Understanding the concepts of Transport Security Layer (TLS)

Posted by kumarjit in The Internet, Web Hosting, Web Hosting Tips

1 Star2 Stars (3 votes, average: 0.00 out of 5)

Understanding the concepts of Transport Security Layer (TLS)

Transport Layer Security (TLS) is an application layer cryptographic protocol. The main purpose of TLS and SSL (Secure Sockets Layer; predecessor of TLS) is to ensure privacy between the applications and the users communicating over Internet. When the server and client communicate, TLS/SSL provides communication security and ensures that no malicious party can tamper with the message-packets and also protects against serious threats like eavesdropping and message-forgery. The protocol has several versions that are widely used in applications such as email, Internet faxing, voice-over-IP (VoIP) for protecting sensitive data that are transmitted over the Internet. TLS is widely recognised and is also a standard protocol issued by IETF (Internet Engineering Task Force) for communication of emails securely over the Internet and also creates a secured environment for applications like web-browsing, emails and other client-server applications.

What is TLS?

Transport Layer Security or TLS is a protocol used in application layer that ensures message security over the internet; it uses a combination of asymmetric cryptography, symmetric encryption and message authentication codes for key exchange, privacy and message integrity respectively to encrypt the network connections above Transport layer.

Why is TLS used?

TLS is especially designed to provide protection against eavesdropping, message-forging, message tampering and protect confidentiality and data integrity by encrypting the data transmission of applications like email between client and server.

Components of TLS:

TLS is mainly composed of two layers: TLS Record Protocol and TLS Handshake Protocol. TLS Record Protocol is responsible for connection security with encryption mechanisms like DES (Data Encryption Standard) to protect confidentiality while TLS Handshake Protocol authenticates the communicating server and client, and selects an encryption algorithm and cryptographic keys to exchange data securely.

How to indicate TLS connection:

To indicate the server that the client is using a TLS connection can be achieved by two ways: by using different port numbers for TLS connections or by using general port numbers where the client requests the server to switch the connection to TLS using any protocol-specific mechanism.

How TLS works:

After both the client and server have agreed on a TLS connection, they use a handshaking mechanism in which they agrees on several parameters to establish a secure connection and negotiate a stateful connection. Finally when TLS is established on both the ends information is exchanged by encrypting the plain text to ensure data confidentiality.

As the client presents a list of supported ciphers and hash functions, the server then selects the strongest cipher and hash function and informs the client of its selection by sending a digital certificate containing server name, trusted certificate authority (CA) and the public encryption key. The client acknowledges the receipt of the certificate. The client then encrypts a random number which can only be decrypted by the server’s private key and then the session keys are generated. The connection is established only after all the steps are successfully done; failing in which results in connection failure.

TLS is based on specifications developed by Netscape Communications’ SSL protocol, which is the predecessor of TLS. TLS and SSL are not interoperable, i.e. TLS cannot be implemented as SSL.

Since transferring unencrypted data increases the risk of threats of message tampering and alteration, in some organizations that deals with storing of confidential data and sensitive messages, implementing TLS is not only a good idea but instead a mandated option.

Ensure enhanced security of your website by choosing Bounceweb as your web hosting option.

Be Sociable, Share!

Leave a Reply

You must be logged in to post a comment.