Thus far, we have seen many layers at which network traffic can be intercepted, modified, or fabricated.
Transport layer security (TLS) is a presentation-layer protocol for providing secure channels (encrypted and signed). Applications using TLS establish a connection that behaves like a TCP connection, but the traffic is first encrypted and signed before it is actually transmitted over the underlying TCP connection. In this lecture we discuss encryption broadly, in the next we will discuss how encryption is used in TLS.
Encryption is the process of taking a message (sometimes called the plaintext), and mathematically manipulating it so that an observer cannot distinguish it from random noise. The manipulated message is referred to as the cyphertext. The intended recipient (who has some additional knowlege) should be able to decrypt the message.
With Symmetric encryption (also called shared-key or secret-key encryption), the sender and recipient have a secret key that they both know but that no other party does.
The encryption algorithm E takes the plaintext p and the key k as input and produce the cypher text; the decryption algorithm D takes the cyphertext and the key as input and reproduces the plaintext:
D(E(p, k), k) = p
A simple example is a substitution cypher. Here the key is a table mapping each character to a different character. The sender replaces each character in the message using the table; the decryptor looks up each character in the cyphertext to find the original character of plaintext.
With asymmetric encryption (also called public key encryption), the recipient generates a public/private key pair (usually we use K to denote the public key and k to denote the private key). The keys K and k satisfy the following property:
D(E(p, K), k) = p
The public key can be freely disemminated, because it gives no information about the private key. The sender uses the recipient's public key to encrypt the message, but the private key must be used to decrypt.
Cryptography can also be used to ensure that messages are not tampered with. A signer can generate an unforgeable signature for a message; the recipient can then verify the signature to determine whether the message was corrupted or forged.
As with encryption, signatures can be symmetric or asymmetric. For symmetric signatures (also called message authentication codes), the sender and recipient share a secret which is used to generate the signature. The signature and verification algorithms satisfy the following property:
V(m, S(m, k), k) = "yes", and V(m, anything else, k) = "no"
An example signature algorithm would be to hash the message and the key together, which could be verified by rehashing the message and key and checking that they match. Any sender without the key would be unable to produce the correct hash.
Asymmetric signatures require the use of a public/private key pair. Here the signer uses the private key to sign the message; anyone with the public key can verify the signature:
V(m, S(m,k), K) = "yes"