Cyber Security Course

Javed Iqbal
[email protected]
 Week 10

Transport Layer Security

 What is Transport Layer Security?

• Transport Layer Security (TLS) is a cryptographic protocol that ensures secure

communication over a network.

• It provides privacy, integrity, and authentication between client-server

applications.

• TLS operates at the transport layer of the TCP/IP protocol suite and is widely
used to secure various applications, including web browsing, email, instant
messaging, and file transfers.
 Continue…

• TLS is the successor to the Secure Sockets Layer (SSL) protocol, and the
terms SSL and TLS are often used interchangeably.

• The latest version of TLS is TLS 1.3, which provides improved security
and performance compared to earlier versions.
Key Components of TLS
 Handshake Protocol

The TLS handshake protocol is responsible for establishing a

secure connection between the client and server. It involves a series
of messages exchanged between the client and server to negotiate
the cryptographic parameters, authenticate the parties involved,
and establish a shared secret key for secure communication.
 Record Protocol

Once the secure connection is established, the TLS record protocol is used
for data encapsulation, encryption, integrity checks, and authentication. It
takes the application data and divides it into manageable units called
records, which are then encrypted and sent over the network. On the
receiving end, the records are decrypted, and integrity checks are performed
to ensure the data's integrity.
 Change Cipher Spec Protocol

The change cipher spec protocol is a simple protocol that signals

the readiness of the parties to switch to the newly negotiated
security parameters. It is responsible for activating the negotiated
security settings for the TLS session.
TLS Workflow
 TLS Workflow
• Client Hello: The TLS handshake begins with the client sending a Client
Hello message to the server, indicating its TLS capabilities, supported
cipher suites, and other parameters.
• Server Hello: The server responds with a Server Hello message, selecting the
appropriate cipher suite and other security parameters from the client's provided
options.
• Certificate Exchange: If the server requires client authentication or if the client
requests server authentication, the server sends its digital certificate to the client. The
client verifies the server's certificate and may send its own certificate if requested.
 TLS Workflow
• Key Exchange: The client and server perform a key exchange to establish a shared secret key
for symmetric encryption. This key is used to encrypt and decrypt the application data
exchanged between them.
• Change Cipher Spec: The client and server exchange Change Cipher Spec messages to
indicate that they will start using the negotiated security parameters for the remainder of the
session.
• Secure Data Transfer: Once the handshake is completed, the client and server can securely
exchange data using the record protocol. The data is encrypted, ensuring its confidentiality, and
integrity checks are performed to detect any tampering during transmission.
• Session Termination: When the session is complete, the connection can be terminated
gracefully, freeing up resources and closing the secure channel between the client and server.
Security Measures in TLS
 Security Measures in TLS
• TLS incorporates various security measures to ensure secure
communication:
• Encryption: TLS uses symmetric encryption algorithms to encrypt and
decrypt data. This ensures that data transmitted over the network cannot be
intercepted and read by unauthorized parties.
• Hash Functions: Hash functions are used to ensure data integrity. They
generate a fixed-size hash value from the data, which is sent along with the
data. The recipient can verify the integrity by recomputing the hash value
and comparing it with the received hash value.
 Security Measures in TLS
• Digital Certificates: TLS utilizes digital certificates to
authenticate the identity of the server and, optionally, the client.
Certificates are issued by trusted Certificate Authorities (CAs)
and contain the server's public key and other information.
• Diffie-Hellman Key Exchange: TLS supports Diffie-Hellman
key exchange algorithms to securely establish a shared secret
key between the client and server without transmitting it over the
network.
TLS Versions
 Security Measures in TLS
• TLS has evolved over time, with new versions being introduced to address security
vulnerabilities and improve performance. The major versions of TLS are:
• TLS 1.0: Released in 1999, it provided a significant security improvement over
SSL.
• TLS 1.1: Released in 2006, it addressed vulnerabilities present in TLS 1.0.
• TLS 1.2: Released in 2008, it introduced stronger cipher suites, improved security
features, and enhanced performance.
• TLS 1.3: Released in 2018, it brought major security and performance
enhancements, including reduced latency, improved handshake security, and
simplified cipher suites.
 Common Attacks
TLS can be targeted by various attacks such as:
• Man-in-the-middle attacks
• Protocol downgrade attacks
• Attacks on certificates
Implementing TLS correctly and staying updated with the latest security
practices helps mitigate these risks.
 Best Practices
Following best practices is essential for the effective
implementation of TLS. These include
• Using the latest TLS versions
• Disabling weak cipher suites
• Proper key management
• Regularly updating certificates.
Network Layer Security
 What is Network Layer Security?

• Network layer security, also known as network security or IPsec

(Internet Protocol Security), refers to the measures and protocols
implemented to secure data and communication at the network layer
of the TCP/IP protocol stack.

• It aims to protect the integrity, confidentiality, and availability of data

as it is transmitted over a network.
 What is Network Layer Security?

• The network layer is responsible for routing packets across different

networks and providing end-to-end communication between hosts.

• Network layer security ensures that this communication remains secure

and protected from various threats such as unauthorized access,
interception, tampering, and network-based attacks.
Key Components and Techniques
 Virtual Private Networks (VPNs)

• VPNs create secure, encrypted tunnels over public networks, such as

the internet, to connect remote users or branch offices to a private
network.

• VPN protocols like IPsec, SSL/TLS, or OpenVPN are commonly

used to establish secure connections and protect data confidentiality.
 IPsec (Internet Protocol Security)

• IPsec is a widely used protocol suite for network layer security. It

provides mechanisms for authentication, encryption, and data integrity,
ensuring secure communication between network devices.

• IPsec operates at the IP layer (Layer 3) and can be used to secure

various types of network traffic, including IP-based protocols like IPv4
and IPv6.
 Firewall

• Firewalls are network security devices that monitor, and control

incoming and outgoing network traffic based on predefined security
rules.

• They help protect against unauthorized access and malicious activities by

filtering traffic based on IP addresses, ports, protocols, and application-
specific rules.
 Intrusion Detection and Prevention Systems
(IDPS)
• IDPS are security systems designed to detect and prevent network-based attacks.
• They monitor network traffic, analyze it for known patterns or anomalies, and can
take proactive actions to block or mitigate potential threats.

• IDPS can identify and defend against various attacks, such as DoS (Denial of
Service), DDoS (Distributed Denial of Service), and network-based intrusions.
 Routing Protocol Security

• Network layer security also involves securing routing protocols, such as

OSPF (Open Shortest Path First) or BGP (Border Gateway Protocol).

• Secure routing protocols help prevent unauthorized routing updates, route

hijacking, or other attacks that can disrupt network connectivity or
compromise data integrity.
Network Address Translation (NAT) and Port
Address Translation (PAT)
• NAT and PAT are techniques used to map multiple private IP addresses to
a single public IP address.

• They can provide a level of network layer security by hiding internal IP

addresses from external networks, adding an additional layer of
protection against certain types of attacks.
 In Nutshell

• Overall, network layer security plays a crucial role in safeguarding

network infrastructure, ensuring secure communication, and protecting
sensitive data from unauthorized access or tampering.

• It encompasses a combination of hardware, software, and protocols to

establish secure connections, control network traffic, and detect/respond
to potential threats.
Thank You