6.1 Birth of the World Wide Web Conseil Européen pour la Recherche Nucléaire, the European Organization for Nuclear Research, better known by its acronym CERN, is a European research organization operating the world’s largest particle physics laboratory as well as the Large Hadron Collider, the world’s largest high-energy particle collider [184]. CERN, which is located…
The very first SSLv1 draft had no integrity protection at all. In subsequent revisions of that draft, a Cyclic Redundancy Check (CRC) was added. This, however, didn’t solve the message integrity problem because CRC was originally designed as an error-detection code to detect accidental bit flips in communication messages. Unlike cryptographic hash functions, CRCs are…
6.2 Early web browsers At this point in time, two types of browsers were available to the early users of the WWW. The original browser developed by Berners-Lee had more sophisticated features but could only run on NeXT machines. The line-mode browser, on the other hand, could run on any platform but had fewer features…
6.4 TLS overview The main task of the TLS protocol is to create a secure communication channel between two parties: server Alice and client Bob. The only thing that RFC 8446 assumes is a reliable, in-order data stream on the underlying transport layer. The two most widely used transport layer protocols are the Transport Control…
6.4.3 TLS within the internet protocol stack TLS is located between the application layer and the transport layer in the internet protocol stack (a simplified version of the OSI protocol stack; see Figure 6.3). Figure 6.3: TLS within the internet protocol stack Because of this position, TLS provides security services (confidentiality, integrity, and authentication) to…
6.5.2 A typical TLS 1.2 connection The following figure shows the interplay of the TLS subprotocols in a typical TLS connection until TLS 1.2. The TLS 1.3 handshake is much more compact by eliminating one entire roundtrip from the earlier version. Figure 6.5: Overview of a typical TLS message flow without client authentication (up to…
6.5.3 Session resumption Establishing the value of the PreMasterSecret is computationally the most expensive part of the handshake because it involves public-key cryptography. TLS therefore includes a session resumption mechanism, where a client and server can reuse an already established session, including the cipher suite and the MasterSecret derived from PreMasterSecret. The client initiates the…
The ClientHello and ServerHello messages contain information to establish a shared secret, the handshake secret. If DHE or ECDHE key agreement is used, the ServerHello message includes the key˙share TLS extension with Alice’s secret Diffie-Hellman share. Moreover, Alice’s share must be from the same group as one of the shares presented by Bob. If, on…
6.6.1 Handshake protocol As in the earlier versions, the TLS handshake protocol allows Alice and Bob to agree on shared secret keys and corresponding symmetric cipher algorithms for establishing a secure channel. It supports three types of key exchange: The TLS handshake is performed when the client and the server communicate for the first time….
6.6.2 Error handling in the TLS 1.3 handshake In applied cryptography – similar to most other engineering areas that require some form of dependability – it is generally a good practice to plan for failure. The TLS standard specifies how to deal with failures during the initial handshake. Figure 6.8: Message flow in TLS handshake…
