Understanding Data Encryption: Diffie-Hellman Key Exchange and TLS 1.3

Forget the maths, how about "https://" explained with paint!? IT Professionals, win Ixia gear here: http://bit.ly/NetworkMakeover Click to subscribe! ► http://bit.ly/KLabs_sub ◄ Ever wonder how the internet is encrypted? Watch Sarah and Mike explain TLS 1.3, Diffie-Hellman key exchanges, and modular arithmetic in a rather unexpected fashion…using paint! To find out more about TLS 1.3 and how to implement it on your network, check out this webinar: https://www.ixiacom.com/resources/4-keys-understanding-tls-13-and-active-ssl Learn more about security, testing, and active network intelligence by subscribing to our channel or visiting www.ixiacom.com. Other link: https://www.ixiacom.com/company/blog/introduction-internet-encryption More about TLS 1.3 Look at your URL bar right now. Do you see “https” in the website address? If it’s there, then be reassured — you aren’t at great risk. Does it only say “http” without the “s”? Then you should be worried. What does “https” mean? HTTPS stands for Hypertext Transfer Protocol Secure and it means what it sounds like it means — that your connection is secure. When a website you visit has HTTPS in the address bar, your computer and that website are exchanging data via secure channel. Usually, this is delivered using protocols called SSL (Secure Sockets Layer) and TLS (Transport Layer Security). In August 2018, the Internet Engineering Task Force passed the most recent standard for internet encryption — TLS 1.3. This standard update requires the generation of a new key pair, otherwise known as ephemeral keys, with every session. By creating ephemeral keys for every session, perfect forward secrecy is enforced. This means that if a hacker cracks one key and compromises a communication session, he/she cannot crack other communications from the past or in the future. The key generation method required by TLS 1.3 is called Diffie-Hellman Ephemeral or DHE. It is an algorithm built for robust cryptography and efficient ephemeral key creation. How does DHE work? For those of us who did not study computer science or computer engineering (or maybe just forgot), I am going to explain the basics of DHE with paint. Yes, you read that right. Let’s say Alice and Bob want to share a secret color that they don’t want anyone else to see. First, they each agree to a starting color that anyone can publicly see, say yellow. Second, Alice and Bob randomly select each of their own private colors to mix with yellow. Alice chooses red, and Bob wants blue. Alice’s mixture turns orange, and Bob’s turns green. Both mixtures disguise each of their private colors. Third, Alice sends her orange mixture to Bob, and Bob sends his green mixture to Alice. Someone from the outside looking at this exchange sees the colors yellow, green, and orange, but they cannot see the private colors. Finally, the magical step of the exchange: both Alice and Bob add their private colors to the mixture they received. Alice adds red to the green mixture, and Bob adds blue to the orange mixture. The final mixtures reveal the same brown-hued color for both Alice and Bob, their shared secret color. That person watching from the outside cannot see the shared secret color because they do not know what colors Alice and Bob added in private. Compromised data is everyone’s worst nightmare. A hacker can sell your information on the dark web, leak classified documents, demand ransom for information or photos, and track movements and activities. Hackers will use linked payment accounts to shop, expose your intellectual property, and steal your identity. The best way to prevent this is to use encryption in your network. And the most secure encrypted networks meet TLS 1.3 standards. As you can tell, it is important to encrypt data so that it remains secure. Keysight Bench Facebook page: https://www.facebook.com/keysightbench Keysight RF Facebook page: https://www.facebook.com/keysightrf EEs Talk Tech Electrical Engineering podcast: https://www.eestalktech.com https://www.youtube.com/KeysightPodcasts #HowInternetEncryptionWorks #TransportLayerSecurity #HTTPsEncryption #TLS13 #InternetEncryption #DiffieHellman #KeyExchange #InternetAlgorithm #InternetSecurity #Cybersecurity #InternetSecurity #DataEncryption