.png)
.png)
.png)
.png)
Application of Cryptographic Technology – TLS
TLS (Transport Layer Security) is a protocol for Transport Layer Security that provides confidentiality, data integrity, and authenticity between two communication applications. The protocol consists of two layers: the TLS Handshake Protocol and the TLS Record Protocol, as shown in Figure 1.
Figure 1: TLS Hierarchy
TLS Handshake Protocol
The TLS handshake protocol is primarily responsible for authenticating the identities of both parties, negotiating the encryption algorithm, and exchanging the encryption key before the actual data transfer begins. It consists of four sub-protocols:
(1) The Handshake Protocol is responsible for certificate exchange and key negotiation, as shown in Figure 2.
Figure 2: TLS Handshake Protocol Process
① The client and server negotiate the basic parameters of the TLS connection, including the TLS version, encryption algorithms, compression methods, etc.; Server authentication, where the server sends its certificate chain to the client for verification. The corresponding packet capture is shown in Figure 3.
Figure 3: Packet Capture of the TLS Handshake Protocol Connection Parameter Negotiation Process and Server Authentication
② The client and server perform key exchange corresponding to the packet capture as shown in Figure 4. At the same time, the client can send its certificate to the server for verification (optional).
Figure 4: Packet Capture of TLS Handshake Protocol Client Server Secret Key Negotiation
③The client and server each send a “Finished” message, containing an encrypted hash of all handshake messages ① and ②, to verify the integrity of the handshake process and confirm the completion of the key exchange.
(2) The Change Cipher Spec Protocol is used to synchronize the cipher suite and shared key switching between the two communicating parties.
(3) The Alert Protocol is used to notify the communication counterpart of exceptions that occur during the handshake process, such as message authentication code errors or decompression failures.
(4) The App Data Protocol is used to transmit application data between communication entities. When TLS carries HTTP, the requests and responses of HTTP are transmitted through this protocol and the TLS Record Protocol.
TLS Record Protocol
Responsible for message compression, message authentication, encryption, and encapsulation. The process flow is shown in Figure 5.
Figure 5: Work Flow of TLS Record Protocol
(1) The message is divided into fragments, and compression is applied to each fragment.
(2) Compute the MAC of the compressed data using the shared secret key.
(3) Encrypt the compressed fragment with a message authentication code using symmetric encryption.
(4) Encapsulate the header composed of the encrypted data, data type, version number, and the length after compression into the final message data.
TLS is widely used in scenarios such as web browsers, email transmission, VPN connections, and IoT device communication due to its strong security capabilities. It is recommended to use the latest version of TLS along with high-security cipher suites to ensure the confidentiality, integrity, and verification of data transfer, while also regularly updating certificates to avoid security risks associated with certificate expiration.
The analyses and discussions in this article are intended to share industry dynamics and technical practices. If any issue involving intellectual property rights arises, please do not hesitate to contact us. We will handle your concerns and make necessary adjustments in accordance with relevant laws and regulations.
