وبلاگ بلیان

TLS Cryptography In-Depth : Explore the Intricacies of Modern Cryptography and the Inner Workings of TLS

معرفی کتاب «TLS Cryptography In-Depth : Explore the Intricacies of Modern Cryptography and the Inner Workings of TLS» نوشتهٔ DR. PAUL. SCHMITZ DUPLYS (DR. ROLAND.); Dr Roland Schmitz، منتشرشده توسط نشر Packt Publishing در سال 2024. این کتاب در 7 صفحه، فرمت epub، زبان انگلیسی ارائه شده است.

Cover Part 1: Getting Started Title Page Copyright and Credits Contributors Table of Contents Preface Chapter 1: The Role of Cryptography in the Connected World Evolution of cryptography The advent of TLS and the internet Increasing connectivity Connectivity versus security – larger attack surface Connectivity versus marginal attack cost Connectivity versus scaling attacks Increasing complexity Complexity versus security – features Complexity versus security – emergent behavior Complexity versus security – bugs Example attacks The Mirai botnet Operation Aurora The Jeep hack Commonalities Summary Chapter 2: Secure Channel and the CIA Triad Technical requirements Preliminaries Confidentiality Integrity Authentication Message authentication Entity authentication Secure channels and the CIA triad Summary Chapter 3: A Secret to Share Secret keys and Kerckhoffs's principle Cryptographic keys One key for each task Key change and session keys Key space Key length Crypto-agility and information half-life Key establishment Key transport Key agreement Randomness and entropy Information-theoretic definition of entropy Entropy in cryptography True randomness and pseudo-randomness Summary Chapter 4: Encryption and Decryption Preliminaries Symmetric cryptosystems Information-theoretical security (perfect secrecy) A first example The one-time pad Computational security Asymptotic approach and efficient computation Negligible probabilities Pseudorandomness Stream ciphers RC4 Pseudorandom functions and chosen-plaintext attacks Summary Chapter 5: Entity Authentication The identity concept Basic principles of identification protocols Basic factors for identification Authorization and authenticated key establishment Message authentication versus entity authentication Password-based authentication Brief history of password-based authentication Storing passwords Disadvantages of password-based authentication Challenge-response protocols Ensuring freshness Challenge-response using symmetric keys Challenge-response using (keyed) one-way functions Challenge-response using public-key cryptography Summary Chapter 6: Transport Layer Security at a Glance Birth of the World Wide Web Early web browsers From SSL to TLS TLS overview TLS terminology CIA triad in TLS TLS within the internet protocol stack TLS version 1.2 Subprotocols in TLS version 1.2 A typical TLS 1.2 connection Algorithm negotiation Key establishment Server authentication Client authentication Session resumption TLS version 1.3 Handshake protocol Error handling in the TLS 1.3 handshake Session resumption and PSKs Zero round-trip time mode Major differences between TLS versions 1.3 and 1.2 Summary Part 2: Shaking Hands Chapter 7: Public-Key Cryptography Preliminaries Groups Examples of groups The discrete logarithm problem The Diffie-Hellman key-exchange protocol Security of Diffie-Hellman key exchange Discrete logarithm problem The Diffie-Hellman problem Authenticity of public keys The ElGamal encryption scheme Finite fields Fields of order p Fields of order pk The RSA algorithm Euler's totient function Key pair generation The encryption function The decryption function Security of the RSA algorithm The factoring problem The RSA problem Authenticity of public keys Authenticated key agreement The Station-to-Station (STS) protocol Public-key cryptography in TLS 1.3 Client key shares and server key shares Supported groups Finite Field Diffie-Hellman in TLS Hybrid cryptosystems High-level description of hybrid cryptosystems Hybrid encryption Example – Hybrid Public Key Encryption Hybrid cryptosystems in modern cryptography Summary Chapter 8: Elliptic Curves What are elliptic curves? Reduced Weierstrass form Smoothness Projective coordinates Elliptic curves as abelian groups Geometrical viewpoint Explicit formulae Elliptic curves over finite fields Elliptic curves over Fp Elliptic curves over F2k Discrete logarithms and Diffie-Hellman key exchange protocol Security of elliptic curves Generic algorithms for finding discrete logarithms Shanks' babystep-giantstep algorithm Pollard's algorithm Algorithms for solving special cases of ECDLP Secure elliptic curves – the mathematical perspective A potential backdoor in Dual_EC_DRBG Secure elliptic curves: security engineering perspective Elliptic curves in TLS 1.3 Curve secp256r1 Curve secp384r1 Curve secp521r1 Curve 25519 Curve 448 Elliptic curve Diffie-Hellman in TLS 1.3 ECDH parameters in TLS 1.3 Example: ECDH with