쥐스킨트의 작은 서재

Diffie-Hellmankey exchange

Diffie-Hellman key exchange (D-H) is aspecific method of securely exchanging cryptographic keys over a public channeland was one of the first public-key protocols as originally conceptualized. D-His one of the earliest practical examples of public key exchange implementedwithin the field of cryptography. Traditionally, secure encrypted communicationbetween two parties required that they first exchange keys by some securephysical channel, such as paper key lists transported by a trusted courier. TheDiffie-Hellman key exchange method allows two parties that have no priorknowledge of each other to jointly establish a shared secret key over aninsecure channel. This key can then be used to encrypt subsequent communicationsusing a symmetric key cipher.

Transport Layer Security

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both of which are frequently referred to as “SSL”, are cryptographic protocols that provide communication security over a computer network. Several versions of the protocols are in widespread use in applications such as web browsing, email, Internet faxing, instant messaging, and voice-over-IP (VoIP). Major web sites use TLS to secure all communications between their servers and web browsers.

The primary goal of the Transport Layer Security protocol is to provide privacy and data integrity between two communicating computer applications. When secured by TLS, connections between a client (e.g., a web browser) and a server (e.g., Wikipedia.org) have one or more of the following properties:

-      The connection is private because symmetric cryptography is used to encrypt the data transmitted. The keys for this symmetric encryption are generated uniquely for each connection and are based on a shared secret negotiated at the start of the session. The server and client negotiate the details of which encryption algorithm and cryptographic keys to use before the first byte of data is transmitted. The negotiation of a shared secret is both secure (the negotiated secret is unavailable to eavesdroppers and cannot be obtained, even by an attacker who places himself in the middle of the connection) are reliable (no attacker can modify the communications during the negotiation without being detected).

-      The identity of the communicating parties can be authenticated using public-key cryptography. This authentication can be made optional, but is generally required for at least one of the parties (typically the server).

-      The connection is reliable because each message transmitted includes a message integrity check using a message authentication code to prevent undetected loss or alteration of the data during transmission.

In addition to the properties above, careful configuration of TLS can provide additional privacy-related properties such as forward secrecy, ensuring that any future disclosure of encryption keys cannot be used to decrypt any TLS communication recorded in the past.

TLS supports many different methods for exchanging keys, encrypting data, and authenticating message integrity. As a result, secure configuration of TLS involves many configurable parameters, and not all choices provide all of the privacy-related properties described in the list above.

Attempts have been made to subvert aspects of the communications security that TLS seeks to provide and the protocol has been revised several times to address these security threats. Web browsers have also been revised by their developers to defend against potential security weaknesses after these were discovered.

The TLS protocol is composed of two layers: the TLS record protocol and the TLS handshake protocol.

Description

Client-server applications use the TLS protocol to communicate across a network in a way designed to prevent eavesdropping and tampering.

Since protocols can operate either with or without TLS (or SSL), it is necessary for the client to indicate to the server the setup of a TLS connection. There are two main ways of achieving this. One option is to use a different port number for TLS connections (for example, port 443 for HTTPS). The other is for the client to use a protocol-specific mechanism (for example, STARTTLS for mail and news protocols) to request that the server switch the connection to TLS.

Once the client and server have agreed to use TLS, they negotiate a stateful connection by using a handshaking procedure. During this handshaking, the client and server agree on various parameters used to establish the connection’s security:

-      The handshake begins when a client connects to a TLS-enabled server requesting a secure connection and presents a list of supported cipher suites.

-      From this list, the server picks a cipher and hash function that it also supports and notifies the client of the decision.

-      The server usually the sends back its identification in the form of a digital certificate. The certificate contains the server name, the trusted certificate authority (CA) and the server’s public encryption key.

-      The client confirms the validity of the certificate before proceeding.

-      To generate the session keys used for the secure connection, the client either:

n  Encrypts a random number with the server’s public key and sends the result to the server (which only the server should be able to decrypt with its private key); both parties then use the random number to generate a unique session key for subsequent encryption and decryption of data during the session

n  Uses Diffie-Hellman key exchange to securely generate a random and unique session key for encryption and decryption that has the additional property of forward secrecy: if the server’s private key is disclosed in future, it cannot be used to decrypt the current session, even if the session is intercepted and recorded by a third party.

