1

I'm taking a cryptography course and what I've gathered so far is: PGP takes place at the application layer TLS takes place at the transport layer IPsec takes place in the network layer WPA2 Encryption takes place in the physical layer

I understand the protocols and such but don't really get how they are used in practice. Do any one of the above protocols take place? Are they all used at the same time?

For example say I'm sending an email to a friend. Will it first be encrypted with PGP by the application, then by TLS at the transport layer, then by IPsec in the network layer, and then by WPA2 in the physical layer? Or is any single one of the above done? Consider I'm sending an email over an HTTPS connection through a VPN and am connected to a router using WPA2.

If encryption and decryption is happening multiple times is it safe to remove all but one of the above? If not what is the purpose of using each of them together?

Shahmeer Khan
  • 13
  • 2

2 Answers2

0

The answer is that they all protect against different kinds of eavesdropping, so they are not at all in use at the same time, and are not always relevant. For instance:

  1. WPA2 protects the physical link layer, but only in the case of WIFI communication. WPA2 is what stops someone else on your WIFI network from listening to the traffic between your computer and your router. Once your network traffic leaves the WIFI router and goes to the "internet", this is no longer relevant, and the traffic between your WIFI router and your ISP is likely unencrypted by default.
  2. TLS can be used in a variety of protocols, but the simple example is for HTTP when talking to a web server. In that case, TLS is used to encrypt the communication between your web browser and the web server (e.g. security.stackexchange.com) that you are communicating with. This means that if you were only communicating with services that used TLS, it wouldn't matter as much whether your WIFI network was protected with WPA2. Similarly, the fact that you are using TLS to communicate with web servers is important because, most likely, the physical layer from your router to the web server is otherwise unencrypted, so if you didn't use TLS then anyone in between your router and the web server would be able to read your requests and responses (like in the early days of the internet when HTTP was more commonplace). Lack of TLS and lack of WPA2 made it possible for someone in a coffee shop to take over the facebook accounts of everyone using facebook on the same network.
  3. PGP is not really used by default anywhere, but for your average user, is most likely to be used for email. Email is an especially tricky one because email servers don't always talk to eachother over encrypted channels, and since the communication is being handled between email servers rather than your computer and a destination computer directly, you have less control. PGP seeks to encrypt your emails before it leaves your computer in a way that can only be decrypted by the final recipient, so it would be an example of end-to-end encryption. As the name implies, the goal of this is to ensure that any communication can be decrypted only by the two communicating parties, regardless of whether or not the systems that are transmitting the data use encryption themselves. Theoretically, when using end-to-end encryption, encryption at all other layers becomes redundant.

The trouble, as you might gather from the above descriptions, is that many encryption systems can only encrypt certain parts of the communication channel. As a result, even if it was possible to "remove all but one", it wouldn't be a good idea because sometimes your encryption "stops" at unexpected places.

For example, theoretically, if I'm only browsing HTTPS websites then I don't need to worry about WIFI encryption. However, you might be surprised when someone still knows what domains you visit because your computer makes DNS requests in plain text. You probably won't care that the exact pages you visit are encrypted when everyone can still see that you are visiting https://some-obscure-and-private-sexual-fetish.example.com.

Conor Mancone
  • 29,899
  • 13
  • 91
  • 96
  • Thanks for the amazing answer, it cleared a lot of confusions! Just one last follow up question. If we use IPsec but not TLS, would there still be a need for TLS? The same goes for WPA2 because in my understanding if we use IPsec nobody would be able to see the actual destination of my packets. Is that right? – Shahmeer Khan May 10 '21 at 19:13
  • 1
    @Shahmeer Khan - In **no case** will *the actual destination of my packets* be encrypted. If the destination were encrypted, it couldn't get there. Ultimate destinations can be hidden via nested relay protocols, but the direct connect destination has to be known. – user10216038 May 10 '21 at 20:07
  • 1
    I think the average user is more likely to be using S/MIME than OpenPGP for email encryption. – forest May 10 '21 at 20:28
  • I appreciate the point you are making with your last paragraph, but your example isn't great. WPA is not meant to protect your DNS queries (it's mainly just meant to protect access to the wireless network, hence its name). The DNS queries will still be in clear once they leave your network. – nobody May 10 '21 at 20:48
0

Wow, as I typed this out, it became a much longer answer than I expected.

