From 63e04bbaac2afe712f06426e8590a592093df1d7 Mon Sep 17 00:00:00 2001 From: Tobias Eidelpes Date: Wed, 26 Aug 2020 10:56:18 +0200 Subject: [PATCH] Add figure for TLS-handshake and reference in text --- methods.tex | 58 +++++++++++++++++++++++++++++++++++--------------- references.bib | 12 ++++++++++- 2 files changed, 52 insertions(+), 18 deletions(-) diff --git a/methods.tex b/methods.tex index 88f03bf..cb9cfae 100644 --- a/methods.tex +++ b/methods.tex @@ -859,23 +859,47 @@ for example. \label{subsec:tls session resumption} \gls{TLS} \cite{rescorlaTransportLayerSecurity2018} is widely used today to -securely encapsulate communication across the web. For bandwidth savings and -better performance, it is possible to cache a \gls{TLS} session to allow reusing -an already established secure connection at a later point in time. Versions -prior to \gls{TLS} 1.3 used two mechanisms to accomplish this: \gls{TLS} session -identifiers and session tickets. Session identifiers are sent by the server -along with the initial handshake with the user agent. The identifier is randomly -generated and saved by the server so that the current session can be found -later. To resume a session, the user agent sends the identifier with the -ClientHello message to the server. The server can then match the identifier to -the previously initiated session and responds with the same session identifier -to signal to the user agent that the session can be resumed. Session tickets are -only issued by the server when the client has expressed support for them. They -are encrypted and provided by the server after a successful handshake via an -out-of-band message. The ticket contains all the necessary information to -reestablish a secure connection. When the user agent wishes to resume a -connection, the session ticket is sent along with the first ClientHello message -and the server can decrypt the ticket and resume the session. +securely encapsulate communication across the web. For the secured communication +to work, client and server first have to authenticate themselves and then agree +on protocol version, cipher suite and compression method. The exchange of this +information at the beginning of a connection is called a \emph{handshake}. +Figure~\ref{fig:tls-handshake} shows how the initial handshake is performed +after which both the client and the server are ready for sending and receiving +application data. For bandwidth savings and better performance, it is possible +to cache a \gls{TLS} session to allow reusing an already established secure +connection at a later point in time. Versions prior to \gls{TLS} 1.3 used two +mechanisms to accomplish this: \gls{TLS} session identifiers and session +tickets. Session identifiers are sent by the server along with the initial +handshake with the user agent. The identifier is randomly generated and saved by +the server so that the current session can be found later. To resume a session, +the user agent sends the identifier with the \emph{ClientHello} message to the +server. The server can then match the identifier to the previously initiated +session and responds with the same session identifier to signal to the user +agent that the session can be resumed. Session tickets are only issued by the +server when the client has expressed support for them. They are encrypted and +provided by the server after a successful handshake via an out-of-band message. +The ticket contains all the necessary information to reestablish a secure +connection. When the user agent wishes to resume a connection, the session +ticket is sent along with the first \emph{ClientHello} message and the server +can decrypt the ticket and resume the session. + +\begin{figure} + \begin{center} + \includegraphics[width=0.75\textwidth]{figures/tls-handshake.png} + \caption{A \gls{TLS}-handshake between a client and a server. First, the + client sends a \emph{ClientHello} message to the server which the + server has to answer with a \emph{ServerHello} message or else the + connection fails. These two initial messages establish protocol + version, session ID, cipher suite and compression method + \cite[p.~44]{rescorlaTransportLayerSecurity2008}. The server also + checks for a session resumption. If the client sends a session ID + with the \emph{ClientHello} message, the server knows that it should + resume a previously established connection. The next three messages + are used for the key exchange which allows client and server to + authenticate themselves.} + \label{fig:tls-handshake} + \end{center} +\end{figure} In \gls{TLS} version 1.3 \cite{rescorlaTransportLayerSecurity2018} the session identifiers and tickets have been replaced with a \gls{PSK}. Instead of sending diff --git a/references.bib b/references.bib index 50dc2e6..3dc8f38 100644 --- a/references.bib +++ b/references.bib @@ -1180,9 +1180,19 @@ Impact of CSS-based history detection}, note = {Accessed 2020-02-08} } +@misc{rescorlaTransportLayerSecurity2008, + title = {The {{Transport Layer Security}} ({{TLS}}) {{Protocol Version}} 1.2}, + author = {Rescorla, Eric}, + year = {2008}, + month = aug, + url = {https://tools.ietf.org/html/rfc5246}, + urldate = {2020-08-26}, + note = {Accessed 2020-08-26} +} + @misc{rescorlaTransportLayerSecurity2018, title = {The {{Transport Layer Security}} ({{TLS}}) {{Protocol Version}} 1.3}, - author = {Rescorla {$<$}ekr@rtfm.com{$>$}, Eric}, + author = {Rescorla, Eric}, year = {2018}, month = aug, url = {https://tools.ietf.org/html/rfc8446},