---
title: "SSL - The Internet's Trust Protocol"
author: "Vahram Poghosyan"
date: "2023-01-13"
categories: ["Network Security"]
format:
  html:
    code-fold: true
jupyter: python3
include-after-body:
  text: |
    <script type="application/javascript" src="../../javascript/light-dark.js"></script>
---

# SSL/TLS - The Internet's Trust Protocol

**Secure Sockets Layer** (**SSL**) and its successor **Transport Layer Security** (**TLS**) are cryptographic protocols that provide security in communication over a computer network using a combination of *symmetric* and *asymmetric encryption* (both of which are introduced later in this post). The protocol is widely used for such applications as HTTPS (HTTP protocol extended with TLS encryption), email, instant messaging, etc.

## Asymmetric Encryption Diagrams

::: {#fig-asymmetric-encryption}

![Private and public keys](../../assets/network_and_security/ssl_the_internets_trust_protocol/ssl_diagram0.drawio.light.png){#fig-keys}

Each party has a set of public and private keys. 
:::

## Encryption

![SSL figure 1](../../assets/network_and_security/ssl_the_internets_trust_protocol/ssl_diagram1.drawio.light.png)

## Secure Communication

![SSL figure 3](../../assets/network_and_security/ssl_the_internets_trust_protocol/ssl_diagram3.drawio.light.png)

## Decryption

![SSL figure w](../../assets/network_and_security/ssl_the_internets_trust_protocol/ssl_diagram2.drawio.light.png)


![](../../assets/network_and_security/ssl_the_internets_trust_protocol/ssl_diagram1.drawio.dark.png){height=0}
![](../../assets/network_and_security/ssl_the_internets_trust_protocol/ssl_diagram2.drawio.dark.png){height=0}
![](../../assets/network_and_security/ssl_the_internets_trust_protocol/ssl_diagram3.drawio.dark.png){height=0}
![](../../assets/network_and_security/ssl_the_internets_trust_protocol/ssl_diagram0.drawio.dark.png){height=0}

# Explanation

These diagrams illustrate the fundamental concepts of asymmetric encryption and how SSL/TLS prevents man-in-the-middle attacks.

Basic Encryption/Decryption Process (Images 1 & 2):
Image 1 shows decryption: A cipher text is decrypted using a public key
Image 2 shows encryption: A message is encrypted using a private key
Together, these demonstrate the complementary nature of public/private key pairs
Security Against Man-in-the-Middle (Image 3):
Shows the secure communication setup between a Sender and Receiver
Each party has their own pair of keys:
Private key (represented by the solid key icon)
Public key (represented by the outlined key icon)
The "Man in the middle" attacker (shown with an X) cannot intercept the communication
This is because they don't have access to the private keys needed to decrypt the messages
Key Pair Distribution (Image 4):
Shows how both Sender and Receiver each maintain their own set of keys

Each party has:
1. A private key (kept secret)
2. A public key (shared with others)
3. This forms the basis of secure communication
4. The overall SSL/TLS process works by:

Both parties establish their identities using these key pairs

Messages are encrypted with the recipient's public key.
Only the intended recipient can decrypt the message using their private key.
This ensures that even if someone intercepts the communication, they cannot read the contents without the private key.
This asymmetric encryption system is a fundamental part of SSL/TLS security, though in practice, SSL/TLS also uses symmetric encryption for the actual data transfer after the initial handshake for better performance.

## How are the public and private keys related?

Public and private keys are mathematically related through complex cryptographic algorithms, but their relationship has some key properties:

### Mathematical Relationship

They are generated together using mathematical functions based on prime numbers
The most common algorithm (RSA) uses the product of two large prime numbers
The security relies on the fact that while multiplying large prime numbers is easy, factoring their product is extremely difficult (known as the factorization problem)
Complementary Function:
What one key encrypts, only the other key can decrypt
If the public key encrypts a message, only the private key can decrypt it
If the private key encrypts (signs) a message, only the public key can decrypt (verify) it
One-Way Function:
While the keys are related, it's computationally infeasible to derive the private key from the public key
This is known as a "trapdoor function" - easy to compute in one direction but extremely difficult to reverse
Even if someone has your public key, they cannot use it to figure out your private key

### Key Length Importance
The security of this relationship depends on the key length
Longer keys (like 2048 or 4096 bits) make it practically impossible with current technology to break the encryption by trying to derive the private key from the public key
This mathematical relationship is what makes asymmetric encryption possible while maintaining security - you can freely share your public key while keeping your private key secret, and the two will work together without compromising the system's security.



# Handwritten Notes

<iframe src="./notes/ssl_protocol.pdf" width="100%" height="500" frameborder="0" />