Transport Layer Security & Introduction to TLS 1.3
Dipen Das ??, CISM, CISSP
Cybersecurity Enthusiast | IT Risk | Cloud Security | Risk and Compliance | ISMS | ISO27001 | ISO 27005 | NIST CSF | Privacy | PCIDSS | Data Security |
Transport layer security is a cryptographic standard protocol that creates a secure channel for data transmission between a client (e.g., a web browser) and a server (e.g., a web server) over a network. TLS is the successor of the secure sockets layer (SSL) protocol, which was first released in 1995.
In simple words Transport layer security, commonly called TLS, is a cryptographic protocol that helps you keep your internet communications confidential and unmodified by creating an authenticated channel between a client and a web server. It uses asymmetric encryption (i.e., a public key to encrypt data and a private key to decrypt it) at the start of a connection between the client and the server, and switches to symmetric encryption (i.e., the same key is used for encryption and decryption) after having exchanged session keys data.
No longer do we see any website with 'https://' which is unencrypted but all websites now start with 'https://'. 'https://' at the start of a website address means that the website is protected using TLS. Many people think that 'https:' is just about encryption i.e. Protection of 'Confidentiality' but TLS is not just about 'Confidentiality' it includes 'Integrity' and 'Non-repudiation' as well.
Also contrary to a popular belief TLS does not work at layer-7 of OSI model like HTTP, SMTP or FTP but works at top of the Transport layer (layer-4) of OSI model. That means that TLS is not used just to secure browsing traffic but email exchange, file transfer and instant messaging as well. SMTP with TLS is referred to as SMTPS and FTP with TLS is referred to as FTPS.
TLS provides
Encryption: TLS encrypts data to ensure that it cannot be intercepted and read by unauthorized parties. It uses symmetric encryption to encrypt the actual data being transmitted and asymmetric encryption to securely exchange the symmetric encryption keys.
Data Integrity: TLS ensures that data transmitted between the client and server has not been tampered with during transit. It uses message authentication codes (MACs) or cryptographic hash functions to verify the integrity of the data.
Authentication: TLS enables both the client and server to authenticate each other's identities. This prevents man-in-the-middle attacks where an attacker intercepts communication between the client and server and impersonates one of the parties. TLS uses digital certificates issued by trusted Certificate Authorities (CAs) to verify the authenticity of the server's identity.
TLS, originally created by the Internet Engineering Task Force (IETF), is now in its fourth iteration (TLS 1.3). 99.5% of Websites support TLS 1.2 and TLS 1.3 has been increasingly adopted by websites and services since its standardization in 2018. TLS 1.0 was replaced by TLS 1.1 in 2006, which was succeeded by TLS 1.2 two years later in 2008 and finally TLS 1.3 was introduced in 2018. TLS 1.3 is far more different from TLS 1.2 than TLS 1.0 is from SSLv3. Making the jump from TLS 1.2 to to TLS 1.3 is already a fairly large change. But 67.8 % of Websites support TLS 1.3 .
The foundation of TLS is PKI (Public-Key-Infrastructure) which used a public-private key pair and a signed Digital Certificate. The digital certificate is tied to the validated organization it’s issued to and contains information about the domain. A TLS certificate is issued by a certificate authority to the person or business that owns a domain. The certificate contains important information about who owns the domain, along with the server's public key, both of which are important for validating the server's identity.
An SSL certificate is a digital certificate that enables users to connect securely to your website. Before a browser can establish a secure connection, it needs to know that you’re trustworthy. This requires your server to authenticate with the browser. These certificates help third parties (such as users’ devices) establish an encrypted connection with your website so they can transmit their data securely.
SSL certificates contain many types of public and sensitive information, including:
How TLS works & TLS Handshake.
A TLS connection is initiated using a sequence known as the TLS handshake. A TLS handshake takes place whenever a user navigates to a website over HTTPS and the browser first begins to query the website's origin server. When a user navigates to a website that uses TLS, the TLS handshake begins between the user's device (also known as the client device) and the web server. The TLS handshake establishes a cipher suite for each communication session. The cipher suite is a set of algorithms that specifies details such as which shared encryption keys, or session keys, will be used for that particular session. The handshake also handles authentication, which usually consists of the server proving its identity to the client. This is done using public keys. Public keys are encryption keys that use one-way encryption. Once data is encrypted and authenticated, it is then signed with a message authentication code (MAC). The recipient can then verify the MAC to ensure the integrity of the data.
During the course of a TLS handshake, the client and server together will do the following:
领英推荐
A TLS handshake involves multiple steps, as the client and server exchange the information necessary for completing the handshake and making further conversation possible.
Step 1:- exchanging encryption capabilities
Step 2:- authenticating the SSL certificate
Step 3:- exchanging/generating a session key.
The exact steps within a TLS handshake will vary depending upon the kind of key exchange algorithm used and the cipher suites supported by both sides. Hence TLS Handshake in TLS 1.2 is different from TLS Handshake in TLS 1.3. A cipher suite is a set of algorithms for use in establishing a secure communications connection. There are a number of cipher suites in wide use, and an essential part of the TLS handshake is agreeing upon which cipher suite will be used for that handshake.
The first step in TLS handshake is that client & server agree on what encryption the two parties would use i.e. the Cipher suite the server and client mutually support. One agreement is done the server sends the SSL certificate to the client.
Client has a feature that checks is the SSL certificate is authentic i.e. the certificate actually belongs to the entity it claims to be. THis is done by a Certificate Authority. CAs are organizations that have been authorized to issue SSL Certificates. Authentication step involves client checking that certificate shared by server is authentic. A further check during this step is that client verfies that the server possesses the private key.
The last step involves the "Session Key", the actual encryption of data is not done by the Public-Private key mentioned above but by session key that is generated after negotiation. Session Key is the key that will actually be used for secure communication. The Authentication Key is asymmetric, but the Session Key is symmetric meaning the same key is used for encryption and decryption. The exact method for generating the key varies based on the cipher suite that was chosen.
It takes a few hundred milliseconds for handshake to complete.
TLS 1.2
Although transport layer security protocol version 1.2 was released in 2008, it’s still the most commonly supported version of the TLS encryption protocol for websites and applications. TLS 1.2 secured the internet for 15 years.
TLS 1.3
Anyways, TLS 1.3 has eliminated support for algorithms and ciphers that are both theoretically and practically vulnerable. This includes:
References and image credits