What TLS Design Lessons Can Revolutionize Modern Secure Communications?

6. TLS Protocol Insights – Modern Secure Communication Design

After reviewing many analyses and cases, we can summarize common problems and typical design decisions in cryptographic communication protocols.

Design Decision Points

Four basic algorithm families – encryption, MAC, signature, key exchange – how to choose? Use AEAD for symmetric encryption (AES‑128‑GCM, AES‑256‑GCM, ChaCha20‑Poly1305). For signatures in mobile, prefer ECDSA‑P‑256 or Ed25519 over RSA. For key exchange, Curve25519 or P‑256 are optimal.

Should we combine symmetric encryption with authentication, or use AEAD directly?

Which signature algorithm to pick? RSA, ECDSA, or Ed25519?

Should we add a version‑number mechanism for future algorithm updates? Recommendation: include a version field in the key‑exchange step.

Is RSA a good choice for key exchange considering PFS? Recommendation: drop RSA; it performs worse than ECDSA, produces larger signatures, lacks forward secrecy, and increases key‑management risk.

Is building a private PKI advisable? It can improve security, but revoking a certificate quickly requires releasing a new client version.

Should we stick with OpenSSL or consider alternatives such as crypto++, Botan, NaCl/libsodium, PolarSSL? libsodium offers Ed25519, Curve25519, ChaCha20‑Poly1305.

How to mitigate replay attacks – sequence numbers or nonces?

How to prevent man‑in‑the‑middle tampering of the handshake?

Performance: can server CPU consumption for private‑key operations be tolerated? Use session tickets or session IDs for caching; tickets are preferable.

Latency: how many RTTs does key exchange require, minimum possible, and how does caching affect it compared with TCP?

Is there still room to squeeze more performance out of TLS servers, or design a faster protocol?

7. Appendix: Fundamental Cryptographic Concepts

The article is already long; the following list provides brief pointers and reference material for basic concepts.

1. Block Ciphers

AES and related research.

AEAD introduction – Imperial Violet.

Debate on three composition methods.

CBC‑mode + MAC‑then‑encrypt padding‑oracle attacks, TLS POODLE.

128‑bit vs 256‑bit key size debate.

NIST technical standard for AES‑GCM.

Example GCM usage (GitHub).

DES break in one day (2008).

iPhone 5S A7 hardware AES acceleration (825 % speedup).

2. Stream Ciphers

RC4, ChaCha20, etc.

RC4 is no longer secure.

3. Hash Functions

MD5, SHA‑1, SHA‑256, SHA‑512, RIPEMD‑160, Poly1305.

MD5 collisions demonstrated.

4. Message Authentication Codes

HMAC‑SHA256, AEAD.

Why MACs are needed.

Flickr API signature forgery case.

5. Key Exchange

DH, ECDH, RSA, PFS variants (DHE, ECDHE).

Elliptic‑curve cryptography primer.

Perfect Forward Secrecy.

Google’s optimizations of OpenSSL ECC.

Ripple’s migration to Ed25519.

OpenSSH 6.5 adds Ed25519, Curve25519, ChaCha20‑Poly1305.

6. Public‑Key Encryption

RSA, Rabin‑Williams.

RSA introductory slides (Stanford, Purdue).

PKCS#1 standard, OAEP vs PKCS 1.5 padding.

Blinding technique to mitigate timing attacks.

Twenty years of RSA attacks survey.

Digital envelope concept and OpenSSL EVP support.

7. Digital Signature Algorithms

RSA, DSA, ECDSA (secp256r1, Ed25519).

RSA dominates the market; DSA is deprecated; ECDSA is the future (e.g., Bitcoin).

8. Key Derivation Functions

TLS‑12‑PRF (SHA‑256), bcrypto, scrypto, PBKDF2.

HKDF (RFC 5869) and library support.

9. Random Number Generators

/dev/urandom and modern crypto practice guide.

References

TLS/SSL RFCs and Standards

RFC 5246 – TLS 1.2

Draft TLS 1.3 specification (GitHub)

RFC 5288 – AES GCM for TLS

RFC 4492 – ECC cipher suites for TLS

RFC 6066 – TLS extensions

RFC 7301 – ALPN extension

RFC 4210 – X.509 PKI

RFC 5280 – X.509 PKI and CRLs

NIST cryptographic standards toolkit

NIST SP 800‑90A

NSA Suite B cryptography

Wikipedia – Transport Layer Security

Protocol Analysis Articles

Root.org TLS design talk (PDF)

20 Years of SSL/TLS Research – analysis (PDF)

Securing data in transit (SlideShare)

How does SSL/TLS work? (Security StackExchange)

SSL/TLS in Detail (Microsoft TechNet)

The Sorry State Of SSL (Hynek)

What’s the matter with TLS? (PDF)

Layman’s Guide to ASN.1 (HTML)

Deployment and Optimization Resources

GoTLS – Go language TLS implementation

OpenSSL – reference implementation

LibreSSL – OpenBSD fork

BoringSSL – Google-maintained fork

NSS – Mozilla TLS implementation

s2n – Amazon TLS implementation

MiTLS – MIT TLS project

NaCl and libsodium – cryptographic libraries

spiped – secure pipe tool