Transport Layer

Security
FAWWAS HAMDI TP034298

Introduction

TLS is a successor to Secure Sockets Layer protocol. TLS provides secure

communications on the Internet for such things as e-mail, Internet faxing,
and other data transfers. There are slight differences between SSL 3.0 and
TLS 1.0, but the protocol remains substantially the same. It is good idea to
keep in mind that TLS resides on the Application Layer of the OSI model.

TLS is most widely recognized as the protocols that provide secure HTTP
(HTTPS) for Internet transactions between Web browsers and Web servers.
TLS can also be used for other application level protocols, such as File
Transfer Protocol (FTP), Lightweight Directory Access Protocol (LDAP), and
Simple Mail Transfer Protocol (SMTP). TLS enables server authentication,
client authentication, data encryption, and data integrity over networks such
as the World Wide Web.

Benefits of TLS

Strong authentication, message privacy, and integrity

Interoperability

Algorithm flexibility

Ease of deployment

Ease of use

TLS Architecture
Handshake Protocol Functions
Authentication
Encryption
Hash Algorithm
The Change Cipher Spec Protocol
The Alert Protocol
Record Protocol

TLS Handshake Protocol

1.

The client sends a "Client hello" message to the server, along with the client's
random value and supported cipher suites.

2.

The server responds by sending a "Server hello" message to the client, along with
the server's random value.

3.

The server sends its certificate to the client for authentication and may request a
certificate from the client. The server sends the "Server hello done" message.

4.

If the server has requested a certificate from the client, the client sends it.

5.

The client creates a random Pre-Master Secret and encrypts it with thepublic key
from the server's certificate, sending the encrypted Pre-Master Secret to the server.

6.

The server receives the Pre-Master Secret. The server and client each generate the
Master Secret andsession keysbased on the Pre-Master Secret.

7.

The client sends "Change cipher spec" notification to server to indicate that the
client will start using the newsession keysforhashingand encrypting messages.
Client also sends "Client finished" message.

8.

Server receives "Change cipher spec" and switches its record layer security state to
symmetric encryptionusing thesession keys. Server sends "Server finished"
message to the client.

9.

Client and server can now exchange application data over the secured channel they
have established. All messages sent from client to server and from server to client
are encrypted using session key.

Common TLS Scenarios

TLS-secured transactions with an e-commerce Web site

Authenticated client access to a secured Web site

Remote access

SQL access

E-mail

Attacks against TLS

Renegotiation attack

Version rollback attacks: False Start

Cross-protocol attacks: DROWN

BEAST attack

CRIME and BREACH attacks

Timing attacks on padding

POODLE attack

RC4 attacks

Truncation attack

Downgrade attacks: FREAK attack and Logjam attack

implementation errors: Heartbleed bug, BERserk attack, Komodia root certificate

Survey of websites vulnerable to attacks

Limitations of TLS

TLSis known to currently have several limitations based certain

design decisions:AlthoughEncryptionprotects the contents of a TCP
connection, but the metadata of TCP and any other lower layers
remains in plaintext.

Even at theTLSlayer, a lot of the information is exposed as

plaintext.

The firstTLShandshake is not encrypted

examine theServer Name Indicationinformation to determine the

intended virtual host

examine the hosts certificate, and, when client certificates are used,

potentially obtain enough information to identify the user.

After encryption is activated, some protocol information remains in

the clear:

the observer can see the subprotocol and length of each message