Introduction their role in receipt of data. To

Introduction

 

Security
plays an important role when it’s come to sharing the data over the internet
and public’s main concern is how their data is going to be shared, who can have
access and how it can be prevented to be used by third parties. Increase in new
technologies have put the security aspects like privacy, integrity,
authenticity and non-repudiation in critical condition.

Privacy
means that the data shared over the internet by two parties must not be shared
or accessed by third party. Integrity detects any changes in the shared data
between the time it was received and sent. Authentication means that data is
only accessible to those it has been authorised for. Non-repudiation protects
the data towards any claim by a third party stated as their role in receipt of
data. To maintain these security levels of the applications and software’s of
new technologies which are engaging in fast paced environment must be delivered
to the public in secure, scalable and manageable way for which many new
architectures and protocols are being invented. (Oppliger, 2016)(T. Dierks Independent, 08/2008) (McKinley, 2003) (Ristic, 2013, Hale, 2013) (Linn, 1993.

 

 

Transport
Layer Security (TLS) plays a deeper role in protecting the data shared over the
internet. The main purpose of TLS is to provide privacy and integrity to the
data being shared by the server between two parties or applications. TLS is a
fully independent protocol and can be used for any level of procedures. TLS is
composed of two layers TLS Record Protocol and TLS Handshake Protocol. TLS
Record Protocol make sure that the connection made to share the data over the
internet is secure, private and reliable and on the other side TLS Handshake
Protocol lets the server and client make any changes to the data before it’s
going to be transmitted or received. The two main layers of TLS Record Protocol
are privacy and integrity. To provide the privacy over the internet to the applications
TLS use public key cryptography, bulk encryption algorithms and shared key
techniques. Public key cryptography is developed to prevent the data and can
only be used by the authorised user to encrypt the data. Bulk encryption
algorithms used to provide integrity by creating a small methodical finger
print of the conversation. Authentication is use to provide the digital certification
to the both private and public keys used to encrypt the data. These digital certificates
hold the private key which can be requested from a client (Oppliger, 2016)(T. Dierks Independent, 08/2008) (McKinley, 2003) (Ristic, 2013, Hale, 2013) (Linn, 1993.

 

Secure
Sockets Layer (SSL) protocol is a default Internet protocol developed by
Netscape in 1994 to secure the transmitted data and communication over the
internet. The main purpose of SSL is to make sure the communication made
between two parties over the Internet stays private and vital and SSL
certificate is key for the web server to establish a secure SSL connection.
However, TLS and SSL both have similarities but have different standards. On
the other side, the new TLS versions v1.1 and v1.2 helped to tackle the data
breaches by BEAST attack in result the TLS has been stated as the most secure
protocol over the internet as it provides more stronger procedures and
cryptographs. To configure a server, it is important to install the software’s
that supports the latest version of TLS and to configure a program a user can
either use TLS or SSL as both provide similar level of security as stated above
but have different values. (Oppliger, 2016)(T. Dierks Independent, 08/2008) (McKinley, 2003) (Ristic, 2013, Hale, 2013) (Linn, 1993.

 

Five Development Stages

 

Below are
the five development stages which were found during the research. All of the
five developments are ranked according to the level of integrity, privacy and
security has been provided.

 

1.     Change Cipher Spec Protocol

 

Change
Cipher Spec Protocol deliver as a single message which is generated through the
secure communications made between a server and the client in the beginning.
The message is encrypted and compressed under the constant connection state.
The message has value of 1 and is only a single byte long. The communication
made between the server and the client to make sure that the new transmitted
data over the server to new destination is secured with the newly transferred
Cipher Spec and keys. The message is only transferred after all the security measures
has been met and further steps has taken to protect the communication during
the handshake. If re-handshake occurs during the transmitting of data, the
organisations should use the old Cipher Spec but as soon the data has been
delivered it is must to use the new Cipher Spec. The transmission of data stays
unidentified on the both sides, so none of the organisations can find out any update
about the each other (T. Dierks Independent, 08/2008) (McKinley, 2003) (Ristic, 2013, Hale, 2013).

