zenon/bachelorarbeit
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add figure for TLS-handshake and reference in text

Browse Source
This commit is contained in:
Tobias Eidelpes 2020-08-26 10:56:18 +02:00
parent 2516694883
commit 63e04bbaac
2 changed files with 52 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
methods.tex
View File

@ -859,23 +859,47 @@ for example.
\label{subsec:tls session resumption} \label{subsec:tls session resumption}
\gls{TLS} \cite{rescorlaTransportLayerSecurity2018} is widely used today to \gls{TLS} \cite{rescorlaTransportLayerSecurity2018} is widely used today to
securely encapsulate communication across the web. For bandwidth savings and securely encapsulate communication across the web. For the secured communication
better performance, it is possible to cache a \gls{TLS} session to allow reusing to work, client and server first have to authenticate themselves and then agree
an already established secure connection at a later point in time. Versions on protocol version, cipher suite and compression method. The exchange of this
prior to \gls{TLS} 1.3 used two mechanisms to accomplish this: \gls{TLS} session information at the beginning of a connection is called a \emph{handshake}.
identifiers and session tickets. Session identifiers are sent by the server Figure~\ref{fig:tls-handshake} shows how the initial handshake is performed
along with the initial handshake with the user agent. The identifier is randomly after which both the client and the server are ready for sending and receiving
generated and saved by the server so that the current session can be found application data. For bandwidth savings and better performance, it is possible
later. To resume a session, the user agent sends the identifier with the to cache a \gls{TLS} session to allow reusing an already established secure
ClientHello message to the server. The server can then match the identifier to connection at a later point in time. Versions prior to \gls{TLS} 1.3 used two
the previously initiated session and responds with the same session identifier mechanisms to accomplish this: \gls{TLS} session identifiers and session
to signal to the user agent that the session can be resumed. Session tickets are tickets. Session identifiers are sent by the server along with the initial
only issued by the server when the client has expressed support for them. They handshake with the user agent. The identifier is randomly generated and saved by
are encrypted and provided by the server after a successful handshake via an the server so that the current session can be found later. To resume a session,
out-of-band message. The ticket contains all the necessary information to the user agent sends the identifier with the \emph{ClientHello} message to the
reestablish a secure connection. When the user agent wishes to resume a server. The server can then match the identifier to the previously initiated
connection, the session ticket is sent along with the first ClientHello message session and responds with the same session identifier to signal to the user
and the server can decrypt the ticket and resume the session. agent that the session can be resumed. Session tickets are only issued by the
server when the client has expressed support for them. They are encrypted and
provided by the server after a successful handshake via an out-of-band message.
The ticket contains all the necessary information to reestablish a secure
connection. When the user agent wishes to resume a connection, the session
ticket is sent along with the first \emph{ClientHello} message and the server
can decrypt the ticket and resume the session.
\begin{figure}
\begin{center}
\includegraphics[width=0.75\textwidth]{figures/tls-handshake.png}
\caption{A \gls{TLS}-handshake between a client and a server. First, the
client sends a \emph{ClientHello} message to the server which the
server has to answer with a \emph{ServerHello} message or else the
connection fails. These two initial messages establish protocol
version, session ID, cipher suite and compression method
\cite[p.~44]{rescorlaTransportLayerSecurity2008}. The server also
checks for a session resumption. If the client sends a session ID
with the \emph{ClientHello} message, the server knows that it should
resume a previously established connection. The next three messages
are used for the key exchange which allows client and server to
authenticate themselves.}
\label{fig:tls-handshake}
\end{center}
\end{figure}
In \gls{TLS} version 1.3 \cite{rescorlaTransportLayerSecurity2018} the session In \gls{TLS} version 1.3 \cite{rescorlaTransportLayerSecurity2018} the session
identifiers and tickets have been replaced with a \gls{PSK}. Instead of sending identifiers and tickets have been replaced with a \gls{PSK}. Instead of sending

12
references.bib
View File

@ -1180,9 +1180,19 @@ Impact of CSS-based history detection},
note = {Accessed 2020-02-08} note = {Accessed 2020-02-08}
} }
@misc{rescorlaTransportLayerSecurity2008,
title = {The {{Transport Layer Security}} ({{TLS}}) {{Protocol Version}} 1.2},
author = {Rescorla, Eric},
year = {2008},
month = aug,
url = {https://tools.ietf.org/html/rfc5246},
urldate = {2020-08-26},
note = {Accessed 2020-08-26}
}
@misc{rescorlaTransportLayerSecurity2018, @misc{rescorlaTransportLayerSecurity2018,
title = {The {{Transport Layer Security}} ({{TLS}}) {{Protocol Version}} 1.3}, title = {The {{Transport Layer Security}} ({{TLS}}) {{Protocol Version}} 1.3},
author = {Rescorla {$<$}ekr@rtfm.com{$>$}, Eric}, author = {Rescorla, Eric},
year = {2018}, year = {2018},
month = aug, month = aug,
url = {https://tools.ietf.org/html/rfc8446}, url = {https://tools.ietf.org/html/rfc8446},