Grin logo
Go to shop Computer Science - IT-Security

On the security of TLS 1.2 and TLS 1.3. A comparison

Title: On the security of TLS 1.2 and TLS 1.3. A comparison

Term Paper , 2021 , 41 Pages , Grade: 95%

Autor:in: Sarah Syed-Winkler (Author)

Computer Science - IT-Security
Excerpt & Details   Look inside the ebook

This report analyses the security of older TLS versions by illustrating a taxonomy of attacks and explaining technical details on the BEAST and Lucky Thirteen attack. The fundamentals of TLS are based on the TLS 1.2 standard. Furthermore, the advantages of a migration to TLS 1.3 are highlighted.

The internet has become part of our daily lives. When the internet was originally designed, no one was considering the potential threats it might behold. Today, all devices connected to the internet have one thing in common - they rely on secure protocols to protect the information in transit. This is where Secure Socket Layer (SSL) and Transport Layer Security (TLS) come into play.

The Transport Layer Security protocol quickly became dominant for use in applications and servers for transferring data across the internet in a secure manner. One way to recognize a secure website is the usage of Hypertext Transfer Protocol Secure (HTTPS). The “S” in HTTPS stands for “Secure” and is an easy characteristic to identify secure website connections.

Furthermore, to highlight to a client that TLS is used to protect HTTP, the server may replace the protocol naming in the URL with https and add a lock symbol or even a coloured address bar. Besides, the Google Chrome Web browser has started flagging all unencrypted HTTP sites as "not secure" Moreover, Google is penalizing websites which are not protected.

The TLS Protocol is widely used for providing internet security. The protocol has been subject to several version upgrades over the course of its 25-year lifespan. Although TLS 1.3 is the latest version, its predecessor TLS 1.2 is most widely supported by websites. The versions minor to TLS 1.3 have several vulnerabilities which have been exploited in attacks like POODLE, BEAST etc.

Excerpt


Table of Contents

  • 1 Introduction
    • 1.1 Motivation
    • 1.2 Research Objective
    • 1.3 Structure of this report
  • 2 Fundamentals of SSL/TLS and DTLS
    • 2.1 Introduction
    • 2.2 SSL/TLS
      • 2.2.1 TLS Record Protocol
      • 2.2.2 TLS Handshake Protocol
    • 2.3 DTLS
      • 2.3.1 DTLS Record Protocol
      • 2.3.2 DTLS Handshake Protocol
    • 2.4 Summary
  • 3 Attacks on SSL/TLS and DTLS
    • 3.1 Introduction
    • 3.2 BEAST Attack
      • 3.2.1 How the Attack Works
      • 3.2.2 Mitigation
    • 3.3 Lucky Thirteen Attack
      • 3.3.1 How the Attack Works
      • 3.3.2 Padding Oracle Attack
      • 3.3.3 Mitigation
  • 4 TLS 1.3
    • 4.1 Introduction
    • 4.2 TLS Handshake Protocol
    • 4.3 Summary
  • 5 Conclusions

Objectives and Key Themes

This report analyzes the security of older TLS versions (prior to TLS 1.3) and highlights the advantages of migrating to TLS 1.3. The main objective is to provide a technical understanding of the vulnerabilities exploited in attacks against older TLS versions and to demonstrate the improved security offered by TLS 1.3.

  • Vulnerabilities in older TLS versions (TLS 1.2 and earlier).
  • Technical details of specific attacks like BEAST and Lucky Thirteen.
  • Security improvements introduced in TLS 1.3.
  • Advantages of migrating to TLS 1.3.
  • Fundamentals of the SSL/TLS protocol.

Chapter Summaries

1 Introduction: This introductory chapter sets the stage for the report by highlighting the increasing importance of internet security and the role of TLS in protecting online communication. It establishes the motivation behind the research, stating the objective of analyzing the security of older TLS versions and the advantages of migrating to TLS 1.3. The chapter also outlines the structure of the report, providing a roadmap for the subsequent sections.

2 Fundamentals of SSL/TLS and DTLS: This chapter provides a foundational understanding of the SSL/TLS and DTLS protocols. It explains the core components, including the record and handshake protocols, and clarifies their functions within the network security framework. This section lays the groundwork for subsequent chapters by defining the technical terminology and concepts necessary to understand the attacks and improvements discussed later in the report. The differences and similarities between TLS and DTLS are also explained.

