SlideShare ist ein Scribd-Unternehmen logo

Introduction to TLS 1.3

n|u - The Open Security Community
n|u - The Open Security Community

Introduction to TLS 1.3

Bildung
1 von 11
Downloaden Sie, um offline zu lesen
INTRODUCTION TO TLS 1.3 Presented by Vedant Jain NULL BHOPAL MONTHLY MEET JANUARY 2020
SUMMARY OF CONTENTS OUR MAIN TOPICS TODAY What is Transport Layer Security Whats New in TLS 1.3 How TLS Achieves This Key Goals of TLS 1.3 Security Benefits Privacy Benefits Difference between Handshake in TLS 1.2 & 1.3
WHAT IS TLS THE BEGINNING OF TRANSPORT LAYER SECURITY Probably the Internet’s most important security protocol Designed over 20 years ago by Netscape for Web transactions But used for just about everything you can think of Maintained by the Internet Engineering Task Force – Back then, called Secure Sockets Layer – HTTP – SSL-VPNs – E-mail – Voice/video – IoT – We’re now at version 1.2
WHATS NEW IN TLS 1.3 TLS 1.3 offers some great improvements over TLS 1.2. Vulnerable optional parts of the protocol have been removed, there’s support for stronger ciphers required to implement perfect forward secrecy (PFS), and the handshake process has been significantly shortened. In addition, implementing TLS 1.3 should be relatively simple. You can use the same keys you used for TLS 1.2. Clients and servers will automatically negotiate a TLS 1.3 handshake when they both support it, and Google Chrome and Mozilla Firefox already do it by default.
TLS ACHIEVES THIS USING VARIOUS TECHNIQUES… – Symmetric key encryption for application data. – Typically Advanced Encryption Standard (AES). PRIVACY – Authenticated Encryption with Additional Data (AEAD). – Usually AES-GCM (Galois/Counter Mode) cipher mode. INTEGRITY – X509 certificates signed by a mutually trusted third party. – Typically server authenticated only. AUTHENTICATION
KEY GOALS OF TLS 1.3 Clean up - Remove unsafe or Unused features Security - Improve security w/modern techniques Privacy - Encrypt more of the protocol. Performance -1-RTT and 0-RTT handshakes Continuity - Backwards compatibility
SECURITY BENEFITS Although TLS 1.2 can still be deployed securely, several high-profile vulnerabilities have exploited optional parts of the protocol and outdated ciphers. TLS 1.3 removes many of these problematic options and only includes support for algorithms with no known vulnerabilities (at this time). The IETF chose to remove all ciphers that do not support PFS from TLS connections. These include DES, AESCBC, RC4, and other ciphers less commonly used.
PRIVACY BENEFITS TLS 1.3 also enables PFS(Perfect Forward Secrecy) by default. This cryptographic technique adds another layer of confidentiality to an encrypted session, ensuring that only the two endpoints can decrypt the traffic. With PFS, even if a third party were to record an encrypted session, and later gain access to the server private key, they could not use that key to decrypt the session.
HANDSHAKE TLS1.2 HANDSHAKE TLS1.3
REFERENCES WOULD I PREFERRED… http://web.stanford.edu/class/ee380/Abstracts/151118-slides.pdf https://www.owasp.org/images/9/91/OWASPLondon20180125_TLSv1.3_ Andy_Brodie.pdf https://www.cloudflare.com/learning-resources/tls-1-3/ https://www.f5.com/pdf/products/tls1-3_are-you-ready.pdf
QUESTIONS? COMMENTS? LET US KNOW! @Vedant__Jain TWITTER jainvedant786@gmail.com EMAIL

Empfohlen

Introduction to TLS-1.3
Introduction to TLS-1.3 Introduction to TLS-1.3
Introduction to TLS-1.3
Vedant Jain
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)
Kalpesh Kalekar
 
VPN: SSL vs IPSEC
VPN: SSL vs IPSECVPN: SSL vs IPSEC
VPN: SSL vs IPSEC
Sylvain Maret
 
TLS 1.3: Everything You Need to Know - CheapSSLsecurity
TLS 1.3: Everything You Need to Know - CheapSSLsecurityTLS 1.3: Everything You Need to Know - CheapSSLsecurity
TLS 1.3: Everything You Need to Know - CheapSSLsecurity
CheapSSLsecurity
 
HTTP vs HTTPS Difference
HTTP vs HTTPS Difference HTTP vs HTTPS Difference
HTTP vs HTTPS Difference
Real Estate
 
