This document provides an introduction to cipher suites used in TLS/SSL network protocols. It discusses the key components of a cipher suite, including the key exchange algorithm, authentication algorithm, bulk encryption algorithm, and message authentication code algorithm. An example cipher suite is provided to illustrate these components. Vulnerabilities related to cipher suites like SWEET32, POODLE, and BEAST are also mentioned. The document concludes by stating the importance of understanding SSL and TLS to prevent server vulnerabilities from being exploited.

1. Finiancial District,
Nanakramguda,
Hyderabad - 500032
M.E(Pursuing) , PG-DAC , B.E (Computer)
KB Session On Ciphers
By
Associate G2 (Windows + VMware Administrator)
Dated :- 14-JUNE-2017

2. Introduction
• Cipher suite is a concept used in Transport Layer Security (TLS) / Secure
Sockets Layer (SSL) network protocol .
• The algorithms that make up a typical cipher suite are the following:
a)key exchange algorithm - dictates the manner by which symmetric keys
will be exchanged;Eg :-RSA, DH, ECDH, ECDHE
b)authentication algorithm - dictates how server authentication and (if
needed) client authentication will be carried out.Eg:-RSA, DSA, ECDSA
c)bulk encryption algorithm - dictates which symmetric key algorithm will
be used to encrypt the actual data; Eg:-AES, 3DES, CAMELLIA
d)Message Authentication Code (MAC) algorithm - dictates the method
the connection will use to carry out data integrity checks;Eg:-SHA, MD5

3. Here's an example of a typical cipher suite:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
•TLS simply indicates the protocol;
•ECDHE signifies the key exchange algorithm;
•ECDSA signifies the authentication algorithm;
•AES_256_GCM indicates the bulk encryption
algorithm;
•SHA384 indicates the MAC algorithm.

5. The schannel SSP implementation of the TLS/SSL protocols use
algorithms from a cipher suite to create keys and encrypt information

6. Literature Survey
 A block cipher is a method of encrypting text (to produce
ciphertext) in which a cryptographic key and algorithm are applied
to a block of data (for example, 64 contiguous bits) at once as a
group rather than to one bit at a time.
Ciphers can be found at the following path

7. Some Known Vulnerabilities
(SWEET32) : Birthday attacks on 64-bit block ciphers in
TLS and OpenVPN
POODLE : which stands for "Padding Oracle On
Downgraded Legacy Encryption") is a man-in-the-middle
exploit which takes advantage of Internet and security
software clients' fallback to SSL 3.0.
SSL Beast is an exploit first, revealed in late September
2011, that leverages weaknesses in cipher block chaining
(CBC) to exploit the Secure Sockets Layer (SSL) protocol.
The CBC vulnerability can enable man-in-the-middle
(MITM) attacks against SSL in order to silently decrypt and
obtain authentication tokens, providing hackers with
access to the data passed between a Web server and
the Web browser accessing the server.

8. SSL and TLS are cryptographic protocols designed to provide
secure communication over insecure infrastructure.

9. Difference between HTTP and HTTPS

10. Conclusion
 For Ciphers a good knowledge and understanding of SSL and
TLS is needed in order to prevent the servers from vulnerabilities
which may exploit the system.

11. Bibliography
• https://msdn.microsoft.com/en-
us/library/windows/desktop/aa374757(v=vs.85).aspx
•http://www.jscape.com/blog/cipher-suites
• https://en.wikipedia.org/wiki/Cipher_suite
•https://www.ssllabs.com/
•https://www.feistyduck.com/books/bulletproof-ssl-and-tls/
•https://www.nartac.com/Products/IISCrypto
•http://searchsecurity.techtarget.com/definition/block-cipher
•http://resources.infosecinstitute.com/beast-vs-crime-attack/#gref
•Bulletproof SSL and TLS by Ivan Ristić

12. ahtesham.shaikh@varaunited.com
ahtesham.shaikh@ext.icicibank.com
https://in.linkedin.com/in/ahteshamshaikh
erahteshamshaikh@gmail.com
Cell :- 9270856659