diff --git a/_posts/2015-05-04-Philosophy-of-Bill,-Part-1.html b/_posts/2015-05-04-Philosophy-of-Bill,-Part-1.html index 0b6793a..db04e17 100644 --- a/_posts/2015-05-04-Philosophy-of-Bill,-Part-1.html +++ b/_posts/2015-05-04-Philosophy-of-Bill,-Part-1.html @@ -1,6 +1,7 @@ --- layout: default tabtitle: Philosophy of Bill, Abbreviated + title: The Philosophy of Bill, Part 1 tags: philosophy --- diff --git a/_posts/2015-05-06-TLS-Part-1.html b/_posts/2015-05-06-TLS-Part-1.html new file mode 100644 index 0000000..8fb15b2 --- /dev/null +++ b/_posts/2015-05-06-TLS-Part-1.html @@ -0,0 +1,152 @@ +--- + layout: default + tabtitle: TLS - Part 1 + title: An Examination of TLS, Part 1 + tags: tech +--- + +
+

TLS: An Examination Into the Security of the Internet, Part 1

+ +

TLS, more often referred to as SSL, is the means by which a secure + connection is established over a computer network. Most often these + connections are established over the Internet, between a client (ex., web + browser) and a server (ex., a web site). In the specific case of web sites, + HTTP is layered on TLS/SSL to ensure a secure and private connection; HTTPS + is not a separate protocol, rather a combination or protocols. Establishing + a secure connection thus requires a few steps:

+ +

Step 1: Establish an TCP connection

+ +

TCP is a transport-layer protocol that establishes a connection which is + reliable and fault-tolerant. As opposed to UDP, TCP will seek to verify + that information is transferred successfully and as intended. This is + important for the next step. The connection is established as follows:

+ +
    +
  1. A client will contact a server and announce it wishes to + establish a connection. (Called a SYN, short for synchronize). This + SYN is a number, stored as part of the TCP header; we'll call it + A.
    2. +
  2. The server will respond to the client announcing it has + received the client's wish, and also state that it wishes to establish + a connection. (Called a SYN-ACK, short for synchronize-acknowledge). + Ths SYN-ACK is actually two values: One is the ACK value, A+1. The + second is the server's SYN value, which we'll call B.
    3. +
  3. The client then acknowledged the server's wish, thus + establishing a connection (Called simply an ACK). Because it was + expecting an ACK value in step 2, and expecting that value to be A+1, + it can verify that this connection is the same as the one it started. + Additionally and similarly, the ACK which gets returned to the server + as B+1.
    4. +
  4. At this point, the connection is established. Both client and + server have assured themselves of a proper connection thanks to the + three-way handshake described above. From this point forward, the + server has bound a specific port to listen for any further + communications with the client.
    5. +
+ +

Step 2: Establish an SSL/TLS Connection

+ +

TLS, Transport Layer Security, is appropriately on the same layer as + TCP, the transport layer. TLS relies on public key authentication to + establish a secure connection between the aforementioned client and server. + The connection is established as follows:

+ +
    +
  1. A client will announce to the server it wishes to establish a + TLS/SSL connection. It will include information such as it's TLS/SSL + version, the ciphersuites it wishes to use, and which compression + methods it wishes to use.
    2. +
  2. The server then uses the highest possible TLS/SSL version, chooses + one of the ciphersuites available to the client, chooses one of the + compression methods available to the client, and sends it's + certificate. A certificate is basically a container for a server's + public key, but with many additional details, and often signed by a + certificate authority, to further verify the certificate contains the + proper key. More on certificates in part 2.
    3. +
  3. The client then uses the server's public key to encrypt a secret. + This secret is then sent back to the server.
    4. +
  4. The server decrypts the secret with it's private key. This secret + is now shared by only the client and the server, and from this point + on is used for symmetric encryption.
    5. +
+ +

From this point forward, the connection is encrypted and secure from + external threats. Of course, this all depends on a trusted certificate and + proper encryption algorithms.

+ +

Step 3: Establish an HTTP connection

+ +

HTTP is an application-layer protocol, and is responsible for translating + the information from the transport layer into information used by an + application. Your web browser, for example, will utilize HTTP to translate + a bunch of hexidecimal information into alpha-numeric information, which is + then formatted and presented to you as a web page. Security is previously + established thanks to TLS/SSL, and reliability is previously established + thanks to TCP.

+ +

In Part 2, I'll dive more into the TLS handshake, what certificates are + and how they play a role. Finally, in Part 3, I'll examine the importance + of secure ciphersuites for keys, and delve a bit deeper into why public-key + authentication is so damn cool.

+ +

Sources

+
    +
  1. + Wikipedia: Public-key Cryptography
    2. +
  2. Stack + Exchange: How is it possible that people observing an HTTPS + connection being established wouldn't know how to decrypt + it?
    3. +
  3. + Stack Exchange: How Does SSL/TLS work?
    4. +
+ +
+ + + + + + + +