SSL TLS Protocol
SSL TLS ProtocolSSL TLS Protocol
SSL TLS Protocol
Devang Badrakiya
 
TLS v1.3
TLS v1.3TLS v1.3
TLS v1.3
Siddhartha Rao
 
An overview of TCP (Transmission Control Protocol)
An overview of TCP (Transmission Control Protocol)An overview of TCP (Transmission Control Protocol)
An overview of TCP (Transmission Control Protocol)
Ammad Marwat
 

Empfohlen

Introduction to TLS-1.3
Introduction to TLS-1.3 Introduction to TLS-1.3
Introduction to TLS-1.3
Vedant Jain
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)
Kalpesh Kalekar
 
VPN: SSL vs IPSEC
VPN: SSL vs IPSECVPN: SSL vs IPSEC
VPN: SSL vs IPSEC
Sylvain Maret
 
TLS 1.3: Everything You Need to Know - CheapSSLsecurity
TLS 1.3: Everything You Need to Know - CheapSSLsecurityTLS 1.3: Everything You Need to Know - CheapSSLsecurity
TLS 1.3: Everything You Need to Know - CheapSSLsecurity
CheapSSLsecurity
 
HTTP vs HTTPS Difference
HTTP vs HTTPS Difference HTTP vs HTTPS Difference
HTTP vs HTTPS Difference
Real Estate
 
SSL TLS Protocol
SSL TLS ProtocolSSL TLS Protocol
SSL TLS Protocol
Devang Badrakiya
 
TLS v1.3
TLS v1.3TLS v1.3
TLS v1.3
Siddhartha Rao
 
An overview of TCP (Transmission Control Protocol)
An overview of TCP (Transmission Control Protocol)An overview of TCP (Transmission Control Protocol)
An overview of TCP (Transmission Control Protocol)
Ammad Marwat
 
OSI Layer
OSI LayerOSI Layer
OSI Layer
Mathi Vanan
 
Tls 1.3
Tls 1.3Tls 1.3
Tls 1.3
Kevin OBrien
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for Stream
Splunk
 
Http Vs Https .
Http Vs Https . Http Vs Https .
Http Vs Https .
simplyharshad
 
PGP.ppt
PGP.pptPGP.ppt
PGP.ppt
ssuserec53e73
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
Harry Potter
 
Web and http computer network
Web and http computer networkWeb and http computer network
Web and http computer network
Anil Pokhrel
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
Samip jain
 
FTP & TFTP
FTP & TFTPFTP & TFTP
FTP & TFTP
NetProtocol Xpert
 
Basic BGP Configuration
Basic BGP ConfigurationBasic BGP Configuration
Basic BGP Configuration
NetProtocol Xpert
 
Arp
ArpArp
Arp
naveenarvinth
 
Ieee 802.1 standards ether types
Ieee 802.1 standards ether typesIeee 802.1 standards ether types
Ieee 802.1 standards ether types
minhhv
 
HTTP/3
HTTP/3HTTP/3
HTTP/3
Daniel Stenberg
 
Acl
AclAcl
Acl
Raghu Kiran
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS
Ghanshyam Patel
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
Mohammed Adam
 
TELNET and SSH by MUSTAFA SAKHAI
TELNET and SSH by MUSTAFA SAKHAITELNET and SSH by MUSTAFA SAKHAI
TELNET and SSH by MUSTAFA SAKHAI
MUSTAFA SAKHAI
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture short
Avirot Mitamura
 
TCP/IP Presentation
TCP/IP PresentationTCP/IP Presentation
TCP/IP Presentation
eleinepagtakhan
 
Smtp protocol
Smtp protocolSmtp protocol
Smtp protocol
alibefkani
 
Difference between TLS 1.2 vs TLS 1.3 and tutorial of TLS2 and TLS2 version c...
Difference between TLS 1.2 vs TLS 1.3 and tutorial of TLS2 and TLS2 version c...Difference between TLS 1.2 vs TLS 1.3 and tutorial of TLS2 and TLS2 version c...
Difference between TLS 1.2 vs TLS 1.3 and tutorial of TLS2 and TLS2 version c...
jeetendra mandal
 
Transport Layer Security
Transport Layer Security Transport Layer Security
Transport Layer Security
Ibrahiem Mohammed
 

Weitere ähnliche Inhalte

Was ist angesagt?

