Transport Layer Security: Safely Surf the Web
As the Internet has become a massive market for commercial transaction Internet security has evolved. Originally browsers offered security through SSL, the Secure Sockets Layer. While this was certainly very secure, new technologies made more security possible. TLS, or Transport Layer Security, is the successor to SSL and builds on the technologies.
Uses
Primarily TLS is used in e-commerce transactions. Using TLS prevents the server, client, or points in between, from accessing secure information. Another common use is for protecting access to secure information. For instance a company with 2 clients whom compete with one another might want to ensure that neither could access each others information in web based communications, or forums.
Encryption
TLS uses encryption technologies to secure data. TLS can use the same encryption over a number of protocols, like TCP, HTTP, SMTP etc. TS uses a public and private key in created encrypted transmissions. The public encoding key is sent to the client, the client then encodes. An additional layer of security takes place in the TLS handshake. This process enables TLS to verify security certificates of the client or host before even sending the public key.
Once the message or transmission has been encoded it is then sent through a secure transfer to the server or vice versa. Because only the recipient has the private key they alone can decode the message. In theory if a third party in between the two parties captured the whole message it would be possible to decode, however the computing power required would be immense. Further it is rare in Internet protocols for messages to all travel through one route between two computers; typically messages are separated and sent through a variety of routes to the client.
Applications that Utilize TLS
One of the biggest types of software to use TLS is Web Browsers. That said other Internet applications, as well as intranet applications can take advantage of the technology. FTP browsers, and Telnet or SSH clients can also use TLS. Operating Systems can use TLS to make Virtual Private Networks.
Implementation
Typically TLS is implemented at the application level, and in fact multiple applications may each have their own implementation. Many open source implementations of TLS are available, and open source software developers often use one of the major open source TLS implementations. Commercial vendors, such as Microsoft, have incorporated TLS into their own proprietary security software.
The following are additional resources on TLS Security:
- Wireless Network Security- TLS and WiFi Networks
- Network & Internet Security - Contains Information on TLS & SSL
- Open SSL - An Open Source SSL/TLS Toolkit
- Secure Laboratory - The Cryptography behind TLS
- Selecting TLS Implementations - A Guide from NLST
- TLS Design & Implementation - An In Depth Analysis
- SSH/SSL FAQ - Includes Details of How SSL/TLS Works
- What's the Difference Between TLS & SSL - Differentiating the Advancements in TLS
- Encrypted Authentication - A Guide to Various Encryption Techniques
- SANS - An Organization Dedicated to Internet Security
- Man in The Middle - A Description of one of the Common TLS Vulnerabilities
- SSL VPNS - A Guide to using TLS for Virtual Private Networks
- What is TLS - A Brief Overview
- Internet Cryptography - An Introduction to TLS