Table of contents
1.
Introduction
1.1.
What is Cryptography?
2.
Transport Layer Security(TLS)
2.1.
What does TLS do?
2.2.
Secure Socket Layer(SSL)
2.3.
Working of TLS
2.4.
Benefits of TLS
3.
Difference between TLS and SSL
4.
Frequently Asked Questions
4.1.
What is Cryptography?
4.2.
What is Transport Layer Security?
4.3.
What is the use of Transport Layer Security(TLS)?
4.4.
What is SSL?
4.5.
What do you mean by TLS Handshake?
5.
Conclusion
Last Updated: Mar 27, 2024

What is Transport Layer Security (TLS)?

Career growth poll
Do you think IIT Guwahati certified course can help you in your career?

Introduction

Hello Ninjas, We are back with another article that is based on Cryptography - Transport Layer Security. 

Transport Layer Security

What is Cryptography?

Cryptography is the art of protecting Data and Information in an unreadable format and then retransmitting that message back to its original form. Cryptography allows you to store some sensitive information like passwords and addresses or send it through insecure networks like the Internet. 

This approach is used for encryption key generation, data privacy verification, digital signature, and private communications, that includes banking transactions and email. It uses some codes to protect the data from attacks so that it is in a readable format only for the ones the data is supposed to be.

cryptography

Cryptographic protocols provide secure, private connections, enabling two parties/users to communicate with security and data integrity. The Transport Layer Security (TLS) protocol evolved from the Secure Sockets Layer (SSL) protocol. TLS provides integrity, authenticity, and security through the use of cryptography.

Moving forward, let's discuss what Transport Layer Security is.

Transport Layer Security(TLS)

Transport Layer Security(TLS) is an encrypted and secured protocol that encrypts the communication between two parties or between applications and servers. TLS encrypts the data exchanged over the Internet, ensuring that hackers or third parties cannot see the useful private information transmitted by the user, like passwords and personal correspondence.

Transport Security Layer(TLS) is the successor of the Secure Socket Layer(SSL); both are security protocols and are sometimes used interchangeably.

It is needed to provide security in the transport layer.

TLS is usually implemented on top of TCP(Transmission Control Protocol) which further encrypts Application Layer protocols such as FTP, SMTP, and HTTP. However, it can be implemented on DCCP, UDP, and SCTP.

Internet Engineering Task Force(IETF) is an international standards organization who was successful in proposing the Transport Layer Security(TLS).

What does TLS do?

The three main components of TLS are Authentication, Encryption, and Integrity.

  • Authentication
    It authenticates the identity of the parties exchanging the information.
     
  • Encryption
    It hides the data transmitted from third parties.
     
  • Integrity
    It verifies that the data has not been altered or tampered with.
     

TLS does not secure the data all over the computer network. Its priority is to ensure confidentiality and secure data delivery over the network via the Internet without any alteration of the content or any type of bug.

Now before moving on to the working of the TLS, let's see what SSL is.

Secure Socket Layer(SSL)

Secure Socket Layer was developed by Netscape in 1195. SSL is used to provide security and privacy to communication. In order to provide high privacy, it encrypts the data between a server and client, which means any third party tries to see the information; they will only see a set of characters that are difficult to decrypt. 

SSL initiates a communication process called a Handshake between two communicating devices to ensure both of them are really who they claim to be.

The TLS uses this protocol to establish the connection between the client and the server.

Let's move on to the working of Transport Layer Security(TLS)

Working of TLS

TLS uses a protocol or, we can say, a mechanism known as a client-server handshake mechanism. It is used to establish a connection that is encrypted and secure to ensure the authenticity of the communication. Now, whenever a user visits a website at a particular moment, TLS Handshake starts between the client and the web server. Let's see the breakdown of the process in phases:

In Phase 1:

  1. At the very start, the client and server get familiarized with a hello signal from each side.
     
  2. The client sends a session ID, cipher ID, etc.
     
  3. The sender returns an encryption algorithm which is chosen from the cipher suite and a compression algorithm which is sent from the client's hello signal.
TLS Handshake - Phase 1

In phase 2:

  1. In phase 2, The web server must send its authentication certificate and request the client authentication for security purposes.
     
