Transport Layer Security(TLS) is a protocol used to establish a secure connection between a client and a server and ensure privacy and integrity of information during transmission.
It uses symmetric key for bulk Encryption, asymmetric key for authentication and key exchange, and message authentication codes for message integrity. It uses the RSA algorithm with 1024-bit and 2048-bit strengths. with the help of TLS, one can reduce security risks such as message tampering, message forgery, and message interception. An advantage of TLS is that it is application-protocol independent. Higher-level protocols can layer on top of the TLS protocol transparently.
TLS Protocol consists of two layers; TLS Record Protocol and TLS Handshake Protocol.
TLS Record Protocol :-
The TLS Record Protocol is a layered protocol. It provides secured connections with an encryption method such as Data Encryption Standard (DES). It secures application connection data using the keys generated during the handshake and verifies its integrity and origin. The TLS Record Protocol provides connection security that has two basic properties:
- The Connection is Private :- Uses symmetric crytography for data encryption (DES and RSA). The protocol generates unique keys for symmetric encryption for each connection, depending on a secret negotiated by another protocol. One can use the Record Protocol without encryption.
- The Connection is Reliable :- It provides a message integrity check at the time of message transport using keyed Mac. Secure Hash Functions (SHA, MD5) help to perform MAC computations.
TLS Record Protocol Manages the Following:
- Fragments outgoing data into manageable blocks and reassembles incoming data.
- Optionally compresses outgoing data and decompresses incoming data
- Apllies Message Authentication Code (MAC) to the outgoing data and uses MAC to verify the incoming data
- Encrypts outgoing data and decrypts incoming data.
TLS Handshake Protocol :-
TLS Handshake Protocol allows the client and server to authenticate each other and to select an encryption algorithm and cryptographic keys prior to data exchange by the application protocol.
It Provides Connection Security that has three basic properties:
- The peer’s identity can be authenticated using asymmetric cryptography. This can be made optional but mostly required for at least one of the peers.
- The negotiation of a shared secret is secure.
- The negotiation is reliable.
The TLS handshake protocol operates on top the TLS record layer and is responsible to produce cryptographic parametes of the session state. At the start of communication, TLS client and server agree on a protocol version, select cryptographic algorithms, optionally authenticate each other, and use asymmetric cryptography techniques to create shared secrets.
Given Below are steps involved in TLS Handshake Protocol :
- Initially, the client sends a “Client Hello” message, accompanied by the client’s random value and supported cipher suites to the server.
- The server responds to the client by sending a “Server Hello” message accompanied by the server’s random value.
- The server sends its certificate to the client to authenticate and may request client’s certificate. the server sends the “Server Hello Done” message.
- The client sends its certificate to the server, if requested.
- The client generates a random Pre-master Secret and encrypts it with the Server’s public key; it then sends the encrypted Pre-Master Secret to the Server.
- The client sends “Change Cipher spec” notification to the server to indicate that it will start using the new session keys for hashing and encrypting messages. The client also sends “Clientfinished” message.
- The server recives “Changecipher spec” from the client and switches its record layer security state to symmetric encryption using the session keys. The server sends “Serverfinished” message to the client.
- Now, the client and server can exchange application data over the secure channel they have established and all the messages being exchanged between the client and server are encrypted using a session key,
Also Read This: – Call of Duty Hacks