Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying TLS Cryptography In-Depth
  • Table Of Contents Toc
  • Feedback & Rating feedback
TLS Cryptography In-Depth

TLS Cryptography In-Depth

By : Dr. Paul Duplys, Dr. Roland Schmitz
4.8 (4)
Buy this Book
close
close
TLS Cryptography In-Depth

TLS Cryptography In-Depth

4.8 (4)
By: Dr. Paul Duplys, Dr. Roland Schmitz
Buy this Book

Overview of this book

TLS is the most widely used cryptographic protocol today, enabling e-commerce, online banking, and secure online communication. Written by Dr. Paul Duplys, Security, Privacy & Safety Research Lead at Bosch, and Dr. Roland Schmitz, Internet Security Professor at Stuttgart Media University, this book will help you gain a deep understanding of how and why TLS works, how past attacks on TLS were possible, and how vulnerabilities that enabled them were addressed in the latest TLS version 1.3. By exploring the inner workings of TLS, you’ll be able to configure it and use it more securely. Starting with the basic concepts, you’ll be led step by step through the world of modern cryptography, guided by the TLS protocol. As you advance, you’ll be learning about the necessary mathematical concepts from scratch. Topics such as public-key cryptography based on elliptic curves will be explained with a view on real-world applications in TLS. With easy-to-understand concepts, you’ll find out how secret keys are generated and exchanged in TLS, and how they are used to creating a secure channel between a client and a server. By the end of this book, you’ll have the knowledge to configure TLS servers securely. Moreover, you’ll have gained a deep knowledge of the cryptographic primitives that make up TLS.
Table of Contents (30 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who is this book for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Conventions used
Icon
Get in touch
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book
1
Part I Getting Started
Icon
Part I Getting Started
Free Chapter
2
Chapter 1: The Role of Cryptography in the Connected World
Icon
Chapter 1: The Role of Cryptography in the Connected World
Icon
1.1 Evolution of cryptography
Icon
1.2 The advent of TLS and the internet
Icon
1.3 Increasing connectivity
Icon
1.4 Increasing complexity
Icon
1.5 Example attacks
Icon
1.6 Summary
3
Chapter 2: Secure Channel and the CIA Triad
Icon
Chapter 2: Secure Channel and the CIA Triad
Icon
2.1 Technical requirements
Icon
2.2 Preliminaries
Icon
2.3 Confidentiality
Icon
2.4 Integrity
Icon
2.5 Authentication
Icon
2.6 Secure channels and the CIA triad
Icon
2.7 Summary
4
Chapter 3: A Secret to Share
Icon
Chapter 3: A Secret to Share
Icon
3.1 Secret keys and Kerckhoffs’s principle
Icon
3.2 Cryptographic keys
Icon
3.3 Key space
Icon
3.4 Key length
Icon
3.5 Crypto-agility and information half-life
Icon
3.6 Key establishment
Icon
3.7 Randomness and entropy
Icon
3.8 Summary
5
Chapter 4: Encryption and Decryption
Icon
Chapter 4: Encryption and Decryption
Icon
4.1 Preliminaries
Icon
4.2 Symmetric cryptosystems
Icon
4.3 Information-theoretical security (perfect secrecy)
Icon
4.4 Computational security
Icon
4.5 Pseudorandomness
Icon
4.6 Summary
6
Chapter 5: Entity Authentication
Icon
Chapter 5: Entity Authentication
Icon
5.1 The identity concept
Icon
5.2 Authorization and authenticated key establishment
Icon
5.3 Message authentication versus entity authentication
Icon
5.4 Password-based authentication
Icon
5.5 Challenge-response protocols
Icon
5.6 Summary
7
Chapter 6: Transport Layer Security at a Glance
