Sunday, December 1, 2013

Communication and Security: Transport Layer Security (TLS)

Transport Layer Security is a layer 4 protocol that is based on Secure Sockets Layer (SSLv3). It makes use of Public Key Infrastructure (PKI) which provides user authentication and hence provides confidentiality. This protocol mainly prevents packet sniffing, forgery and tampering.

Communication between client and server
Since, TLS uses PKI, it provides two types of authentication, namely, mutual authentication and server authentication. If a highly secure communication is required, then mutual authentication comes in handy even though it is very computationally expensive due to public key encryption. Server side authentication is the one we commonly see these days, like HTTPS. Though this type of authentication provides mid-level security, it is preferred for normal systems, since it reduces the computation cost involved with PKI.

What are some of the pros and cons of using TLS?
Pros:
  • It is a recommended security mechanism specified by IETF.
  • TLS supports network address translation (NAT) traversal at the protocol layer.
  • It ensures privacy.
  • It supports user authentication which is very much preferred in e-commerce solutions such as online banking.
  • Easier porting to multiple hardware architectures since TLS is implemented at the application level and not at the kernel level.

Cons:
  • Mutual and server side authentications require PKI operations. Using PKI makes a system very complex.
  • PKI is computationally costly.
  • Only one side is authenticated in server side authentication.
  • TLS can’t guarantee security for Voice over IP RTP media streams.
  • TLS runs on TCP only and not on UDP.


When should we use it?
The only bottleneck with TLS is the public key infrastructure features. TLS is the best choice when a system requires highly secure authentication mechanisms even at the cost of slower sessions and additional complexity. The system that has this type of requirements is fundamentally used in online banking and e-commerce solutions.

References:
http://www.k2esec.com/secure-communications/network-security-protocols-ipsec-vs-tlsssl-vs-ssh-part-ii
Posted by at

2 comments:

  1. UnknownDecember 13, 2013 at 9:27 PM

    That was a very interesting article. I personally do not have all that much experience in security, so this was a very informative article. I think you provided a very even-handed view of TLS, raking time to point out its flaws and strengths. There is one thing I am very curious about, and that is how easy is it to get a TLS certificate? I think that could have been some useful information to include.

    ReplyDelete
  2. UnknownDecember 14, 2013 at 7:52 PM

    While I know that PKI is an overhead for authentication, It is very powerful way to ensure security and as far as I recall, PKI can only be broken in real-time. Once user have agreed upon a shared-key it is tough to break the key. Overall nice post and I guess you have covered all positive and negative points of TLS. Good post!

    ReplyDelete

Subscribe to: Post Comments (Atom)