The SecureSocket Layer (SSL) and the Transport Layer Layer Security (TLS)
The Secure Socket Layer, Transport Layer Security
Ever wondered what they are? where how and when they are used? .......Secure Sockets Layer and Transport Secure Layer
In the modern day world, the effects of technological advancements have been inevitable. New technologies are being innovated every year. Because of such technological advancements, many transactions done over the internet have been constantly threatened by many cases of cyber theft. Millions of important data are being accessed by unauthorized individuals. Such cases of cybercrimes always threaten the security of online network users. Therefore, there exists security protocols that serve to safeguard messages sent over the internet. Such security protocols prevent the illegal hacking and access of important data sent over the internet. Examples of security protocols include the Secure Socket Layer (SSL), the 3D Secure and the Transport Layer Security.
The Secure Socket Layer (SSL)
The Secure Socket Layer is a safety protocol used to secure messages transmitted over the internet. It is used by many websites to secure the delicate information of their clients. Such secured areas in the website include the client`s accounts and online checkouts that involve online transfers of money. The secure socket layer protocol safeguards the customer`s information by encrypting the data. It is commonly used on the HTTP web. It is also used to secure other protocols such as SMTP and NNTP. SMTP is a security protocol used to secure data sent via emails (Entrust solution, 2007). The early versions of SSL used to enhance data security through a 40-bit encryption. However, they advanced up to the use of encryption models higher than 120 bit encryption.
To understand how the Socket Security Layer works, it is imperative to evaluate the procedures involved in every stage of data protection. However, the SSL relies on digital certificates to work completely. Once a certain browser tries to access a website protected by SSL, the browser requests the identity of the server. After the inquiry, the requested server sends its digital certificates to the browser for verification (Martin, 2002). After the browser receives a copy of the website`s certificates, the browser checks the authenticity of the provided certificates. Upon checking the authenticity of the server`s digital certificates, the browser is inclined to send the right feedback (Entrusts Solution, 2007). If the browser realizes that the digital certificates provided by the server are false of unverifiable, it sends a message to the server making it known to the server that its contents could not be verified. If the browser succeeds to verify the server’s certificates, it sends a copy of digitally signed acknowledgment to the server. Both the server and the browser can begin an SSL encrypted session. Beginning an SSL encrypted process implies that the information being shared between the browser and the server is protected. It can neither be accessed nor changed by external third parties. The process of exchanging and verifying digital certificates between the server and the browser is known as a handshake. It only occurs when the server receives a copy of digitally signed certificate from the browser.
In order to establish an effective security of online data, the strength of the encryption certificate matters a lot. Some security professionals often mistake and believe that the strength of the encryption certificate determines the strength of the security protocol. However, In SSL, the strength of the SSL session, the strength of the browser and server capabilities determine the strength of the encryption (Martin, 2002). If the browser is limited to the capacity of 40-bit encryption, then a session of 40 bits will be established. The same applies when the browser is limited to 128 bit encryption. Additionally, the strength of the encryption increases with an increase in the number of encrypted bits accommodated by both the browser and the server (Star-field Technologies Secure Certificate Services, n.d). For example, when the both the server and the browser are limited to 128-bit encryption, an encryption session limited to 256 bits will be established. Therefore, both the strength of the server and the browser determine the strength of the encryption.
The Transport Security Layer (TSL)
The Transport Security layer (TSL) is a predecessor of the Secure Socket layer (SSL). It is among the cryptographic protocols used in securing online communications. Similar to the SSL, TLS secures the transmitted data over the internet by encrypting it. Although it is a predecessor to the SSL, the TLS uses the PKI certificates, secure hash functions and digital signatures to secure online messages (Hellner et al, 2011). Through the abovementioned security processes and devices, the TSL prevents online data from being hacked and changed. It also prevents website`s passwords from being altered and the security of the whole system from being compromised.
Because of its advanced ways of protecting data, the transport layer security protocol has diverse uses. However, all its uses are directed to providing data security. Firstly, TLS is used in enhancing the security of web servers. When used in the server, TLS secures the information communicated between the server user and the browser by encrypting it (HSB Holdings, 2011). It encrypts the data from one end, either the server or the browser, and decrypts it to avail the information to the recipient after getting the right authentication. Additionally, there are two ways of determining whether a website is secured. Websites secured by the TLS always reveal a green padlock symbol on the bottom of the browser window (Singh and Huhns, 2005). Alternatively, the browser` URL begins with https instead of http.
Secondly, the TLS is also used to secure directory servers, mail servers and database servers. In securing mail servers, the TLS Security protocol encrypts email messages and decrypts them before delivering them to the target email addresses. Thirdly, TLS is used to secure Virtual Private Networks VPN (Hellner et al, 2011). It encrypts the accessed network and the remote users` devices.
The TLS is made up of two distinct layers, the handshake protocol and the record protocol. The TLS Record Protocol provides the security of internet connections with some encryption methods such as the Data Encryption Standard (DES) and many others. Additionally, the TLS Record Protocol can also be applied without undergoing the long process of encryption. Conversely, the TLS Handshake Protocol enables both clients and servers to authenticate their information (HSB Holdings, 2011). It also permits them to negotiate cryptographic keys and encryption algorithms before exchanging their data. In order to finalize the TLS Handshake protocol, the following processes are incurred. Firstly, hello messages sent between the server and the browser agree on their algorithms used, check their session’s resumptions while exchanging their assigned random numbers (Hellner et al, 2011). Secondly, both the server and the browser exchange the necessary encrypting parameters. The exchanged cryptographic parameters allow both the server and the browser to select a common premaster secret that enables them to communicate at ease. Thirdly, immediately after the premaster secrets have been exchanged, both the server and the browser avails their digital certificates for the purpose of authentication. During the process of authentication, the TLS generates random values and generates the master secret that seeks to finalize the authentication process (HSB Holdings, 2011). Later the security parameters are transferred to the recording layer. Fourthly, the TLS affirms that both the server and the browser have exchanged their parameters without any external interruption and the exchange of the secured data is safe.
In conclusion, Both the TLS and the SSL are security protocols. They ensure the safety of both the server`s and client`s information by encrypting it. The TLS is an advancement of the SSL. Therefore, the two have many similarities but minor differences. In both the SSL, a handshake is completed once the process of authenticating the provided digital certificates is finalized.
Entrust solutions. (2007). Understanding digital certificates & secure sockets layer: a fundamental requirement for internet transactions, Retrieved on 28th Aril 2014 from: http://www.entrust.net/ssl-resources/pdf/understanding_ssl.pdf
Hellner et al. (2011). Security on IBM z/VSE. Armonk, New York: IBD Red books.
HSBC Holdings. (2011).The Transport Layer Security: about TLS. Retrieved on Retrieved on 28th Aril 2014 from: http://www.hsbc.com/~/media/B9271465647F4525BC9FDDA0FBC02F8A.ashx
Martin, F. (2002). SSL Certificates How-to, Retrieved on Retrieved on 28th Aril 2014 from: http://www.tldp.org/HOWTO/pdf/SSL-Certificates-HOWTO.pdf
Singh, M., and Huhns, M. (2005). Service-Oriented Computing: Semantics, Processes, Agents. Hoboken: John Wiley & Sons.
Star-field Technologies Secure Certificate Services. (N.d). Why you need an SSL Certificate, Retrieved on 28th April 2014 from: https://products.secureserver.net/SSLMarketingGuide.pdf
Iphone 4s, Marvelous
What do people find supernatural in Technology
Shutter Stock Creations
© 2014 Musembi Daniel Nduva