Icon
Chapter 6: Transport Layer Security at a Glance
Icon
6.1 Birth of the World Wide Web
Icon
6.2 Early web browsers
Icon
6.3 From SSL to TLS
Icon
6.4 TLS overview
Icon
6.5 TLS version 1.2
Icon
6.6 TLS version 1.3
Icon
6.7 Major differences between TLS versions 1.3 and 1.2
Icon
6.8 Summary
8
Part II Shaking Hands
Icon
Part II Shaking Hands
9
Chapter 7: Public-Key Cryptography
Icon
Chapter 7: Public-Key Cryptography
Icon
7.1 Preliminaries
Icon
7.2 Groups
Icon
7.3 The Diffie-Hellman key-exchange protocol
Icon
7.4 Security of Diffie-Hellman key exchange
Icon
7.5 The ElGamal encryption scheme
Icon
7.6 Finite fields
Icon
7.7 The RSA algorithm
Icon
7.8 Security of the RSA algorithm
Icon
7.9 Authenticated key agreement
Icon
7.10 Public-key cryptography in TLS 1.3
Icon
7.11 Hybrid cryptosystems
Icon
7.12 Summary
10
Chapter 8: Elliptic Curves
Icon
Chapter 8: Elliptic Curves
Icon
8.1 What are elliptic curves?
Icon
8.2 Elliptic curves as abelian groups
Icon
8.3 Elliptic curves over finite fields
Icon
8.4 Security of elliptic curves
Icon
8.5 Elliptic curves in TLS 1.3
Icon
8.6 Summary
11
Chapter 9: Digital Signatures
Icon
Chapter 9: Digital Signatures
Icon
9.1 General considerations
Icon
9.2 RSA-based signatures
Icon
9.3 Digital signatures based on discrete logarithms
Icon
9.4 Digital signatures in TLS 1.3
Icon
9.5 Summary
12
Chapter 10: Digital Certificates and Certification Authorities
Icon
Chapter 10: Digital Certificates and Certification Authorities
Icon
10.1 What is a digital certificate?
Icon
10.2 X.509 certificates
Icon
10.3 Main components of a public-key infrastructure
Icon
10.4 Rogue CAs
Icon
10.5 Digital certificates in TLS
Icon
10.6 Summary
13
Chapter 11: Hash Functions and Message Authentication Codes
Icon
Chapter 11: Hash Functions and Message Authentication Codes
Icon
11.1 The need for authenticity and integrity
Icon
11.2 What cryptographic guarantees does encryption provide?
Icon
11.3 One-way functions
Icon
11.4 Hash functions
Icon
11.5 Message authentication codes
Icon
11.6 MAC versus CRC
Icon
11.7 Hash functions in TLS 1.3
Icon
11.8 Summary
14
Chapter 12: Secrets and Keys in TLS 1.3
Icon
Chapter 12: Secrets and Keys in TLS 1.3
Icon
12.1 Key establishment in TLS 1.3
Icon
12.2 TLS secrets
Icon
12.3 KDFs in TLS
Icon
12.4 Updating TLS secrets
Icon
12.5 TLS keys
Icon
12.6 TLS key exchange messages
Icon
12.7 Summary
15
Chapter 13: TLS Handshake Protocol Revisited
Icon
Chapter 13: TLS Handshake Protocol Revisited
Icon
13.1 TLS client state machine
Icon
13.2 TLS server state machine
Icon
13.3 Finished message
Icon
13.4 Early data
Icon
13.5 Post-handshake messages
Icon
13.6 OpenSSL s_client
Icon
13.7 Summary
16
Part III Off the Record
Icon
Part III Off the Record
17
Chapter 14: Block Ciphers and Their Modes of Operation
Icon
Chapter 14: Block Ciphers and Their Modes of Operation
Icon
14.1 The big picture
Icon
14.2 General principles
Icon
14.3 The AES block cipher
Icon
14.4 Modes of operation
Icon
14.5 Block ciphers in TLS 1.3
Icon
14.6 Summary
18
Chapter 15: Authenticated Encryption
Icon
Chapter 15: Authenticated Encryption
Icon
15.1 Preliminaries
Icon
15.2 Authenticated encryption – generic composition
Icon
15.3 Security of generic composition
Icon
15.4 Authenticated ciphers
Icon
15.5 Counter with cipher block chaining message authentication code (CCM)
Icon
15.6 AEAD in TLS 1.3
Icon
15.7 Summary
19
Chapter 16: The Galois Counter Mode
Icon
Chapter 16: The Galois Counter Mode
Icon
16.1 Preliminaries
Icon
16.2 GCM security
Icon
16.3 GCM performance
Icon
16.4 Summary
20
