TLS (Transport Layer Security) is a protocol that provides secure communication over the internet. It encrypts data transmission and verifies server/client identities through certificates. The TLS handshake establishes an encrypted channel through a series of messages. First, the client and server exchange random values and select a cipher suite. Then certificates are exchanged and encryption keys are derived to encrypt subsequent application data messages securely. However, some metadata and initial handshake data remains unencrypted, allowing traffic analysis.
TLS (Transport Layer Security) is a protocol that provides secure communication over the internet. It encrypts data transmission and verifies server/client identities through certificates. The TLS handshake establishes an encrypted channel through a series of messages. First, the client and server exchange random values and select a cipher suite. Then certificates are exchanged and encryption keys are derived to encrypt subsequent application data messages securely. However, some metadata and initial handshake data remains unencrypted, allowing traffic analysis.
Original Description:
this slide contain an information about how tls works and its arhitecture
TLS (Transport Layer Security) is a protocol that provides secure communication over the internet. It encrypts data transmission and verifies server/client identities through certificates. The TLS handshake establishes an encrypted channel through a series of messages. First, the client and server exchange random values and select a cipher suite. Then certificates are exchanged and encryption keys are derived to encrypt subsequent application data messages securely. However, some metadata and initial handshake data remains unencrypted, allowing traffic analysis.
TLS (Transport Layer Security) is a protocol that provides secure communication over the internet. It encrypts data transmission and verifies server/client identities through certificates. The TLS handshake establishes an encrypted channel through a series of messages. First, the client and server exchange random values and select a cipher suite. Then certificates are exchanged and encryption keys are derived to encrypt subsequent application data messages securely. However, some metadata and initial handshake data remains unencrypted, allowing traffic analysis.
Download as PPTX, PDF, TXT or read online from Scribd
Download as pptx, pdf, or txt
You are on page 1/ 8
Transport Layer
Security FAWWAS HAMDI TP034298
Introduction
TLS is a successor to Secure Sockets Layer protocol. TLS provides secure
communications on the Internet for such things as e-mail, Internet faxing, and other data transfers. There are slight differences between SSL 3.0 and TLS 1.0, but the protocol remains substantially the same. It is good idea to keep in mind that TLS resides on the Application Layer of the OSI model.
TLS is most widely recognized as the protocols that provide secure HTTP (HTTPS) for Internet transactions between Web browsers and Web servers. TLS can also be used for other application level protocols, such as File Transfer Protocol (FTP), Lightweight Directory Access Protocol (LDAP), and Simple Mail Transfer Protocol (SMTP). TLS enables server authentication, client authentication, data encryption, and data integrity over networks such as the World Wide Web.
Benefits of TLS
Strong authentication, message privacy, and integrity
Interoperability
Algorithm flexibility
Ease of deployment
Ease of use
TLS Architecture Handshake Protocol Functions Authentication Encryption Hash Algorithm The Change Cipher Spec Protocol The Alert Protocol Record Protocol
TLS Handshake Protocol
1.
The client sends a "Client hello" message to the server, along with the client's random value and supported cipher suites.
2.
The server responds by sending a "Server hello" message to the client, along with the server's random value.
3.
The server sends its certificate to the client for authentication and may request a certificate from the client. The server sends the "Server hello done" message.
4.
If the server has requested a certificate from the client, the client sends it.
5.
The client creates a random Pre-Master Secret and encrypts it with thepublic key from the server's certificate, sending the encrypted Pre-Master Secret to the server.
6.
The server receives the Pre-Master Secret. The server and client each generate the Master Secret andsession keysbased on the Pre-Master Secret.
7.
The client sends "Change cipher spec" notification to server to indicate that the client will start using the newsession keysforhashingand encrypting messages. Client also sends "Client finished" message.
8.
Server receives "Change cipher spec" and switches its record layer security state to symmetric encryptionusing thesession keys. Server sends "Server finished" message to the client.
9.
Client and server can now exchange application data over the secured channel they have established. All messages sent from client to server and from server to client are encrypted using session key.
Common TLS Scenarios
TLS-secured transactions with an e-commerce Web site
