The main stages of development of the cryptographic protocols SSL/TLS and IPsec

I. V. Martynenkov

Geodesic

Parcourir par

The main stages of development of the cryptographic protocols SSL/TLS and IPsec

I. V. Martynenkov

Prikladnaâ diskretnaâ matematika, no. 1 (2021), pp. 31-67.

Voir la notice de l'article provenant de la source Math-Net.Ru

Résumé

The paper discusses the main stages of development of cryptographic protocols from SSL 2.0 ({Secure Socket Layer}) to TLS 1.3 (Transport Layer Security), which ensure the protection of transport layer data in the OSI model. A brief description of the modification of the RuTLS protocol based on TLS 1.3 and their main differences is given. The development of IPsec, which provides cryptographic protection of communications at the network level of the OSI model, is considered using examples of the development of the three most commonly used protocols. These include IKE (Internet Key Exchange), AH (Authentication Header), and ESP (Encapsulation Security Payload). For the SSL/TLS and IPsec specifications, the basic handshake protocols and the main stages of their development are considered. The described handshakes include primary cryptographic information exchange cycles in the form of identifiers of interaction participants, one-time numbers, lists of supported cryptographic combinations. Authentication of participants based on certificates, shared symmetric keys, data exchange for establishing a shared Diffie — Hellman secret, development of key material for secret keys of communication sessions, message authentication, and other cryptographic parameters are presented. For different versions of SSL/TLS and IPsec, the logical structures of application data cryptographic protection functions are described.

Keywords: cryptographic protocols, SSL, TLS, IPsec.

@article{PDM_2021_1_a2,
     author = {I. V. Martynenkov},
     title = {The main stages of development of the cryptographic protocols {SSL/TLS} and {IPsec}},
     journal = {Prikladna\^a diskretna\^a matematika},
     pages = {31--67},
     publisher = {mathdoc},
     number = {1},
     year = {2021},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/PDM_2021_1_a2/}
}

TY  - JOUR
AU  - I. V. Martynenkov
TI  - The main stages of development of the cryptographic protocols SSL/TLS and IPsec
JO  - Prikladnaâ diskretnaâ matematika
PY  - 2021
SP  - 31
EP  - 67
IS  - 1
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/PDM_2021_1_a2/
LA  - ru
ID  - PDM_2021_1_a2
ER  -

%0 Journal Article
%A I. V. Martynenkov
%T The main stages of development of the cryptographic protocols SSL/TLS and IPsec
%J Prikladnaâ diskretnaâ matematika
%D 2021
%P 31-67
%N 1
%I mathdoc
%U http://geodesic.mathdoc.fr/item/PDM_2021_1_a2/
%G ru
%F PDM_2021_1_a2

I. V. Martynenkov. The main stages of development of the cryptographic protocols SSL/TLS and IPsec. Prikladnaâ diskretnaâ matematika, no. 1 (2021), pp. 31-67. http://geodesic.mathdoc.fr/item/PDM_2021_1_a2/

Bibliographie
Cité par

[1] E. B. H. Kipp, The SSL Protocol, Netscape Communications Corp., 1995, 26 pp. (Expires 10/95) https://tools.ietf.org/html/draft-hickman-netscape-ssl-00

[2] T. Polk, S. Turner, Prohibiting Secure Sockets Layer (SSL) Version 2.0, RFC 6176, Internet Engineering Task Force (IETF), 2011, 4 pp. https://tools.ietf.org/html/rfc6176

[3] A. Freier, P. Karlton, P. Kocher, The Secure Sockets Layer (SSL) Protocol Version 3.0, RFC 6101, Internet Engineering Task Force (IETF), 2011, 67 pp. https://tools.ietf.org/html/rfc6101

[4] C. Allen, T. Dierks, The TLS Protocol Version 1.0, RFC 2246, Network Working Group, 1999, 80 pp. https://tools.ietf.org/html/rfc2246

[5] B. Kaliski, PKCS#1: RSA Encryption Standard, version 1.5, RFC 2313, Network Working Group, 1998, 19 pp. https://tools.ietf.org/html/rfc2313

[6] T. Dierks, E. Rescorla, The Transport Layer Security (TLS) Protocol Version 1.1, RFC 4346, Network Working Group, 2006, 87 pp. https://tools.ietf.org/html/rfc4346

[7] J. Jonsson, B. Kaliski, Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1, RFC 3447, Network Working Group, 2003, 72 pp. https://tools.ietf.org/html/rfc3447

