Diffie -hellman /RSA to exchangen digital cert.
Certificates can have problems
- certificates can be revoked- person no longer part of company
- relation between name and principal
- users can accept certificates with errors
What is a VPN?
A VPN is an extension to private network across public network.
- logically & securely connects a client(or a network) to a network via an encrypted channel.
- secure VPN tunnel, ISP wont track history
- routes packet betweenn different network
- Tunnel can be established by TLS, IPSec(network layer- IP layer encrypted and authenticated)
- security is only in the tunnel endpoints. can hid network behind tunnel.
IPSec and how it is used for VPNs?
-IPSec(Network layer)- network layer.
packets can be encrypted.
IPSec provides authentication, confidentiality, and key management
2 Modes for IPSec
- Transport Mode- , payload in IP packets is encrypted,integrity of header is protected used for e.g when end-to-end encryption between two devices
- Tunnel Mode-network to network encryption. complete IP packets are encrypted and contained in a new IP packet with a new header??
Used for VPNs and host-to-host/ host-to-network / network-to-network communication
