UoL CS Notes
Menu

Transport-Layer Security (TLS)

COMP211 Lectures

This protocol is deployed above the transport layer and provides:

  • Confidentiality - Via Symmetric encryption.
  • Integrity - Via cryptography hashing.
  • Authentication - Via public key cryptography.

TLS

TLS is implemented in the application layer alongside HTTP.

TLS 1.3 Cipher Suite

TLS 1.3 allows for the following choices:

  • 4 ciphers based on AES.
  • 1 CHACHA20 (stream cipher).

It requires Diffie-Hellman (DH) for key exchange as RSA is compromised.

Uses SHA (256 or 384) as a cryptographic hash function.

Server Authentication

Public keys for trusted CAs included in the browser/OS:

  1. Browser requests the server certificate, issued by a trusted CA.
  2. Browser checks the certificate and extracts the public key of the server.

Encrypted TLS Session

  1. Browser generate symmetric session key, encrypts is with the server’s public key and send the encrypted key to the server.
  2. Using its private key, the server decrypts the session key.
  3. All data sent into the TCP socket (by the client and server) is encrypted with the session key.