The overall

TLS/SSL protocol is designed to solve the problem of information security in network communication.

There are three main purposes of its design:

  • Authentication – to find out if the person I’m communicating with is who I think he is.
  • Confidentiality – Even if a third party has access to a communication, it is not clear what is being said.
  • Integrity – To ensure the integrity of communication content.

The TLS/SSL protocol consists of two parts: 1. The Record protocol

  • Symmetric encryption algorithm is used to solve the part of communication message encryption.

There is a Handshake agreement

  • In order to achieve symmetric encryption, the key is passed through a handshake protocol.

Symmetric encryption

Symmetric encryption algorithms use the same key during encryption and decryption.

Example: In order to prevent third party eavesdropping when Zhang SAN communicates with Li Si, he uses Moss password to encrypt the communication content. When Li Si receives the message, he decrypts it using the same Morse code.

Because the same Moss password is used, this is symmetric encryption.

Symmetric encryption in network communication can encrypt/decrypt content with the same key because xOR operation is used.

Exclusive or operation

In mathematics, xor operation: no if two numbers are the same and true if they are different.

Xor operation in computing:

Example: there is a key: 1010, and plaintext: 0110.

1. Encrypt the plaintext with the key. The ciphertext is 1100

  • 1 XOR 0 = 1
  • 0 XOR 1 = 1
  • 1 XOR 1 = 0
  • 0 XOR 0 = 0

2. Use the same key to decrypt the ciphertext and obtain plaintext 0110

  • 1 XOR 1 = 0
  • 0 XOR 1 = 1
  • 1 XOR 0 = 1
  • 0 XOR 0 = 0

XOR XOR operation is the key to symmetric encryption.

Advantages:

  • Xor operations are very fast and only need to be traversed once.

Disadvantages:

  • The key that requires xOR to be of the same length as the plaintext. Plaintext can be large or small, ranging from hundreds of megabytes to gigabytes, and it is impossible to require keys of the same size.

fill

What about the drawback that xOR requires the two sides to be the same length? Those of you who are smart might have figured out a solution: divide the plain text into blocks of equal length.

For example, if the key is 16 bytes, the plaintext is divided into multiple 16-byte blocks, and these blocks are encrypted and decrypted using the key.

Block cipher The plaintext is divided into multiple blocks of equal length, and each Block is encrypted and decrypted separately.

But not all plaintext can be neatly divided into 16-byte blocks. That’s when you need to fill!

Purpose of filling:

  • When the last clear textBlockWhen the length of the block is insufficient, it needs to be filled.

There are two main methods of filling:

  • Bit fill: It is filled in bits.
  • Byte fill: It is filled in bytes.

There are four ways to fill bytes:

  • Fill in zeros – fill in zeros for all the last missing bytes.

    Let’s say 16 bytes. Last oneBlock, BlockIt’s only 12 bytes, so 00, 00, 00.
  • ANSI X9.23The last byte is filled in to indicate how many bytes need to be filled.

    Let’s say 16 bytes. Last oneBlockThe block is only 12 bytes, so 00 00 00 04.
  • ISO 10126— Fill in a random number and specify the number of bytes to fill in the last byte.

    Let’s say 16 bytes. Last oneBlockThe block is only 12 bytes, so fill in 45 A3 D2 04.
  • PKCS7Fill in as many bytes as you need.

    Let’s say 16 bytes. Last oneBlockThe block is only 12 bytes, so 04, 04, 04, 04.

Working mode

After grouping and filling plaintext, encryption/decryption should be carried out according to certain rules or methods. These rules or methods are working patterns.

Block cipher mode of operation

  • Allows the use of a block cipher key to encrypt and secure more than one piece of data.

1. Electronic password bookECBModel –Electronic codebook

It is to directly decompose the plaintext into multiple blocks and encrypt each block.



This way of working is very simple and fast. But the disadvantage is that the same plaintext block will be encrypted into the same ciphertext block; Therefore, it does not hide data schemas well.

For example:

To the pictureECBAfter that, there is no way to hide the contour characteristics of the image. As shown below:

2, password block linkCBCModel –Cipher-block chaining

Each plaintext block is xor with the previous ciphertext block before encryption. In this approach, each ciphertext block depends on all the plaintext blocks that precede it. Also, in order to ensure the uniqueness of each message, the initialization vector needs to be used in the first block.



Its main disadvantage is that the encryption process is serial and cannot be parallelized.

3. Counter modeCTRModel –Counter

CTRChange a block password to a stream password. It produces a continuous key stream by incrementing an encryption counter, where the counter can be any function guaranteed not to produce repeated output over a long period of time.

