SlideShare a Scribd company logo

Introduction to TLS 1.3

n|u - The Open Security Community
n|u - The Open Security Community

TLS 1.3 is an update to the Transport Layer Security protocol that improves security and privacy. It removes vulnerable optional parts of TLS 1.2 and only supports strong ciphers to implement perfect forward secrecy. The handshake process is also significantly shortened. TLS 1.3 provides security benefits by removing outdated ciphers and privacy benefits by enabling perfect forward secrecy by default, ensuring only endpoints can decrypt traffic even if server keys are compromised in the future.

1 of 11
Download to read offline
INTRODUCTION TO TLS 1.3 Presented by Vedant Jain NULL BHOPAL MONTHLY MEET JANUARY 2020
SUMMARY OF CONTENTS OUR MAIN TOPICS TODAY What is Transport Layer Security Whats New in TLS 1.3 How TLS Achieves This Key Goals of TLS 1.3 Security Benefits Privacy Benefits Difference between Handshake in TLS 1.2 & 1.3
WHAT IS TLS THE BEGINNING OF TRANSPORT LAYER SECURITY Probably the Internet’s most important security protocol Designed over 20 years ago by Netscape for Web transactions But used for just about everything you can think of Maintained by the Internet Engineering Task Force – Back then, called Secure Sockets Layer – HTTP – SSL-VPNs – E-mail – Voice/video – IoT – We’re now at version 1.2
WHATS NEW IN TLS 1.3 TLS 1.3 offers some great improvements over TLS 1.2. Vulnerable optional parts of the protocol have been removed, there’s support for stronger ciphers required to implement perfect forward secrecy (PFS), and the handshake process has been significantly shortened. In addition, implementing TLS 1.3 should be relatively simple. You can use the same keys you used for TLS 1.2. Clients and servers will automatically negotiate a TLS 1.3 handshake when they both support it, and Google Chrome and Mozilla Firefox already do it by default.
TLS ACHIEVES THIS USING VARIOUS TECHNIQUES… – Symmetric key encryption for application data. – Typically Advanced Encryption Standard (AES). PRIVACY – Authenticated Encryption with Additional Data (AEAD). – Usually AES-GCM (Galois/Counter Mode) cipher mode. INTEGRITY – X509 certificates signed by a mutually trusted third party. – Typically server authenticated only. AUTHENTICATION
KEY GOALS OF TLS 1.3 Clean up - Remove unsafe or Unused features Security - Improve security w/modern techniques Privacy - Encrypt more of the protocol. Performance -1-RTT and 0-RTT handshakes Continuity - Backwards compatibility
SECURITY BENEFITS Although TLS 1.2 can still be deployed securely, several high-profile vulnerabilities have exploited optional parts of the protocol and outdated ciphers. TLS 1.3 removes many of these problematic options and only includes support for algorithms with no known vulnerabilities (at this time). The IETF chose to remove all ciphers that do not support PFS from TLS connections. These include DES, AESCBC, RC4, and other ciphers less commonly used.
PRIVACY BENEFITS TLS 1.3 also enables PFS(Perfect Forward Secrecy) by default. This cryptographic technique adds another layer of confidentiality to an encrypted session, ensuring that only the two endpoints can decrypt the traffic. With PFS, even if a third party were to record an encrypted session, and later gain access to the server private key, they could not use that key to decrypt the session.
HANDSHAKE TLS1.2 HANDSHAKE TLS1.3
REFERENCES WOULD I PREFERRED… http://web.stanford.edu/class/ee380/Abstracts/151118-slides.pdf https://www.owasp.org/images/9/91/OWASPLondon20180125_TLSv1.3_ Andy_Brodie.pdf https://www.cloudflare.com/learning-resources/tls-1-3/ https://www.f5.com/pdf/products/tls1-3_are-you-ready.pdf
QUESTIONS? COMMENTS? LET US KNOW! @Vedant__Jain TWITTER jainvedant786@gmail.com EMAIL

More Related Content

Introduction to TLS 1.3

  • 1. INTRODUCTION TO TLS 1.3 Presented by Vedant Jain NULL BHOPAL MONTHLY MEET JANUARY 2020
  • 2. SUMMARY OF CONTENTS OUR MAIN TOPICS TODAY What is Transport Layer Security Whats New in TLS 1.3 How TLS Achieves This Key Goals of TLS 1.3 Security Benefits Privacy Benefits Difference between Handshake in TLS 1.2 & 1.3
  • 3. WHAT IS TLS THE BEGINNING OF TRANSPORT LAYER SECURITY Probably the Internet’s most important security protocol Designed over 20 years ago by Netscape for Web transactions But used for just about everything you can think of Maintained by the Internet Engineering Task Force – Back then, called Secure Sockets Layer – HTTP – SSL-VPNs – E-mail – Voice/video – IoT – We’re now at version 1.2
  • 4. WHATS NEW IN TLS 1.3 TLS 1.3 offers some great improvements over TLS 1.2. Vulnerable optional parts of the protocol have been removed, there’s support for stronger ciphers required to implement perfect forward secrecy (PFS), and the handshake process has been significantly shortened. In addition, implementing TLS 1.3 should be relatively simple. You can use the same keys you used for TLS 1.2. Clients and servers will automatically negotiate a TLS 1.3 handshake when they both support it, and Google Chrome and Mozilla Firefox already do it by default.
  • 5. TLS ACHIEVES THIS USING VARIOUS TECHNIQUES… – Symmetric key encryption for application data. – Typically Advanced Encryption Standard (AES). PRIVACY – Authenticated Encryption with Additional Data (AEAD). – Usually AES-GCM (Galois/Counter Mode) cipher mode. INTEGRITY – X509 certificates signed by a mutually trusted third party. – Typically server authenticated only. AUTHENTICATION
  • 6. KEY GOALS OF TLS 1.3 Clean up - Remove unsafe or Unused features Security - Improve security w/modern techniques Privacy - Encrypt more of the protocol. Performance -1-RTT and 0-RTT handshakes Continuity - Backwards compatibility
  • 7. SECURITY BENEFITS Although TLS 1.2 can still be deployed securely, several high-profile vulnerabilities have exploited optional parts of the protocol and outdated ciphers. TLS 1.3 removes many of these problematic options and only includes support for algorithms with no known vulnerabilities (at this time). The IETF chose to remove all ciphers that do not support PFS from TLS connections. These include DES, AESCBC, RC4, and other ciphers less commonly used.
  • 8. PRIVACY BENEFITS TLS 1.3 also enables PFS(Perfect Forward Secrecy) by default. This cryptographic technique adds another layer of confidentiality to an encrypted session, ensuring that only the two endpoints can decrypt the traffic. With PFS, even if a third party were to record an encrypted session, and later gain access to the server private key, they could not use that key to decrypt the session.
  • 10. REFERENCES WOULD I PREFERRED… http://web.stanford.edu/class/ee380/Abstracts/151118-slides.pdf https://www.owasp.org/images/9/91/OWASPLondon20180125_TLSv1.3_ Andy_Brodie.pdf https://www.cloudflare.com/learning-resources/tls-1-3/ https://www.f5.com/pdf/products/tls1-3_are-you-ready.pdf
  • 11. QUESTIONS? COMMENTS? LET US KNOW! @Vedant__Jain TWITTER jainvedant786@gmail.com EMAIL