Pre-requisite
TCP/IP networking basics.
Goal
The goal of this series is to learn about SSL/TLS in details with explanation in Tamil language.
Target Audience
Computer Science, Information Tech., Engineering students or IT professionals or whoever is interested in learning SSL/TLS (assuming they know TCP/IP networking basics), especially those who want to learn this technology using Tamil as medium of instruction.
What is covered?
See the details in the English version.
Series Playlist:
Please watch the description below each video just in case if there is any ERRATA. I will also include the ERRATA on this page.
Episodes
Episode-1
– What is SSL/TLS?
– Where does it appear on TCP/IP model?
– History of SSL
– a glimpse of SSL packets in Wireshark and tshark
– popular SSL libraries
Episode-2
– confidentiality, integrity, authenticity, non-repudiation, no-replay
– cryptology, cryptography, cryptanalysis
– encryption/decryption, key, key generator
– modular arithmetic, mod 2 addition, XOR
– XOR speciality and XOR as encryption function
Episode-3
– private/secret key cryptography
– public key cryptography
– symmetric and asymmetric cipher
– stream cipher and block cipher
– synchronous and asynchronous stream cipher
– RC4, A5/1, A5/2, SALSA20, CHACHA20
– hardware based stream cipher: Grain128a
– RC4 demo using openssl
Episode-4
– RC4
– block cipher
– DES, 3DES, AES, A5/3, CAMELLIA, ARIA, blowfish, twofish
– DES/3DES security
Episode-5
– USSR competing standard to DES
– GOST 28147-89 (Magma)
– GOST R34.12-2015 (Kuznyechik)
– GOST security
– block cipher: what is secure permutation and mode of operation
Episode-6
– DES/3DES security review
– CAMELLIA from Japan
– ARIA from South Korea
– AES
In this episode Rijndael is wrongly written as Rijadael. RIJNDAEL is the correct spelling.
Episode-7
– Block Cipher: Mode of Operation
– ECB mode (how it works and drawbacks)
– role of IV or Nonce in achieving a probabilistic encryption (and hence to hide statistical properties in the plaintext)
– CBC mode (how it works)
Episode-8
– des-ecb, des-cbc demo using openssl
– observe “deterministic” and “probabilistic” encryption respectively in the demo
– block cipher padding demo using des and openssl
– counter CTR mode of operation
– demo to observe what block cipher, key and mode of operation used in popular websites that use HTTPS
Episode-9
– concept of parity bit in DES key
– DES in practise 56bit key vs 64 bit using openssl
– 3DES in practise 168 bit key vs 192 bit key using openssl
– 3DES demo using key ring option#1
– 3DES demo using key ring option#2
– password to key/IV using PBKDF
– what is a salt? why it is used with password
– seeing the encrypted output using base64 encoding
– binary vs base64 encoding
– how base64 encoding works
– AES demo (in CBC mode)
– K-128/192/256 vs IV size
Episode-10
– SSL very brief overview (parameter exchange, certificate exchange and authentication, key exchange, handshake integrity check, encrypted application data communication)
– where are we now in this series?
– hashing function
– cryptographic vs non-cryptographic hash function
– MD5
– security of a hash function
– preimage resistance
– second preimage resistance
– collision resistance
– MD5 security
– birthday paradox
– birthday attack
Aadhar card reference in the video is a joke; don’t take it seriously 🙂
Episode-11
– MD5 collision demo
– SHA-0 and its security
– SHA-1 and its security
– SHA-1 collision demo
– SHA-2 {224, 256, 384, 512} and its security
– NIST SHA-3 competition
– SHA-3
– SHAKE (Keccak – Extendable Output Function)
– BLAKE2
– Chinese SM3 hash function
– Russian StreeBog hash function
– Ukraine Kupyna hash function
Episode-12
– MAC (Message Authentication Code)
– authenticity, integrity
– non-repudiation
– Digital Signature (e.g. using RSA)
– MAC vs Digital Signature
– MAC using hash function
– secret-prefix MAC
– secret-suffix MAC
– MAC: length extension attack
– Merkle–Damgård construction used in hash function
– MAC: diff key/message size attack
– MAC: collision attack
– HMAC
– HMAC-SHA256 demo
Episode-13
– where are we in this series?
– problems with symmetric key cryptography
– key exchange problem
– large number of keys
– maintenance nightmare
– e.g. World War II: German Enigma
– WWII: code breakers at Bletchley Park
– WWII: Alan Turing Bombes
– WWII: German Lorenz Cipher
– WWII: British Colossus at Bletchley Park
– Very brief history of Public Key Cryptography
– Ralph Merkle and public key distribution
– Whitfield Diffie
– Martin Hellman
– Invention of Diffie-Hellman Key Exchange and Digital Signature
– Ronald Rivest
– Adi Shamir
– Leonard Adleman
– Invention of RSA algorithm and full fledged practical public key crypto system
– The unsung heroes of public key cryptography
– secret project at GCHQ
– James Ellis
– Clifford Cocks
– Malcolm Williamson
Episode-14
– How RSA works
– n, p, q, e, d, Euler’s Totient Function
– RSA encryption/decryption
– RSA signature generation/verification
– demo using openssl
– demo using python3
ERRATA
1) In the past episode, I made a wrong statement that 3DES was one of the algorithm submitted in AES competition. This is a mistake. There were 15 algorithms (Rijndael, MARS, RC6, Serpent, Twofish, CAST-256, CRYPTON, DEAL, DFC, E2, FROG, HPC, LOKI97, MAGENTA, SAFER+) submitted in AES competition but 3DES is not one of them. 3DES was in use much before AES was finalized. When people found that DES is theoretically broken, immediately they needed an interim solution (until a much secure 128 bit block cipher is ready which came in the form of AES later) and hence decided to use 3DES (basically 3 rounds of DES). Sorry for my mistake in previous episode. I am human 🙂
2) In episode-6 Rijndael is wrongly written as Rijadael. RIJNDAEL is the correct spelling.
MKS notes. 