Cryptography in Computer Networking Part 2 (Network Security)

Introduction

In my previous post [Cryptography in Computer Networking Part 1]. I provided a brief description of the computer network’s architecture and network layers. Now I am going to provide a detailed explanation of how data is encrypted and decrypted on the Internet using cryptography. There are a lot of internet protocols around which use cryptography for encrypting data. Almost all protocols use public key (asymmetric key) cryptography algorithms or combined versions of asymmetric key and symmetric key algorithms in order to provide Internet Security. Although cryptography has a long history dating back at least theRoman Empire, modern cryptographic techniques, including many of those used in the Internet, are based on advances made in the past 30–40 years, particularly Public Key Cryptography.
In this post I am going to provide and explain how an Application Layer protocol HTTP (HyperText Transfer Protocol) uses cryptography in order to provide secure, as much as it can be, communications over a computer network. Why HTTP ?

HTTP & HTTPS

HTTP is an Application Layer protocol and mostly used by the World Wide Web (WWW).
For example, when you enter a URL in your browser, this actually sends an HTTP packet(s) to the Web server (nowadays the fashion name is cloud) directing it to fetch and transmit the requested Web page. The secure version of HTTP is called HTTPS where ‘S’ stands for ‘Secure’ and it is widely used on the Internet. Currently you are using (more precisely your browser is using) HTTPS in order to read this post. In addition, your browser uses HTTPS in order to safely login your Facebook account. HTTPS is used to protect highly confidential online transactions, such as online banking and online shopping, and so on.

So, HTTPS makes sure that communications between your node (node can be any device that is connected to the network) and other node(s) on the Internet are encrypted and in order to do that HTTPS uses Transport Layer Security (TLS), or its predecessor, Secure Sockets Layer (SSL).

WARNING: if you use a website where connection is not HTTPS then DO NOT provide or type any sensitive data. You can identify it by looking at your browser’s URL. When the URL begins with https: rather than http, then connection is secure.

Secure Sockets Layer (SSL)

Secure Sockets Layer (SSL) protocol, a slightly modified version of SSL called Transport Layer Security (TLS), is a cryptographic protocol designed to provide communication security over a computer network, particularly TCP connections. SSL/TLS is supported by all popular Web browsers and Web servers, and it is used by almost all Internet commerce sites, such as Amazon, Google, Facebook, and so on.

Since SSL secures TCP connections, it can be employed by any application that runs over TCP. For example, HTTP protocol. SSL provides a simple Application Programmer Interface (API) with sockets. When an application wants to employ SSL, the application includes the SSL library.
Process of using the SSL library is shown in Figure 1.

Figure 1.

Although SSL/TLS does not fit neatly into any single layer of the OSI model, from the developer’s perspective it is a Transport Layer protocol.

How SSL Works ?

I will try to provide a simplified version of SSL, which will allow you to get a big-picture overview of how it works. SSL has three steps:

1. Handshake
2. Key Derivation
3. Data Transfer

Let’s give an example of these three steps for a communication session between a client (Bob) and a server (Alice). I assume that Alice and Bob have their own public & private key pairs and a certificate that binds their identity to their public key.

SSL Handshake

During the handshake step, Bob needs to

1. Establish a TCP connection with Alice.
2. Verify that Alice is actually Alice.
3. Send Alice a Master Secret Key (MSK) by encrypting it using Alice’s public key. MSK will be used by both Alice and Bob to generate all the symmetric keys they need for the SSL session.

These three steps are shown in Figure 2.

Figure 2.

After verifying that certificate belongs to Alice, Bob then generates a Master Secret Key, which will only be used for this SSL session. It encrypts the MSK with Alice’s public key to create the Encrypted Master Secret Key (EMSK) and sends the EMSK to Alice. Alice decrypts the EMSK with her private key to get the MSK. After this step, both Bob and Alice, and no one else, know the MSK for this SSL session.

Key Derivation

Though MSK can be used as the symmetric session key for encryption, decryption and data integrity checking, but it would be safer for Alice and Bob to each use different cryptographic keys, and also to use different keys for encryption and integrity checking. Thus, both Alice and Bob use the MSK to generate four keys:

1. Session encryption key for data sent from Bob to Alice - EB
2. Session Message Authentication Code (MAC) key for data sent from Bob to Alice - MB
3. Session encryption key for data sent from Alice to Bob - EA
4. Session Message Authentication Code (MAC) key for data sent from Alice to Bob - MA

At the end of the Key Derivation phase, both Alice and Bob have all four keys. The two encryption keys will be used to encrypt data, the two MAC keys will be used to verify the integrity of the data.

Data Transfer

Now that Alice and Bob share the same four session keys (EB, MB, EA, and MA), they can start to send secure data to each other over the TCP connection.

A Big Picture Overview Of SSL

In reality SSL protocol is a little bit complicated but I provided the main idea and steps on how it works. SSL protocol does not mandate the use of a specific symmetric key algorithm, a specific public key algorithm, or a specific MAC. Instead, SSL allows you to agree on the cryptographic algorithms at the beginning of the SSL session, during the handshake. Additionally, during the handshake, Alice and Bob send nonces to each other, which are used in the creation of the session keys.

As I did not dig deep into the Handshake, Key Derivation and Data Transfer steps, I am going to write another post to explain exactly how the SSL protocol works.