Understand encryption protocols (TLS/SSL, IPsec)

🔐 1 Data Processing and Information – Encryption Protocols (TLS/SSL, IPsec)

What is Encryption?

Think of encryption as a secret diary. You write a note (your data) and then lock it with a key so only someone with the right key can read it. In the digital world, encryption turns readable data into a scrambled form that looks like random gibberish to anyone who doesn’t have the key.

TLS/SSL – The Web’s Secret Handshake 🤝

TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are like the friendly handshake you do before exchanging a secret note. They ensure that:

  1. Both parties know each other’s identity (authentication).
  2. The data they send is unreadable to eavesdroppers (confidentiality).
  3. Neither party can tamper with the data without being detected (integrity).

The handshake works in steps:

  1. Client says, “I want to talk securely.”
  2. Server replies with its digital certificate (like a passport).
  3. Both agree on a shared secret key using the Diffie–Hellman or RSA algorithm.
  4. They start sending encrypted data.

In LaTeX: The shared secret key $K_{shared}$ is derived by both parties: $K_{shared} = g^{ab} \mod p$ (Diffie–Hellman).

IPsec – Securing the Internet’s Roads 🚗

While TLS protects the “conversation” inside a web page, IPsec secures the entire “road” that data travels on. It works at the network layer, meaning it can protect any traffic, not just web traffic.

  • Transport Mode: Encrypts only the payload (the actual data). Good for end‑to‑end security.
  • Tunnel Mode: Encrypts the entire IP packet, including headers. Great for VPNs.

IPsec uses two main protocols:

  • AH (Authentication Header): Provides integrity and authentication.
  • ESP (Encapsulating Security Payload): Provides confidentiality (encryption) and optionally authentication.

Key exchange can use IKEv2 (Internet Key Exchange version 2), which is like a secure courier that delivers the keys safely.

Comparison Table 📊

Feature TLS/SSL IPsec
Layer Transport (Application) Network
Typical Use HTTPS, SMTP, IMAP VPNs, site‑to‑site links
Encryption Scope Application data only Entire packet (tunnel mode)
Key Exchange Diffie–Hellman / RSA IKEv2

Exam Tips for A-Level IT 9626 📚

  • Remember the acronyms: TLS = Transport Layer Security, IPsec = Internet Protocol Security.
  • Know the handshake steps: ClientHello → ServerHello → Certificate → Key Exchange → Finished.
  • Understand modes: Transport vs Tunnel in IPsec.
  • Use analogies: Handshake = friendly greeting; tunnel = secure under‑ground passage.
  • Practice diagramming: Draw the flow of a TLS handshake and label each part.
  • Answer “why” questions: Why does TLS use certificates? Why does IPsec encrypt headers in tunnel mode?

Revision

Log in to practice.

0 views 0 suggestions