TLS, which is also known as Transport Layer Security by Abbreviationfinder, is a protocol by which a secure connection is established through an encrypted channel between the client and the server. Thus, the exchange of information is carried out in a secure environment free from attacks. The standard is documented in RFC 2246 reference.
Normally the server is the only one that is authenticated, thus guaranteeing its identity, but the client remains unauthenticated, since for mutual authentication a public key infrastructure (or PKI) is needed for the clients. These protocols make it possible to prevent eavesdropping, avoid falsifying the identity of the sender and maintain the integrity of the message in a client-server application.
Description of the Protocol
The SSL / TSL protocol is based on three basic phases:
- Negotiation: The two ends of the communication (client and server) negotiate which cryptographic algorithms they will use to authenticate and encrypt the information. Currently there are different options:
- For public key cryptography: RSA, Diffie-Hellman, DSA (Digital Signature Algorithm).
- For symmetric encryption: RC2, RC4, IDEA (International Data Encryption Algorithm), DES (Data Encryption Standard), Triple DES or AES(Advanced Encryption Standard).
- With hash functions: MD5 or SHA family.
- Authentication and Keys: The endpoints are authenticated by digital certificates and exchange the keys for encryption, according to the negotiation.
- Secure Transmission: the endpoints can initiate the traffic of encrypted and authentic information.
Objectives of the Protocol
- Cryptographic security. The protocol must be used to establish a secure connection between two parties.
- Different applications must be able to exchange cryptographic parameters without the need for either of them to know the other’s code.
- The protocol allows the incorporation of new cryptographic algorithms.
- The algorithms Cryptographic are computationally expensive, so the protocol includes a session caching scheme to reduce the number of sessions to be initialized from scratch (using public key cryptography).
Operation of the Protocol
The protocol is divided into two levels:
- Registration Protocol TLS (TLS Record Protocol).
- Protocol of mutual agreement TLS (TLS Handshake Protocol).
The lowest level is the Registration Protocol, which is implemented over a reliable transport protocol such as TCP. The protocol provides connection security with two fundamental properties:
- The connection is private. Symmetric encryption algorithms are used to encrypt the data. Keys are generated for each connection and are based on a secret negotiated by another protocol (such as by mutual agreement). The protocol can also be used without encryption.
- The connection is reliable. The message transport includes an integrity check.
The Protocol of Mutual Agreement provides security in the connection with three basic properties:
- The identity of the caller can be authenticated using public key cryptography. This authentication can be optional, but is generally required for at least one of the peers.
- Negotiating a shared secret is secure.
- The negotiation is reliable, nobody can modify the negotiation without being detected by the interlocutors.
The SSL / TLS protocol has many applications in use today. Most of them are secure versions of programs that use protocols that are not. There are secure versions of servers and clients of protocols such as http, nntp, ldap, imap, pop3, etc. The SSL / TLS protocol runs on a layer between application protocols such as:
- HTTP over SSL / TLS is HTTPS, offering security to WWW pages for e-commerce applications, using public key certificates to verify the identity of the endpoints. Visa, MasterCard, American Express, and many of the major financial institutions have approved SSL for Internet commerce.
- SSH uses SSL / TLS underneath.
- SMTP and NNTP can also operate securely over SSL / TLS.
- POP3 and IMAP4 over SSL / TLS are POP3S and IMAPS.
There are multiple client and server products that can provide SSL natively, but there are also many that do not yet. a solution might be to use a standalone SSL application like Stunnel to achieve encryption, but the IETF recommended in 1997 that application protocols provide a way to upgrade to TLS from a connection without encryption (plaintext) rather than using a different port to encrypt communications, avoiding the use of wrappers such as Stunnel. SSL can also be used to tunnel an entire network and create a virtual private network (VPN), as in the case of OpenVPN.
TLS Protocol Implementations
There are different implementations, such as:
- OpenSSL: it is an open source implementation, the most used. It is a project developed by the Open Source community for free download and is based on SSLeay, which helps the system to implement SSL / TLS by offering a robust package of administration tools and cryptography libraries that can be used for OpenSSH and web browsers (secure access to HTTPS).
- GnuTLS – is a GPL-compliant licensed open source implementation.
- JSSE: it is an implementation made in Java included in the Java Runtime Environment.
Standards and RFC Definitions of the TLS Protocol
The first definition of TLS appeared in RFC 2246: “The TLS Protocol Version 1.0” and is based on version 3.0 of SSL, being practically equivalent.
- RFC 2712: The defined 40-bit cipher families appear, to warn that they have already been assigned.
- RFC 2817: Explains how to use the update mechanism in HTTP / 1.1 to start TLS over an existing TCP connection, allowing secure and insecure HTTP traffic to share the same port.
- RFC 2818: Differentiate Secure and Insecure HTTP Traffic Using Different Server
- RFC 3268: Adds the AES cipher family.
- RFC 3546: Adds a mechanism to negotiate protocol extensions during session initialization and defines some extensions.
- RFC 4279: Adds three sets of new cipher families for the TLS protocol to allow authentication based on pre-shared keys.
Versioning of the TLS Protocol
The TLS protocol has evolved from version 1.0 to the current version that is 1.1. This latest version is very similar to the previous version (TLS 1.0), but the main difference is the modification of the RSA encryption format prior to the use of ‘master secret’, which is part of the client’s key exchange message. TLS 1.0 used version 1.5 of the RSA standard for public key cryptography (PCK # 1), now using version 2.1. This change provides protection against attacks discovered by Daniel Bleichenbacher that could be launched against TLS 1.0 servers, using PKCS # 1 version 1.5. Recommendations for avoiding scheduled remote attacks are also included. TLS 1.1 is currently implemented in the Opera browser and in GnuTLS.
TLS protocol security measures
- Number all the records and use the sequence number in MAC.
- Use a message digest enhanced with a key (so that only with that key the MAC can be verified).
- Protection against various known attacks (including man-in-the-middle attacks), such as those that involve a downgrade of the protocol to previous versions (therefore less secure), or weaker cipher suites.
- The message that ends the handshake protocol (Finished) sends a hash of all the data exchanged and seen by both parties.
- The pseudo-random function divides the input data into 2 halves and processes them with different hashing algorithms (MD5 and SHA), then performs an XOR operation on them. In this way, you protect yourself from the eventuality that one of these algorithms becomes vulnerable in the future.