Show awareness of the Secure Socket Layer (SSL)/Transport Layer Security (TLS)

Resources | Subject Notes | Computer Science

A-Level Computer Science - 17.1 Encryption, SSL/TLS

17.1 Encryption, Encryption Protocols and Digital Certificates

This section explores the fundamental concepts of encryption, how secure communication is established using protocols like SSL/TLS, and the role of digital certificates in verifying identities.

Encryption Fundamentals

What is Encryption?

Encryption is the process of converting readable data (plaintext) into an unreadable format (ciphertext) to protect its confidentiality. Decryption is the reverse process of converting ciphertext back to plaintext.

Types of Encryption

Symmetric-key encryption: Uses the same key for both encryption and decryption. Examples include AES and DES.
Asymmetric-key encryption: Uses a pair of keys – a public key for encryption and a private key for decryption. Examples include RSA and ECC.

Hashing

Hashing is a one-way function that takes an input and produces a fixed-size output (hash value). It's used for data integrity checks. If the input data changes, the hash value will also change.

Secure Socket Layer (SSL) / Transport Layer Security (TLS)

What is SSL/TLS?

SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic protocols that provide secure communication over a network. They are commonly used to secure web traffic (HTTPS).

How SSL/TLS Works

Handshake: The client and server negotiate encryption parameters (cipher suites) and exchange digital certificates.
Key Exchange: A secure method (e.g., Diffie-Hellman) is used to establish a shared secret key.
Encrypted Communication: All data exchanged between the client and server is encrypted using the shared secret key.

Cipher Suites

A cipher suite specifies the algorithms used for key exchange, encryption, and message authentication. Common components include:

Key Exchange Algorithm: e.g., RSA, Diffie-Hellman (DH), Elliptic-Curve Diffie-Hellman (ECDH)
Encryption Algorithm: e.g., AES, ChaCha20
Message Authentication Code (MAC) Algorithm: e.g., HMAC

Phase Action Data Transferred

Client Hello Client sends its supported cipher suites. Client's supported cipher suites

Server Hello Server selects a cipher suite and sends its certificate. Server's selected cipher suite, Server's certificate

Certificate Verification Client verifies the server's certificate. Server's certificate

Key Exchange Client and server exchange keys. Session key

Encrypted Communication Data is encrypted and sent. Encrypted data

Phase	Action	Data Transferred
Client Hello	Client sends its supported cipher suites.	Client's supported cipher suites
Server Hello	Server selects a cipher suite and sends its certificate.	Server's selected cipher suite, Server's certificate
Certificate Verification	Client verifies the server's certificate.	Server's certificate
Key Exchange	Client and server exchange keys.	Session key
Encrypted Communication	Data is encrypted and sent.	Encrypted data

Digital Certificates

What are Digital Certificates?

A digital certificate is an electronic document that verifies the identity of a website or other entity. It contains information such as the entity's public key, its name, and the issuing Certificate Authority (CA).

Certificate Authorities (CAs)

CAs are trusted organizations that issue and manage digital certificates. Web browsers have a list of trusted CAs.

Certificate Validation

When a client connects to a server using SSL/TLS, the server presents its digital certificate. The client verifies the certificate by checking:

Validity Period: The certificate is not expired.
Issuer: The certificate was issued by a trusted CA.
Hostname: The certificate is for the hostname the client is trying to access.

Figure

Suggested diagram: A visual representation of the SSL/TLS handshake process, showing the exchange of certificates and keys between a client and a server.