Robert S. Mueller III, former US FBI Director, once said “There are only two types of companies: Those that have been hacked and those that will be”.
A recent article published by Cyber Crime Magazine predicts that Cybercrime would cost the global economy $6 trillion in 2021 and is expected to grow at 15% year on year and with this rate it will touch $10.5 trillion by 2025.
Cybercrime can happen to any business and its effects can be devastating. Businesses across the industries need a comprehensive and ever evolving security solution to protect from cyber-attacks. TLS (Transport Layer Security) is a vital component of this larger comprehensive security solution.
What is TLS
Transport Layer Security (TLS) is a cryptographic protocol that encrypts data sent over the Internet. For instance, web browsing uses HTTPS (Hyper Text Transfer Protocol Secure – it is HTTP over TLS). First, a secure and a trusted HTTPS session establishes between the browser and the web server using TLS handshake. Second, all data including passwords, sensitive, personal, and general information encrypts at the client side and decrypts at the server side and vice versa. Without TLS, data transmits in plain text and is vulnerable to all kinds of harmful activities.
Other applications such as e-mail, file transfers, video/audio conferencing, instant messaging, voice-over-IP and Internet services such as DNS and NTP use TLS.
Origin of TLS
TLS has come long way. It all started with SSL (Secure Socket Layer) protocol released in 1994 by Netscape for providing secure communications between the client and the server on the web. Later, IETF (Internet Engineering Task Force) developed similar protocol based on SSL 3.0 and released TLS 1.0 in 1999, followed by TLS 1.1 in 2006, TLS 1.2 in 2008 and TLS 1.3 in Aug 2018 (RFC – 8446).
How TLS works
To know TLS better, let us understand step by step process of what happens when a user types a website – URL (eg:- https://www.google.com) in a web browser and clicks enter.
- DNS Lookup – The browser sends the URL (www.google.com) to DNS server which does a lookup of the URL and returns IP address to the browser
- TCP Handshake – the browser sends a request to the IP address, trying to establish a connection with the web server
- TLS Handshake – having made a connection, the browser and web server decide encryption protocol, cipher suites and parameters, authenticate one or both parties, create and exchange symmetric master secret key. The browser and the web server will use this master secret key to encrypt and decrypt the data
- Page Fetch – The browser requests the content of the website and the server responds back with the content. The data exchanged between the browser and the webserver is encrypted
Let us double click on TLS Handshake process of step 3 above. For better understanding, I have simplified the TLS handshake steps