3 Attacks on SSL/TLS and DTLS: This chapter delves into the security vulnerabilities of older TLS versions by illustrating a taxonomy of attacks and providing technical details on specific examples, including the BEAST and Lucky Thirteen attacks. The chapter meticulously explains how these attacks work, the conditions under which they can be successful, and the methods used to mitigate them. This detailed explanation is crucial for understanding the motivations and solutions detailed in the final chapter.

4 TLS 1.3: This chapter focuses on TLS 1.3, the latest version of the protocol, and describes the improvements it brings in terms of security and performance. It explains the changes made to the TLS Handshake Protocol, highlighting how these enhancements address the vulnerabilities exploited by the attacks described in the previous chapter. The chapter offers a contrast between the functionalities of TLS 1.2 and TLS 1.3 and emphasizes the reasons why a migration is beneficial.

Keywords

TLS 1.3, TLS 1.2, SSL, DTLS, internet security, cryptography, BEAST attack, Lucky Thirteen attack, protocol vulnerabilities, security improvements, migration, padding oracle attack, handshake protocol, record protocol.

Frequently Asked Questions: A Comprehensive Language Preview of SSL/TLS and DTLS Security

What is the purpose of this report?

This report analyzes the security of older TLS versions (prior to TLS 1.3) and highlights the advantages of migrating to TLS 1.3. The main objective is to provide a technical understanding of the vulnerabilities exploited in attacks against older TLS versions and to demonstrate the improved security offered by TLS 1.3.

What are the key themes explored in the report?

The report explores vulnerabilities in older TLS versions (TLS 1.2 and earlier), the technical details of specific attacks like BEAST and Lucky Thirteen, security improvements introduced in TLS 1.3, the advantages of migrating to TLS 1.3, and the fundamentals of the SSL/TLS protocol.

What topics are covered in each chapter?

Chapter 1 (Introduction): Sets the context, explaining the report's motivation, objective (analyzing older TLS versions' security and the benefits of TLS 1.3 migration), and structure. Chapter 2 (Fundamentals of SSL/TLS and DTLS): Explains the core components of SSL/TLS and DTLS protocols, including record and handshake protocols. Chapter 3 (Attacks on SSL/TLS and DTLS): Details vulnerabilities in older TLS versions through a taxonomy of attacks, focusing on BEAST and Lucky Thirteen, explaining how they work and their mitigation. Chapter 4 (TLS 1.3): Covers TLS 1.3's improvements in security and performance, explaining changes to the handshake protocol and the advantages of migrating from older versions. Chapter 5 (Conclusions): [Content not explicitly detailed in the preview].

What specific attacks are analyzed in detail?

The report analyzes the BEAST attack and the Lucky Thirteen attack in detail, explaining how they work, their vulnerabilities, and mitigation strategies.

What are the key differences between TLS 1.2 and TLS 1.3?

The report highlights the security improvements introduced in TLS 1.3 to address vulnerabilities exploited by attacks against older versions like TLS 1.2. Specific details of these improvements, particularly concerning the handshake protocol, are discussed in Chapter 4.

What are the benefits of migrating to TLS 1.3?

The report emphasizes the enhanced security offered by TLS 1.3 compared to older versions, addressing vulnerabilities exploited by attacks such as BEAST and Lucky Thirteen. The specific advantages of migration are a key theme.

What are the fundamental concepts of SSL/TLS and DTLS explained in the report?

The report covers the core components of the SSL/TLS and DTLS protocols, including the record protocol and handshake protocol, explaining their functions and the differences and similarities between TLS and DTLS.

What are the keywords associated with this report?

TLS 1.3, TLS 1.2, SSL, DTLS, internet security, cryptography, BEAST attack, Lucky Thirteen attack, protocol vulnerabilities, security improvements, migration, padding oracle attack, handshake protocol, record protocol.

Excerpt out of 41 pages  - scroll top

Details

Title
On the security of TLS 1.2 and TLS 1.3. A comparison
College
Ruhr-University of Bochum
Grade
95%
Author
Publication Year
2021
Pages
41
Catalog Number
V1037281
ISBN (eBook)
9783346456601
ISBN (Book)
9783346456618
Language
English
Tags
TLS Transport Layer Security SSL DTLS Security Secure Socket Layer TLS 1.2 TLS 1.3
Product Safety
GRIN Publishing GmbH
Quote paper
Sarah Syed-Winkler (Author), 2021, On the security of TLS 1.2 and TLS 1.3. A comparison, Munich, GRIN Verlag, https://www.grin.com/document/1037281