SBN

What is TLS(Transport Layer Security) in websecurity? How does it work?

What is TLS?

Transport Layer Security

In computer security, TLS (Transport Layer Security) is a protocol that encrypts
communication between a client and server. HTTP uses only this security protocol. This is
what the S stands for by the way.

It is the most widely used security protocol today and is best suited for web browsers and
other applications that require secure data exchange over a network. These include web
browsing sessions, file transfers, virtual private network (VPN) connections, remote desktop
sessions, and voice over IP (VoIP).

More recently, TLS has been integrated into modern cellular transport technologies,
including 5G, to protect core network functions across the entire Radio Access Network (RAN).

How does TLS work?

TLS uses a client-server handshake mechanism to establish a secure, encrypted connection
and authenticity of the communication. Here is a detail of the process:

  • Communication devices exchange cryptographic functions
  • An authentication process using digital certificates is performed to prove that the
    the server is the entity it claims to be.
  • A session key exchange takes place. During this process, the clients and server must
    agree on a key to establishing that the secure session is really between the client and
    the server and not between an attempt to hijack the conversation.

TLS uses a public key exchange process to establish a shared secret between communicating
devices. The two methods of the handshake are the Rivest-Shamir-Adleman (RSA)
handshake and the Diffie-Hellman handshake.

Both methods lead to the same goal of establishing a shared secret between
communication devices so that communication cannot be diverted. Once the keys are
exchanged, data transfers between devices in the encrypted session can begin.

The history and evolution of TLS

TLS originated from Netscape Communications Corp’s Secure Sockets Layer protocol and
has largely replaced it, although the terms SSL or SSL/TLS are sometimes still used
interchangeably. The IEFT officially adopted the SSL protocol to standardize it with an open
process and released version 3.1 of SSL in 1999 as TLS 1.0.

Read More: SSL vs TLS

The protocol was renamed TLS to avoid legal issues with Netscape, which developed the SSL
protocol as a core part of its original. Depending on the protocol specification, TLS is
composed of two levels: the recorded TLS protocol and the TLS protocol of the hand handle.

The record protocol provides connection security, while the handshake protocol allows the
server and client to authenticate each other and negotiate encryption and key encryption
algorithms before data exchange.

The latest version of TLS 1.3 was officially finalized by the IETF in 2018. The main advantage
over previous versions of the protocol is that encryption mechanisms are added when
establishing a connection handshake between a client and a server.

Although previous versions of TLS also offer encryption, TLS manages to establish an
encrypted session earlier in the handshake process. it also reduces the number of steps
required to complete a handshake, greatly reducing the time required to complete a
handshake and begin transmitting or receiving data between client and server.

Another improvement of TLS 1.3 is that several cryptographic algorithms used to encrypt
data have been removed because they are considered obsolete and not recommended for
secure transport. Additionally, some optional security features are now required. Hashing is
no longer supported, Perfect Forward Secrecy (PFS) is required, and Rivest Cipher 4 (RC4)
negotiation is prohibited. This eliminates the possibility of a session with an unsecured
encryption algorithm, or a method known in the TLS 1.3 version.

 

The Benefits of Transport Layer Security

Like the SSL protocol, TLS ensures secure communication. With TLS, authentication and
message exchanging are more secure because it uses features such as:

  • To ensure the integrity of a record during transmission over an open network such as
    the Internet, SSL uses keyed message authentication, but TLS uses the more secure
    Key-Hashing for Message Authentication Code (HMAC).
  • Enhanced Pseudorandom Functions (PRF) are key generation algorithms used with
    the HMAC in TLS. Using two algorithms increases security by preventing the data
    from being altered if only one algorithm is compromised. If both algorithms remain
    secure, the data cannot be altered.
  • TLS includes PRF and HMAC values in the message to verify that the exchanged
    messages were not tampered with, while SSL and TLS use public-key cryptography to
    authenticate exchanged messages.
  • To ensure maximum consistency, the TLS protocol specifies the type of certificate to
    be exchanged between nodes.
  • When certain alerts are sent, TLS provides more specific alerts.

The post What is TLS(Transport Layer Security) in websecurity? How does it work? appeared first on https.in Blog.

*** This is a Security Bloggers Network syndicated blog from https.in Blog authored by https.in Blog. Read the original post at: https://www.https.in/blog/tls-for-web-security/