[8] W. Ford, R. Housley, W. Polk, D. Solo, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, RFC 3280, Network Working Group, 2002, 129 pp. https://tools.ietf.org/html/rfc3280

[9] Security of CBC Ciphersuites in SSL/TLS: Problems and Countermeasures, , 2004 http://www.openssl.org/b̃odo/tls-cbc.txt

[10] T. Dierks, E. Rescorla, The Transport Layer Security (TLS) Protocol Version 1.2, RFC 5246, Network Working Group, 2008, 104 pp. https://tools.ietf.org/html/rfc5246

[11] D. Eastlake 3rd., Transport Layer Security (TLS) Extensions: Extension Definitions, RFC 6066, Internet Engineering Task Force (IETF), 2011, 25 pp. https://tools.ietf.org/html/rfc6066

[12] M. Dworkin, Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality, NIST Special Publication 800-38C, 2004, 27 pp.

[13] M. Dworkin, Recommendation for Block Cipher Modes of Operation: Galois / Counter Mode (GCM) and GMAC, NIST Special Publication 800-38D, 2007, 39 pp.

[14] D. McGrew, An Interface and Algorithms for Authenticated Encryption, RFC 5116, Network Working Group, 2008, 22 pp. https://tools.ietf.org/html/rfc5116

[15] N. Mavrogiannopoulos, Using OpenPGP Keys for Transport Layer Security (TLS) Authentication, RFC 5081, Network Working Group, 2007, 8 pp. https://tools.ietf.org/html/rfc5081

[16] S. Blake-Wilson, N. Bolyard, V. Gupta et al., Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS), RFC 4492, Network Working Group, 2006, 35 pp. https://tools.ietf.org/html/rfc4492

[17] D. Bleichenbacher, “Chosen ciphertext attacks against protocols based on RSA Encryption Standard PKCS#1”, CRYPTO-98, LNCS, 1462, 1998, 1–12 | Zbl

[18] V. Klima, O. Pokorny, T. Rosa, Attacking RSA-based Sessions in SSL/TLS, Cryptology ePrint Archive, Report 2003/052, 2003, 23 pp.

[19] Digital Signature Standard (DSS), NIST FIPS PUB 186-3, 2009, 131 pp. https://csrc.nist.gov/publications/detail/fips/186/3/archive/2009-06-25

[20] E. Rescorla, The Transport Layer Security (TLS) Protocol Version 1.3, RFC 8446, Internet Engineering Task Force (IETF), 2018, 160 pp. https://tools.ietf.org/html/rfc8446

[21] P. Eronen, H. Krawczyk, HMAC-based Extract-and-Expand Key Derivation Function (HKDF), RFC 5869, Internet Engineering Task Force (IETF), 2010, 14 pp. https://www.rfc-editor.org/info/rfc5869

[22] IEEE Standard Specifications for Public Key Cryptography, IEEE Std 1363-2000, 2000, 236 pp. https://standards.ieee.org/standard/1363-2000.html

[23] M. Hamburg, A. Langley, S. Turner, Elliptic Curves for Security, RFC 7748, Internet Research Task Force (IRTF), 2016, 22 pp. https://tools.ietf.org/html/rfc7748

[24] Grebnev S. V., Lazareva E. V., Lebedev P. A., et al., “Integration of domestic shared key generation protocols into TLS 1.3”, Prikladnaya Diskretnaya Matematika. Prilozhenie, 2018, no. 11, 62–65 (in Russian)

[25] Matyukhin D. V., On some properties of public key generation schemes that use the public key infrastructure in the context of developing standardized cryptographic solutions, 2011 (in Russian)

[26] Nesterenko A. Y., “About one approach to building secure connections”, Matematicheskiye Voprosy Kriptografii, 4:2 (2013), 101–111 (in Russian)

[27] Grebnev S. V., On the possibility of standardizing protocols for generating a shared key, RusKripto, M., 2014 (in Russian)

[28] D. Carrel, D. Harkins, The Internet Key Exchange (IKE), RFC 2409, Network Working Group, 1998, 41 pp. https://tools.ietf.org/html/rfc2409

[29] H. Orman, The Oakley Key Determination Protocol, RFC 2412, Network Working Group, 1998, 55 pp. https://tools.ietf.org/html/rfc2412

[30] H. Krawczyk, “SKEME: A versatile secure key exchange mechanism for Internet”, Proc. Internet Society Symp. on Network and Distributed Systems Security (San Diego, CA, USA, 1996), 114–127

