2. SUMMARY OF
CONTENTS
OUR MAIN
TOPICS TODAY
What is Transport Layer Security
Whats New in TLS 1.3
How TLS Achieves This
Key Goals of TLS 1.3
Security Benefits
Privacy Benefits
Difference between Handshake in TLS 1.2 & 1.3
3. WHAT IS TLS
THE BEGINNING
OF TRANSPORT
LAYER SECURITY
Probably the Internet’s most important security protocol
Designed over 20 years ago by Netscape for Web transactions
But used for just about everything you can think of
Maintained by the Internet Engineering Task Force
– Back then, called Secure Sockets Layer
– HTTP
– SSL-VPNs
– E-mail
– Voice/video
– IoT
– We’re now at version 1.2
4. WHATS NEW
IN TLS 1.3
TLS 1.3 offers some great improvements over TLS 1.2. Vulnerable optional
parts of the protocol have been removed, there’s support for stronger
ciphers required to implement perfect forward secrecy
(PFS), and the handshake process has been significantly shortened.
In addition, implementing TLS 1.3 should be relatively simple. You can use
the same keys you used for TLS 1.2. Clients and servers will automatically
negotiate a TLS 1.3 handshake when they both support it, and Google
Chrome and Mozilla Firefox already do it by default.
5. TLS ACHIEVES
THIS USING
VARIOUS
TECHNIQUES…
– Symmetric key encryption for application data.
– Typically Advanced Encryption Standard (AES).
PRIVACY
– Authenticated Encryption with Additional Data (AEAD).
– Usually AES-GCM (Galois/Counter Mode) cipher mode.
INTEGRITY
– X509 certificates signed by a mutually trusted third party.
– Typically server authenticated only.
AUTHENTICATION
6. KEY GOALS OF
TLS 1.3
Clean up - Remove unsafe or Unused features
Security - Improve security w/modern techniques
Privacy - Encrypt more of the protocol.
Performance -1-RTT and 0-RTT handshakes
Continuity - Backwards compatibility
7. SECURITY
BENEFITS
Although TLS 1.2 can still be deployed securely, several high-profile
vulnerabilities have exploited optional parts of the protocol and outdated
ciphers. TLS 1.3 removes many of these problematic options and only
includes support for algorithms with no known vulnerabilities (at this time).
The IETF chose to remove all ciphers that do not support PFS from TLS
connections. These include DES, AESCBC, RC4, and other ciphers less
commonly used.
8. PRIVACY
BENEFITS
TLS 1.3 also enables PFS(Perfect Forward Secrecy) by default.
This cryptographic technique adds another layer of confidentiality
to an encrypted session, ensuring that only the two endpoints can
decrypt the traffic. With PFS, even if a third party were to record
an encrypted session, and later gain access to the server private
key, they could not use that key to decrypt the session.
10. REFERENCES WOULD I PREFERRED…
http://web.stanford.edu/class/ee380/Abstracts/151118-slides.pdf
https://www.owasp.org/images/9/91/OWASPLondon20180125_TLSv1.3_
Andy_Brodie.pdf
https://www.cloudflare.com/learning-resources/tls-1-3/
https://www.f5.com/pdf/products/tls1-3_are-you-ready.pdf