Introduction to TLS 1.3
•
0 gostou•269 visualizações
Introduction to TLS 1.3
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Semelhante a Introduction to TLS 1.3
Semelhante a Introduction to TLS 1.3 (20)
Mais de n|u - The Open Security Community
Mais de n|u - The Open Security Community (20)
Último
Último (20)
Introduction to TLS 1.3
- 1. INTRODUCTION TO TLS 1.3 Presented by Vedant Jain NULL BHOPAL MONTHLY MEET JANUARY 2020
- 2. SUMMARY OF CONTENTS OUR MAIN TOPICS TODAY What is Transport Layer Security Whats New in TLS 1.3 How TLS Achieves This Key Goals of TLS 1.3 Security Benefits Privacy Benefits Difference between Handshake in TLS 1.2 & 1.3
- 3. WHAT IS TLS THE BEGINNING OF TRANSPORT LAYER SECURITY Probably the Internet’s most important security protocol Designed over 20 years ago by Netscape for Web transactions But used for just about everything you can think of Maintained by the Internet Engineering Task Force – Back then, called Secure Sockets Layer – HTTP – SSL-VPNs – E-mail – Voice/video – IoT – We’re now at version 1.2
- 4. WHATS NEW IN TLS 1.3 TLS 1.3 offers some great improvements over TLS 1.2. Vulnerable optional parts of the protocol have been removed, there’s support for stronger ciphers required to implement perfect forward secrecy (PFS), and the handshake process has been significantly shortened. In addition, implementing TLS 1.3 should be relatively simple. You can use the same keys you used for TLS 1.2. Clients and servers will automatically negotiate a TLS 1.3 handshake when they both support it, and Google Chrome and Mozilla Firefox already do it by default.
- 5. TLS ACHIEVES THIS USING VARIOUS TECHNIQUES… – Symmetric key encryption for application data. – Typically Advanced Encryption Standard (AES). PRIVACY – Authenticated Encryption with Additional Data (AEAD). – Usually AES-GCM (Galois/Counter Mode) cipher mode. INTEGRITY – X509 certificates signed by a mutually trusted third party. – Typically server authenticated only. AUTHENTICATION
- 6. KEY GOALS OF TLS 1.3 Clean up - Remove unsafe or Unused features Security - Improve security w/modern techniques Privacy - Encrypt more of the protocol. Performance -1-RTT and 0-RTT handshakes Continuity - Backwards compatibility
- 7. SECURITY BENEFITS Although TLS 1.2 can still be deployed securely, several high-profile vulnerabilities have exploited optional parts of the protocol and outdated ciphers. TLS 1.3 removes many of these problematic options and only includes support for algorithms with no known vulnerabilities (at this time). The IETF chose to remove all ciphers that do not support PFS from TLS connections. These include DES, AESCBC, RC4, and other ciphers less commonly used.
- 8. PRIVACY BENEFITS TLS 1.3 also enables PFS(Perfect Forward Secrecy) by default. This cryptographic technique adds another layer of confidentiality to an encrypted session, ensuring that only the two endpoints can decrypt the traffic. With PFS, even if a third party were to record an encrypted session, and later gain access to the server private key, they could not use that key to decrypt the session.
- 10. REFERENCES WOULD I PREFERRED… http://web.stanford.edu/class/ee380/Abstracts/151118-slides.pdf https://www.owasp.org/images/9/91/OWASPLondon20180125_TLSv1.3_ Andy_Brodie.pdf https://www.cloudflare.com/learning-resources/tls-1-3/ https://www.f5.com/pdf/products/tls1-3_are-you-ready.pdf
- 11. QUESTIONS? COMMENTS? LET US KNOW! @Vedant__Jain TWITTER jainvedant786@gmail.com EMAIL