Which protocol does https use to offer greater security in web transactions?

14.5.1 Introduction

Transport Layer Security (TLS) is a cryptographic protocol that aims at providing secure communication over an IP network. It is a very common protocol today since it is used to secure HTTP communication between web browsers and web servers. When HTTP is protected using TLS, it is usually referred to as HTTPS (HTTP Secure).

The TLS protocol can provide ciphering and data integrity between two communicating entities and also mutual authentication of the two end-points. It is application protocol independent so that higher-level protocols can run on top of TLS transparently. TLS is specified by the IETF and several revisions of TLS have been defined. The first version TLS 1.0 was defined in 1999 and it built on previous work on Secure Socket Layer (SSL). TLS 1.1 was then released in 2006. A common TLS versions used on the Internet today is TLS 1.2 (defined in IETF RFC 5246 from 2008) but support for TLS 1.3 (defined in IETF RFC 8446 from 2018) is becoming more common. As described in Chapter 8, TLS is used in the 5GC to protect the HTTP-based interfaces. 3GPP allows TLS 1.1, TLS 1.2 and TLS 1.3 to be used, even though the use of TLS 1.1 is not recommended (see 3GPP TS 33.210 for further details).

TLS consists of two primary components:

A TLS Handshake protocol that authenticates the two end-points. This component also negotiates cryptographic parameters and generates keying material. The handshake protocol is designed to be resistant to attacks, i.e., an attacker should not be able to influence the security negotiation between the two end-points. The TLS Handshake protocol is further described in Section 14.5.2.

A TLS Record protocol that uses the parameters established by the handshake protocol to protect traffic between the end-points. The record protocol divides the data traffic into a series of records. Each of these records is then protected using the keys established during the Handshake phase. The TLS Record protocol is further described in Section 14.5.3.

8.5.2 TLS

TLS provides an end-to-end secure channel between two network end points. It provides confidentiality and integrity as well as mechanisms for authentication of the communication end points. TLS is defined by RFC5246 [56].

TLS was originally developed under the name Secure Sockets Layer (SSL) by Netscape Corporation for the Netscape web browser, but was later standardized by the IETF as TLS. Although the name is now officially TLS, it is still widely known as SSL. Many will recognize TLS from its use in web browsers, where the “https://” at the beginning of the URL signifies that the data were transported over a TLS connection.

TLS consists of several different layers and protocols. At the lowest layer, a symmetric encryption algorithm is used to provide confidentiality and integrity. To establish a key for use in the symmetric encryption algorithm, TLS first performs an authentication combined with a secure key exchange protocol. The authentication can be either unilateral, meaning that only one of the connection end points are authenticated, or bilateral, where both communication end points are authenticated. Unilateral authentication is used in the typical web browser to web server communication model, whereas bilateral authentication is used for secure transactions between two web servers, which is common in enterprise systems.

Before initiating the authentication phase, the TLS end points engage in a protocol negotiation phase. The end points use this phase to decide what encryption protocols to use for the remainder of the connection. TLS supports a number of different encryption protocols.

TLS was designed to perform the most expensive computations on the server side. In a web browsing scenario, this means that the web server will carry the largest burden, which leads to scalability problems for TLS-enabled web sites.

In the authentication phase, TLS makes extensive use of asymmetric cryptography. For low-end smart objects, this security mechanism is inappropriate. There are, however, ongoing efforts to provide more lightweight cryptographic algorithms to achieve end-to-end security for computationally constrained microprocessors [99,188]99188.

Transport layer security

Transport layer security provides security between two end systems using the Transport Layer Security (TLS) protocol. As shown in Figure 10-10, a TLS header with information about the encrypted content is inserted between IP and TCP. The TCP header and payload are encrypted by TLS.

Because encryption is performed in the protocol on one end system and decryption in the protocol of the other end system, the packet payload remains encrypted along the entire path. However, the IP header is transmitted in cleartext and thus it is possible for an eavesdropper to determine the source and destination of the connection.