Ieee 802.1 standards ether types
Ieee 802.1 standards ether typesIeee 802.1 standards ether types
Ieee 802.1 standards ether types
minhhv
 
HTTP/3
HTTP/3HTTP/3
HTTP/3
Daniel Stenberg
 

Was ist angesagt? (20)

OSI Layer
OSI LayerOSI Layer
OSI Layer
 
Tls 1.3
Tls 1.3Tls 1.3
Tls 1.3
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for Stream
 
Http Vs Https .
Http Vs Https . Http Vs Https .
Http Vs Https .
 
PGP.ppt
PGP.pptPGP.ppt
PGP.ppt
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Web and http computer network
Web and http computer networkWeb and http computer network
Web and http computer network
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
FTP & TFTP
FTP & TFTPFTP & TFTP
FTP & TFTP
 
Basic BGP Configuration
Basic BGP ConfigurationBasic BGP Configuration
Basic BGP Configuration
 
Arp
ArpArp
Arp
 
Ieee 802.1 standards ether types
Ieee 802.1 standards ether typesIeee 802.1 standards ether types
Ieee 802.1 standards ether types
 
HTTP/3
HTTP/3HTTP/3
HTTP/3
 
Acl
AclAcl
Acl
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
 
TELNET and SSH by MUSTAFA SAKHAI
TELNET and SSH by MUSTAFA SAKHAITELNET and SSH by MUSTAFA SAKHAI
TELNET and SSH by MUSTAFA SAKHAI
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture short
 
TCP/IP Presentation
TCP/IP PresentationTCP/IP Presentation
TCP/IP Presentation
 
Smtp protocol
Smtp protocolSmtp protocol
Smtp protocol
 

Ähnlich wie Introduction to TLS 1.3

Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit DetectionComparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
CSCJournals
 
Vulnerability-tolerant Transport Layer Security
Vulnerability-tolerant Transport Layer SecurityVulnerability-tolerant Transport Layer Security
Vulnerability-tolerant Transport Layer Security
Miguel Pardal
 
BSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINALBSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINAL
Glenn Haley
 
OSDC 2018 | Hitchhiker’s guide to TLS 1.3 and GnuTLS by Ander Juaristi Alamos
OSDC 2018 | Hitchhiker’s guide to TLS 1.3 and GnuTLS by Ander Juaristi AlamosOSDC 2018 | Hitchhiker’s guide to TLS 1.3 and GnuTLS by Ander Juaristi Alamos
OSDC 2018 | Hitchhiker’s guide to TLS 1.3 and GnuTLS by Ander Juaristi Alamos
NETWAYS
 
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
chhoup
 

Ähnlich wie Introduction to TLS 1.3 (20)

Difference between TLS 1.2 vs TLS 1.3 and tutorial of TLS2 and TLS2 version c...
Difference between TLS 1.2 vs TLS 1.3 and tutorial of TLS2 and TLS2 version c...Difference between TLS 1.2 vs TLS 1.3 and tutorial of TLS2 and TLS2 version c...
Difference between TLS 1.2 vs TLS 1.3 and tutorial of TLS2 and TLS2 version c...
 
Transport Layer Security
Transport Layer Security Transport Layer Security
Transport Layer Security
 
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit DetectionComparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
 
Rootconf2019
Rootconf2019Rootconf2019
Rootconf2019
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tls
 
Study and analysis of some known attacks on transport layer security
Study and analysis of some known attacks on transport layer securityStudy and analysis of some known attacks on transport layer security
Study and analysis of some known attacks on transport layer security
 
Vulnerability-tolerant Transport Layer Security
Vulnerability-tolerant Transport Layer SecurityVulnerability-tolerant Transport Layer Security
Vulnerability-tolerant Transport Layer Security
 
Sequere socket Layer
Sequere socket LayerSequere socket Layer
Sequere socket Layer
 
Cours4.pptx
Cours4.pptxCours4.pptx
Cours4.pptx
 
BSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINALBSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINAL
 
Why Many Websites are still Insecure (and How to Fix Them)
Why Many Websites are still Insecure (and How to Fix Them)Why Many Websites are still Insecure (and How to Fix Them)
Why Many Websites are still Insecure (and How to Fix Them)
 
OSDC 2018 | Hitchhiker’s guide to TLS 1.3 and GnuTLS by Ander Juaristi Alamos
OSDC 2018 | Hitchhiker’s guide to TLS 1.3 and GnuTLS by Ander Juaristi AlamosOSDC 2018 | Hitchhiker’s guide to TLS 1.3 and GnuTLS by Ander Juaristi Alamos
OSDC 2018 | Hitchhiker’s guide to TLS 1.3 and GnuTLS by Ander Juaristi Alamos
 
