book

TLS Cryptography In-Depth

by Dr. Paul Duplys, Dr. Roland Schmitz

January 2024

Beginner to intermediate

712 pages

15h 8m

English

Packt Publishing

Read now

Unlock full access

TLS Cryptography In-DepthContributorsAbout the authorsAbout the reviewers
Who is this book forWhat this book coversTo get the most out of this bookConventions usedGet in touchShare Your ThoughtsDownload a free PDF copy of this book
1.1 Evolution of cryptography1.2 The advent of TLS and the internet1.3 Increasing connectivity1.4 Increasing complexity1.5 Example attacks1.6 Summary
2.1 Technical requirements2.2 Preliminaries2.3 Confidentiality2.4 Integrity2.5 Authentication2.6 Secure channels and the CIA triad2.7 Summary
3.1 Secret keys and Kerckhoffs’s principle3.2 Cryptographic keys3.3 Key space3.4 Key length3.5 Crypto-agility and information half-life3.6 Key establishment3.7 Randomness and entropy3.8 Summary
4.1 Preliminaries4.2 Symmetric cryptosystems4.3 Information-theoretical security (perfect secrecy)4.4 Computational security4.5 Pseudorandomness4.6 Summary
5.1 The identity concept5.2 Authorization and authenticated key establishment5.3 Message authentication versus entity authentication5.4 Password-based authentication5.5 Challenge-response protocols5.6 Summary
6.1 Birth of the World Wide Web6.2 Early web browsers6.3 From SSL to TLS6.4 TLS overview6.5 TLS version 1.26.6 TLS version 1.36.7 Major differences between TLS versions 1.3 and 1.26.8 Summary

7.1 Preliminaries7.2 Groups7.3 The Diffie-Hellman key-exchange protocol7.4 Security of Diffie-Hellman key exchange7.5 The ElGamal encryption scheme7.6 Finite fields7.7 The RSA algorithm7.8 Security of the RSA algorithm7.9 Authenticated key agreement7.10 Public-key cryptography in TLS 1.37.11 Hybrid cryptosystems7.12 Summary
8.1 What are elliptic curves?8.2 Elliptic curves as abelian groups8.3 Elliptic curves over finite fields8.4 Security of elliptic curves8.5 Elliptic curves in TLS 1.38.6 Summary
9.1 General considerations9.2 RSA-based signatures9.3 Digital signatures based on discrete logarithms9.4 Digital signatures in TLS 1.39.5 Summary
10.1 What is a digital certificate?10.2 X.509 certificates10.3 Main components of a public-key infrastructure10.4 Rogue CAs10.5 Digital certificates in TLS10.6 Summary
11.1 The need for authenticity and integrity11.2 What cryptographic guarantees does encryption provide?11.3 One-way functions11.4 Hash functions11.5 Message authentication codes11.6 MAC versus CRC11.7 Hash functions in TLS 1.311.8 Summary
12.1 Key establishment in TLS 1.312.2 TLS secrets12.3 KDFs in TLS12.4 Updating TLS secrets12.5 TLS keys12.6 TLS key exchange messages12.7 Summary
13.1 TLS client state machine13.2 TLS server state machine13.3 Finished message13.4 Early data13.5 Post-handshake messages13.6 OpenSSL s_client13.7 Summary
14.1 The big picture14.2 General principles14.3 The AES block cipher14.4 Modes of operation14.5 Block ciphers in TLS 1.314.6 Summary
15.1 Preliminaries15.2 Authenticated encryption – generic composition15.3 Security of generic composition15.4 Authenticated ciphers15.5 Counter with cipher block chaining message authentication code (CCM)15.6 AEAD in TLS 1.315.7 Summary
16.1 Preliminaries16.2 GCM security16.3 GCM performance16.4 Summary
17.1 TLS Record protocol17.2 TLS record layer17.3 TLS record payload protection17.4 Per-record nonce17.5 Record padding17.6 Limits on key usage17.7 An experiment with the OpenSSL s_client17.8 Summary
18.1 Symmetric cipher suites in TLS 1.318.2 Long-term security18.3 ChaCha2018.4 Poly130518.5 ChaCha20-Poly1305 AEAD construction18.6 Mandatory-to-implement cipher suites18.7 Summary
19.1 Preliminary remarks19.2 Passive versus active attacks19.3 Local versus remote attacks19.4 Interactive versus non-interactive attacks19.5 Attacks on cryptographic protocols19.6 Attacks on encryption schemes19.7 Attacks on hash functions19.8 Summary
20.1 Downgrade attacks20.2 Logjam20.3 SLOTH20.4 Padding oracle attacks on TLS handshake20.5 Bleichenbacher attack20.6 Improvements of Bleichenbacher’s attack20.7 Insecure renegotiation20.8 Triple Handshake attack20.9 Summary
21.1 Lucky 1321.2 POODLE21.3 BEAST21.4 Sweet3221.5 Compression-based attacks21.6 Summary
22.1 SMACK22.2 FREAK22.3 Truncation attacks22.4 Heartbleed22.5 Insecure encryption activation22.6 Random number generation22.7 BERserk attack22.8 Cloudbleed22.9 Timing attacks22.10 Summary
Packt is searching for authors like youShare Your ThoughtsDownload a free PDF copy of this book

Overview

TLS, arguably the cornerstone of secure internet communication, is vital in protecting data with cutting-edge cryptographic techniques. Through 'TLS Cryptography In-Depth,' you'll delve into the mathematical undercurrents of TLS, demystify its components, and understand its latest version. This comprehensive guide ensures you learn everything from cryptographic foundations to secure configuration.

What this Book will help me do

Gain a robust understanding of the Transport Layer Security (TLS) protocol and its evolution.
Learn to properly configure TLS to ensure secure communications and prevent vulnerabilities.
Understand the use of cryptographic primitives in real-world applications like TLS.
Explore the developments in TLS 1.3 and its enhancements in cryptographic protocols.
Identify and mitigate common cryptographic vulnerabilities and exploits.

Author(s)

Dr. Paul Duplys and Dr. Roland Schmitz are experts in the field of cybersecurity and cryptography. Dr. Duplys leads research in Security, Privacy, and Safety at Bosch, while Dr. Schmitz is a professor specializing in cybersecurity at Stuttgart Media University. Their combined expertise bridges theoretical concepts and practical applications, making them well-suited to guide readers in understanding TLS and cryptographic principles.

Who is it for?

This book is designed for cybersecurity enthusiasts, professionals managing encrypted communications, and students eager to explore cryptographic principles. Ideal readers include IT analysts, developers enhancing security in applications, and administrators managing server configurations. Foundational knowledge in technology is helpful, but newcomers with a curiosity about TLS are also accommodated.