Chapter 17: TLS Record Protocol Revisited
Icon
Chapter 17: TLS Record Protocol Revisited
Icon
17.1 TLS Record protocol
Icon
17.2 TLS record layer
Icon
17.3 TLS record payload protection
Icon
17.4 Per-record nonce
Icon
17.5 Record padding
Icon
17.6 Limits on key usage
Icon
17.7 An experiment with the OpenSSL s_client
Icon
17.8 Summary
21
Chapter 18: TLS Cipher Suites
Icon
Chapter 18: TLS Cipher Suites
Icon
18.1 Symmetric cipher suites in TLS 1.3
Icon
18.2 Long-term security
Icon
18.3 ChaCha20
Icon
18.4 Poly1305
Icon
18.5 ChaCha20-Poly1305 AEAD construction
Icon
18.6 Mandatory-to-implement cipher suites
Icon
18.7 Summary
22
Part IV Bleeding Hearts and Biting Poodles
Icon
Part IV Bleeding Hearts and Biting Poodles
23
Chapter 19: Attacks on Cryptography
Icon
Chapter 19: Attacks on Cryptography
Icon
19.1 Preliminary remarks
Icon
19.2 Passive versus active attacks
Icon
19.3 Local versus remote attacks
Icon
19.4 Interactive versus non-interactive attacks
Icon
19.5 Attacks on cryptographic protocols
Icon
19.6 Attacks on encryption schemes
Icon
19.7 Attacks on hash functions
Icon
19.8 Summary
24
Chapter 20: Attacks on the TLS Handshake Protocol
chevron up
Icon
Chapter 20: Attacks on the TLS Handshake Protocol
Icon
20.1 Downgrade attacks
Icon
20.2 Logjam
Icon
20.3 SLOTH
Icon
20.4 Padding oracle attacks on TLS handshake
Icon
20.5 Bleichenbacher attack
Icon
20.6 Improvements of Bleichenbacher’s attack
Icon
20.7 Insecure renegotiation
Icon
20.8 Triple Handshake attack
Icon
20.9 Summary
25
Chapter 21: Attacks on the TLS Record Protocol
Icon
Chapter 21: Attacks on the TLS Record Protocol
Icon
21.1 Lucky 13
Icon
21.2 POODLE
Icon
21.3 BEAST
Icon
21.4 Sweet32
Icon
21.5 Compression-based attacks
Icon
21.6 Summary
26
Chapter 22: Attacks on TLS Implementations
Icon
Chapter 22: Attacks on TLS Implementations
Icon
22.1 SMACK
Icon
22.2 FREAK
Icon
22.3 Truncation attacks
Icon
22.4 Heartbleed
Icon
22.5 Insecure encryption activation
Icon
22.6 Random number generation
Icon
22.7 BERserk attack
Icon
22.8 Cloudbleed
Icon
22.9 Timing attacks
Icon
22.10 Summary
27
Bibliography
Icon
Bibliography
28
Index
Icon
Index
29
Other Books You Might Enjoy
Icon
Other Books You Might Enjoy
Icon
Packt is searching for authors like you
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book

20.3 SLOTH

SLOTH [31] uses a weaker form of second-preimage resistance for a hash function h, namely chosen-prefix collision resistance. Given two prefixes P1 and P2, it should be computationally hard to find a pair of values x1,x2 so that

h (P1 ||x1) = h(P2||x2)

The use of MD5 and SHA-1 is mandated in TLS 1.0 and TLS 1.1 and is still possible in TLS 1.2. However, these older hash functions are not chosen-prefix collision resistant. This weakness can be used by an attacker either to manipulate the initial handshake messages in order to downgrade the negotiated cipher suites or to break client/server authentication. The possibility of these attacks leads to the deprecation of MD5-based signatures in TLS 1.3.

The attacker in this scenario is a man-in-the-middle with sufficient computing resources to generate the chosen-prefix collisions within a short time frame. The attack is based on the fact that, for example, the ClientHello can include extensions that the server does not understand or support and...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Section 4
Next Section

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Edit Note

Modal Close icon
Write a note (max 255 characters)
Cancel
Update Note

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY