Putting Security in the Transport: TLS

What is TLS?

Transport Layer Security or TLS, is intended to address this very problem. TLS provides both data confidentiality (privacy) and data integrity for a network session between two endpoints. To implement these protection features, TLS uses two protocols: the TLS Record Protocol and the TLS Handshake Protocol.

  • Allow independent programmers to exchange cryptographic parameters within knowledge of the programming language and code used on the remote end;
  • Provide a framework capable of supporting existing and new symmetric and asymmetric encryption services as they become available. This in turn eliminates the need for new code or protocols as advances are made; and,
  • Improve efficiency at the network by effectively managing the network connections.

Why use TLS?

There are a variety of reasons for wanting to choose TLS over SSL when securing a protocol. SSL has been widely used and associated with HTTP traffic. While SSL and TLS both provide a generic security channel for the desired protocol, when security professionals hear “SSL”, they typically think “HTTP” is the protocol being protected.

Protecting data

Protecting data with TLS requires the negotiation of an encryption algorithm. TLS provides support for multiple algorithms including

  • RC4;
  • RC2;
  • IDEA;
  • Triple DES (3DES); and,
  • AES

Ensuring data integrity

Having an encrypted session may not be of much use without ensuring the data was not modified and re-encrypted after the fact. Consequently, the TLS Record Protocol also provides an integrity checking function.

The TLS Protocols

As mentioned previously, there are two protocols in the TLS suite. Aside from the confidentiality and integrity functions of the TLS Record Protocol, the Record Protocol also encapsulates other higher-level protocols. Of the protocols supported, the TLS Handshake Protocol is often used to provide the authentication and cryptographic negotiation.

Understanding the TLS Handshake Protocol

The TLS Handshake Protocol allows two peers to agree upon security parameters for the TLS Record layer, authenticate, initiate those negotiated security parameters and report errors to each other.

  • Compression method — The algorithm used to compress data prior to encryption.
  • Cipher spec — This identifies the bulk encryption algorithm, the MAC algorithm and any other specific cryptographic attributes for both.
  • Master secret — This is a 48-byte secret shared between the client and server.
  • Is resumable — A flag indicating whether the session can be used to initiate new connections.

How the Protocol Works

For TLS to properly protect a session using cryptographic features, it must negotiate the cryptographic parameters. Figure 2 illustrates establishing the session.

Dissecting the Handshake Protocol

When the client contacts the server to establish a connection, the client sends a client hello message to the server. The server must respond with a server hello message or the connection fails. This is extremely important as the hello messages provide the security capabilities of the two nodes.

  • Session ID;
  • Available cipher suite; and,
  • Compression method.

Resuming an Existing Session

When the client and server agree to either duplicate an existing session to continue a previous session, the handshake is marginally different. In this case, the client sends the “hello” message using the Session ID to be resumed. If the server has a match for that session ID and is willing to re-establish the session, it responds with a “hello” message using the same Session ID. Both client and server then switch to the previously negotiated and agreed to session parameters and transmit “done” messages to the other.

  • RSA_EXPORT. — This is an RSA public key with a length greater than 512 bits used only for signing. Alternatively, it is a key of 512 bits or less which is valid for either encryption or signing.
  • DHE_DSS — DSS public key.
  • DHE_DSS_EXPORT — DSS public key.
  • DHE_RSA — This is an RSA public key used for signing.
  • DHE_RSA_EXPORT. — This is an RSA public key used for signing.
  • DH_DSS — This is a Diffie-Hellman key. The algorithm used to sign the certificate should be DSS.
  • DH_RSA — This is a Diffie-Hellman key. The algorithm used to sign the certificate should be RSA.

Inside the TLS Record Protocol

The Record Protocol is responsible for accepting cleartext messages, fragmenting them into chunks, compressing the data, applying a Message Authentication Code, encryption and transmission of the result. Likewise, when an encrypted message is received, the protocol decrypts the data, verifies it using the MAC, decompresses and reassembles the data, which is in turn delivered to the higher level clients. This process is illustrated in Figure 4.

  • Bulk encryption algorithm — This is the negotiated algorithm for bulk encryption, including the key size, how much of the key is secret, block or stream cipher, cipher block size if appropriate and whether this is an export cipher.
  • MAC algorithm — This is the Message Authentication Code algorithm and includes the size of the hash returned by the MAC algorithm.
  • Compression algorithm — This is the negotiated compression algorithm and includes all information required for compressing and decompressing the data.
  • Master secret — This is a 48 byte secret shared between the two peers.
  • Client random — This a 32 byte random value provided by the client.
  • Server random — This is a 32 byte random value provided by the server.

Handling Errors

The TLS protocol carries data between a client and a server using an encrypted channel. This provides data confidentiality. Likewise, the protocol also ensures data integrity using a one-way hash, or Message Authentication Code for each message. However, things sometimes go wrong and when they do, the protocol must be able to inform the user and take the appropriate action.

Attacking TLS

The goal of TLS is to provide a secure channel for a higher-level protocol as seen in Figure 5.

TLS Implementations

Several implementations of TLS commonly incorporate SSL as well. The available distributions include both commercial and open source implementations in the C, C++ and Java programming languages.

Summary

This article has presented what TLS is, how it works and the common attack methods. While SSL continues to maintain momentum and popularity, support for TLS as the secured transport method is increasing dramatically. Like SSL, TLS provides a secured communications channel for a higher layer protocol, with TLS providing protocol independent implementations. SSL is typically associated with HTTP traffic, while TLS can support protocols aside from HTTP.

References

Dierks, T, and C Allen. “RFC 2246 The TLS Protocol.” IETF Network Working Group January 1999.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store