 

2.     SSL/TLS Handshake

 

TLS
handshake protocols main role is to exchange a session and has three sub
protocols which allows them to agree upon the security parameters like an
encryption algorithms for the record layer before sending the data. 48 bytes of
master secret shared data between client and a server. SSL and TLS versions are
the two main bodies of the protocols. SSL 3.0 haven’t been changed since it was
developed in 1995, however TLS 1.0 was developed in 1999 have some changes.
Some security issues were changed in TLS 1.1 version after the development. TLS
1.2 added up with encryption and hashing algorithms after the development
process (T. Dierks Independent, 08/2008) (McKinley, 2003) (Ristic, 2013, Hale, 2013).

 

·       TLS 1.0 was released in 1999 and was
the first version to specify a PRF (use by master secret generation) based on
the standard HMRC and implemented as a combination (XOR) of HMAC-MD5 and
HMAC-SHA. The verify_data and master secret is based on PRF instead of custom
construction.

·       TLS 1.1 was released in 2006 and have
some changes in which CBC encryption used explicit IVs, Implementations uses
bad_record_mac alert to reply to any problems etc.

·       TLS 1.2 was released in 2008 and an
extra support added for the authenticated encryptions and HMAC-SHA256 cipher
suites. To accept or verify the hash algorithms, clients can use the new
extension called signature_algorithms.  A
single hash was replaced form MD5/SHA1 which was used for digital signatures.
After the new changes have been made, it allows the cipher suite to perform
tasks on their own. (T. Dierks Independent, 08/2008) (McKinley, 2003) (Ristic, 2013, Hale, 2013).

 

3.     ClientHello

 

Client
hello is the first message which is sent in a new handshake and used to
collaborate the client abilities and partialities towards a server, when a
client first connects to a server.  This
message is send at the start of the new handshake as a reply to the new server
HelloRequest. Client Hello contains 32 bytes of data from which 28 bytes are
randomly produced and the left four bytes hold extra details partial by the
client clocks. Random data is shared throughout the handshake by the client and
a server which helps to protect the data from vulnerabilities and the
randomness is use to maintain the integrity and privacy of the data. The Client
Hello message contains the client cipher list which was transferred from client
to a server. This cipher suit contains has four aspects such as a key exchange
algorithms, bulk encryption algorithm, MAC algorithm and PRF. If the list has
not have the required suites or it is not acceptable, the server will send a
failure message and will close the connection. After completing all the
process, a message is sent and the client waits for the ServerHello message,
however if there is another message arrive from the server is preserved as a
fatal error. (T. Dierks Independent, 08/2008) (McKinley, 2003) (Ristic, 2013, Hale, 2013).

 

4.     RSA Key Exchange

 

The term
RSA key exchange can define as that the client produces a premaster secret
which is 64 bytes in size and remains stable for many years. This secret can be
encrypted by using the public key obtained from the server certificate and
sends it to the ClientKeyExchange message. The premaster secret can be accessed
by the server through decrypting the message TLS uses the RSAES-PKCS1-v1_5
encryption scheme or anyone who have access to the consistent private key. The
premaster secret can be decrypted by the attackers if the version is mismatched
or unacceptable as than the one required. Version mismatching and avoiding
attack can be treated by formatting and randomise the premaster secret
completely. (T. Dierks Independent, 08/2008) (McKinley, 2003) (Ristic, 2013, Hale, 2013).

 

5.     Alert Protocol

 

A
notification sends to the other side as a part of the communications known as
alert. The alerts are either used for an update and errors messages. During the
shutdown, the error message used as they come with the exception of
close_notify. The increase in warning level can result in termination of the
connection, however other connection must continue. These alert messages are
encrypted, compressed and delivers the strictness of the message with a
description of alert. Below are the two fields of alert messages: –

 

Struct {

AlertLevel level;

AlertDescription description;

} Alert;

 

The
AlertLevel contains the alert which can be a fatal or warning.

The
AlertDescription contains the details of the alert such as it is a Trojan etc. (T. Dierks Independent, 08/2008) (McKinley, 2003) (Ristic, 2013, Hale, 2013).

 

 

Three critical development

 

Securing
the server is very important while transferring the sensitive data from one
place to another over the internet. Since, the protocols are linked to the web
sources and servers so there are less chances of getting in trouble. To attain
any records or access the data a digital certificate needed which can be
obtained by Certification authority such as RSA Data Security. Below is the
critical analysis of three top ranked development stages.

