Introduction to Cryptography and Secure Communication
Last Friday I had a test in "Introduction to cryptography and secure communication" course (By Prof. Amir Herzberg) in collage of management (I study there B.Sc in computer science).
I learned a few interesting things in this course that I want to share with you:
- Message Authentication:
- Goal: The ability to check if the message is the real message or somebody changed the message over the net.
- How does it work: We send an "extra" text (with the real message).We got it from the hash functions (MD5, SHA-1…) or from the block ciphers functions (DES, AES, CBC…). The function name is MACk (m) function (the k is a random number).
- Disadvantage: May not secure the message (there is no trust that the message won't cover).
- Conclusion: Use MAC to authenticate communication.
- IP-Sec:
- Goal: The ability to encryption and authenticate messages over networks. IP-Sec is working over the internet layer.
- How does it work: It has two operation modes:
- Transport (end to end): Change the protocol field in the IP-Header to AH or ESP. End to end – encapsulation by source host, decapsulation by destination host.
- Tunnel(gateway to gateway or end to end): Entire original IP packet is payload (including header). Allows secure Virtual Private Network (VPN). We can activate these modes with one of these header protocols:
- AH (Authentication Header) is used to authenticate the all IP packet.
- ESP (Encapsulating Security Payload) is used to encrypt the message.
- Conclusion:
- IP-Sec is a protocol that protects all internet traffic.
- Requires no changes in applications.
- Principles of cryptography:
- Assume that there are restrictions on adversary's capacities, but not on adversary's strategies.
- Keys can be secret, but encryption design is known (Kerckhoff).
- Limit the secret key usage and always refresh your keys.
- The number of possible keys should be large enough.
- SSL(Secure Socket Layer) & TLS(Transport Layer Security, the improved version for SSL):
- Goal: Provides a secure tunnel (Confidentiality, message & connection integrity, server and client authentication) between the client and the server. The original goal was to secure credit card number transfer. Today, SSL/TLS are implemented in almost all web clients and servers. SSL/TLS are working over the transport layer.
- Pros:
- Easy to implement and use.
- Deployed in most clients and servers.
- Cons:
- Protects only if there is an active use by the application.
- Doesn't protect in DoS (Denial of Service) attacks.
- Can be use only in end-to-end mode.
- How does it work: It has 4 phases:
- Establish Parameters – initiating data between the client and the server.
- Server Authentication – the server sends its certificate to the client.
- Client Key-Exchange – The client verifies the server's certificate and sends its part in the key exchange process (shared key in Diffie Hellman, encryption of random string in RSA).
- Finish – Client and server send the finish messages (with HMAC code on the entire headshake message).
- SSL Session Resumption: Use it when the client makes many connections to the same server (reduces overhead in handshake phases).
- Conclusions:
- SSL/TLS is the most widely deployed security protocol standard:
- Easy to implement, deploy and use.
- Very flexible.
- Mature cryptographic design.