curve x25519 Summary Chapter 9: Digital Signatures General considerations RSA-based signatures Digital signatures based on discrete logarithms Digital Signature Algorithm (DSA) Elliptic Curve Digital Signature Algorithm (ECDSA) Digital signatures in TLS 1.3 RSASSA-PKCS1-v1_5 algorithms RSASSA-PSS algorithms ECDSA algorithms EdDSA algorithms Legacy algorithms Summary Chapter 10: Digital Certificates and Certification Authorities What is a digital certificate? X.509 certificates Minimum data fields X.509v3 extension fields Enrollment Certificate revocation lists Online Certificate Status Protocol (OCSP) X.509 trust model Main components of a public-key infrastructure Rogue CAs Digital certificates in TLS TLS extensions Encrypted extensions Certificate request Signature algorithms in TLS certificates Certificates and TLS authentication messages The Certificate message The CertificateVerify message Server certificate selection Client certificate selection OID filters Receiving a Certificate message The certificate_authorities extension Summary Chapter 11: Hash Functions and Message Authentication Codes The need for authenticity and integrity What cryptographic guarantees does encryption provide? One-way functions Mathematical properties Candidate one-way functions Hash functions Collision resistance One-way property Merkle-Damgard construction Sponge construction Message authentication codes How to compute a MAC HMAC construction MAC versus CRC Hash functions in TLS 1.3 Hash functions in ClientHello Hash Functions in TLS 1.3 signature schemes SHA-1 SHA-256, SHA-384, and SHA-512 hash functions Hash functions in authentication-related messages The CertificateVerify message The Finished message Transcript hash Hash functions in TLS key derivation Summary Chapter 12: Secrets and Keys in TLS 1.3 Key establishment in TLS 1.3 TLS secrets Early secret Binder key Bob's client early traffic secret. Exporter secrets Derived secrets Handshake secret Handshake traffic secrets Master secret Application traffic secrets Resumption master secret KDFs in TLS HKDF-Extract HKDF-Expand HKDF-Expand-Label Derive-Secret Updating TLS secrets TLS keys Exporter values Generation of TLS keys Key update TLS key exchange messages Cryptographic negotiation ClientHello ServerHello HelloRetryRequest Summary Chapter 13: TLS Handshake Protocol Revisited TLS client state machine TLS server state machine Finished message Early data Post-handshake messages The NewSessionTicket message Post-handshake authentication Key and initialization vector update OpenSSL s_client Installing OpenSSL Using openssl-s_client TLS experiments with openssl-s_client Summary Part 3: Off the Record Chapter 14: Block Ciphers and Their Modes of Operation The big picture General principles Advantages and disadvantages of block ciphers Confusion and diffusion Pseudorandom functions Pseudorandom permutations Substitution-permutation networks and Feistel networks Constants in cryptographic algorithms DES S-boxes Nothing-up-my-sleeves numbers The AES block cipher Overall structure Round function Key scheduling Modes of operation ECB mode CBC mode CBC-MAC OFB mode CTR mode XTS mode Block ciphers in TLS 1.3 Summary Chapter 15: Authenticated Encryption Preliminaries Indistinguishability under a chosen-plaintext attack Indistinguishability under a chosen-ciphertext attack Non-malleability under a chosen-plaintext attack Plaintext integrity Ciphertext integrity Authenticated encryption – generic composition Encrypt-and-MAC MAC-then-encrypt Encrypt-then-MAC Security of generic composition Authenticated ciphers Authenticated encryption with associated data Avoiding predictability with nonces Counter with cipher block chaining message authentication code (CCM) Authenticated encryption with CCM Authenticated decryption with CCM AEAD in TLS 1.3 Summary Chapter 16: The Galois Counter Mode Preliminaries The Galois field F2128 GHASH function The AES-GCM authenticated cipher GCM security GCM performance Summary Chapter 17: TLS Record Protocol Revisited TLS Record protocol TLS record layer TLS record payload protection Per-record nonce Record padding Limits on key usage An experiment with the OpenSSL s_client Getting started Retrieving a website via TLS Analyzing the TLS record Summary Chapter 18: TLS Cipher Suites Symmetric cipher suites in TLS 1.3 Long-term security Advances in cryptanalysis Cryptographic agility Standby ciphers ChaCha20 ChaCha20 quarter round The ChaCha20 block function ChaCha20 encryption algorithm Poly1305 Generating the Poly1305 key using ChaCha20 ChaCha20-Poly1305 AEAD construction Mandatory-to-implement cipher suites Summary Part 4: Bleeding Hearts and Biting Poodles Chapter 19: Attacks on Cryptography Preliminary remarks Passive versus active attacks Local versus remote attacks The scalability of local and remote attacks Interactive versus non-interactive