[31] D. Maughhan, M. Schertler, M. Schneider, J. Turner, Internet Security Association and Key Management Protocol (ISAKMP), RFC 2408, 1998 https://tools.ietf.org/html/rfc2408

[32] B. Schneier, Applied Cryptography: Protocols, Algorithms and Source Code in C, 2nd ed, Wiley, N.Y., 1996, 783 pp. | MR | Zbl

[33] C. Kaufman, Internet Key Exchange (IKEv2) Protocol, RFC 4306, Network Working Group, 2005, 99 pp. https://tools.ietf.org/html/rfc4306

[34] D. Piper, The Internet IP Security Domain of Interpretation for ISAKMP, RFC 2407, Network Working Group, 1998, 32 pp. https://tools.ietf.org/html/rfc2407

[35] B. Aboba, L. Blunk, J. Carlson et al., Extensible Authentication Protocol (EAP), RFC 3748, Network Working Group, 2004, 67 pp. https://tools.ietf.org/html/rfc3748

[36] N. Asokan, V. Nierni, K. Nyberg, Man-in-the-Middle in Tunneled Authentication Protocols, Cryptology ePrint Archive, Report 2002/163, 2002, 15 pp.

[37] B. Monsour, R. Pereira, A. Shacham, M. Thomas, IP Payload Compression Protocol (IPComp), RFC 3173, Network Working Group, 2001, 13 pp. https://tools.ietf.org/html/rfc3173

[38] L. DiBurro, A. Huttunen, M. Stenberg et al., UDP Encapsulation of IP Security ESP Packets, RFC 3948, Network Working Group, 2005, 15 pp. https://tools.ietf.org/html/rfc3948

[39] D. Black, S. Floyd, K. Ramakrishnan, The Addition of Explicit Congestion Notification (ECN) to IP, RFC 3168, Network Working Group, 2001, 63 pp. https://tools.ietf.org/html/rfc3168

[40] S. Kent, K. Seo, Security Architecture for the Internet Protocol, RFC 4301, Network Working Group, 2005, 101 pp. https://tools.ietf.org/html/rfc4301

[41] P. Eronen, P. Hoffman, C. Kaufman, Y. Nir, Internet Key Exchange Protocol Version 2 (IKEv2), RFC 5996, Internet Engineering Task Force (IETF), 2010, 138 pp. https://tools.ietf.org/html/rfc5996

[42] P. Eronen, P. Hoffman, IKEv2 Clarifications and Implementation Guidelines, RFC 4718, Network Working Group, 2006, 58 pp. https://tools.ietf.org/html/rfc4718

[43] T. Berners-Lee, R. Fielding, H. Frystyk et al., Hypertext Transfer Protocol HTTP/1.1, RFC 2616, Network Working Group, 1999, 176 pp. https://tools.ietf.org/html/rfc2616

[44] P. Eronen, J. Laganier, C. Madson, IPv6 Configuration in Internet Key Exchange Protocol Version 2 (IKEv2), RFC 5739, Internet Engineering Task Force (IETF), 2010, 32 pp. https://tools.ietf.org/html/rfc5739

[45] R. Atkinson, The IP Authentication Header, RFC 1826, Network Working Group, 1995, 13 pp. https://tools.ietf.org/html/rfc1826

[46] P. Metzger, W. Simpson, IP Authentication with Keyed MD5, RFC 1828, Network Working Group, 1995, 5 pp. https://tools.ietf.org/html/rfc1828

[47] R. Atkinson, S. Kent, IP Authentication Header, RFC 2402, Network Working Group, 1998, 22 pp. https://tools.ietf.org/html/rfc2402

[48] S. Kent, IP Authentication Header, RFC 4302, Network Working Group, 2005, 34 pp. https://tools.ietf.org/html/rfc4302

[49] D. Eastlake 3rd., Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH), RFC 4305, Network Working Group, 2005, 9 pp. https://tools.ietf.org/html/rfc4305

[50] R. Atkinson, IP Encapsulating Security Payload (ESP), RFC 1827, Network Working Group, 1995, 12 pp. https://tools.ietf.org/html/rfc1827

[51] R. Atkinson, S. Kent, IP Encapsulating Security Payload (ESP), RFC 2406, Network Working Group, 1998, 22 pp. https://tools.ietf.org/html/rfc2406

[52] S. Kent, IP Encapsulating Security Payload (ESP), RFC 4303, Network Working Group, 2005, 44 pp. https://tools.ietf.org/html/rfc4303