SecurityArena

Guide to Practical Info Security!

Who's Online

We have 6 guests online
CBK Cryptography
Print E-mail
Written by Administrator   
Friday, 24 July 2009 08:48
Article Index
CBK Cryptography
Definitions
Types of Ciphers
Symmetric vs Asymmetric Cryptography
Types of` Symmetric Ciphers
Types of Symmetric Systems
Types of Asymmetric Systems
One-time pad
Hybrid Encryption Methods
Public Key Infrastructure (PKI)
Hashing
Digital signatures
Key Management
Link versus end-to-end encryption
E-mail standards
Web Security
Transport Layer Security (TLS)
IPSec - Internet Protocol Security
Attacks
All Pages
Page 17 of 19

Transport Layer Security (TLS)

Secure Sockets Layer

Secure Socket Layer was developed by NetScape in 1994. SSL is included as part of all leading web browsers and most Web server products. It resides between HTTP and TCP Layer.
SSL has recently been succeeded by Transport Layer Security (TLS), which is based on SSL.

Transport Layer Security

TLS provides endpoint authentication and communications confidentiality over the Internet using cryptography. TLS and SSL encrypt the segments of network connections at the Transport Layer end-to-end.
It is based on Netscape’s SSL 3.0, TLS supercedes and is an extension of SSL. TLS and SSL are not interoperable.

TLS Authentication Modes

Unilateral Authentication In typical end-user/browser usage, TLS authentication is unilateral, i.e. only the server is authenticated to end-user/browser, but not vice versa.
Bilateral Authentication In this mode both ends of the "conversation" can be assured with whom they are communicating . This is known as mutual authentication. Mutual authentication requires that the TLS client-side also hold a certificate. This mode is more common in enterprise applications. In a TLS variant TLS-PSK (TLS-Pre Shared Key), the Secure Remote Password (SRP) protocol, or some other protocol is used that can provide strong mutual authentication in the absence of certificates.

TLS Phases

  • Peer negotiation for algorithm support
  • Key exchange and authentication
  • Symmetric cipher encryption and message authentication

 

How it works

  • A TLS client and server negotiate a stateful connection by using a handshaking procedure. During this handshake, the client and server agree on various parameters used to establish the connection's security.
  • The handshake begins when a client connects to a TLS-enabled server requesting a secure connection, and presents a list of supported ciphers and hash functions. Typical algorithms are:
    • For key exchange (public key): RSA, Diffie-Hellman, ECDH, SRP, PSK
    • For authentication (public key): RSA, DSA, ECDSA
    • Symmetric ciphers: RC4, Triple DES, AES, IDEA, DES, or Camellia. In older versions of SSL, RC2 was also used.
    • For cryptographic hash function: HMAC-MD5 or HMAC-SHA are used for TLS, MD5 and SHA for SSL, while older versions of SSL also used MD2 and MD4.
  • From this list, the server picks the strongest cipher and hash function that it also supports and notifies the client of the decision.
  • The server sends back its identification in the form of a digital certificate. The certificate usually contains the server name, the trusted certificate authority (CA), and the server's public encryption key.
  • The client may contact the server that issued the certificate and confirm that the certificate is authentic before proceeding.
  • In order to generate the session keys used for the secure connection, the client encrypts a random number (RN) with the server's public key (PbK), and sends the result to the server. Only the server can decrypt it (with its private key (PvK)): this is the one fact that makes the keys hidden from third parties, since only the server and the client have access to this data. The client knows PbK and RN, and the server knows PvK and (after decryption of the client's message) RN. A third party may only know PbK, unless PvK has been compromised.
  • From the random number, both parties generate key material for encryption and decryption.
  • This concludes the handshake and begins the secured connection, which is encrypted (using already agreed symmetrical algorithm) and decrypted with the key material until the connection closes.

TLS Usage Scenario

  • TLS is implemented on top of Transport Layer protocols, encapsulating the application specific protocols such as HTTP, FTP, SMTP, NNTP, and XMPP. Most implementation are based on top of TCP, however, it has also been implemented with UDP.
  • Several versions of the protocols are in wide-spread use in applications like web browsing, electronic mail, Internet faxing, instant messaging and voice-over-IP (VoIP). A prominent use of TLS is for securing World Wide Web traffic carried by HTTP to form HTTPS.
  • TLS can also be used to tunnel an entire network stack to create a VPN, as is the case with OpenVPN. When compared against traditional IPsec VPN technologies, TLS has some inherent advantages in firewall and NAT traversal that make it easier to administer for large remote-access populations.


Last Updated on Friday, 28 August 2009 05:01
 
Please register or login to add your comments to this article.
Comments (1)
-15 Wednesday, 05 August 2009 12:44
ravi
Very helpful....
Tabulated comparisons of the two cryptography, really help to remeber...
thanx
keep up the good work
Display #
yvComment v.1.23.0
Banner
Copyright © 2010 Information Security Arena. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.
 
Joomla 1.5 Templates by Joomlashack