The main stages of development of the cryptographic protocols SSL/TLS and IPsec | Prikladnaya Diskretnaya Matematika - Applied Discrete Mathematics. 2021. № 51. DOI: 10.17223/20710410/51/2

The paper discusses the main stages of development of cryptographic protocols from SSL 2.0 (Secure Socket Layer) to TLS 1.3 (Transport Layer Security), which ensure the protection of transport layer data in the OSI model. A brief description of the modification of the RuTLS protocol based on TLS 1.3 and their main differences is given. The development of IPsec, which provides cryptographic protection of communications at the network level of the OSI model, is considered using examples of the development of the three most commonly used protocols. These include IKE (Internet Key Exchange), AH (Authentication Header), and ESP (Encapsulation Security Payload). For the SSL/TLS and IPsec specifications, the basic handshake protocols and the main stages of their development are considered. The described handshakes include primary cryptographic information exchange cycles in the form of identifiers of interaction participants, one-time numbers, lists of supported cryptographic combinations. Authentication of participants based on certificates, shared symmetric keys, data exchange for establishing a shared Diffie - Hellman secret, development of key material for secret keys of communication sessions, message authentication, and other cryptographic parameters are presented. For different versions of SSL/TLS and IPsec, the logical structures of application data cryptographic protection functions are described.

Download file

Counter downloads: 89

Title The main stages of development of the cryptographic protocols SSL/TLS and IPsec
Headline The main stages of development of the cryptographic protocols SSL/TLS and IPsec
Publesher Tomsk State University
Issue Prikladnaya Diskretnaya Matematika - Applied Discrete Mathematics 51 3/2021
Date: 3/2021
DOI 10.17223/20710410/51/2

Keywords

cryptographic protocols, SSL, TLS, IPsec

Authors

Martynenkov I. V.

Astrakhan State Technical University

mivpost@yandex.ru

References

Kipp E. B. H. The SSL Protocol. Netscape Communications Corp., 1995 (Expires 10 / 95). 26 p. https://tools.ietf.org/html/draft-hickman-netscape-ssl-00.

Polk T. and Turner S. Prohibiting Secure Sockets Layer (SSL) Version 2.0. RFC 6176. Internet Engineering Task Force (IETF), 2011. 4p. https://tools.ietf.org/html/rfc6176.

Freier A, Karlton P., and Kocher P. The Secure Sockets Layer (SSL) Protocol Version 3.0. RFC 6101. Internet Engineering Task Force (IETF), 2011. 67p. https://tools.ietf.org/ html/rfc6101.

Allen C. and Dierks T. The TLS Protocol Version 1.0. RFC 2246. Network Working Group, 1999. 80p. https://tools.ietf.org/html/rfc2246.

Kaliski B. PKCS#1: RSA Encryption Standard, version 1.5. RFC 2313. Network Working Group, 1998. 19p. https://tools.ietf.org/html/rfc2313.

Dierks T. and Rescorla E. The Transport Layer Security (TLS) Protocol Version 1.1. RFC 4346. Network Working Group, 2006. 87 p. https://tools.ietf.org/html/rfc4346.

Jonsson J. and Kaliski B. Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1. RFC 3447. Network Working Group, 2003. 72 p. https://tools.ietf.org/html/rfc3447.

Ford W., Housley R., Polk W., and Solo D. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 3280. Network Working Group, 2002. 129p. https://tools.ietf.org/html/rfc3280.

http://www. openssl.org/~bodo/tls-cbc.txt - Security of CBC Ciphersuites in SSL/TLS: Problems and Countermeasures, 2004.

Dierks T. and Rescorla E. The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246. Network Working Group, 2008. 104 p. https://tools.ietf.org/html/rfc5246.

Eastlake D. 3rd. Transport Layer Security (TLS) Extensions: Extension Definitions. RFC 6066. Internet Engineering Task Force (IETF), 2011. 25 p. https://tools.ietf.org/ html/rfc6066.

Dworkin M. Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality. NIST Special Publication 800-38C, 2004. 27p.

