# SSL/TLS Protocols

#### by Andon Gorchov (@thunderman913)

## 1 Fundamentals of Cryptography

Cryptography is a technique of securing information and communications through the use of codes so that only those persons for whom the information is intended can understand and process it. Thus preventing unauthorized access to information. The prefix “crypt” means “hidden” and the suffix “graphy” means “writing”. In Cryptography, the techniques that are used to protect information are obtained from mathematical concepts and a set of rule-based calculations known as algorithms to convert messages in ways that make it hard to decode them. These algorithms are used for cryptographic key generation, digital signing, and verification to protect data privacy, web browsing on the internet and to protect confidential transactions such as credit card and debit card transactions. [1]

It has the following features:
- Confidentiality: The communicated information can only be accessed by the person for whom it is intended and nobody else should be able to access it.
- Integrity: The received information must remain unaltered, accurate and exact.
- Non-repudiation: After sending the message/information, the sender cannot revert it later on. That provides evidence of the communication and is crucial for situations, where accountability and legal disputes arise.
- Authentication: This is a mechanism used to verify the identity of the user, system or entity.
- Interoperability: It allows for secure communication between different systems and platforms.
- Adaptability: Cryptography must continuously evolve and improve to stay ahead of any possible security threats, since one security breach could be fatal.

### 1.1 Encryption Types

- **Symmetric Encryption**

Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext. The keys may be identical, or there may be a simple transformation to go between the two keys. The keys, in practice, represent a shared secret between two or more parties that can be used to maintain a private information link. [2]

<img src="./pictures/symmetric_encryption.png" alt="drawing" width="600"/>

- **Asymmetric Encryption**

Asymmetric encryption, also known as public-key encryption, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic algorithms based on mathematical problems termed one-way functions. Security of public-key cryptography depends on keeping the private key secret; the public key can be openly distributed without compromising security.

In a public-key encryption system, anyone with a public key can encrypt a message, yielding a ciphertext, but only those who know the corresponding private key can decrypt the ciphertext to obtain the original message. [3]

<img src="./pictures/asymmetric_encryption.png" alt="drawing" width="600"/>

### 1.2 Key Concepts in Cryptography

- **Key Exchange Mechanisms**

Key exchange mechanisms are essential protocols or algorithms, that enable two or more parties to securely establish shared keys over an insecure communication channel like the internet. They allow entries to share secrets keys safely without the need to havae physically xchanged anything beforehand.

One of the most popular mechanism is **Diffie-Hellman key exchange** as it is found in security protocols such as TLS, SSH and IPsec. To implement it, two end users (or client and server) mutually agree on positive whole numbers p and q, such that p is a prime number and q is a generator of p. The generator is a number that, when raised to positive whole-number less than p, never produces the same result for any two such whole numbers. p may be large, but q is usually small.
Once the users have agreed on p and q in private, they choose positive whole-number personal keys a and b. Both must be less than the prime number modulus p. Next both parties compute public keys a* and b*, based on their personal keys:

$$a^* = (q ^ a)\mod p$$
$$b^* = (q ^ b)\mod p$$

Then the users share the public keys a* and b* over the communication channel, thati s insecure. From these public keys, a number x can be generate by either user on the basis of their own personal keys. They use each others calculated number:

$$ x = (b^*)\mod p = (a^*)\mod p$$

That way both parties manage to get the same number, but it is not shared in the insecure environment and so are the private keys. Afterwards the users can safely communicate using encryption methods of their choise using the decryption key x.

Although it seems, that the algorithm can be easily reversed, knowing q, p and a*, it is not that simple. In large numbers and especially, when p is large enough (like 2048 bits), then the brute force attack and other attack methods are not computionally feasible. That is because it should solve Discrete Lograrith Problem, for which there is currently no efficient algorithm.

  - **Examples and Concepts**: Diffie-Hellman, ECDHE; these mechanisms are critical for secure communications and have specific security properties.
    - Some information, what these mechanisms are and explain the algorithms
    - https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
    - https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman

- **Cryptographic Hash Functions**
  - **Usage**: Essential for ensuring data integrity.
  - **Common algorithms**: Includes SHA-256, SHA-3, among others, known for their robustness and security.
    - Go into algorithms like SHA-3 SHA-256 AND MD-5

- **Digital Signatures**
  - **Mechanisms for authentication and integrity**: Provides a means to verify the authenticity of digital messages or documents.
  - **Algorithm examples and their operational mechanisms**: Detailed look into how these algorithms function and are applied in rea3-world scenarios.

In [10]:
 # Diffie-Hellman Code
 
def prime_checker(p):
    # Checks If the number entered is a Prime Number or not
    if p < 1:
        return -1
    elif p > 1:
        if p == 2:
            return 1
        for i in range(2, p):
            if p % i == 0:
                return -1
            return 1
 
 
def primitive_check(g, p, L):
    # Checks If The Entered Number Is A Primitive Root Or Not
    for i in range(1, p):
        L.append(pow(g, i) % p)
    for i in range(1, p):
        if L.count(i) > 1:
            L.clear()
            return -1
        return 1
 
 
l = []
while 1:
    P = int(input("Enter P : "))
    if prime_checker(P) == -1:
        print("Number Is Not Prime, Please Enter Again!")
        continue
    break
 
while 1:
    G = int(input(f"Enter The Primitive Root Of {P} : "))
    if primitive_check(G, P, l) == -1:
        print(f"Number Is Not A Primitive Root Of {P}, Please Try Again!")
        continue
    break
 
