HTTPS
HTTP Packageconsists of severeal headers- TCP
- IP
- Ethernet II
-
Frame
-
Each header is built on top of the previous header
Encryption
-
In HTTPS,
symmetric encryptionis used for data transfer -
Why
RSA(asymmetric) is not used in HTTPS - RSA encryption is slow
- For bi-directional communication, RSA key pairs are required on both sides
Cipher Suite
- Set of protocols to be used in the communication
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256ECDHE: Elliptic Curve Diffie Hellman ExchangeECDSA: Elliptic Curve Digital Signature Algorithm
Deliverying key for encryption
Without Diffie Hellman
- the TLS key is generated by the client
- The TLS key is encrypted with the server public key
-
The TLS key encrypted is sent to the server
-
Drawbacks!
- The same rsa key pair of the server is used both for authentication and data encryption
- RSA pair should be used only for authentication! Not for descryption
With Diffie Hellman
- The public key of the server is NOT used for encryption
-
The key for encryption is negotiate using diffie hellman algorithm
-
This algorithm generate keys over insecure public connection
- Nevertherless only they know the keys generated!
- Use one way function
- Modulus: (g^a mod p)^b mod p = g^ab mod p // (g^b mod p)^a mod p = g^ba mod p
- Elliptic curve (ECDHE): y^2 = x^3 + ax + b // m(nG) = n(mG)