TLS Cryptography In-Depth Explore the Intricacies of Modern Cryptography and the Inner Workings of TLS
A practical introduction to modern cryptography using the Transport Layer Security protocol as the primary reference Key Features Learn about real-world cryptographic pitfalls and how to avoid them Understand past attacks on TLS, how these attacks worked, and how they were fixed Discover the inner w...
| Other Authors: | , |
|---|---|
| Format: | eBook |
| Language: | Inglés |
| Published: |
Birmingham, UK :
Packt Publishing Ltd
[2023]
Birmingham, England : [2023] |
| Edition: | First edition |
| Subjects: | |
| See on Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009827938206719 |
Table of Contents:
- Cover
- Part 1: Getting Started
- Title Page
- Copyright and Credits
- Contributors
- Table of Contents
- Preface
- Chapter 1: The Role of Cryptography in the Connected World
- Evolution of cryptography
- The advent of TLS and the internet
- Increasing connectivity
- Connectivity versus security - larger attack surface
- Connectivity versus marginal attack cost
- Connectivity versus scaling attacks
- Increasing complexity
- Complexity versus security - features
- Complexity versus security - emergent behavior
- Complexity versus security - bugs
- Example attacks
- The Mirai botnet
- Operation Aurora
- The Jeep hack
- Commonalities
- Summary
- Chapter 2: Secure Channel and the CIA Triad
- Technical requirements
- Preliminaries
- Confidentiality
- Integrity
- Authentication
- Message authentication
- Entity authentication
- Secure channels and the CIA triad
- Summary
- Chapter 3: A Secret to Share
- Secret keys and Kerckhoffs's principle
- Cryptographic keys
- One key for each task
- Key change and session keys
- Key space
- Key length
- Crypto-agility and information half-life
- Key establishment
- Key transport
- Key agreement
- Randomness and entropy
- Information-theoretic definition of entropy
- Entropy in cryptography
- True randomness and pseudo-randomness
- Summary
- Chapter 4: Encryption and Decryption
- Preliminaries
- Symmetric cryptosystems
- Information-theoretical security (perfect secrecy)
- A first example
- The one-time pad
- Computational security
- Asymptotic approach and efficient computation
- Negligible probabilities
- Pseudorandomness
- Stream ciphers
- RC4
- Pseudorandom functions and chosen-plaintext attacks
- Summary
- Chapter 5: Entity Authentication
- The identity concept
- Basic principles of identification protocols
- Basic factors for identification.
- Authorization and authenticated key establishment
- Message authentication versus entity authentication
- Password-based authentication
- Brief history of password-based authentication
- Storing passwords
- Disadvantages of password-based authentication
- Challenge-response protocols
- Ensuring freshness
- Challenge-response using symmetric keys
- Challenge-response using (keyed) one-way functions
- Challenge-response using public-key cryptography
- Summary
- Chapter 6: Transport Layer Security at a Glance
- Birth of the World Wide Web
- Early web browsers
- From SSL to TLS
- TLS overview
- TLS terminology
- CIA triad in TLS
- TLS within the internet protocol stack
- TLS version 1.2
- Subprotocols in TLS version 1.2
- A typical TLS 1.2 connection
- Algorithm negotiation
- Key establishment
- Server authentication
- Client authentication
- Session resumption
- TLS version 1.3
- Handshake protocol
- Error handling in the TLS 1.3 handshake
- Session resumption and PSKs
- Zero round-trip time mode
- Major differences between TLS versions 1.3 and 1.2
- Summary
- Part 2: Shaking Hands
- Chapter 7: Public-Key Cryptography
- Preliminaries
- Groups
- Examples of groups
- The discrete logarithm problem
- The Diffie-Hellman key-exchange protocol
- Security of Diffie-Hellman key exchange
- Discrete logarithm problem
- The Diffie-Hellman problem
- Authenticity of public keys
- The ElGamal encryption scheme
- Finite fields
- Fields of order p
- Fields of order pk
- The RSA algorithm
- Euler's totient function
- Key pair generation
- The encryption function
- The decryption function
- Security of the RSA algorithm
- The factoring problem
- The RSA problem
- Authenticity of public keys
- Authenticated key agreement
- The Station-to-Station (STS) protocol
- Public-key cryptography in TLS 1.3.
- Client key shares and server key shares
- Supported groups
- Finite Field Diffie-Hellman in TLS
- Hybrid cryptosystems
- High-level description of hybrid cryptosystems
- Hybrid encryption
- Example - Hybrid Public Key Encryption
- Hybrid cryptosystems in modern cryptography
- Summary
- Chapter 8: Elliptic Curves
- What are elliptic curves?
