Transport Layer Security (TLS)
Transport
Layer Security (TLS) is a protocol that ensures privacy between
communicating applications and their users on the Internet. When a
server and client communicate, TLS ensures that no third party may
eavesdrop or tamper with any message. TLS is the successor to the
Secure Sockets Layer (SSL).
TLS
operates on a reliable transport , such as TCP, and protocol is
composed of two layers:
1.
TLS Record Protocol
2.TLS
Handshake Protocol
TLS
Record Protocol : It provide the data confidentiality using symmetric
key cryptography.In this connection is private. And The keys for this
symmetric encryption are generated uniquely for each connection and
are based on a secret negotiated by another protocol.
The
connection in Record Protocol is reliable Message transport includes
a message integrity check using a keyed MAC.For MAC computation it use
secure Hash Function e.g. SHA-1.
Operation
of TLS Record Protocol:
1.It
read the message to be transmit.
2.Fragment
the data into smaller chunks of data.
3.Compress
the data, if compression is needed.
4.Then
it calculate the MAC
5.Encrypt
the data.
6.Send
the data to the peer.
At
the receiver's end operation is replicated but in reverse order.
TLS
Handshake Protocol: TLS Handshake Protocol is used to authenticate
the client and the server and to negotiate an encryption algorithm
and cryptographic keys before the application protocol transmits or
receives data.
Operation
of Handshake Protocol
Step-1
: Client and server exchange Hello messages.Client send CLIENT HELLO
message and sender sends SERVER HELLO message.This two messages
established the TLS version , compression mechanism used , and the
cipher suite used.
Step-2:Dependiing
on cipher suite Server will send Certification for authentication.
Server also sends key exchange message and request for Client's
Certificate.
Step-3:Client
will send Key exchange message thats sets the secret between client
and server.
Step-4:Both
client and server send ChangeCipherSpec
message and enable a newly negotiated cipher spec.
Versions
Of TLS:
TLS
1.0 : It
was an upgrade version of SSL(Secure Socket Layer Protocol) Version
3.0. JDK6 and JDK7 use TLS 1.0 by default. TLS 1.0 does include a
means by which a TLS implementation can downgrade the connection to
SSL 3.0, thus weakening security.
TLS
1.1: It
is an update from TLS version 1.0. and contains some small security
improvements, clarifications, and editorial improvements. JDK7 and
JDK 8 can use TLS 1.1. In this protection against cipher-block
chaining (CBC) attacks is added and The implicit initialization
vector (IV) was replaced with an explicit IV.
TLS
1.2 :
This is the most recent version of TLS and revision of TLS 1.1
Support for TLS 1.2 first appeared in JDK 7. For compatibility
reasons, it is enabled by default on server sockets but disabled on
clients. Since that time, the industry has made considerable
improvements to address interoperability and backwards compatibility.
JDK 8 is using TLS 1.2 as the default. TLS is backwards-compatible.
After upgrading the default to 1.2, systems using 1.1 and 1.0 will
continue to function. In TLS 1.2 HMAC-SHA256 cipher suites is
added.All major browsers (Chrome, Firefox, Internet Explorer, Safari
and Opera) support TLS v1.2 by default. TLS-compliant application
MUST implement the cipher suite TLS_RSA_WITH_AES_128_CBC_SHA.This is
the most secure and reliable version of TLS protocol.
0 comments :
Post a Comment