 

1.     As explained above, Change Cipher
Spec Protocol delivers a single message which is generated through the secure
communications between a server and the client happened in the beginning. The
message has value of 1 and is only a single byte long. For the integrity and
privacy, the message is only transferred after all the security measures has
been met and further steps has taken to protect the data before it Is
transmitting. Integrity and privacy are two pillars to keep the data secure and
confidential. The code below shows the method of delivering the single message
with a value of 1.

 

struct {

            enum {
change_cipher_spec(1), (255) } type;

} ChangeCipherSpec;

 

The ChangeCipherSpec shows that the new data has been transferred to new
destination safe and secured. (T. Dierks Independent, 08/2008) (McKinley, 2003) (Ristic, 2013, Hale, 2013).

 

2.     The main role of the TLS handshake
protocol is to allow the communication between a client and the sever. It allows
the peers to agree upon the security parameters like an encryption algorithms
for the record layer before sending the data. Before the release of TLS version
1.2 there were many issues related to the security, privacy and integrity. These
issues were a gateway for the attackers to steal or encrypt the data. But after
the release of TLS 1.2 the issues were tackled down by using the new encryption
and block cipher methods. These encryption methods allow the client to store
the data until other part meets all the security requirements. (T. Dierks Independent, 08/2008) (McKinley, 2003) (Ristic, 2013, Hale, 2013).

 

3.     ClientHello delivers a single
message which protect the data breaches. The message is created by the client
on the web browser when he/she start to download and the message pop up. The
message is generated by the ClientHello for notifying the client. As the
message will only be delivered to the other party until all the security
measures are fully met. After, the data can be encrypted with the help of a
digital certificate. (T. Dierks Independent, 08/2008) (McKinley, 2003) (Ristic, 2013, Hale, 2013).

 

Critical Evaluation

 

Increase in
new technologies have put the security aspects privacy, integrity, authenticity
and non-repudiation in critical condition. Privacy means that the data shared
over the internet by two parties must not be shared or accessed by third party.
Integrity detects any changes in the shared data between the time it was
received and sent. Change Cipher Spec Protocol deliver of a single message
which is generated through the secure communications made between a server and
the client in the beginning. The message has value of 1 and is only a single
byte long.  Authentication means that
data is only accessible to those it has been authorised for. Non-repudiation
protects the data towards any claim by a third party stated as their role in
receipt of data. The communication made between the server and the client to
make sure that the new transmitted data over the server to new destination is
secured with the newly transferred Cipher Spec and keys. The message is only
transferred after all the security measures has been met and further steps has
taken to protect the communication during the handshake. If re-handshake occurs
during the transmitting of data, the organisations should use the old Cipher
Spec but as soon the data has been delivered it is must to use the new Cipher
Spec. The transmission of data stays unidentified on the both sides, so none of
the organisations can find out any update about the each other. For the
integrity and privacy, the message is only transferred after all the security
measures has been met and further steps has taken to protect the data before it
Is transmitting. Integrity and privacy are two pillars to keep the data secure
and confidential. The code below shows the method of delivering the single
message with a value of 1. The ChangeCipherSpec shows that the new data has
been transferred to new destination safe and secured. To maintain these
security levels of the applications and software’s of new technologies which
are engaging in fast paced environment must be deliver to the public in secure,
scalable and manageable way for which many new architectures and protocols are
being invented. (T. Dierks Independent, 08/2008) (McKinley, 2003) (Ristic, 2013, Hale, 2013).

 

References

 

MCKINLEY, H.
L. 2003. SSl and TLS: A beginners guide. SANS
Institute.

 

T.
DIERKS INDEPENDENT, E. R. 08/2008. The
Transport Layer Security (TLS) Protocol                                   Version 1.2 Online.
Network Working Group. Available: https://tools.ietf.org/html/rfc5246?as_url_id=AAAAAAWHHyHNlFlnC-fwVc0huJa81smMYzdJbo5PYcZJrk-hIpVE_iUDo2Q4lP1iK3BluBfUu1AY9K_ZM71YcxhYP6ax
Accessed 05/12 2017.

 

RISTIC,
I. 2013. Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI
to Secure Servers and Web Applications, Feisty Duck.

 

LINN,
J. 1993. Privacy Enhancement for Internet
Electronic Mail:          Part I: Message
Encryption and Authentication Procedures Online. Available: https://tools.ietf.org/html/rfc1421.html
Accessed 01/12 2017.

 

OPPLIGER, R.
2016. SSL and TLS: Theory and Practice,
Artech House.

Author: