Net215:Basic_Crypto_HTTPS_and_TLS - ConnorEast/Tech-Journal GitHub Wiki

Terminology

  • Cryptography: "lock and key", protects data by disguising it as something else
  • Cipher: Method to disguise text
  • PlainText: the original text
  • CipherText: the disguised text
  • Encrypt: the process of disguising
  • Decrypt: removes the disguise
  • Algorithm: Step-by-step procedure for calculations
  • Key: A piece of information which determines the functional output of a cryptographic algorithm or cipher
  • Hash function: an algorithm that takes an arbitrary block of data and returns a fixed-size bit string
  • Message Digest: Result of a hash function

Cryptography and computing

  • Confidentiality: Using Cryptography to keep data private
  • Integrity: Crypto to ensure that data has not been altered
  • Authentication: Verify that user is who they claim to be
  • Non-Repudiation: Ensure that user performed a specific activity

Confidentiality and Crypto

There are two common applications of encryption: encryption in transit & Encryption at rest. The major methods used would be either Symmetric or Asymmetric encryption. Symmetric being where the data is encrypted using the other devices public keys. Asymmetric encryption would be where the data is encrypted based on the opposite devices private keys.

In some cases both symmetric and asymmetric keys are used in tandem.

Asymetric Encryption Symmetric Encryption
  • Uses "key pairs": Public Key + Private Key
  • Devices encrypted using the public key can only be decrypted by the matching private key
  • Any message encrypted using the private key can only be decrypted by the matching private key
  • Pros: Easy key exchange!
  • Cons: Slower, more complex
  • A secret key (alphanumeric string) is applied to a message to change the content
  • The same key is used to encrypt/decrypt messages
  • Pros: Simple/Fast/Effective.
  • Cons: Exchanging the private key is challenging.

TLS (Transport Layer Security)

  • Designed to secure network traffic
  • Layer 6 Protocol [Some people say its layer 5]

    • Relies on both Symmetric and asymmetric encryption

  • Uses asymmetric encryption to exchange a symmetric key
  • Uses symmetric encryption to encrypt the rest of the communication

How TLS Works

>Step 1: Completion of 3-way handshake [Syn/Syn-ACK/ACK]

>Step 2: Client Hello is sent containing TLS supported version. A session ID is set, and a random number for encryption is sent

>Step 3: Server Hello is sent containing the TLS version to use to connect. A second random number is generated for symmetric encryption

>Step 4: Server sends a digital certificate containing its public key

>Step 5: Server sends a Server Hello Done message

>Step 6: Client sends a pre-master secret to the server. The server than generates the master key which is used for symmetric encryption.

>Step 7: Client sends a handshake finished message. The server sends a handshake finished message. Encryption is now functional

TLS Non-Protected Information

  • IP Addresses of Client and Server
  • Ports of Client and Server
  • Relative size of files/sites
  • DNS requests made to connect to the server
⚠️ **GitHub.com Fallback** ⚠️