Summary:

Yes they all happen at the same time. In some contexts you may be able to do with fewer layers, but generally speaking, each layer is addressing a different threat model -- either the information you're protecting or the attacker you're protecting it from are different at each layer.

Are they all used at the same time?

Yes.

Each layer is completely unaware of the existence of the other layers. For example, from the perspective of the software computing the TLS layer, it does its encryption and bundles that ciphertext into TCP packets which it hands to the network drivers. What the network drivers do with those packets is not its concern. From the perspective of the VPN driver (which, let's squint a bit and pretend is prat of the network driver), it is given TCP packets that it has to transport. What is inside those TCP packets is not its concern, so to be safe it encrypts them again.

If encryption and decryption is happening multiple times is it safe to remove all but one of the above?

Maybe yes, maybe no. The answer to that will come down to your threat model. (If you've never done threat modelling before, I quite like the Electronic Frontier Foundation's beginner threat model: what are you protecting and who are you protecting it from.)

WPA2 is part of a wifi connection. It protects data between your device and the access point. If the attacker happens to be between your device and the access point, then you are getting value out of WPA2 protection. If the attacker is on the other side of the access point (say wired to the router) then the WPA2 protection will already have been removed and the plaintext packets forwarded on.

IPsec takes place between your device and a VPN server so that your machine "feels like" its on the local LAN of the VPN server. The typical use of this is to connect your work-from-home computer to an internal corporate network. If the attacker happens to be between your device and the VPN server, then you are getting value out of VPN protection. If the attacker is on the other side of the VPN server (say on the corporate LAN) then the VPN protection will already have been removed and the plaintext packets forwarded on.

TLS takes place between your device and an application server so that you can communicate privately with the app server. If the attacker happens to be between your device and the app server, then you are getting value out of TLS protection. If the attacker is on the other side of the app server (say on the backend network of the service you are using) then the TLS protection will already have been removed and the plaintext packets forwarded on.

PGP takes place between your device and the device of the person you are sending mail to. This is really end-to-end encryption since none of the intermediate servers get to see the plaintext. You can even safe the email to disk in encrypted form!

So the answer here is "It depends where in the network you are worried about the attacker being".

Another thing to consider is that each layer has "metadata" that it cannot fully protect. For example a PGP message needs to include the TO: email address of the recipient. You can't encrypt that with PGP or else the mail server won't know who to deliver it to. So in that case maybe it makes sense to do

pgp_metadata = recipient=my.friend@email.com
pgp_ciphertext = encrypt(recipient=your friend, content="Hey Fred! ...")

Then wrap that in TLS encryption for the email server

tls_metadata = recipient=corp email server
tls_ciphertext = encrypt(recipient=corp email server, content={pgp_metadata, pgp_ciphertext}

Now, maybe that email server is internal to your company and you don't want the world to know that you are sending email, so you wrap that in the VPN:

vpn_metadata = recipient=corp vpn server
vpn_ciphertext = encrypt(recipient=corp vpn server, content={tls_metadata, tls_ciphertext}

Now, maybe you're in a coffee shop you don't want other people on the coffee shop wifi to see that you're using a corporate VPN, so you wrap that in WPA2 encryption:

wpa2_metadata = recipient=wifi access point
wpa2_ciphertext = encrypt(recipient=wifi access point, content={tls_metadata, tls_ciphertext}

Summary, yes they all happen at the same time. In some contexts you may be able to remove one, for example if the TLS server and the VPN server are the same machine (often happens when you have a big fancy load balancer at the outside of a corp network that is both a TLS and VPN server). Or if you don't care about leaking who the recipient is. But generally speaking, each layer is addressing a different threat model -- either the information you're protecting or the attacker you're protecting it from are different at each layer.

Mike Ounsworth
  • 57,707
  • 21
  • 150
  • 207
  • 1
    WPA is called WiFi Protected Access for a reason. it's mainly just meant to protect access to the WiFi network. If you are relying on it to prevent eavesdropping from others on the same network, you are doing it wrong. At least in WPA2-PSK, an attacker that has captured the EAPOL packets exchanged between you and the router and knows the password [can decrypt your traffic](https://security.stackexchange.com/a/157745/235964). – nobody May 11 '21 at 01:57