This concludes the handshaking and begins the secured connection, which is encrypted and decrypted with the session key until the connection closes. If any one of the above steps fail, the TLS handshake fails, and the connection is not created.

TLS and SSL are defined as ‘operating over some reliable transport layer’, which places them as application layer protocol in the TCP/IP reference model and as presentation layer protocols in the OSI model. The protocols sued a handshake with an asymmetric cipher to establish cipher settings and a shared key for a session; the rest of the communication is encrypted using a symmetric cipher and the session key.

From: https://en.wikipedia.org/wiki/Transport_Layer_Security

Public key infrastructure

A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email. It is required for activities where simple passwords are an inadequate authentication method and more rigorous proof is required to confirm the identity of the parties involved in the communication and to validate the information being transferred.

In cryptography, a PKI is an arrangement that binds public keys with respective identities of entities (like persons and organizations). The binding is established through a process of registration and issuance of certificates at and by a certificate authority (CA). Depending on the assurance level of the binding, this may be carried out by an automated process or under human supervision.

The PKI role that assures valid and correct registration is called registration authority (RA). An RA is responsible for accepting requests for digital certificates and authenticating the entity making the request. In a Microsoft PKI, a registration authority is usually called a subordinate CA.

An entity must be uniquely identifiable within each CA domain on the basis of information about that entity. A third-party validation authority (VA) can provide this entity information on behalf of the CA.

Design

Public key cryptography is a cryptographic technique that enables entities to securely communicate on an insecure public network, and reliably verify the identity of an entity via digital signatures.

A public key infrastructure (PKI) is a system for the creation, storage, and distribution of digital certificates which are used to verify that a particular public key belongs to a certainentity. The PKI creates digital certificates which map public keys to entities, securely stores these certificates in a central repository and revokes them if needed.

A PKI consists of:

-      A certificate authority (CA) that stores, issues and signs the digital certificates

-      A registration authority which verifies the identity of entities requesting their digital certificates to be stored at the CA

-      A central directory – i.e., a secure location in which to store and index keys

-      A certificate management system managing things like the access to stored certificates or the delivery of the certificates to be issued.

-      A certificate policy

From: https://en.wikipedia.org/wiki/Public_key_infrastructure

Pre-shared Key

In cryptography, a pre-shared key (PSK) is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used.

To build a key from shared secret, the key derivation function is typically used. Such systems almost always use symmetric key cryptographic algorithms. The term PSK is used in Wi-Fi encryption such as Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), where the method is called WPA-PSK or WPA2-PSK, and also in the Extensible Authentication Protocol (EAP), where it is known as EAP-PSK. In all these cases, both the wireless access point (AP) and all clients share the same key.

The characteristics of this secret or keyare determined by the system which uses it; some system designs require that such keys be in a particular format. It can be a password, a pass phrase, or a hexadecimal string. The secret is used by all systems involved in the cryptographic processes used to secure the traffic between the systems.

Crypto systems rely on one or more keys for confidentiality. One particular attack is always against keys, the brute force key search attack. A sufficiently long, randomly chosen, key can resist any practical brute force attack, though not in principle if an attacker hassufficient computational power. Unavoidably, however, pre-shared keys are heldby both parties to the communication, and so can be compromised at one end, without the knowledge of anyone at the other. There are several tools available to help one chose strong passwords, though doing so over any network connection is inherently unsafe as one cannot in general know who, if anyone, may be eavesdropping on the interaction. Choosing keys used by cryptographic algorithms is somewhat different in that any pattern whatsoever should be avoided, as any such pattern may provide an attacker with a lower effort attack than brute force search. This implies random key choice to force attackers to spend as much effort as possible; this is very difficult in principle and in practice as well. As a general rule, any software except a cryptographically secure pseudorandom number generator should be avoided.

From: https://en.wikipedia.org/wiki/Pre-shared_key