Working of TLS v1.3

  1. WHAT IS TLS?

The Internet Engineering Task Force published the latest version of Transport Layer Security are cryptographic protocols that provide communications security over a computer network. Several versions of the protocols find widespread use in applications such as web browsing, email, instant messaging, and voice over IP (VoIP). Websites are able to use TLS to secure all communications between their servers and web browsers.

HISTORICAL DEVELOPMENTS:

Year

Developed By

Version

1994

Netscape

SSL V1.0 published

1995

Netscape

SSL V2.0 published

1996

Netscape

SSL V3.0 published

1999

Internet Engineering Task Force

TLS V1.0 published (SSL V3.1)

2006

Internet Engineering Task Force

TLS V1.1 published (SSL V3.2)

2008

Internet Engineering Task Force

TLS V1.2 published (SSL V3.3)

2014

Internet Engineering Task Force

TLS V1.3 draft1 (SSL V3.4)

2018

Internet Engineering Task Force

TLS V1.3 draft23

2018

Internet Engineering Task Force

TLS V1.3 draft28

                                          Table 1: Historical Development of TLS

  1. VULNERABILITIES AND OBSOLETED FEATURES
  • Eavesdropping Attack- Eavesdropping is the unauthorized real-time interception of a private communication, such as a phone call, instant message, videoconference or fax transmission. The term eavesdrop derives from the practice of actually standing under the eaves of a house, listening to conversations inside.
  • Tampering Attack- Data tampering is that act of deliberately modifying (destroying, manipulating or editing) data through unauthorized channels.
  • Message Forgery Attack- Message forgery is the sending of a message to deceive the recipient as to whom the real sender is. A common example is sending a spam e-mail as if it were originated from an address other than the one which was really used.
  • Man-in-The-Middle Attack- Man-in-the-middle attack is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.
  • POODLE Attack- It is a security flaw that can be exploited to conduct a man-in-the-middle attack that targets Web browser-based communication between clients and servers using Secure Sockets Layer (SSL) 3.0.
  • BEAST - This attack leverages weaknesses in cipher block chaining (CBC) to exploit the Secure Sockets Layer (SSL)/Transport Layer Security protocol.
  • SHA-1- Secure Hash Algorithm 1 (SHA-1) is a cryptographic computer security algorithm. It is part of the Digital Signature Algorithm or the Digital Signature Standard (DSS).
  • RC4- RC4 is a symmetric key cipher and bite-oriented algorithm that encrypts PC and laptop files and disks as well as protects confidential data messages sent to and from secure websites.
  • DES- Data Encryption Standard (DES) is a common standard for data encryption and a form of secret key cryptography (SKC), which uses only one key for encryption and decryption. Public key cryptography (PKC) uses two keys,
  • 3DES- Triple Data Encryption Algorithm is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block.
  • AES-CBC- AES-CBC Cipher Algorithm, it is use with IPsec
  • MD5- MD5 hashing algorithm is a one-way cryptographic function that accepts a message of any length as input and returns as output a fixed-length digest value to be used for authenticating the original message.
  1. TLS V1.3 BASED ON THESE PRINCIPLES OF INFORMATION SECURITY:
  • Authentication: The process or action of verifying the identity of a user or process. The server side of the channel should be authenticated, and the client side is May or may not authenticate. Authentication can perform via asymmetric cryptography (e.g., RSA algorithm, the Elliptic Curve Digital Signature Algorithm (ECDSA), or the Edwards-Curve Digital Signature Algorithm (EdDSA) [RFC8032] or a symmetric pre-shared key (PSK).
  • Confidentiality: The state of keeping or being kept data secret or private. Data sent over the channel after establishment is only visible to the endpoints. TLS does not hide the length of the data it transmits, though endpoints are able to pad TLS records in order to obscure lengths and improve protection against traffic analysis techniques.
  • Integrity: Data sent over the channel after establishment cannot be modified by attackers without detection.
  1. TLS TWO PRIMARY COMPONENTS:
  • A handshake protocol- That authenticates the communicating parties, negotiates cryptographic modes and parameters, and establishes shared keying material. The handshake protocol is designed to resist tampering. Active attackers should not be able to force the peers to negotiate different parameters than they would if the connection were not under attack.
  • A record protocol- The record protocol divides traffic up into a series of records, each of record is independently protected by using the traffic keys.
  1. HOW TLS V1.3 ENSURE SECURITY
  • It is much faster than previous version
  • By using pear to pear encryption
  • By providing new supporting API
  • By providing secured web browsing
  • By using AES
  • By using PSK

 

  1. TLS V1.3 WORKING STEPS 

Step 1- Client sends:

  • Cipher Suite options
  • List of supported groups/curves
  • (EC) DHE Key Share(s)

Step 2- Server sends:

  • Cipher suite selection.
  • (EC)DHE Key Share

Step 3- Client and Server now share a key:

The rest of the handshake is encrypted.

Step 4- Server sends:

  1. Encrypted Extensions

• Server Name

• Message Length

• Optionally many more

  1. Certificate Request

• Supported signature algorithms.

Step 5- Server sends:

  • Certificate
  • Proof of private key possession.
  • Finished
  • Application Data

Step 6- Client responds:

  • Certificate
  • Proof of private key possession
  • Finished
  1. NOW WE CAN USE TLS 1.3 IN OUR BROWSER

     TLS 1.3 is currently supported in both Chrome (starting with release 66) and Firefox (starting with release 60), and in development for Safari and Edge browsers.

  1. TLS V1.3 FOR CHROME:
  • Go to the address bar, enter [chrome://flags] and press Enter.
  • Scroll to locate the TLS 1.3 entry, and set it to Enabled. You will say a message saying that the change will take effect the next time you relaunch Chrome.
  • Click RELAUNCHES NOW to re-start Chrome.
  • After enabling TLS 1.3, visit a site with TLS 1.3 enabled over HTTPS.
  • Then: Open Chrome Developer Tools.
  • Click the Security tab.
  • Reload the page (Command-R in Mac OS, Ctrl-R in Windows).
  • Click on the site under Main origin.
  • Look on the right-hand tab under Connection to confirm that TLS 1.3 is listed as the protocol.

TLS V1.3 FOR FIREFOX:

  • Go to the address bar, enter about: [config] and click to accept the warranty warning.
  • Search for security.tls.version.max and set it from the default value of 3 to 4
  • After enabling TLS 1.3, visit a site with TLS 1.3 enabled over HTTPS.
  • Then: Click the green lock icon in the address bar, then >.
  • Click More Information.
  • Under Technical Details, verify that the TLS version is TLS 1.3.

 

  1. CONCLUSION

The latest version of TLS V1.3 is more secured version of TLS, after implementing this system pier to pier communication is getting more secured. Google Chrome and Mozilla Firefox are two web browser are effectively and efficiently supporting this new feature. In recent days cloud service providers are rapidly trying to transform their services by applying TLS v1.3 into their server or make their servers to support TLS v1.3. And Facebook are already implementing TLS v1.3 into their systems for providing more secure environment for social networking. Because privacy is the ultimate concern of the users, service providers and the governments now days.