Dworkin M. Recommendation for Block Cipher Modes of Operation: Galois / Counter Mode (GCM) and GMAC. NIST Special Publication 800-38D, 2007. 39 p.

McGrew D. An Interface and Algorithms for Authenticated Encryption. RFC 5116. Network Working Group, 2008. 22 p. https://tools.ietf.org/html/rfc5116.

Mavrogiannopoulos N. Using OpenPGP Keys for Transport Layer Security (TLS) Authentication. RFC 5081. Network Working Group, 2007. 8p. https://tools.ietf.org/ html/rfc5081.

Blake-Wilson S., Bolyard N., Gupta V., et al. Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS). RFC 4492. Network Working Group, 2006. 35 p. https://tools.ietf.org/html/rfc4492.

Bleichenbacher D. Chosen ciphertext attacks against protocols based on RSA Encryption Standard PKCS#1 // CRYPTO’98. LNCS. 1998. V. 1462. P.1-12.

Klima V., Pokorny O, and Rosa T. Attacking RSA-based Sessions in SSL/TLS. Cryptology ePrint Archive: Report 2003/052, 2003. 23 p.

https://csrc.nist.gov/publications/detail/fips/186/3/archive/2009-06-25 - Digital Signature Standard (DSS). NIST FIPS PUB 186-3, 2009. 131 p.

Rescorla E. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446. Internet Engineering Task Force (IETF), 2018. 160p. https://tools.ietf.org/html/rfc8446.

Eronen P. and Krawczyk H. HMAC-based Extract-and-Expand Key Derivation Function (HKDF). RFC 5869. Internet Engineering Task Force (IETF), 2010. 14p. https://www. rfc-editor.org/info/rfc5869.

https://standards.ieee.org/standard/1363-2000.html - IEEE Standard Specifications for Public Key Cryptography. IEEE Std 1363-2000, 2000. 236p.

Hamburg M., Langley A., and Turner S. Elliptic Curves for Security. RFC 7748. Internet Research Task Force (IRTF), 2016. 22 p. https://tools.ietf.org/html/rfc7748.

Гребнев С. В., Лазарева Е. В., Лебедев П. А. и др. Интеграция отечественных протоколов выработки общего ключа в протокол TLS 1.3 // Прикладная дискретная математика. Приложение. 2018. №11. C. 62-65.

Матюхин Д. В. О некоторых свойствах схем выработки общего ключа, использующих инфраструктуру открытых ключей, в контексте разработки стандартизированных криптографических решений. 2011. https://www.ruscrypto.ru/resource/archive/rc2011/ files/02_matyukhin.pdf.

Нестеренко А. Ю. Об одном подходе к построению защищенных соединений // Математические вопросы криптографии. 2013. №4:2. C. 101-111.

Гребнев С. В. О возможности стандартизации протоколов выработки общего ключа. РусКрипто, М., 2014. https://www.ruscrypto.ru/resource/archive/rc2014/files/03_ grebnev.pdf.

Carrel D. and Harkins D. The Internet Key Exchange (IKE). RFC 2409. Network Working Group, 1998. 41 p. https://tools.ietf.org/html/rfc2409.

Orman H. The Oakley Key Determination Protocol. RFC 2412. Network Working Group, 1998. 55 p. https://tools.ietf.org/html/rfc2412.

Krawczyk H. SKEME: A versatile secure key exchange mechanism for Internet // Proc. Internet Society Symp. on Network and Distributed Systems Security, San Diego, CA, USA, 1996. P.114-127.

Maughhan D., Schertler M., Schneider M., and Turner J. Internet Security Association and Key Management Protocol (ISAKMP). RFC 2408. 1998. https://tools.ietf.org/html/ rfc2408.

Schneier B. Applied Cryptography: Protocols, Algorithms and Source Code in C, 2nd ed. N.Y.: Wiley, 1996. 783 p.

Kaufman C. Internet Key Exchange (IKEv2) Protocol. RFC 4306. Network Working Group, 2005. 99p. https://tools.ietf.org/html/rfc4306.