attacks Attacks on cryptographic protocols Impersonation attacks Man-in-the-middle attacks Replay attacks Interleaving attacks Reflection attacks Attacks on encryption schemes Brute-force attack Forward search attack Ciphertext-only attack Known-plaintext attack Chosen-plaintext attack Padding oracle attacks Adaptive chosen-plaintext attack Chosen-ciphertext attack Adaptive chosen-ciphertext attack Attacks on hash functions Birthday attack Dictionary attack Rainbow tables Summary Chapter 20: Attacks on the TLS Handshake Protocol Downgrade attacks Taxonomy of downgrade attacks Cipher suite downgrade attacks The Downgrade Dance Logjam SLOTH Padding oracle attacks on TLS handshake Bleichenbacher attack The attack Countermeasures Improvements of Bleichenbacher's attack Bad version oracles Side channel attacks DROWN ROBOT Insecure renegotiation Triple Handshake attack The attack Countermeasures in TLS 1.3 Summary Chapter 21: Attacks on the TLS Record Protocol Lucky 13 The encryption process The timing signal The attack POODLE Attacker model The attack BEAST The attack Countermeasures Sweet32 The attack Countermeasures in TLS 1.3 Compression-based attacks Lossless compression algorithms The compression side channel Brief history of compression in TLS CRIME TIME BREACH HEIST Summary Chapter 22: Attacks on TLS Implementations SMACK FREAK Truncation attacks Heartbleed TLS Heartbeat extension The Heartbleed bug The bugfix Insecure encryption activation Random number generation BERserk attack Cloudbleed Details of the the Cloudbleed bug Timing attacks Side channel attacks Raccoon The attack Countermeasures in TLS 1.3 Summary Index Other Books You Might Enjoy A practical introduction to modern cryptography using the Transport Layer Security protocol as the primary reference Key Features Learn about real-world cryptographic pitfalls and how to avoid them Understand past attacks on TLS, how these attacks worked, and how they were fixed Discover the inner workings of modern cryptography and its application within TLS Purchase of the print or Kindle book includes a free PDF eBook Book Description TLS is the most widely used cryptographic protocol today, enabling e-commerce, online banking, and secure online communication. TLS Cryptography in Depth will help you gain a deep understanding of how and why TLS works, how past attacks on TLS were possible, and how vulnerabilities that enabled them were addressed in the latest TLS version 1.3. By exploring the inner workings of TLS, you'll be able to configure it and use it more securely. Starting with the basic concepts, you'll be led step by step through the world of modern cryptography, guided by the TLS protocol. As you advance, you'll be learning about the necessary mathematical concepts from scratch. Even seemingly arcane topics such as public-key cryptography based on elliptic curves will be explained with a view on real-world applications in TLS. With easy-to-understand concepts, you'll find out how secret keys are generated and exchanged in TLS, and how they are used to create a secure channel between a client and a server. By the end of this book, you'll have understood the inner workings of TLS and how to configure TLS servers securely. Moreover, you'll have gained a deep knowledge of the cryptographic primitives that make up TLS and will be able to apply this knowledge in other security-related contexts. What you will learn Understand TLS principles and protocols for secure internet communication Find out how cryptographic primitives are used within TLS V1.3 Discover best practices for secure configuration and implementation of TLS Evaluate and select appropriate cipher suites for optimal security Get an in-depth understanding of common cryptographic vulnerabilities and ways to mitigate them Explore forward secrecy and its importance in maintaining confidentiality Understand TLS extensions and their significance in enhancing TLS functionality Who this book is for This book is for IT professionals, cybersecurity professionals, security engineers, cryptographers, software developers, and administrators looking to gain a solid understanding of TLS specifics and their relationship with cryptography. This book can also be used by computer science and computer engineering students to learn about key cryptographic concepts in a clear, yet rigorous way with its applications in TLS. There are no specific prerequisites, but a basic familiarity with programming and mathematics will be helpful. Table of Contents The Role of Cryptography in the Connected World Secure Channel and the CIA Triad A Secret to Share Encryption and Decryption Entity Authentication Transport Layer Security at a Glance Public-Key Cryptography Elliptic Curves Digital Signatures Digital Certificates and Certification Authorities Hash Functions and Message Authentication Codes Secrets and Keys in TLS 