Transport Layer Security (TLS)

Imagine a scenario where a user accesses their online banking account through a mobile app. The app communicates with the bank’s servers via an API.  If this communication is unprotected, attackers could potentially eavesdrop on the exchange, gaining access to sensitive financial information.

To address these risks and establish secure communication, we need to answer these questions:

  • How can the client verify the identity of the server it’s communicating with?
  • How can we guarantee the confidentiality of messages being exchanged?
  • How can the client be confident that the messages it receives haven’t been tampered with?
  • How can the server verify the authenticity of messages received from the client?

TLS

Transport Layer Security (TLS) is a cryptographic protocol that provides a secure channel for communication between clients and servers.  TLS ensures:

  • Message Authentication: Verifying the identity of the communicating parties.
  • Encryption:  Protecting data confidentiality by making it unreadable to unauthorized individuals.
  • Data Integrity:  Guaranteeing that data hasn’t been altered during transmission.

In a client-server interaction, the server typically requires clients to authenticate themselves using credentials like usernames, passwords, API keys, or tokens. However, TLS introduces a crucial step: server authentication.  Before the client sends its credentials, TLS allows the client to verify the server’s identity using digital certificates.

Think About It: What’s the difference between TLS and SSL?

  • SSL is the predecessor to TLS.
  • All versions of SSL are now considered insecure and should not be used.
  • TLS, particularly versions 1.2 and 1.3, is the current standard for secure communication.
  • When someone mentions “SSL” in a modern context, they usually mean TLS.

While encryption is a vital aspect of TLS, equally important is its ability to establish trust and prevent impersonation attacks.  Encryption alone is ineffective if you’re communicating with an imposter. To understand how TLS achieves this, let’s briefly recap the concepts of symmetric and asymmetric cryptography and public key infrastructure.

TLS in Action

TLS cleverly combines the strengths of both symmetric and asymmetric encryption:

  • Asymmetric encryption, though slower, is used for the secure exchange of symmetric keys.
  • Symmetric encryption, which is faster, is used to encrypt the actual data being transmitted.

This combined approach ensures both secure key exchange and efficient data encryption.

Here’s a step-by-step breakdown of how TLS establishes a secure connection (the TLS handshake):

  1. Client Hello: The client initiates the handshake by sending a message to the server, including the TLS version it supports, a randomly generated string (client random), and a list of supported cryptographic algorithms.
  1. Server Hello: The server responds, selecting a mutually supported cryptographic algorithm, providing its own random string (server random), its TLS certificate (containing its public key), and a digital signature. The signature is created by hashing the communication so far and encrypting this hash with the server’s private key. Only the server can generate this signature, guaranteeing its authenticity to the client.
  1. Certificate Verification: The client verifies the server’s certificate against a trusted Certificate Authority (CA). This confirms the server’s identity and ensures the client is communicating with the intended recipient.
  1. Client Authentication (Optional): While optional, the client may also be required to authenticate itself to the server. This is typically handled outside of the core TLS protocol.

Key Point:  The client and server random values are used in generating the digital signature, which proves the server’s authenticity and ensures data integrity. Any tampering during the handshake would invalidate the signature, forcing a restart.

  1. Premaster Secret Exchange: The client generates a premaster secret, a random string used to derive the shared symmetric encryption key.  It encrypts this secret using the server’s public key from the certificate and sends it to the server. The server decrypts it using its private key.
  1. Key Derivation: Both client and server now possess the client random, server random, and premaster secret. They independently use these values to derive the same shared symmetric key, which will be used for encrypting all subsequent communication.
  1. Client Finished: The client sends a “finished” message, encrypted using the shared symmetric key, signaling that its side of the handshake is complete.
  1. Server Finished: The server responds with its own encrypted “finished” message, completing the handshake.  Data exchange can now begin, secured by the shared symmetric key.

Key Point:  The shared symmetric key is unique to this session and is discarded when the connection ends. This prevents attackers from using old keys to decrypt future communications.

TLS further strengthens data integrity using Message Authentication Codes (MACs).  A MAC is a cryptographic checksum generated using a secret key (known to both client and server) and the message content. This ensures that any alteration to the message during transmission will be detected.

sequenceDiagram
    participant Sender
    participant Receiver

    Note over Sender,Receiver: Both parties share a secret key

    rect rgb(230, 255, 230)
        Note over Sender: MAC Generation
        Sender->>Sender: 1. Create message
        Sender->>Sender: 2. Generate MAC using<br/>message + secret key
        Sender->>Receiver: 3. Send message + MAC
    end

    rect rgb(255, 230, 230)
        Note over Receiver: MAC Verification
        Receiver->>Receiver: 4. Generate MAC using<br/>received message + secret key
        Receiver->>Receiver: 5. Compare generated MAC<br/>with received MAC
        Note over Receiver: 6. If MACs match,<br/>message integrity verified
    end

    Note over Sender,Receiver: Any alteration to the message<br/>during transmission will result<br/>in MAC mismatch

TLS in Review

TLS effectively addresses the key security concerns we outlined earlier:

  • Server Identification:  Digital certificates and CA verification confirm the server’s identity.
  • Data Confidentiality:  Encryption protects data from unauthorized access during transmission.
  • Data Integrity:  MACs ensure that messages haven’t been tampered with.
  • Message Authenticity: Digital signatures guarantee the origin of messages.

HTTP vs. HTTPS

Before TLS, HTTP (Hypertext Transfer Protocol) was the standard for web communication.  However, HTTP transmits data in plaintext, making it vulnerable to eavesdropping and manipulation.  HTTPS (HTTP Secure) addresses this by layering TLS/SSL on top of HTTP, providing:

  • Encryption: Data is encrypted before transmission, protecting its confidentiality.
  • Authentication:  TLS verifies the server’s identity, preventing impersonation attacks.

While HTTPS introduces some performance overhead due to encryption, its security benefits far outweigh the slight performance impact.  The inherent insecurity of HTTP has made HTTPS the preferred protocol for virtually all web communication.

AspectHTTPHTTPS
Full NameHypertext Transfer ProtocolHypertext Transfer Protocol Secure
Port80443
Security– No encryption
– Data transmitted in plaintext
– Vulnerable to eavesdropping and man-in-the-middle attacks		– Uses TLS/SSL for encryption
– Data is encrypted during transmission
– Provides protection against eavesdropping and tampering
AuthenticationNo built-in authentication mechanismVerifies the identity of the server, preventing impersonation attacks
Data IntegrityNo guarantee of data integrityEnsures data integrity; any tampering during transmission can be detected
Performance– Slightly faster due to no encryption overhead
– Lower CPU usage on server		– Slight performance overhead due to encryption/decryption processes
– Marginally higher CPU usage on server
SEO ImpactMay be penalized in search rankingsPreferred by search engines, potentially boosting SEO
Trust IndicatorsNo visual indicators of securityDisplays padlock icon and “Secure” label in browsers
CertificatesNo certificates requiredRequires SSL/TLS certificates, which may have associated costs
CachingCan be cached by intermediate networks (e.g., ISPs)End-to-end encryption limits caching by intermediaries
CompatibilityWorks with all browsers and serversRequires HTTPS-capable servers and relatively modern browsers
Mobile OptimizationNo inherent benefits for mobileSome mobile optimizations (e.g., QUIC) work only with HTTPS
Modern Web FeaturesLimited access to certain modern web APIsRequired for many modern web APIs (e.g., Service Workers, Push Notifications)
Regulatory ComplianceMay not meet regulatory requirements for sensitive dataOften required for compliance with data protection regulations (e.g., GDPR, PCI DSS)

Key Takeaways To Remember:

  1. HTTPS provides significant security benefits over HTTP, including encryption, authentication, and data integrity.
  2. The performance impact of HTTPS is minimal in modern systems and is far outweighed by its security advantages.
  3. HTTPS is increasingly becoming mandatory for many modern web features and is preferred by both users and search engines.
  4. While HTTP might have a slight edge in raw performance, the comprehensive benefits of HTTPS make it the standard choice for most web communications.