INTRODUCTION

TRANSPORT LAYER SECURITY

Presented by Abhiram Sahu

2 .

Contents 3 .

Web browsing.  It provide security for applications such as email. VoIP (Voice over Internet Protocol).  It is the successor to the Secure Sockets Layer (SSL).  TLS ensures that no third party may tamper with any message. 4 . TLS stands for Transport Layer Security. Instant Messaging. It is a protocol that establishes a secure connection between the visitor’s web browser and your website so that all communications transmitted through this link are encrypted .

or collect confidential information from the users on the network.  Transport Layer Security involves the use of an encryption system which utilizes a digital certificate which is formulated to identify the network owner. Transport Layer Security is used within organizations that use payment processes. It can also be used by other businesses that want to secure network connections between the client and the server. store sensitive data such as medical information. 5 .

6 .TLS is the successor to Secure Sockets Layer (SSL). SSL and TLS are frameworks that include cryptographic protocols They are intended to provide secure communications on the Internet.

Virtual Private Network Security: TLS works to secure a virtual private network by installing a digital certificate on the VPN that provides an encrypted connection between the remote user and the network that they are accessing. a digital certificate is installed on the email server to provide encrypted communications when sending and receiving confidential information via email. Database and Directory Security: Organizations deploy Transport Layer Security to encrypt server queries for databases and directories that contain sensitive data and information.Different Types of Transport Layer Security Web Server Transport Layer Security: This type of encryption protects the data when the client connects to the Internet to send data through a Web browser or website. Email Server Transport Layer Security: To secure communications between the email client and the server. 7 .

The TLS protocol is consists of two layers TLS Record Protocol The TLS Record Protocol provides connection security with some encryption method such as the Data Encryption Standard (DES). 8 . TLS Handshake Protocol The TLS Handshake Protocol allows the server and client to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before data is exchanged.

0  TLS 1.0 was first published by IETF 1999 as an upgrade of SSL Version 3.1  TLS 1.0 and PCT both Netscape's and Microsoft's approaches.TLS 1. Change in handling of padding errors. 9 .0. Added protection against Cipher block chaining (CBC).0. TLS 1.1 was defined in RFC 4346 in April 2006.  This protocol is based on SSL v3. It is an update version of TLS version 1.

The MD5-SHA-1 combination in the pseudorandom function (PRF) was replaced with SHA-256.2 was defined in RFC 5246 in August 2008. Expansion of support for authenticated encryption ciphers .2 TLS 1.TLS 1. It is based on the earlier TLS 1.1 specification. with an option to use cipher-suite specified PRFs.

• The certificate uses extended validation. invalid. Red Yellow White Green 11 . • Certification authority that issued it cannot be verified. no personal information. or has an error. • The certificate has normal validation. phishing.• Certificate is out of date.

Strong authentication Message privacy. It also provides data integrity through an integrity check value. 12 . and integrity TLS can help to secure transmitted data using encryption. TLS also authenticates servers.

Ease of deployment Ease of use 13 .TLS security protocol protect against masquerade attacks Every e-mail sent and received is encrypted Replay attacks.

Rapid deployment 14 .E-mail encryption is transparent TLS is globally accepted Industry Standard E-mail can be easily inspected for viruses Reduced cost No overhead for end-users.

15 . • The performance varies. • A TLS environment is complex and requires maintenance. the system administrator must configure the system and manage certificates. • TLS uses the greatest resources while it is setting up connections. depending on how often connections are established and how long they last.• This is the most significant limitation to implementing TLS.

So TLS is very important for secure connection in the information age. • it’s very important to make the data secure . 16 . • There are so many banking company are there.• Now a days it is open source and used by almost every web developer for secure data transmission . they allowed user to transfer data over internet .

New York: Wiley.microsoft.ibm.html http://datatracker.com/developerworks/webservices/library/ws-ssl-security/index. "A Challenging But Feasible Blockwise-Adaptive ChosenPlaintext Attack On Ssl".mozilla. Gregory (2006).org/wg/tls/charter/ . Retrieved 2007-04-20.85).com/en-us/library/windows/desktop/aa380516(v=vs. Bard. URL http://en.Stephen A.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.pdf http://msdn.html  http://www.aspx http://www. Thomas (2000). ISBN 0-471-38354-6.org/wiki/Transport_Layer_Security http://www.gov/archive/pki-twg/y2002/presentations/twg-02-15.wikipedia.nist. International Association for Cryptologic Research (136).ietf.csrc. SSL and TLS essentials securing the Web.

.

19 .