6.2.2.8 TLS

Transport Layer Security (TLS) is a layer 5 protocol, which provides authentication and encryption mechanisms. It is the evolution of Secure socket Layer (SSL), which was renamed after its last Version v3.0. TLS handles several cipher suits, where the discrete method is elected during the initialization phase. A cipher suite includes the security algorithms used in the further communication; this includes key exchange, authentication, encryption and hashing. The protocol handshake in the beginning of an session, handles the authentication of server and client (optional) using asymmetric certificates, e.g., X509. It creates a session key, which is used to secure the rest of the session using symmetric encryption (optional). The actual version TLS v1.3 is defined in RFC8446. The TLS definition includes several subprotocols, e.g., Handshake Protocol, Change Cipher Specification Protocol, Alert Protocol, Application Data Protocol. These are handled on top of the TLS Record Protocol, where handshake and change cipher are used mostly at session creation, and the Application Data Protocol manages the transmission of the payload data. The usage of TLS for securing connections is often expressed by adding an S to the used protocol on top of TLS (e.g., HTTPS, SMTPS, IMAPS, and FTPS). TLS assumes a reliable, connection-oriented transport protocol. In the context of the Tactile Internet, retransmitting dropped packets might result in these retransmitted packets being dropped by the application instead: These packets might be too old and they should instead be replaced by fresher information. Therefore we support Datagram Transport Layer Security (DTLS)—a variant of TLS—which uses a datagram-oriented, unreliable transport protocol. DTLS is the correct choice for securely transmitting real-time traffic in the Tactile Internet.

Transport Layer Security

Transport Layer Security (TLS)4 is based on the Secure Socket Layer (SSL) protocol that was developed in the 1990s by the Netscape Corporation. The basic design requires a X.503 V3-based Public Key Infrastructure (PKI) at least for the server and requires client and server to maintain a session state. Both use PKI to negotiate a session master key: This approach ensures that the asymmetric cryptography is used to introduce client and server and establish a secure channel between the two communication partners. The establishment of the secure session key using symmetric cryptography allows leveraging the efficiency of these mechanisms in bulk encryption transactions. While most clients and servers today still support SSL 3.0 and TLS 1.0, a move to TLS 1.1 is recommended to avoid potential security holes.

4.1.2 Transport Layer Security (TLS)

TLS [9] is a network security protocol that provides reliable, end-to-end transport between Internet applications. It is built on top of some reliable transport protocol such as TCP, and it consists of two sublayers: the TLS Record Protocol and the TLS Handshake Protocol.

The TLS Record Protocol establishes a secure, reliable channel for higher level protocols such as the TLS Record protocol. Specifically, it provides data confidentiality with symmetric key encryption, and data integrity with keyed MAC (e.g., SHA-1). The TLS Handshake Protocol provides the following functionalities:

Negotiates the cipher suite, which includes the encryption and hash algorithms, authentication and key establishment methods, to be used.

Authenticate the participating parties (e.g., client and server) and the exchanged data. In most e-commerce applications, servers are nearly always authenticated, and clients are rarely authenticated by TLS.

Establish fresh, shared secret used by various encryption and authentication algorithms.

TLS is suited for securing SIP on a hop-by-hop basis. The SIP RFC [2] mandates that SIP proxy servers, redirect servers, and registrars must support TLS. However, UAs are strongly recommended to be able to initiate TLS.

Transport Layer Security

TLS makes use of digital certificates in the handshake phase of the protocol. When the handshake is completed, the server should have presented a valid certificate to identify itself. The client computer can also be required to present one, if the server requests it. At the end of the handshake the two computers have also agreed on a symmetric key cipher to use to protect the session, as well as a session key to use. TLS guarantees that only the two computers in the communication know the session key, and the selection of the session key cannot be influenced by a middle-person attack [31].

There are not any glaring problems with TLS itself. It can also be used by any application, not just web traffic, with relatively little modification to the application. This makes it a flexible solution to provide encryption and entity authentication for applications that are otherwise security-agnostic.

All of these items—CAs, TLS, certificates—as well as the policies and people that implement them, make up the PKI of the Internet. The technology is sound, but without accurate certificates to identify the endpoints, a secure connection is not of much help in resisting attacks. Namely, an encrypted connection to the adversary instead of the intended target does not help. For this reason, a robust public key infrastructure that adequately ties public keys to real identities is extremely important. The existing PKI has shown weaknesses, not in the technologies themselves, but via attacks on CAs.

