Applications of encryption in modern systems

 Asymmetric encryption applications

By nature asymmetric encryption allowed us to sign and verify information easily. Here are some application areas and we will deep dive into some complicated questions. 

  • JWT 
  • HTTPs
Json Web Tokens by nature considered secure authentication tokens. Its simple and effective implementation allowed developers to sign and verify tokens easily.

JWT consists of 3 parts - header, payload and signature.

header - contains all the signing algorithm related information mostly (such as which algorithm used, token type etc.)
payload - contains information developer wants to store in the token. These information should not be long and private but rather user specific values (such as session id, user id, expire date etc.).
signature - This part is the most important part of JWT which used to verify the token itself. 

Signature formed by header and payload values namely :

 SHA256( Base64(header) + "." + Base64(payload) + SECRET )

Output of this operation then used as input of RSA encryption with private key (if JWT algorithm is selected as RSA). Then output encoded as base64 and appended encoded and dot joined header and payload combination.


There are other algorithms we can use other than plain RSA such as HS256 (HMAC + SHA256) HS512 etc.

HMAC - Hash based Message Authentication Code is used protect integrity of the private data sent over internet. Let's say person A sending data to person B via network they employ hashing to check integrity. But attacker somehow gained access to local network and noticed the pattern text + --- + hash  as a result he altered and calculated the new hash value send to person B. As we can see it is possible to alter data namely affect the integrity of it. To overcome this HMAC created. For this algorithm we need extra secret and hash function. HMAC = hash(message+secret) . As simple as that. 


HMAC  - is used to prevent manipulation of data and symmetric way of encryption.
RSA - both prevent manipulation also identify the source (only who has private key can sign)


RSA - public keys always used for verification of JWT but on the other hand private key used to encrypt hash of the data (header + payload). So when system verifies, it first calculates hash of header + payload and compares with decrypted hash.

HTTPs


Most popular application area of encryption. HTTPs alone uses Hashing, AES, RSA (old) /Diffie-Helman (modern) algorithms to ensure secure communication.

Let's remember that in asymmetric encryption everyone can encrypt data using public key and only who has private key can decrypt it (Encryption of data). But opposite is also true, so we can use private key to encrypt and public key to decrypt the value (Verification). 

We must keep this in mind that public key can be derived from private key, vice versa is not true.

Let's deep dive into it:

When you enter https://google.com into your tab and press enter. (Neglecting all tcp handshake, dns resolution and focusing on just certificate validation and handshake part)
  
1. Browser sends related information such as version, which encryption it supports etc. to the server.
2. Server on the other hand sends its own certificate.
3. Client checks certificate validity :
  • Checks expire date
  • Checks issues of certificate 
  • Calculates hash of certificate and decrypts signature via public key that comes with the cert. And compares final values (hashes). Certificate signature contains hash of certificate encrypted with private key.  Certificate root authorities sign the certificate embed public key inside and distributes.
4. If checks passed, client generates new random secret and encrypts it with public key in the certificate.
5. Server receives encrypted secret and decrypts it via private key.
6. Finally AES symmetric encryption used to encrypt communication between client and server.


Comments

Post a Comment

Popular posts from this blog

S3 - Create a static website

Image
 S3 - Create a static website Creating static website with S3 bucket is very easy. This will make not only your website fast but also hassle-free and cheap alternative to traditional hosting. Please read this post before going further -  https://www.learn-aws.com/2024/11/s3.html  Create a bucket and set the permissions.  Click on the bucket, and navigate to the "Properties" tab, scroll down you will see this option. Edit it like below. Create a simple index.html file like the one below and upload it with the files you used in index file. In this case "aws.png" is also uploaded into the bucket as well. <html> <title> Hello from AWS S3 </title> <body> <img src="aws.png" alt="AWS"> </body> </html>  If we do everything right, we will be able to see rendered html when we copy and paste the link in the index file's link in S3 service.
Read more

AWS - Databases DynamoDB, RDS

Image
AWS - Databases There are 3 main database types in software world: Relational databases (MySql, Postgre, Amazon RDS etc.) Non-relational databases (Mongo, Amazon DynamoDB etc.) Graph databases (Amazon Neptune, NebulaGraph etc.) For your specific use case they have advantages and disadvantages.  We will cover relational and non-relational databases in this post.  Relational databases - as name implies stores information based on defined relation. Organized by tables, columns, rows. Supports complex queries and joins. Non-relational databases - contrary to the relational databases non-relational databases are more flexible. Documents, key/value, columns and graphs are some forms can be used to organize data. Databases in Amazon There are few ways to use database in AWS : Database on EC2 - We deploy any database software onto our instance and use it like this. Amazon RDS  - Amazon provided service, under the hood you can use (MySql,Postgre,Maria Amazon Aurora etc.) relationa...
Read more

AWS Infrastructure as Code - Cloudformation

Image
 AWS Infrastructure as Code - Cloudformation In AWS cloudformation we have to know 3 important concept: Stack Template ChangeSet Let's give simple definition to these but it will be clear with hands on example. Template - is a yaml or json file we create. This file serves a purpose of containing the infrastructure of code (also known as Infrastructure as Code - IaC). This means this file provides the directions to AWS what to create and how to connect building blocks. Stack - on the other hand is collection of AWS resources, you can use a single unit. ChangeSet - allows you to see changes before applying into stack. Let's create a simple stack using template : The template below will create simple webpage using user-data and EC2, will allow connections for ports 22,80  Resources : MyEC2Instance : Type : AWS::EC2::Instance Properties : AvailabilityZone : eu-north-1a ImageId : ami-05edb7c94b324f73c InstanceType : t3.micro SecurityGroups : ...
Read more