Secure Sockets Layer(SSL)Certificate
Secure Sockets Layer(SSL)CertificateSecure Sockets Layer(SSL)Certificate
Secure Sockets Layer(SSL)Certificate
 
Egor Podmokov - TLS from security point of view
Egor Podmokov - TLS from security point of viewEgor Podmokov - TLS from security point of view
Egor Podmokov - TLS from security point of view
 
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
 
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
 
SSL VS TLS.pptx
SSL VS TLS.pptxSSL VS TLS.pptx
SSL VS TLS.pptx
 
Telnet presentation
Telnet presentationTelnet presentation
Telnet presentation
 
ssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptx
 
ION Sri Lanka - TLS for Network Operators
ION Sri Lanka - TLS for Network OperatorsION Sri Lanka - TLS for Network Operators
ION Sri Lanka - TLS for Network Operators
 

Mehr von n|u - The Open Security Community

Mehr von n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 
News bytes null 200314121904
News bytes null 200314121904News bytes null 200314121904
News bytes null 200314121904
 

Kürzlich hochgeladen

Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
AnaAcapella
 

Kürzlich hochgeladen (20)

Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 

Introduction to TLS 1.3

  • 1. INTRODUCTION TO TLS 1.3 Presented by Vedant Jain NULL BHOPAL MONTHLY MEET JANUARY 2020
  • 2. SUMMARY OF CONTENTS OUR MAIN TOPICS TODAY What is Transport Layer Security Whats New in TLS 1.3 How TLS Achieves This Key Goals of TLS 1.3 Security Benefits Privacy Benefits Difference between Handshake in TLS 1.2 & 1.3
  • 3. WHAT IS TLS THE BEGINNING OF TRANSPORT LAYER SECURITY Probably the Internet’s most important security protocol Designed over 20 years ago by Netscape for Web transactions But used for just about everything you can think of Maintained by the Internet Engineering Task Force – Back then, called Secure Sockets Layer – HTTP – SSL-VPNs – E-mail – Voice/video – IoT – We’re now at version 1.2
  • 4. WHATS NEW IN TLS 1.3 TLS 1.3 offers some great improvements over TLS 1.2. Vulnerable optional parts of the protocol have been removed, there’s support for stronger ciphers required to implement perfect forward secrecy (PFS), and the handshake process has been significantly shortened. In addition, implementing TLS 1.3 should be relatively simple. You can use the same keys you used for TLS 1.2. Clients and servers will automatically negotiate a TLS 1.3 handshake when they both support it, and Google Chrome and Mozilla Firefox already do it by default.
  • 5. TLS ACHIEVES THIS USING VARIOUS TECHNIQUES… – Symmetric key encryption for application data. – Typically Advanced Encryption Standard (AES). PRIVACY – Authenticated Encryption with Additional Data (AEAD). – Usually AES-GCM (Galois/Counter Mode) cipher mode. INTEGRITY – X509 certificates signed by a mutually trusted third party. – Typically server authenticated only. AUTHENTICATION
  • 6. KEY GOALS OF TLS 1.3 Clean up - Remove unsafe or Unused features Security - Improve security w/modern techniques Privacy - Encrypt more of the protocol. Performance -1-RTT and 0-RTT handshakes Continuity - Backwards compatibility
  • 7. SECURITY BENEFITS Although TLS 1.2 can still be deployed securely, several high-profile vulnerabilities have exploited optional parts of the protocol and outdated ciphers. TLS 1.3 removes many of these problematic options and only includes support for algorithms with no known vulnerabilities (at this time). The IETF chose to remove all ciphers that do not support PFS from TLS connections. These include DES, AESCBC, RC4, and other ciphers less commonly used.
  • 8. PRIVACY BENEFITS TLS 1.3 also enables PFS(Perfect Forward Secrecy) by default. This cryptographic technique adds another layer of confidentiality to an encrypted session, ensuring that only the two endpoints can decrypt the traffic. With PFS, even if a third party were to record an encrypted session, and later gain access to the server private key, they could not use that key to decrypt the session.
  • 10. REFERENCES WOULD I PREFERRED… http://web.stanford.edu/class/ee380/Abstracts/151118-slides.pdf https://www.owasp.org/images/9/91/OWASPLondon20180125_TLSv1.3_ Andy_Brodie.pdf https://www.cloudflare.com/learning-resources/tls-1-3/ https://www.f5.com/pdf/products/tls1-3_are-you-ready.pdf
  • 11. QUESTIONS? COMMENTS? LET US KNOW! @Vedant__Jain TWITTER jainvedant786@gmail.com EMAIL