Do not take security for granted
Ever wondered what that little lock icon in your browser means? HTTPS stands for Secure HTTP, and indicates that the connection to the page you are browsing is encrypted. Someone intercepting data between you and the website should not be able to make use of it – they see it only as gibberish. Therefore if you submit sensitive information, such as credit card details, you should always pay attention that the connection is secure. If there is no such indicator, all of the information you submit is sent in cleartext and can be read by anyone.
Now let us hop into the details of how all of this works. If you have not read any of the previous encryption articles, you should probably do so before reading any further. They explain everything you need to know in order to understand what follows.
Establishing a secure connection can be achieved in several ways. They all have the following three steps in common:
1. the website you try to connect to authenticates its identity (proves it really is the one it claims to be)
2. using asymmetric cryptography a shared secret between your browser and the site is agreed upon
3. using symmetric cryptography, this shared secret is used to encrypt the entire communication
The reason for not using only asymmetric encryption is that performance wise it is far slower than its symmetric counterpart.
Let us discuss some of the methods commonly used and their potential disadvantages.
pure RSA key exchange
This is the simplest of all methods and only involves RSA encryption for both website authentication and key exchange.
1. When you first connect to a website, it provides you with its own certificate, which states the site name and its public key. Because the certificate is signed by an authority, you can safely accept its validity.
2. Your browser chooses a random password, encrypts it with the provided public key and sends it back to the site. Even if someone intercepted the encrypted password, they would still require the private key to actually reveal it.
3. Once the site receives the encrypted password you just sent, it decrypts it with its private key. From now on the entire data traffic can be encrypted (using symmetric encryption) with the password your browser chose.
Note that an eavesdropper has no way of figuring out what that password is. The only way to do that is to randomly guess it (brute-force attack) or to somehow obtain a copy of the site’s private key.
The biggest disadvantage of this method is that an attacker can listen to, and log the entire encrypted traffic between a site and its visitors. If the private key of the site is exposed at any point in the future, the attacker can decrypt all the previously stored communication. Therefore this method is said to provide no forward secrecy.
Diffie-Hellman RSA (DH_RSA) key exchange
This method adds an additional layer of security: the forward secrecy we just mentioned. Again, forward secrecy means that even if the private key is compromised, every past connection remains secured. RSA is used only for website authentication and Diffie-Hellman as the key exchange method.
1. When you first connect to a website, it provides you with its own certificate, which states the site name and its public key. In addition, the certificate states the parameters g and (gb) for a DH key exchange. Because the certificate is signed by an authority, you can safely accept its validity.
2. Your browser chooses a random private number a, calculates (ga) and sends it back to the website (encrypted with the site’s public key).
3. Your browser calculates (gb)a and the website calculates (ga)b.
4. Because (gb)a = (ga)b, this number is used as the password to encrypt and decrypt any further communication using symmetric key cryptography.
Even if the private key of the website was leaked at any point in the future, it would reveal no information about the symmetric passwords. An attacker who logged all encrypted communication would still need to figure out the private exponents a for each connection/session. Note that b is fixed and does not change. This means that an attacker needs to calculate this number only once. After this it is only a matter of calculating a to decrypt an entire session. This is still not an easy task and would require an enormous amount of computing power.
Ephemeral Diffie-Hellman RSA (DHE_RSA) key exchange
This method is exactly the same as DH_RSA with the only difference being that the server-side parameters g and (gb) are not preset and not identical for every session. Instead, the website dynamically chooses a different parameter g and b for every single connection. The result is an increased overall security by a factor of two, since an attacker who possesses the private key, will be required to not only figure out a, but also b for each connection/session. The method is said to provide perfect forward secrecy.
Diffie-Hellman DSA (DH_DSA) and Ephemeral Diffie-Hellman (DHE_DSA) key exchange
These methods are identical with DH_RSA and DHE_RSA, except that they use an alternative implementation of public key cryptography, known as DSA (Digital Signature Algorithm) in place of RSA. DSA has no clear advantages over RSA and in its core it relies on the discrete logarithm problem instead of the prime factorisation problem as does RSA.
Elliptic Curve Variations
As we just read, the Diffie-Hellman key exchange and DSA rely on the discrete logarithm problem. This can be translated into the realm of elliptic curves, which I will discuss in more detail in a future post. The elliptic curve discrete logarithm problem has the performance advantage that it requires smaller numbers while providing a much stronger security than the traditional discrete log. For example, with traditional discrete log you would require 100-digit long numbers to be relatively secure, while elliptic curve discrete log would only require 30-digit long numbers for the same level of security (the numbers are rough estimates). Thus the following four variations exist:
Elliptic Curve Diffie-Hellman RSA (ECDH_RSA)
– uses RSA for authentication and Elliptic Curve DH for key exchange
Elliptic Curve Ephemeral Diffie-Hellman RSA (ECDHE_RSA)
– uses RSA for authentication and Ephemeral Elliptic Curve DH for key exchange
Elliptic Curve Diffie-Hellman DSA (ECDH_ECDSA)
– uses Elliptic Curve DSA for authentication and Elliptic Curve DH for key exchange
Elliptic Curve Ephemeral Diffie-Hellman DSA (ECDHE_ECDSA)
– uses Elliptic Curve DSA for authentication and Ephemeral Elliptic Curve DH for key exchange
Elliptic curves are slowly taking over due to the performance and security advantages they offer. Currently Google uses ECDHE_RSA and Facebook uses ECDHE_ECDSA.