28 Internet Protocol Stack with TLS

The TLS layer runs between the Application and Transport layer. The encryption is transparent to the Application layer. Normal TCP and IP protocols etc. can be used at the low layers.

The TLS protocol

TLS Handshake : Establishing a Secure Connection

$$\begin{array}{rl}1.& C\to S:\text{ClientHello (Supported ciphers, random nonce)}\\ 2.& S\to C:\text{ServerHello (Chosen cipher, random nonce)}\\ 3.& S\to C:\text{Certificate (Server’s public key signed by CA)}\\ 4.& C\to S:\text{Key Exchange (Pre-master secret encrypted with Server’s public key)}\\ 5.& C\to S:\text{Finished (Client’s verification message)}\\ 6.& S\to C:\text{Finished (Server’s verification message)}\end{array}$$

Key Exchange Options :

• RSA : Client encrypts pre-master secret with server’s public key.
• Diffie-Hellman : Client and server derive a shared secret. After the handshake, all communication is encrypted using the negotiated symmetric key.

Handshake in Alice and Bob

TLS Handshake Steps

$$\begin{array}{rl}1.& C\to S:N_C\\ 2.& S\to C:N_S,{\text{Cert}}_S\\ 3.& C\to S:E_S(K_{\text{seed}}),\{{\text{Hash}}_1{\}}_{K_{CS}}\\ 4.& S\to C:\{{\text{Hash}}_2{\}}_{K_{CS}}\end{array}$$

Hash Computation :

$$\begin{array}{rl}{\text{Hash}}_1& =\#(N_C,N_S,E_S(K_{\text{seed}}))\\ {\text{Hash}}_2& =\#(N_C,N_S,E_S(K_{\text{seed}}),\{{\text{Hash}}_1{\}}_{K_{CS}})\end{array}$$

Session Key Generation :

$$K_{CS}=f(N_C,N_S,K_{\text{seed}})\text{where }{K}_{CS}\text{ is the session key derived from }{N}_C,N_S\text{ and }{K}_{\text{seed}}.$$

Mapping TLS Message Flow to Cryptographic Representation

clientHello ($C\to S$)

• Textual : Client sends a random nonce and supported cipher list.
• Mathematical : $C\to S:N_C$
• $N_c$ is the client’s none, used in key derivation and preventing replay attacks.

serverHello + Certificates ($S\to C$)

• Textual : Server responds with a random nonce and chosen cipher suite.
• Server sends it certificates (signed by CA).
• Mathematical : $S\to C:N_S,Cer{t}_S$
• $N_S$ is the server’s random nonce, and $Cer{t}_S$ is the server certificate containing its public key.

Key Exchange ($C\to S$)

• Textual : Client encrypts a pre-master secret with the server’s public key.
• Mathematical : $C\to S:E_S(K_{\text{seed}}),\{{\text{Hash}}_1{\}}_{K_{CS}}$
• $E_S(K_{seed})$ : The pre-master secret encrypted with the server’s public key.
• $Has{h}_1$ ensures integrity and is encrypted using the session key $K_{cs}$.

Server Verifies and Responds ($S\to C$)

• Textual : Server verifies handshake and confirms key agreement.
• Mathematical : $C:\{{\text{Hash}}_2{\}}_{K_{CS}}$
• $Has{h}_2$ is computed over handshake data, confirming mutual agreement.

Key Derivation

• Textual : Both sides derive the session key using nonces and exchanged key material.
• Mathematical : $K_{CS}=f(N_C,N_S,K_{\text{seed}})$
• $f$ is a Key Derivation Function (KDF) that combines $N_C$, $N_S$ and $K_{seed}$ to generate $K_{CS}$.

Weaknesses in TLS

Configuration Weaknesses :

• Cipher Downgrading (forcing weaker ciphers)
• Self-Signed Certificates (no trusted authority)