1.3 TLS Handshake Protocol Revisited Block Ciphers and Their Modes of Operation Authenticated Encryption The Galois Counter Mode TLS Record Protocol Revisited TLS Cipher Suites Attacks on Cryptography Attacks on the TLS Handshake Protocol Attacks on the TLS Record Protocol Attacks on TLS Implementations A practical introduction to modern cryptography using the Transport Layer Security protocol as the primary referenceKey FeaturesLearn about real-world cryptographic pitfalls and how to avoid themUnderstand past attacks on TLS, how these attacks worked, and how they were fixedDiscover the inner workings of modern cryptography and its application within TLSPurchase of the print or Kindle book includes a free PDF eBookBook DescriptionTLS is the most widely used cryptographic protocol today, enabling e-commerce, online banking, and secure online communication. Written by Dr. Paul Duplys, Security, Privacy & Safety Research Lead at Bosch, and Dr. Roland Schmitz, Internet Security Professor at Stuttgart Media University, this book will help you gain a deep understanding of how and why TLS works, how past attacks on TLS were possible, and how vulnerabilities that enabled them were addressed in the latest TLS version 1.3. By exploring the inner workings of TLS, you'll be able to configure it and use it more securely. Starting with the basic concepts, you'll be led step by step through the world of modern cryptography, guided by the TLS protocol. As you advance, you'll be learning about the necessary mathematical concepts from scratch. Topics such as public-key cryptography based on elliptic curves will be explained with a view on real-world applications in TLS. With easy-to-understand concepts, you'll find out how secret keys are generated and exchanged in TLS, and how they are used to creating a secure channel between a client and a server. By the end of this book, you'll have the knowledge to configure TLS servers securely. Moreover, you'll have gained a deep knowledge of the cryptographic primitives that make up TLS.What you will learnUnderstand TLS principles and protocols for secure internet communicationFind out how cryptographic primitives are used within TLS V1.3Discover best practices for secure configuration and implementation of TLSEvaluate and select appropriate cipher suites for optimal securityGet an in-depth understanding of common cryptographic vulnerabilities and ways to mitigate themExplore forward secrecy and its importance in maintaining confidentialityUnderstand TLS extensions and their significance in enhancing TLS functionalityWho this book is forThis book is for IT professionals, cybersecurity professionals, security engineers, cryptographers, software developers, and administrators looking to gain a solid understanding of TLS specifics and their relationship with cryptography. This book can also be used by computer science and computer engineering students to learn about key cryptographic concepts in a clear, yet rigorous way with its applications in TLS. There are no specific prerequisites, but a basic familiarity with programming and mathematics will be helpful. A No-Nonsense introduction to modern cryptography with the TLS protocol as guiding light TLS is the most used cryptographic protocol today. It is one of the major enablers of electronic commerce. If you know the inner workings and pitfalls of TLS, you will be able to configure and use it in a more secure way. This book provides you with in-depth knowledge of how and why TLS works, how attacks on TLS work, and how they were defended by introducing new versions of TLS. Starting with basic concepts, you will be led through the world of cryptography with TLS as the guiding light. Even seemingly arcane topics like public-key cryptography based on elliptic curves are explained with a view on real-world applications in TLS. With easy-to-understand concepts, you will get to know how secret keys are generated and exchanged in TLS and how they are used to producing the secure channel that TLS provides to client and server. You will get to understand previous attacks on TLS and how they are mitigated in new TLS versions. By the end of this book, you will be able to understand the inner workings of TLS and configure TLS servers in a secure way. Moreover, you will gain a deep knowledge of the cryptographic primitives that make up TLS and you will apply this knowledge in other security-related contexts. We are addressing two general audience IT Professionals, such as cybersecurity professionals, security engineers, cryptographers, interested software developers, and administrators is the first group, and students of computer science and computer engineering are the second group who will immensely benefit with the book.
دانلود کتاب TLS Cryptography In-Depth : Explore the Intricacies of Modern Cryptography and the Inner Workings of TLS