Transport Layer Security

TLS, the successor to SSL, is used to prevent eavesdropping on information being sent between computers. When using strong encryption algorithms, the security of your transmission is almost guaranteed.

Both SSL and TLS work very much the same way. First, the sessions at each endpoint contact each other for information about what encryption method is going to be employed. Second, the keys are exchanged. These could be (Ron Rivest, Adi Shamir, and Leonard Adleman) RSA, elliptic curve Diffie–Hellman (ECDH), security rollup package (SRP), or pre-shared key.

Finally, the messages are encrypted and authenticated, sometimes using Certificate of Authorities Public Key list. When you utilize SSL and TLS you may run into a situation where the server certificate does not match the information held in the Certificate of Authorities Public Key list. If this is the case, the user may override the error message or may choose not to trust the site and end the connection.

The whole public key/private key encryption is able to take place behind the scenes for a few reasons. During the beginning phase of the connection, the server, and requesting computer generate a random number. Random numbers are combined and encrypted using the private keys. Only the owner of the public key can unencrypt the random number that is sent using their private key.

TLS is growing every year. One of the limiting factors is the size of the hash value in the final message is truncated to 96 bits. So even though it could be using a 256 bit hash, the transmission cuts it to 96 bits. In the future we may see something that addresses this.

Transport Layer Security and Secure Sockets Layer

Transport Layer Security (TLS) and the original Secure Sockets Layer (SSL) are cryptographic protocols that are used for transferring information over networks such as the Internet. They both encrypt the data transferred between communicating endpoints, such as a Web browser and a Web server. Use of SSL or TLS is mandated by PCI DSS Requirement 4.1. Describing the technical differences between TLS and SSL is beyond the scope of this chapter.

Note

A merchant asked one of the authors some time ago: if I have an SSL certificate on an e-commerce Web site, am I PCI DSS compliant?

After recovering from shock (after all, there about 250 more requirements in PCI DSS!), the author was able to explain that SSL obviously does not guarantee PCI compliance. However, transmitting card data without SSL or TLS will certainly guarantee the absence of such compliance.

All modern Web servers such as Apache (www.apache.org) and Microsoft IIS (www.iis.net) have long offered native SSL support. Configuration of SSL on each individual server is beyond the scope of the book. Google offers many pointers to enabling SSL on your Apache Web server as does virtually every Certificate Authority (CA).

Don’t forget, per the Council, SSLv2 is no longer acceptable and cannot be deployed on systems that are involved in card processing and on external systems. You must at least use TLS 1.0 or SSLv3. Also, you can expect that TLS 1.0 will also become deprecated due to recent attacks against that version of the protocol, and you will need to migrate to TLS 1.1 or 1.2.

Note

A PCI DSS requirement clarification from the PCI Council now mandates that all approved scanning vendors (ASVs) detect the use of older cryptographic protocols and identify this as a failure to PCI validation via scanning, leading to loss of PCI compliance. We cover PCI ASV scanning in Chapter 8, “Vulnerability Management.” Specifically, the PCI Council stated it is imperative that an ASV identifies the use of older versions of SSL (version 2.0 and older) to transmit cardholder data as a failure. The PCI Council also clarified that the merchant can enable SSLv2 or even an older version for an initial handshake only to notify the user of the outdated browser that it needs to be updated, and then disallow access to the site until and unless the user updates his browser.

To resolve these failures for PCI validation, discontinue the use of SSLv2 on all systems within the PCI scope. Having a user browse your site without that capability is not only rare, but you would be doing him a favor by directing him to a place where he can update his browser. There are some very specific instances where you may not be able to phase out the use of SSLv2 for in-scope systems (note, systems not in scope would be exempt from this requirement). Those should be discussed with your Acquirer.

Which of the following protocol is used for securing HTTP?

Which TCP IP protocol is a secure form of HTTP?

How does HTTPS provide security?

What methods does HTTPS use that make it more secure than HTTP?