Author: Kevanna Brown
Finished message – TLS Handshake Protocol Revisited
13.3 Finished message Bob’s Finished is the final message in the TLS handshake protocol. This message authenticates the handshake as well as the secret shared keys that Alice and Bob agreed upon. Both Alice and Bob (when he receives Alice’s Finished message while in state WF ) verify the correctness of this message’s contents and…
Read MoreThe NewSessionTicket message – TLS Handshake Protocol Revisited
13.5.1 The NewSessionTicket message Any time after receiving Bob’s Finished message, Alice can send a NewSessionTicket message. NewSessionTicket creates a unique link between the value of the ticket and the secret pre-shared key that is derived from resumption˙master˙secret (see Section 12.2, TLS secrets, in Chapter 12, Secrets and Keys in TLS 1.3, for more details).…
Read MorePost-handshake authentication – TLS Handshake Protocol Revisited
13.5.2 Post-handshake authentication If Bob sent the post˙handshake˙auth extension, Alice can ask Bob to authenticate himself any time after their handshake by sending Bob a CertificateRequest message. In that case, Bob must reply with the corresponding authentication messages: If Bob receives a CertificateRequest message without having sent the post˙handshake˙auth extension, Bob terminates the TLS session…
Read MoreOpenSSL s_client – TLS Handshake Protocol Revisited
13.6 OpenSSL s_client OpenSSL is an open source project implementing the OpenSSL software, a commercial-grade, feature-rich toolkit for cryptography and TLS [137]. OpenSSL’s technical decision making is governed by the OpenSSL Technical Committee (OTC) and the software is published under an Apache-style license, making it suitable for both non-commercial and commercial purposes. At the time…
Read MoreUsing openssl-s_client – TLS Handshake Protocol Revisited
13.6.2 Using openssl-s_client Now that we have a working OpenSSL installation, let’s look at selected openssl-s˙client options for performing basic TLS operations with this tool. Connecting to a TLS server is done by executing the following command: # openssl s_client -connect servername:443 As an example, to connect to the Packt web server using TLS, you…
Read MoreTLS experiments with openssl-s_client – TLS Handshake Protocol Revisited
13.6.3 TLS experiments with openssl-s_client So, what kind of experiments can we do using openssl-s˙client to better understand how TLS works under the hood? Well, we could start by looking into the protocol messages of an actual TLS session. As an example, we could perform a TLS handshake with the Packt web server: # openssl…
Read MoreThe big picture – Block Ciphers and Their Modes of Operation
14.1 The big picture In the last part of the book, we covered in detail the TLS Handshake protocol and the cryptography needed to implement the main security objectives of the TLS Handshake protocol, namely entity authentication and key agreement. For the latter of these goals, public-key cryptography was needed, for the former, we used…
Read MoreGeneral principles – Block Ciphers and Their Modes of Operation
14.2 General principles A block cipher is an encryption function eK that maps plaintext blocks of fixed size b onto ciphertext blocks of the same size b: As indicated by the subscript k, a block cipher is a symmetric algorithm, taking a shared key k ∈𝒦 as a parameter, where 𝒦 is the keyspace (see…
Read MoreConfusion and diffusion – Block Ciphers and Their Modes of Operation
14.2.2 Confusion and diffusion What makes a good block cipher? Claude Shannon was perhaps the first to try and answer this question in a systematic way [162]. He defined two methods for frustrating a statistical analysis: A good block cipher will contain both components. In order to not give any hints about the plaintext statistics,…
Read MorePseudorandom permutations – Block Ciphers and Their Modes of Operation
14.2.4 Pseudorandom permutations Simply put, a permutation is a function that rearranges the order of elements in a set. A random permutation is a permutation that is randomly chosen from all possible permutations for a given set. A pseudorandom permutation looks like a random permutation to any polynomial-time observer, but is actually a deterministic algorithm.…
Read More