adam's notes

Transport Layer Security (TLS)

Transport Layer Security (TLS) is a security protocol that uses certificates for authentication and encryption to protect web communications and other application protocols.

  • was developed as an IETF standard to solve the issue of security
  • works at:
    • TCP/IP stack:
      • as a layer between the Application and Transport layers
    • OSI:
      • Session layer
  • normally used to authenticate and encrypt TCP connections
  • when used with an HTTP application,
  • can secure other TCP application protocols:
    • DNS, NTP, FTP, POP3/IMAP. SMTP, LDAP

Info

  • TLS can be used with UDP
    • called Datagram Transport Layer Security (DTLS)
    • use mostly in VPN solutions

Background

  • A critical problem for the provision of services is that TCP/IP application protocols were originally devised without any security mechanism
    • no authentication of servers running the applications or of clients accessing them
    • all data is sent in plaintext, no encryption
    • services are thus highly vulnerable to spoofing, eavesdropping, and unauthorized modification

Implementation

  • Implementing TLS:
    • server is installed with a digital certificate issued by a trusted certificate authority (CA)
      • certificate proves the server’s identity and validates the public/private key pair
    • when a client connects to a secure service, a TLS handshake is performed:
      • server provides its certificate to the client
      • cryptographic data in the certificate proves the identity of the server
        • assuming the client trusts the CA
        • certificate contains the public key
        • the server maintains the secret key
      • if authentication is successful,
        • the server and client set up an encrypted tunnel with
          • the key pair in the digital certificate
          • a chosen cryptographic cipher suite within the TLS protocol

Info

latest versions of TLS can use a mechanism called Perfect Forward Secrecy (PFS)

  • when configured, not even obtaining the server’s key allows decryption of captured packets

TLS Handshake

  1. handshake starts when the client requests a TLS connection to a server
    • typically on port 443
    • can use specific protocol like STARTTLS when using mail
  2. Client and server negotiate what cipher suite will be used for the session
  3. server authenticates its identity and provides the client with the server’s public encryption key
    • usually by using a digital certificate
  4. client confirms the certificates validity
  5. session keys are generated
    • using Diffie-Hellman key exchange or encryption a random number
  6. session key is used to symmetrically encrypt and decrypt all subsequent data exchanges during the session

TLS Versions

  • TLS has been developed through many versions
  • a server and client must agree on a compatible version
    • many servers are configured to only allow TLSv1.3 or TLSv1.2
      • older ones contain serious weaknesses
      • TLS 1.3 removes the ability to perform downgrade attacks by preventing the use of unsecure features and algorithms
        • is where an on-path attack tries to force the use of a weak cipher suite and SSL/TLS version
        • are also changes to the handshake protocol to reduce the number of messages and speed up connections
  • also must agree on a mutually supported cipher suite

Info

TLS was developed from an older protocol called Secure Sockets Layer (SSL)

  • is now completely obsolete

Cipher Suite

a cipher suite is lists of cryptographic algorithms that a server and client can use to negotiate a secure connection.

  • Prior to TLS 1.3,
    • a cipher suite would be written in the following form:
      • ECDHE-RSA-AES128-GCM-SHA256
    • means that the server can use:
      • Elliptic Curve Diffie-Hellman Ephemeral mode for:
        • session key agreement
        • RSA signatures
      • 128-bit AES-GCM (Galois Counter Mode) for:
        • symmetric bulk encryption
      • and 256-bit SHA for:
        • HMAC functions
  • TLS 1.3
    • uses simplified and shortened suites
      • TLS_AES_256_GCM_SHA384
    • Only ephemeral key agreement is supported in 1.3
    • signature type is supplied in the certificate
    • cipher suite only lists:
      • bulk encryption key strength
      • mode of operation (AES_256_GCM)
      • cryptographic hash algorithm (SHA384) used within the new hash key derivation function (HKDF)
        • is the mechanism by which the shared secret established by D-H key agreement is used to derive symmetric session keys

TLS 1.3 Protocols

Graph View

Backlinks