To understand how Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols works, you must first understand certain basic concepts. The primary mechanism used by SSL/TLS is asymmetric encryption with cipher suites. These and related terms are explained below.
Encryption is the process in which a human-readable message (plaintext) is converted into an encrypted, non-human-readable format (ciphertext). The main purpose of encryption is to ensure that only an authorized recipient is able to decrypt and read the original message. When unencrypted data is exchanged between two parties, using any medium, a third-party can intercept and read the communication exchanged.
If the exchange contains sensitive information, that implies a loss of confidentiality. Furthermore, if the third-party can intercept and read the messages, they could tamper with the data. This means that they could change the information being exchanged, so it compromises the integrity of the message.
Imagine sending a payment using an unencrypted web browser connection. The payment includes your bank account details as well as the amount that you authorized. An attacker could use a man-in-the-middle attack to tamper with the information sent to the web server and change the amount from $100 to $10,000. The bank receives tampered data from a third-party instead of you, which means that there is no authenticity. If you use an encrypted secure session, an attacker might still be able to intercept the traffic but they will not be able to read the data or tamper with it.
Symmetric encryption is the process in which the same key is used for encrypting and decrypting data. If Thomas wants to send information to Bob, he will use a shared key to encrypt the data and Bob will decrypt the data using the same key.
The biggest problem with symmetric key encryption is that both parties that exchange data must have the shared key. If that shared key is exposed, an attacker would be able to decrypt all the communication encrypted using that key. That is why the shared key must be distributed between the parties using an already established, secure, encrypted communication channel. Another disadvantage of symmetric encryption is that you cannot authenticate the sender of a message, which compromises authenticity.
Advantages of symmetric encryption:
- Fast, low resource usage
- Simple operation
Disadvantages of symmetric encryption:
- Same key used for encryption/decryption
- Key must be distributed using an already established, secure channel
- Different key for different parties – difficult key management/distribution
- Cannot authenticate users
Asymmetric encryption (also referred to as Public Key Cryptography) uses key pairs: a public key and a private key. These cryptographic keys are uniquely related. This means that content encrypted using one key from the key pair can only be decrypted using the other. The public key, as the name implies, can be shared with anyone. The private key must be known only to the owner.
You can also use asymmetric encryption to authenticate the sender by signing. If Bob signs a message using his private key, whoever verifies the signature using Bob’s public key can be sure that Bob is the sender.
Advantages of asymmetric encryption:
- Key distribution is easy
Disadvantages of asymmetric encryption:
- Slower than symmetric encryption
- Needs more resources
Ciphers are methods/algorithms used to encrypt and decrypt data. TLS is a protocol that allows you to use many different methods/algorithms. They are provided as packages called cipher suites. Such a package has a different method/algorithm for each task.
If you use a block cipher, data is split into fixed-length blocks (e.g. 64-bit or 128-bit blocks) and then encrypted. If the last block of data is shorter than the specified block length, the algorithm uses padding to fill the empty space. Blocks are usually padded using random data. Popular block ciphers include AES, Blowfish, 3DES, DES, and RC5.
Block ciphers have a specified fixed length and most of them require that the input data is a multiple of their size. It is common that the last block contains data that does not meet this requirement. In this case, padding (usually random data) is used to bring it to the required block length.
Initialization Vector (IV)
An initialization vector is a random (or pseudorandom) fixed-size input used in encryption methods. The main purpose of an IV is starting off an encryption method. In cipher modes like Cipher Block Chaining (CBC) each block is XOR-ed with the previous block. In the first block, there is no previous block to XOR with. An Initialization Vector is used as an input to the first block to start off the process.
If IV is unique for each message, it is called a nonce, which means that it can only be used once. A nonce should be unpredictable. It is also used to prevent attackers from decrypting all messages by guessing the IV. If you use a nonce, the same plaintext may be encrypted using the same key into different ciphertext.
Block Cipher Operation Modes
The block cipher mode of operation defines the relationships between blocks encoded using the cipher. There are different modes that were created to make it more difficult for an attacker to guess the original content of the message.
Electronic Code Book (ECB)
When using ECB, each block of data is encrypted separately and they are then concatenated in the original order. Parallel processing is possible since blocks do not depend on one another. There is no need for an IV. The major problem of ECB is that if the same block of data is encrypted, it will always generate the same ciphertext. This makes it easier for the attacker to guess the original data based on repeating patterns.
Cipher Block Chaining (CBC)
When using CBC, each block is XORed with the previous ciphertext before encryption. This eliminates the problem of repeating patterns. An IV is needed to encrypt the first plaintext block. Parallel processing is not possible since the blocks are chained. There is one major disadvantage of CBC: if part of the message is garbled or lost, the remainder of the message is lost.
Cipher Feedback (CFB)
The CFB method turns a block cipher into a self-synchronizing stream cipher. This means that if part of the message is garbled or lost, the cipher may synchronize after several blocks and the remainder of the message is not necessarily lost.
Output Feedback (OFB)
The OFB method creates a synchronous stream cipher. This technique preserves error correction codes. The encryption and decryption processes are exactly the same.
Counter Mode (CTR)
The CTR method is similar to OFB in that it also creates a synchronous stream cipher. However, it uses a counter and a nonce for each block and does not link the blocks together. Therefore, blocks can be encrypted and decrypted in parallel.
Stream ciphers encrypt data one bit or byte at a time. Each bit is encrypted with a different key. Stream ciphers are not used often in modern cryptography. A popular example of a stream cipher is the RC4 cipher.
Message Authentication Code (MAC)
The message authentication code (MAC) is a method that is used to check the authenticity as well as the integrity of a message. It accepts two input parameters: a secret key and a message of arbitrary length. The result is called a tag. The recipient also has the secret key and can use it to detect any changes to the message content. The MAC is sometimes called a checksum, cryptographic checksum, or protected checksum.
If the MAC tag of the sender and the calculated MAC tag of the recipient match, nobody tampered with the message. If they do not match, someone altered the message during transmission.
Hash-Based Message Authentication Code (HMAC)
HMAC is a type of MAC that uses a hash function. The following is an example of HMAC that uses the SHA256 hash algorithm.
HMAC_SHA256("s3cr3tk3y","Hello World") = 2d9615ee921dab63c7c4c839842703fe338db46fdf17593a681bcee2c52721de
The following illustration shows how the HMAC function works: