Transport Layer Security (TLS)

Last Updated August 10, 2021

Communication over the internet relies on properly functioning routers, servers, bridges and other devices. Unfortunately, data can be vulnerable to interception at any of these points. Transport layer security (TLS) is a communication protocol that was developed to help ensure the privacy between the sender and the recipient of data. It provides a way for the client and server to authenticate each other and agree upon an encryption method before any data is actually transmitted.

The primary goal of TLS is to provide a level of cryptographic security that provides a secure connection between a client and a server. It allows independent programmers to develop applications using TLS to exchange cryptographic parameters without knowing details about each other’s code.  It is a robust and extensible security tool, flexible enough to deal with evolving threats in today’s evolving security environment.

TLS is designed to keep network activity to a minimum and reduce the number of fresh connections that must be made from scratch. It provides optional session caching to reduce CPU-intensive public-key operations. It is a layered protocol with two components, a record protocol and a handshake protocol.

TLS Protocols

The record protocol works in states. An encryption state determines if encryption is used, and if so, what type of encryption is specified: shared session or public/private key pair. Other states include pending read and pending write, and current read and current write. These operations are governed by parameters determined during the handshake process.

The TLS handshake protocol controls how connections are established and maintained. It transmits information necessary to negotiate the cipher suite to be used for authentication, and exchanges random numbers between server and client that are used to generate the message authentication code (MAC) and a session key. It also performs the authentication of the server and the client through the use of public/private key pairs, using the method determined by the cipher suite.

Keys created during the handshake operation are used by the TLS record protocol to secure data and verify the integrity and origin of incoming messages. The TLS record protocol uses MAC and the applicable keys to assemble incoming messages from blocks, decompress the data and apply decryption. It does the reverse for outgoing messages, segmenting the outgoing message into blocks, encrypting it with MAC and write keys, compressing it and eventually sending it to the Transmission Control Protocol (TCP) layer when all operations are complete.

The TLS record protocol works in a structured environment that can operate with or without encryption, although in practice, some form of encryption, such as the data encryption standard (DES), is almost always in operation. DES is a highly effective encryption method developed by IBM in 1977. It applies a 56-bit key to each 64-bit block of data, and is judged so secure by the U.S. Department of Defense that it is barred from export.

Understanding TLS is essential for those working in the field of cybersecurity. Information assurance professionals who have a CASP ™ certification can gain potential leverage for advancement by obtaining an Cybersecurity Certificate, available online from Villanova University, indicating mastery of this and many other topics related to the field of cybersecurity.