- Reduced Weierstrass form
- Smoothness
- Projective coordinates
- Elliptic curves as abelian groups
- Geometrical viewpoint
- Explicit formulae
- Elliptic curves over finite fields
- Elliptic curves over Fp
- Elliptic curves over F2k
- Discrete logarithms and Diffie-Hellman key exchange protocol
- Security of elliptic curves
- Generic algorithms for finding discrete logarithms
- Shanks' babystep-giantstep algorithm
- Pollard's algorithm
- Algorithms for solving special cases of ECDLP
- Secure elliptic curves - the mathematical perspective
- A potential backdoor in Dual_EC_DRBG
- Secure elliptic curves: security engineering perspective
- Elliptic curves in TLS 1.3
- Curve secp256r1
- Curve secp384r1
- Curve secp521r1
- Curve 25519
- Curve 448
- Elliptic curve Diffie-Hellman in TLS 1.3
- ECDH parameters in TLS 1.3
- Example: ECDH with curve x25519
- Summary
- Chapter 9: Digital Signatures
- General considerations
- RSA-based signatures
- Digital signatures based on discrete logarithms
- Digital Signature Algorithm (DSA)
- Elliptic Curve Digital Signature Algorithm (ECDSA)
- Digital signatures in TLS 1.3
- RSASSA-PKCS1-v1_5 algorithms
- RSASSA-PSS algorithms
- ECDSA algorithms
- EdDSA algorithms
- Legacy algorithms
- Summary
- Chapter 10: Digital Certificates and Certification Authorities
- What is a digital certificate?
- X.509 certificates
- Minimum data fields
- X.509v3 extension fields
- Enrollment
- Certificate revocation lists.
- Online Certificate Status Protocol (OCSP)
- X.509 trust model
- Main components of a public-key infrastructure
- Rogue CAs
- Digital certificates in TLS
- TLS extensions
- Encrypted extensions
- Certificate request
- Signature algorithms in TLS certificates
- Certificates and TLS authentication messages
- The Certificate message
- The CertificateVerify message
- Server certificate selection
- Client certificate selection
- OID filters
- Receiving a Certificate message
- The certificate_authorities extension
- Summary
- Chapter 11: Hash Functions and Message Authentication Codes
- The need for authenticity and integrity
- What cryptographic guarantees does encryption provide?
- One-way functions
- Mathematical properties
- Candidate one-way functions
- Hash functions
- Collision resistance
- One-way property
- Merkle-Damgard construction
- Sponge construction
- Message authentication codes
- How to compute a MAC
- HMAC construction
- MAC versus CRC
- Hash functions in TLS 1.3
- Hash functions in ClientHello
- Hash Functions in TLS 1.3 signature schemes
- SHA-1
- SHA-256, SHA-384, and SHA-512 hash functions
- Hash functions in authentication-related messages
- The CertificateVerify message
- The Finished message
- Transcript hash
- Hash functions in TLS key derivation
- Summary
- Chapter 12: Secrets and Keys in TLS 1.3
- Key establishment in TLS 1.3
- TLS secrets
- Early secret
- Binder key
- Bob's client early traffic secret.
- Exporter secrets
- Derived secrets
- Handshake secret
- Handshake traffic secrets
- Master secret
- Application traffic secrets
- Resumption master secret
- KDFs in TLS
- HKDF-Extract
- HKDF-Expand
- HKDF-Expand-Label
- Derive-Secret
- Updating TLS secrets
- TLS keys
- Exporter values
- Generation of TLS keys
- Key update
- TLS key exchange messages.
- Cryptographic negotiation
- ClientHello
- ServerHello
- HelloRetryRequest
- Summary
- Chapter 13: TLS Handshake Protocol Revisited
- TLS client state machine
- TLS server state machine
- Finished message
- Early data
- Post-handshake messages
- The NewSessionTicket message
- Post-handshake authentication
- Key and initialization vector update
- OpenSSL s_client
- Installing OpenSSL
- Using openssl-s_client
- TLS experiments with openssl-s_client
- Summary
- Part 3: Off the Record
- Chapter 14: Block Ciphers and Their Modes of Operation
- The big picture
- General principles
- Advantages and disadvantages of block ciphers
- Confusion and diffusion
- Pseudorandom functions
- Pseudorandom permutations
- Substitution-permutation networks and Feistel networks
- Constants in cryptographic algorithms
- DES S-boxes
- Nothing-up-my-sleeves numbers
- The AES block cipher
- Overall structure
- Round function
- Key scheduling
- Modes of operation
- ECB mode
- CBC mode
- CBC-MAC
- OFB mode
- CTR mode
- XTS mode
- Block ciphers in TLS 1.3
- Summary
- Chapter 15: Authenticated Encryption
- Preliminaries
- Indistinguishability under a chosen-plaintext attack
- Indistinguishability under a chosen-ciphertext attack
- Non-malleability under a chosen-plaintext attack
- Plaintext integrity
- Ciphertext integrity
- Authenticated encryption - generic composition
- Encrypt-and-MAC
- MAC-then-encrypt
- Encrypt-then-MAC
- Security of generic composition
- Authenticated ciphers
- Authenticated encryption with associated data
- Avoiding predictability with nonces
- Counter with cipher block chaining message authentication code (CCM)
- Authenticated encryption with CCM
- Authenticated decryption with CCM
- AEAD in TLS 1.3
- Summary
- Chapter 16: The Galois Counter Mode
- Preliminaries
- The Galois field F2128.
- GHASH function.
