TLS Notes

Transport Layer Security (TLS) is a cryptographic protocol designed to provide secure

communication over a network, such as the internet. It aims to ensure confidentiality,
integrity, and authentication in data exchanges between clients and servers. Here are
class notes on TLS, covering its basics, how it works, its components, and its versions:

1. Introduction to TLS:

Definition: TLS is a protocol that encrypts and secures data transmissions over a
network.

Objective: Protect data from eavesdropping, tampering, and forgery.

Applications: Commonly used in HTTPS, email protocols (SMTP, IMAP, POP3), and other
secure communications.

2. Components of TLS:

Handshake Protocol: Manages the initial connection between client and server. It
establishes the session keys and verifies the server's identity.

Record Protocol: Handles data encryption and integrity during communication. It uses
the session keys established by the handshake protocol.

Alert Protocol: Sends alerts if there are issues with the connection (e.g., expired
certificate or decryption error).

Change Cipher Spec Protocol: Notifies that a change in cipher spec is coming,
prompting the receiving party to change to the new encryption.

3. How TLS Works:

Handshake:

Client sends a "ClientHello" message to initiate the connection, specifying TLS version,
supported cipher suites, and compression methods.

Server responds with a "ServerHello" message, confirming TLS version, cipher suite,
and compression method.
Server sends its certificate to authenticate itself (client also authenticates if required).

Client and server negotiate session keys using asymmetric encryption (e.g., RSA,
ECDH).

Both parties confirm the handshake, switch to the negotiated encryption, and begin
secure communication.

Record Layer:

Data is split into records, which are encrypted and authenticated using the session
keys.

Records are decrypted and verified upon receipt.

4. Cipher Suites and Algorithms:

Cipher Suites: Determine encryption algorithms, key exchange methods, and hash
functions.

Encryption Algorithms: AES, ChaCha20, and others provide confidentiality.

Key Exchange: RSA, Diffie-Hellman, ECDH, and others establish session keys securely.

Hash Functions: SHA-256, SHA-384, and others ensure data integrity.

5. TLS Versions:

TLS 1.0 and 1.1: Older versions with known vulnerabilities; generally considered
insecure and deprecated.

TLS 1.2: A widely-used version offering robust security and multiple cipher suites.

TLS 1.3: The latest version (as of October 2023); faster handshake, improved security,
and fewer cipher suites.

6. Certificates and Authentication:

Certificates: Digital certificates authenticate servers (and clients, if required).

Public Key Infrastructure (PKI): Used to manage certificates and keys.

Certification Authorities (CAs): Trusted entities that issue and manage certificates.

7. Security Considerations:
Forward Secrecy: Ensures that session keys cannot be compromised if a long-term key
is exposed.

Perfect Forward Secrecy (PFS): A feature where session keys are not derivable from
long-term keys.

Man-in-the-Middle (MITM) Attacks: Mitigated by verifying certificates and using secure

key exchange protocols.

8. Best Practices:

Use latest TLS version: TLS 1.3 is recommended for its speed and security features.

Strong Cipher Suites: Use up-to-date, strong cipher suites for encryption and key
exchange.

Secure Certificate Management: Use trusted certificates and regularly update them.