The world is full of protocols . They are also not technology-related. The word protocol refers to the official way of working. It is a set of rules, rituals and actions to ensure smooth operation.
In the computing world, especially when it comes to networking, protocols allow different systems to communicate with each other. TCP / IP or Transmission Control Protocol / Internet Protocol is the most important when it comes to the Internet. This means that any two networked devices can connect, shake hands, and communicate with each other.
When it comes to encryption, we also have protocols that describe how things should be done at a technological level. These are known as cryptographic protocols.
What's in a cryptographic protocol?
To better understand cryptographic protocols, it is helpful to know what they specifically do. While not all cryptographic protocols have the same scope and functionality, they often include some of these features:
- Key agreement and / or exchange
- Authentication
- Encryption
- Reliability
Key agreement and exchange
A key agreement in a cryptographic context refers to two entities that want to securely exchange data and must generate a cryptographic key to do this. However, the key must be in something that neither of them can predict in advance. Thus, the information provided by both parties is used to generate a key, the exact shape of which no one can control.
This is different from key exchange, where one party generates a key and sends it to the other, but it is much simpler. However, this means that you need a way to pass this key to the other party so that a third party does not intercept it. You can of course encrypt your key. But that just means you have two keys to worry about.
Key negotiation is one way to solve the key distribution problem. Another is to use public key encryption . Here, each party has a key pair consisting of a public and private key. Public keys can be sent out for everyone to see. However, the corresponding private key can only decrypt what they encrypt.
One of the problems with the key agreement is that there is no two-party authentication. So, another important component of the protocol is the authentication method.
Authentication
It's one thing to protect actual data between two parties with encryption; making sure both parties are what they say is quite another matter.
This is the main problem of cryptography on the Internet. How do you know that there is no "man in the middle" who pretends to be the other side in both directions and inserts their cryptographic keys? All they have to do is decrypt the messages with the keys they tricked sides A and B with before simply passing on the information.
Obviously, without authentication, nothing on the Internet would be secure. So many different methods have been developed. Often as an adjunct to key agreement protocol. After all, it lacks authentication.
Public key cryptography (which I mentioned above) is a popular authentication method. Along with digital signatures and certificates that use a cryptographic technique known as hashing to authenticate parties.
Encryption
The core of the cryptographic protocol, of course, is the encryption algorithm itself that it uses. This is a fairly large topic, and we have articles that explain both the encryption itself and the various algorithms that are used to implement it elsewhere.
In short, encryption is the art of using a special technique to transform a simple message into encoded form. The only way to reverse this process is to either figure out the vulnerability in the encryption process, guess, guess the key, or steal it.
Vulnerabilities are discovered from time to time, which means that a newer algorithm is needed. It will take millions of years with modern technology to guess the key by brute force, and key theft is mitigated by the security of key exchange protocols. Overall, modern encryption is pretty secure!
Reliability
You will see that the term " non-repudiation" is often used in discussions of digital cryptography. What does it mean?
To deny something is to deny the truth of something. Strongly reject it. Any cryptographic protocol must provide protection against authorship. In other words, it must be designed in such a way that neither party can subsequently deny that they signed or sent the message.
Think of it this way. You sign a contract, but then you decide that you really didn't want to do it. Thus, you deny that the signature belongs to you and that you made it. However, you cannot refuse your signature. This was seen by two independent witnesses. Thus, this signature method provides protection against authorship.
Public key pairs verified with digital signatures and certificates are the main ways to prevent non-repudiation these days. So far, this method has worked well.
SSL and TLS
Two of the most widely used and best known protocols are SSL (secure socket layer) and TLS (transport layer security). The main function of both protocols is to provide authentication and data encryption between network devices such as servers and PCs.
SSL is an older protocol. It was developed by Netscape back in 1995. This happened shortly after the appearance of the World Wide Web itself. We started with SSL 2.0. The first of them never made it to the public release. Version 3.0 was released in 1996 after fixing some vulnerabilities. This continued until 1999, when TLS was released instead.
Nobody should be using SSL today. There is a chance that this old protocol is insecure, but it is also slow. At the very least, it would be a logical choice. Of course, there are many more web servers that run SSL. It is recommended that you disable SSL support in your browser. Allow it to only connect to TLS sites.
All protocols are followed
Cryptographic protocols are bringing order to the world of digital encryption. Without some agreed upon standards, different encryption solutions simply would not work. Browsers will be inundated with thousands of custom solutions. Therefore, we should be grateful that there is enough standardization in the wild west of the Internet to ensure uninterrupted and secure communication. Without them, there could be no modern network.
Obviously, the protocols in use today are constantly under attack. Both criminals and security researchers. Researchers trying to find vulnerabilities before the bad guys do. For example, it was the POODLE attack that made SSL 3.0 unusable for security. Even TLS 1.2 is vulnerable if configured incorrectly. However, the latest version solves the problem.
Undoubtedly, today's protocols will fail sooner or later. But the moment this happens, a newer and smarter one will appear. Yes, not everyone needs to know which protocol is running in the background. However, this is an interesting topic and obviously very important.