# Private Keys
x1, x2 = int(input("Enter The Private Key Of User 1 : ")), int(
    input("Enter The Private Key Of User 2 : "))
while 1:
    if x1 >= P or x2 >= P:
        print(f"Private Key Of Both The Users Should Be Less Than {P}!")
        continue
    break
 
# Calculate Public Keys
y1, y2 = pow(G, x1) % P, pow(G, x2) % P

print(y1)
print(y2)

# Generate Secret Keys
k1, k2 = pow(y2, x1) % P, pow(y1, x2) % P
 
print(f"\nSecret Key For User 1 Is {k1}\nSecret Key For User 2 Is {k2}\n")
 
if k1 == k2:
    print("Keys Have Been Exchanged Successfully")
else:
    print("Keys Have Not Been Exchanged Successfully")

Number Is Not Prime, Please Enter Again!
Number Is Not A Primitive Root Of 301, Please Try Again!
Number Is Not A Primitive Root Of 301, Please Try Again!
Number Is Not A Primitive Root Of 301, Please Try Again!
Number Is Not A Primitive Root Of 301, Please Try Again!
Number Is Not A Primitive Root Of 301, Please Try Again!
Number Is Not A Primitive Root Of 301, Please Try Again!
Number Is Not A Primitive Root Of 301, Please Try Again!
Number Is Not A Primitive Root Of 301, Please Try Again!
Number Is Not A Primitive Root Of 301, Please Try Again!
Number Is Not A Primitive Root Of 301, Please Try Again!
Number Is Not A Primitive Root Of 301, Please Try Again!
Number Is Not A Primitive Root Of 301, Please Try Again!
252
259

Secret Key For User 1 Is 259
Secret Key For User 2 Is 259

Keys Have Been Exchanged Successfully


### 1.3 Principles of Secure Communications

### 1.3.1 Cryptographic Protocols and Their Uses

- **Overview**: Protocols such as TLS utilize the cryptographic tools described above to secure communications across networks.
- **Real-world applications**: Necessity for secure communications is paramount in applications such as web browsing, secure file transfers, and email.

### 1.3.2 Public Key Infrastructure (PKI)

- **Role and structure**: Manages digital certificates and encryption keys to provide secure communications.
- **Certificate Authorities (CA)**: Issues and manages security credentials and public keys for digital certificates.



# 2. SSL/TLS Protocol Analysis

## 2.1 Overview of the SSL/TLS Protocol

### 2.1.1 Protocol Structure and Layers

- **Breakdown**: Detailed overview of the SSL/TLS protocol stack.
- **Function and purpose of each layer**: Includes the Record Protocol, Handshake Protocol, among others.


### 2.1.2 The SSL/TLS Handshake

- **Detailed analysis of the handshake phases**:
  - **ClientHello, ServerHello**: Initial communication stages where parameters are negotiated.
  - **Server certificate and key exchange**: Server provides its certificate and optionally a key exchange method.
  - **Client key exchange**: Client responds with its key exchange data.
  - **Certificate verification**: Authentication of the server's certificate.
  - **Completion of the handshake**: Change Cipher Spec and Finished messages finalize the secure connection setup.

### 2.1.3 Session Establishment and Data Transmission

- **Establishing a secure connection**: Process of using negotiated keys for a secure communication session.
- **Symmetric key encryption for data transfer**: Mechanism to encrypt and decrypt messages using symmetric keys.

## 2.2 Certificate Authorities and Trust Models


### 2.2.1 Role of Certificate Authorities (CAs)
- **Contribution to security in SSL/TLS**: How CAs underpin the trust model by issuing and managing digital certificates.


### 2.2.2 Mathematical Models of Trust

- **Algorithms used for verifying certificate authenticity**: Examination of the algorithms that ensure a certificate is valid and trustworthy.
- **Analysis of trust models in digital communications**: Discuss how trust is established and maintained in cryptographic protocols.


# 3. Implementation and comparison

## 3.1 Using Existing Code Libraries

- **Overview of SSL/TLS Libraries**: Description of commonly used libraries such as OpenSSL, BoringSSL, and others.
- **Advantages of Using Libraries**: Discuss the benefits including reliability, community support, and compliance with standards.
- **Integration Examples**: Show how these libraries can be integrated into existing projects.


## 3.2 Implementing Own SSL/TLS Components

- **Challenges of Implementation**: Discuss the complexities involved in developing custom cryptographic protocols.
- **Component Development**: Detailed process of developing key components such as encryption, key exchange, and certificate handling from scratch.


## 3.3 Comparison Between Using Libraries and Custom Implementation

- **Performance Analysis**: Compare the performance of existing libraries with the custom implementations in terms of speed and resource usage.
- **Security Assessment**: Evaluate the security strengths and vulnerabilities of each approach.
- **Use Case Suitability**: Analyze which approach is more suitable for different types of applications and environments.


# 4. Conclusion

# Bibliography


1. https://www.geeksforgeeks.org/cryptography-and-its-types/
2. https://en.wikipedia.org/wiki/Symmetric-key_algorithm
3. https://en.wikipedia.org/wiki/Public-key_cryptography