Security of network services
TLS

Transport Layer Security (TLS) is an Internet standard protocol that provides communication security over the Internet. The primary goal of this protocol is to provide confidentiality and data integrity between two communicating applications. A prominent use of TLS is for securing World Wide Web traffic carried by HTTP to form HTTPS, allowing secure electronic commerce transactions. Increasingly, the Simple Mail Transfer Protocol (SMTP) is also protected by TLS.

TLS is in widespread use in applications such as web browsing, electronic mail, Internet faxing, instant messaging and voice-over-IP (VoIP).

TLS is based on the earlier Secure Sockets Layer (SSL) specifications developed by Netscape Communications. Both protocols (TLS and SSL) use cryptographic algorithms and public key certificates to verify the identity of end points and for key exchange. This authentication can be made optional, but is generally required for at least one of the two communicating entities.

They also use symmetric encryption for confidentiality, and message authentication codes for message integrity. Symmetric cryptography is used for data encryption. The keys for this symmetric encryption are generated uniquely for each connection and are based on a shared secret previously negotiated. The negotiation of this shared key is secure and reliable: the negotiated key is unavailable to eavesdroppers, and for any authenticated connection the key cannot be obtained, even by an attacker who can place himself in the middle of the connection (Man in the Middle attack). Moreover, no attacker can modify the negotiation communication without being detected by the parties to the communication.

Figure 15 shows in a simplified way, how the TLS session is established

Fig. 15 – TLS session establishment