In this way, both encryption and decryption can be processed in parallel and the encryption effect is very good.

CTR mode also has problems: it cannot provide ciphertext integrity verification. The integrity of the ciphertext cannot be guaranteed if the ciphertext is lost during transmission.

Integrity check

MAC algorithm: Message Authentication Code. MAC algorithm can realize message integrity check. It works based on hash functions.

hashA function is a way to create small digital “fingerprints” from any kind of data.hashThe function compresses messages or data into a summary, making the amount of data smaller and the format of the data fixed.

In short: No matter how long the string is entered, passhashFunction to get a string of fixed length.

MACThe workflow is shown in the figure:

  • The sender uses ciphertext to communicate with the keyMACThe algorithm generates aMACSequence. Then combine the ciphertext withMACThe sequence values are packaged and sent together.
  • After receiving the ciphertext, the recipient uses the same cipher text as the keyMACThe algorithm also generates oneMACSequence. And then compare these twoMACWhether the sequence is the same.

The CTR group working mode and MAC algorithm give birth to the GCM group working mode.

AES Symmetric encryption algorithm

Advanced Encryption Standard (AES)

  • Common filling methods:PKCS7
  • Common group working mode:GCM

The Block length of AES is fixed at 128 bits, that is, 16 bytes. The key length can be 128,192 or 256 bits.

The AES encryption process operates on a 4×4 byte matrix.

Therefore, it can be seen from the figure above that the packet length is 128 bits divided into four 32 bits. Keys of different lengths are divided into matrices of four, six, and eight 32-bit bits.

The AES encryption process is shown in the figure





  • AddRoundKeyRound keys plus

2. Ordinary wheels

  • AddRoundKeyRound keys plus
  • SubBytesByte replace
  • ShiftRowsLine shift
  • MixColumnsColumn hybrid

3. Final round

  • SubBytesByte replace
  • ShiftRowsLine shift
  • AddRoundKeyRound keys plus

AddRoundKey addRoundKey

  • Each byte in the matrix is associated with the turn key (round key) doXORCalculations; Each subkey is generated by the key generation scheme.

SubBytes Indicates the byte replacement

  • Each byte is replaced by a corresponding byte by a lookup table through a nonlinear substitution function.

ShiftRows line shift

  • Shift each row in the matrix in a circular fashion.

MixColumns column hybrid

  • To fully mix the linear operations in the matrix. This step uses a linear transformation to mix each of the four bytes inline. The last encryption loop is omittedMixColumnsStep while taking anotherAddRoundKeyTo replace.

Asymmetric cipher

The biggest problem with symmetric encryption is how to pass the key to each other. Asymmetric ciphers can transfer keys securely.

Each participant has a pair of keys:

  • Public key — public to each other
  • Private key – Owned only by yourself

Asymmetric encryption and decryption process:

  • Encrypt using the other party’s public key
  • Decrypt using your own private key

For example, If John wants to communicate with John, Step 1: John encrypts the ciphertext using John’s public key and sends the ciphertext to John. Step 2: Li Si decrypts with his private key.

Ciphertext cannot be decrypted using a public key, only a private key can be decrypted.

How did Joe get His public key? There are two ways:

  • The first is obtained through the PKI public key infrastructure.
  • The second kind: in the process of establishing a link through the handshake process from Li Si to Zhang SAN.

RSA algorithm

RSA is based on public-key cryptography.

The public-key cryptosystem is a cryptosystem that “it is computationally infeasible to deduce the decryption key from the known encryption key”.

Generation of public and private keys in RSA algorithm:

  • Pick two prime numbers at random that don’t want to waitpandq.
  • To calculatepandqThe product of then(The plaintext is less thann).
  • To calculatenEuler function of phiv.v=(p-1)*(q-1).
  • Pick an integer at randomeAnd,1<e<v.kwithvAre co-prime.
  • To calculateeforvThe membrane inverse elementd.(d * e)%v = (e * d)%v = 1.
  • Public key:(e, n).
  • The private key:(d, n).

The security of RSA depends on the fact that factorization of large numbers is very, very difficult, that is, it is very difficult to factor p and Q from a large number n.

RSAThe encryption and decryption process of the algorithm is as shown in the figure below

  • encryption

    M is plaintext, and C is ciphertext
  • decryption

RSA is about one-thousandth as fast as symmetric cryptography algorithms with the same level of security because of the large number of multiplications performed.

PKI Public key infrastructure

PKI is a very important application of asymmetric cryptography.

Based on private key encryption, only public key decryption can be used to realize the function of identity authentication.

