Written by 1.1 Evolution of cryptography Over the past four decades or so, cryptography has evolved from an exotic field known to a select few into a fundamental skill for the design and operation of modern IT systems. Today, nearly every modern product, from the bank card in your pocket to the server farm running your favorite […]
1.2 The advent of TLS and the internet We’ll now turn to the original theme of this book, TLS and the cryptographic tools it is made of. TLS is a protocol designed to protect data sent over the internet, so we’ll start with a brief look into the early history of the internet. Despite its […]
2.1 Technical requirements This chapter introduces basic definitions, design principles, and goals and therefore requires no specific software or hardware. 2.2 Preliminaries The fundamental objective of cryptography and computer security in general is to enable two persons, let’s call them Alice and Bob, to communicate over an insecure channel so that an opponent, commonly called […]
2.3 Confidentiality A fundamental need in secure communication is to ensure the privacy of the information transmitted between the communicating parties. In cryptography, this is referred to as confidentiality of data. More precisely, confidentiality is the ability to keep the content of information from all but those authorized to have it [117]. Confidentiality therefore guarantees […]
2.4 Integrity Integrity is the ability to detect data manipulation by unauthorized entities. By data manipulation, we mean unauthorized acts such as the insertion, deletion, or substitution of individual data chunks or entire messages. It is not required that manipulations as such are rendered impossible; given the multitude of possible communication channels, this would be […]
2.5.1 Message authentication Message authentication is the ability of the communicating party that receives a message to verify – through corroborative evidence – the identity of the party that originated the message [117]. This form of authentication is also referred to as data origin authentication. Message authentication can be achieved by providing additional information together […]
2.5 Authentication Authentication is the ability to identify the source of the communication, both for the communicating parties and for the information itself. In other words, authentication refers to a cryptographic mechanism ensuring that the identity of communicating entities can be verified and that the source of a received message can be verified. Any two […]
3.4 Key length The key space 𝒦 is large but finite. So, in principle, it is possible to search through it completely until the correct key K has been found. Such an attack is called a brute-force attack. Whether a brute-force attack is possible within a reasonable time frame, that is, within the time span […]
3.5 Crypto-agility and information half-life Because fundamental advances in cryptanalysis cannot be reliably predicted, especially for prolonged periods of time, it is desirable to design security systems in such a way that the transition to longer keys (or stronger cryptographic mechanisms) is possible and, ideally, easy to do. This concept is called crypto-agility. It is […]
3.6 Key establishment To communicate securely, Alice and Bob need to share the secret key in advance. According to [117], Def. 1.63, ”key establishment is any process whereby a shared secret key becomes available to two or more parties for subsequent cryptographic use”. In principle, Alice and Bob might meet in person in a cafe […]