HTTPS
Structure
Secure Sockets Layer / Transport layer security
Fifth layer. Netscape 1994. V2/V3
Versions:
SSLv1/v2
SSLv3.1 => TLS1.0
TLS1.0/1.1、SSLv3/v2 all considered to be unsecure
Most widely used: TLS 1.2
SSL/TLS could also be applied to other applications
FTP => FTPS
LDAP => LDAPS
How does TLS offer security
Confidentiality
A cipher suite is negotiated using TLS handshake and PKI is used to shared the secret key.
Symmetric encryption
RC4, DES, 3DES, AES, ChaCha20
Cons:
Does not have a reliable way to transfer cipher key
Asymmetric encryption
DH, DSA, RSA, ECC
PKI
First use RSA/ECDHE to solve the problem of exchanging private key
Generate session key used for symmetric key
// Speed comparison for symmetric asymetric
aes_128_cbc enc/dec 1000 times : 0.97ms, 13.11MB/s
rsa_1024 enc/dec 1000 times : 138.59ms, 93.80KB/s
rsa_1024/aes ratio = 143.17
rsa_2048 enc/dec 1000 times : 840.35ms, 15.47KB/s
rsa_2048/aes ratio = 868.13Authentication
The identification is based on chain of trust and certificate authorities.
Digital signature
Reverse the usage of private and public key inside asymmetric encryption
Private key only encrypts the digest of message
Certificate
Certificate authority
Certificate authority
Certificate issuer: DigiCert, VeriSign, Entrust, Let's Encrypt
Types of certificates:
DV
EV
Root CA needs to have a self-signed certificate / root certificate.
Cons
What if CA gets tricked to issue certificate to the wrong person
CRL (certificate revocation list)
OCSP (online certificate status protocol)
CA itself get hacked
RSA asymmetric
Integrity
Whenever a TLS record is sent, a MAC value is generated and appended with each message.
Digest algorithm
MD5, SHA1-> SHA2 (SHA224, SHA256 and SHA384 could generate 28 bytes, 32 bytes and 48 bytes digests, correspondingly)
TLS protocol (v1.2)
Overall flowchart
TLS Cipher suite
key exchange algo - signature algo - symmetric encryption algo - digest algo
ECDHE-RSA-AES256-GCM-SHA384
Many softwares such as Nginx/Apache use OpenSSL to implement TLS
Components
Record protocol
Defines the basic unit for data transfer
Alert protocol
Send an alerting message to the other party
Change cipher spec protocol
States that all following conversations will be conducted in encrypted version
Handshake protocol
See the next section for details
TLS Handshake based on RSA
Process
The client generates a symmetric key, encrypts it with the server's public key.
Clients sends it to the server to use as the symmetric key for the established session.
The server uses its private key to decrypt the sent symmetric key and the key-exchange is complete.
Client and server could use the negotiated symmetric key to encrypt their session.
Weakness:
The same public-private key pair is used both to authenticate the server and to encrypt the symmetric session key sent to the server. As a result, if an attacker gains access to the private key and listens in on the exchange, then it could decrypt the entire session.
if an attacker does not currently have access to the private key, they can still record the encrypted session and decrypt it at a later time once they obtain the private key.
TLS Handshake based on ECDHE
Improvement compared with RSA:
Allow the client and server to negotiate a shared secret without explicitly communicating it in the handshake: The server's private key is used to sign and verify the handshake, but the established symmetric key never leaves the client or server and cannot be intercepted by a passive attacker even if they have access to the private key.
Diffie-Hellman key exchange can also be used to reduce the risk of compromise of past communication sessions.
TLS False Start: Client could send out request without waiting for server to reply with "Finished"
Will generate a new public/private key each time having a handshake. So even when one time's pre-master get deciphered, all previous conversation could stay safe.
"Hello" exchange random number, "Key exchange" exchange "pre-master".
Before "Change Cipher Spec", all plaintext; After all ciphertext.
Pre-Master must be transmitted in secret.
TCP handshake first
Client Hello
TLS version
Client random
Cipher suites (e.g. ECDHE_RSA)
Handshake Protocol: Client Hello
Version: TLS 1.2 (0x0303)
Random: 1cbf803321fd2623408dfe…
Cipher Suites (17 suites)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)Server Hello:
TLS version
Server random
Cipher suites
Handshake Protocol: Server Hello
Version: TLS 1.2 (0x0303)
Random: 0e6320f21bae50842e96…
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)Server key exchange:
Server params
Handshake Protocol: Server Key Exchange
EC Diffie-Hellman Server Params
Curve Type: named_curve (0x03)
Named Curve: x25519 (0x001d)
Pubkey: 3b39deaf00217894e...
Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
Signature: 37141adac38ea4...Client key exchange
Client params
Handshake Protocol: Client Key Exchange
EC Diffie-Hellman Client Params
Pubkey: 8c674d0e08dc27b5eaa…Now the Client has Client Params, Server Params, from which they will be able to compute PreMaster
Using Client Random, Server Random and PreMaster, client and server will compute Master Secret.
Client sends Change cipher spec.
Client sends Finished.
Server sends Change cipher spec.
Server sends Finished.
TLS protocol (v1.3) Optimization
OSCP Stapling
TLS compression
TLS false start
Session resumption
Early termination
Last updated
Was this helpful?