Piper D. The Internet IP Security Domain of Interpretation for ISAKMP. RFC 2407. Network Working Group, 1998. 32 p. https://tools.ietf.org/html/rfc2407.

Ababa B., Blunk L., Carlson J., et al. Extensible Authentication Protocol (EAP). RFC 3748. Network Working Group, 2004. 67 p. https://tools.ietf.org/html/rfc3748.

Asokan N., Nierni V., and Nyberg K. Man-in-the-Middle in Tunneled Authentication Protocols. Cryptology ePrint Archive: Report 2002/163, 2002. 15 p.

Monsour B., Pereira R., Shacham A., and Thomas M. IP Payload Compression Protocol (IPComp). RFC 3173. Network Working Group, 2001. 13p. https://tools.ietf.org/html/ rfc3173.

DiBurro L., Huttunen A., Stenberg M., et al. UDP Encapsulation of IP Security ESP Packets. RFC 3948. Network Working Group, 2005. 15 p. https://tools.ietf.org/html/rfc3948.

Black D., Floyd S., and Ramakrishnan K. The Addition of Explicit Congestion Notification (ECN) to IP. RFC 3168. Network Working Group, 2001. 63p. https://tools.ietf.org/ html/rfc3168.

Kent S. and Seo K. Security Architecture for the Internet Protocol. RFC 4301. Network Working Group, 2005. 101 p. https://tools.ietf.org/html/rfc4301.

Eronen P., Hoffman P., Kaufman C., and Nir Y. Internet Key Exchange Protocol Version 2 (IKEv2). RFC 5996. Internet Engineering Task Force (IETF), 2010. 138 p. https://tools. ietf.org/html/rfc5996.

Eronen P. and Hoffman P. IKEv2 Clarifications and Implementation Guidelines. RFC 4718. Network Working Group, 2006. 58 p. https://tools.ietf.org/html/rfc4718.

Berners-Lee T., Fielding R., Frystyk H., et al. Hypertext Transfer Protocol - HTTP / 1.1. RFC 2616. Network Working Group, 1999. 176p. https://tools.ietf.org/html/rfc2616.

Eronen P., Laganier J., and Madson C. IPv6 Configuration in Internet Key Exchange Protocol Version 2 (IKEv2). RFC 5739. Internet Engineering Task Force (IETF), 2010. 32 p. https://tools.ietf.org/html/rfc5739.

Atkinson R. The IP Authentication Header. RFC 1826. Network Working Group, 1995. 13 p. https://tools.ietf.org/html/rfc1826.

Metzger P. and Simpson W. IP Authentication with Keyed MD5. RFC 1828. Network Working Group, 1995. 5p. https://tools.ietf.org/html/rfc1828.

Atkinson R. and Kent S. IP Authentication Header. RFC 2402. Network Working Group, 1998. 22 p. https://tools.ietf.org/html/rfc2402.

Kent S. IP Authentication Header. RFC 4302. Network Working Group, 2005. 34p. https: //tools.ietf.org/html/rfc4302.

Eastlake D. 3rd. Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH). RFC 4305. Network Working Group, 2005. 9p. https://tools.ietf.org/html/rfc4305.

Atkinson R. IP Encapsulating Security Payload (ESP). RFC 1827. Network Working Group, 1995. 12 p. https://tools.ietf.org/html/rfc1827.

Atkinson R. and KentS. IP Encapsulating Security Payload (ESP). RFC 2406. Network Working Group, 1998. 22 p. https://tools.ietf.org/html/rfc2406.

Kent S. IP Encapsulating Security Payload (ESP). RFC 4303. Network Working Group, 2005. 44 p. https://tools.ietf.org/html/rfc4303.

The main stages of development of the cryptographic protocols SSL/TLS and IPsec | Prikladnaya Diskretnaya Matematika - Applied Discrete Mathematics. 2021. № 51. DOI: 10.17223/20710410/51/2

Download full-text version

Counter downloads: 290