add the info about IANA vs. OpenSSL names

[ach-master.git] / src / cipher_suites / architecture.tex

%%\subsection{Architectural overview }

This section defines some terms which will be used throughout this guide.


A cipher suite is a standardised collection of key exchange algorithms, encryption 
algorithms (ciphers) and Message authentication codes (MAC) that provides authenticated 
encryption schemes. It consists of the following components:

\begin{description}
\item{Key exchange protocol:}
``An (interactive) key exchange protocol is a method whereby parties who do not 
share any secret information can generate a shared, secret key by communicating 
over a public channel. The main property guaranteed here is that an 
eavesdroppin adversary who sees all the messages sent over the communication 
line does not learn anything about the resulting secret key.'' \cite{katz2008introduction}

Example: \texttt{DHE}

\item{Authentication:}
The client authenticates the server by its certificate. Optionally the server 
may authenticate the client certificate.

Example: \texttt{RSA}

\item{Cipher:}
The cipher is used to encrypt the message stream. It also contains the key size
and mode used by the suite.

Example: \texttt{AES256}

\item{Message authentication code (MAC):}
A MAC ensures that the message has not been tampered with (integrity).

Examples: \texttt{SHA256}


\begin{figure}[h]
\makebox[\textwidth]{
\framebox[1.1\width]{ \texttt{DHE} }--\framebox[1.1\width]{ \texttt{RSA} }--\framebox[1.1\width]{ \texttt{AES256} }--\framebox[1.1\width]{ \texttt{SHA256} } }
\caption{Composition of a typical cipher string}
\end{figure}

\item{Authenticated encryption scheme:}
An encryption scheme which provides for confidentiality, integrity and authenticity.

\item {\textbf{NOTE:}} there are two naming schemes for cipher strings -- IANA names (see section \ref{section:Links}) and the more well known OpenSSL names. In this document we will always use OpenSSL names unless a specific service uses IANA names.

\end{description}