  2. Along with the authentication certificate, the server also sends its public encryption key.
     
  3. And finally, the phase with a 'server hello done message is shown.
     
  4. Once the server sends its private key, the client can use it to encrypt its own private key, which will be used to encrypt the data being communicated or exchanged between the client and the server.
TLS Handshake - Phase 2

In phase 3:

  1. In this phase, now the client will send its authentication certificate after verifying the server (Certificate sent by the server) with respective Certificate Authorities (CA).
     
  2. Another thing that the client sends is a secret private key that is encrypted using the public key sent by the server previously.
TLS Handshake - Phase 3

In phase 4:

  1. In the last phase, the client sends two cipher functions, a 'status' and a 'finished' message, to end the handshake process from its side.
     
  2. The web server also sends the status of the cipher algorithms.
     
  3. The data is encrypted with the symmetric key client sent in phase 3.
TLS Handshake - Phase 4

At the end of phase 4, the authentication is complete, and authenticity is maintained between the client and server during the entire process. 

TLS Handshake

Benefits of TLS

The benefits of TLS are as follows:

  1. TLS provides a secure authentication mechanism.
     
  2. TLS offers special auditing and logging capabilities built directly into the protocol.
     
  3. TLS controls the data transmitted and received on an encrypted session.
     
  4. TLS should be used for applications like instant messaging, e-mail, file sharing, audio/video conferencing, and Internet services.
     
  5. TLS is easy to use as it is implemented beneath the application layer, so most of the operations are invisible to the client (This is what the application layer does).

Difference between TLS and SSL

Both TLS and SSL are the security protocols that provide security between web browsers and web servers. The difference between TLS and SSL are as follows:

Feature

TLS

SSL

Abbreviation TLS stands for Transport Layer Security SSL stands for Secure Socket Layer.
Version TLS is the 1.0 version. SSL is the 3.0 version.
Aim TLS is a cryptographic encryption protocol that is used to provide secure communication between the server and client via implicit connections. It's the successor of the SSL protocol. SSL is also a cryptographic protocol that uses explicit connections to establish secure communication between a web server and a client.
Reliability  TLS is highly reliable  SSL is not reliable.
Complexity TLS is simple. SSL is more complex than TLS.
Usage TLS is widely used nowadays. SSL is depreciated.
Security TLS provides high security. SSL is less secured compared to TLS.

Frequently Asked Questions

What is Cryptography?

Cryptography allows you to store sensitive information or send it through insecure networks (such as the Internet).

What is Transport Layer Security?

Transport Layer Security(TLS) is an encryption protocol that provides communication security between applications over the Internet.

What is the use of Transport Layer Security(TLS)?

TLS is used to encrypt the communication between applications and web servers. For example When we load a website in a web browser.

What is SSL?

SSL stands for Secure Socket Layer. SSL is used to provide security and privacy to communication. In order to provide high privacy, it encrypts the data between a server and a client.

What do you mean by TLS Handshake?

TLS Handshake protocol enables the TLS client and server to establish the private keys with which they communicate.

Conclusion

Kudos, Ninjas, You have reached the end of the article on Transport Layer Security. In this article, we have covered the Workings of TLS, Applications of TLS, the Benefits of TLS, and at last the difference between TLS and SSL.

Let's continue here and read more articles based on this.

  1. Network Security
  2. Cryptosystem
  3. What is Cryptography
  4.  STS Download
     

Check out The Interview guide for Product Based Companies and some of the Popular Interview Problems from Top companies like AmazonAdobeGoogleUberMicrosoft, etc., on Coding Ninjas Studio.

Also, check out some of the Guided Paths on topics such as Data Structures and AlgorithmsCompetitive ProgrammingOperating SystemsComputer Networks, DBMSSystem Design, etc., as well as some Contests, Test SeriesInterview Bundles, and some Interview Experiences curated by top Industry Experts only on Coding Ninjas Studio.

Cheers!

Live masterclass