The process of signature and check

  • First webmaster throughRSAThe algorithm generates a pair of public and private keys and sends the public key and the personal identity of the webmaster toCertificate AuthorityDigital certificate authority
  • byCAAgencies verify personal information and then use itCAThe institution’s private key is encrypted to generate a public key digital certificate
  • The public key digital certificate is then issued to the webmaster. Composition of public key digital certificate:CAInformation, public key user information, public key, signature and validity period of authority.

Specific process: as shown in the figure

Signature:

  • Webmaster’s personal information throughhashThe function generates ahashValue.
  • And then useCAThe private key pair of the organizationhashThe value is encrypted.
  • The encrypted content is packaged with the webmaster’s personal information and the site’s public key into a public key digital certificate.

Attestation:

  • When the browser receives the public key digital certificate, it splits the certificate into two parts: the webmaster personal information and the encrypted onehashValue.
  • Browser webmaster’s personal information through the certificatehashThe function generates ahashValue.
  • And then useCAThe public key of the agency decrypts the encrypted certificatehashValue.
  • Compare the twohashWhether the values are equal.

Certificate type:

  • Domain name Verification Certificatedomain validated:DVcertificate

    DVCertificates are usually free
  • Certificate of Organization verificationorganization validated:OVcertificate

    OVCertificate verification is more rigorous and is usually charged
  • Extended authentication certificateextended validate:EVcertificate

    EVCertificates are the most stringent and therefore the most expensive.

From the point of view of encryption security, the confidentiality of the three types of certificates are the same, only in the webmaster’s personal information verification is different.

DH Key exchange protocol

There are two ways to get the public key:

  • The first: passPKIPublic key infrastructure got it.
  • The second kind: in the process of establishing a link through the handshake process from Li Si to Zhang SAN.

The RSA algorithm is generally used in the first method for authentication of CA institutions. In fact, the RSA algorithm is also feasible for the second method.

Example: Zhang SAN establishes a link with Li Si. The RSA algorithm is used to generate a pair of public and private keys, and the public key is passed to Joe. Then Zhang SAN encrypts the symmetric encryption key with the public key and passes it to Li Si, who decrypts the key with the private key.

Even if a third party gets a public key, it cannot decrypt the ciphertext without the private key.

But there is a drawback to this approach: there is no forward confidentiality. In other words, after the third party saves all the communication packets and decrypts the private key, it can know all the ciphertext content.

DH key exchange protocol solves this problem. It allows both parties to create a key over an insecure channel without any prior information from the other party. So the key is generated in real time for every communication

Specific process:

  • First, during the handshake, Joe generates a pair of public and private keys and sends the public key to Joe.
  • After receiving The public key, Joe also generates a pair of public and private keys and sends his public key to Joe.
  • Then Zhang SAN and Li Si useDHThe protocol generates a key from the other party’s public key and its own private key. The two keys are identical.

Principle of DH Key exchange protocol:

  • Li Si specifies two random open numbersgandpAnd then specify your private keya, according to theg,pAnd a private keyaTo generate a public keyA.
  • Li Si will reveal the numbergandpAnd own public keyASend it to Joe.
  • Joe himself specifies a private keybAnd then based on the open numberg,pAnd a private keybTo generate a public keyB.
  • Joe will own his public keyBSend it to Li Si.
  • Joe and Joe generate symmetric encryption keys from each other’s public keys and their own private keysK.

As is shown in

Problems with DH switching protocols: Vulnerable to man-in-the-middle forgery attacks.

In simple terms, a third party pretends to be A DH key exchange with A third party, and then pretends to be a DH key exchange with a third party. I know the key K.

The solution is simple, using authentication in the PKI public key infrastructure. Third party can’t pretend li Si this stationmaster.

As shown in the figure, the DH protocol also involves a large number of multiplication operations and is very slow. The CURRENT DH key exchange protocol is based on ECC elliptic curve, which is very fast. It is called ECDHE key exchange algorithm. You can search for details yourself.

conclusion

A security suite commonly used in TLS1.2 is TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

To be specific:

  • ECDHE: key exchange algorithm
  • RSA: indicates the authentication algorithm
  • AES: indicates the symmetric encryption algorithm
  • 128: indicates the key length of symmetric encryption
  • GCM: Symmetric encryption mode
  • SHA256: indicates the hash algorithm

References:

Block cipher working mode — Wiki advanced encryption standard — Wiki RSA algorithm — Wiki DH key exchange protocol –wiki “Computer Networks: Top-down approach” Web protocol details and packet capture practice — Tao Hui

At the end

For more articles, please go to Github, if you like, please click star, which is also a kind of encouragement to the author.