What this book covers

The book starts with a general introduction to cryptography in Part I, Getting Started. Part II, Shaking Hands, and Part III, Off the Record, are loosely organized around the most important subprotocols of TLS, the handshake protocol and the record protocol. Finally, Part IV, Bleeding Hearts and Biting Poodles, extensively covers known attacks on previous TLS versions at the handshake, record and implementation levels.

More specifically, this is what the individual chapters are about:

• Chapter 1, The Role of Cryptography in the Connected World, sets the scene by providing some answers to why there are so many insecure IT systems and how cryptography helps to mitigate our security problems.

• Chapter 2, Secure Channel and the CIA Triad, describes the general goals and objectives you can achieve with the help of cryptography and introduces cryptography’s main protagonists, Alice and Bob, and their ubiquitous opponents, Eve and Mallory.

• Chapter 3, A Secret to Share, teaches you what a cryptographic key – a secret shared by Alice and Bob – really is, why it is needed to establish a secure channel, and how long it has to be for Alice and Bob to communicate securely.

• Chapter 4, Encryption and Decryption, explains how keys are used together with cryptographic algorithms to encrypt and decrypt secret messages, and describes the prerequisites for secure encryption and decryption.

• Chapter 5, Entity Authentication, covers entity authentication, an important security objective from the CIA triad that assures Alice of the identity of Bob.

• Chapter 6, Transport Layer Security at a Glance, concludes Part I, Getting Started, by taking a first look at Transport Layer Security (TLS) and explores the role of the World Wide Web in the development of TLS.

• Chapter 7, Public-Key Cryptography, explains the mathematical techniques that enable secure key transport and key agreement over an insecure channel.

• Chapter 8, Elliptic Curves, introduces special mathematical objects that are widely used within TLS 1.3 because they allow the use of much shorter keys compared to traditional public-key cryptography schemes.

• Chapter 9, Digital Signatures, covers an important application of public-key cryptography which provides message integrity and authenticity and ensures another special security objective called non-repudiation.

• Chapter 10, Digital Certificates and Certification Authorities, shows how Bob can verify the authenticity of Alice’s public key by relying on a trusted third party.

• Chapter 11, Hash Functions and Message Authentication Codes, explains hash functions and message authentication codes, the main cryptographic mechanisms to ensure the authenticity of messages.

• Chapter 12, Secrets and Keys in TLS 1.3, examines in detail the different types of secrets and keys Alice and Bob establish during the TLS 1.3 Handshake protocol.

• Chapter 13, TLS Handshake Protocol Revisited, zooms out of the cryptographic details and gives a high-level description of the TLS handshake using state machines for the TLS server and the TLS client.

• Chapter 14, Block Ciphers and Their Modes of Operation, discusses how the TLS Record protocol uses block ciphers and their modes of operation to protect application data transmitted between Alice and Bob.

• Chapter 15, Authenticated Encryption, introduces a special block cipher mode of operation that combines encryption and message authentication in a single algorithm.

• Chapter 16, The Galois Counter Mode, gives a detailed description of the authenticated encryption algorithm that all TLS 1.3 implementations must support.

• Chapter 17, TLS Record Protocol Revisited, zooms out of technical and mathematical details again and revisits the TLS Record protocol by showing how the cryptographic mechanisms covered so far fit together.

• Chapter 18, TLS Cipher Suites, covers the combinations of ciphers and cryptographic algorithms that any TLS 1.3 endpoint must support and implement.

• Chapter 19, Attacks on Cryptography, describes attacks on cryptographic schemes and cryptographic protocols from a conceptual perspective.

• Chapter 20, Attacks on the TLS Handshake Protocol, studies actual, real-world attacks on the Handshake protocol in earlier TLS versions. These attacks either try to get hold of the key established during the handshake or to impersonate one of the communicating parties.

• Chapter 21, Attacks on the TLS Record Protocol, explores attacks on TLS records that aim to extract the data transmitted in the encrypted records.

• Chapter 22, Attacks on TLS Implementations, covers attacks that exploit implementation bugs in software stacks implementing TLS.