Why TLS 1.3 makes the internet safer
CYBERSECURITY is a big problem today and with hackers gaining access to more and more sophisticated tools, companies are finding it increasingly difficult to protect themselves and their customers.
However, the Internet Engineering Task Force (IETF), the body that reviews and approves internet standards and protocols, has taken a step to make the internet much safer in general.
The IETF, which finally passed the Transport Layer Security (TLS) 1.3 protocol last week, after four years of deliberation and 28 drafts, believes the internet will be safer and faster as a result.
Essentially, TLS is what provides privacy and data security to two communicating applications.
It’s what web browsers, file transfer software, virtual private network connections, instant messaging solutions, and voice-over-IP models rely on when exchanging data, securely, over a network.
TLSs evolved from Netscape’s Secure Socket Layers (SSLs). The world move over from SSLs to TLSs because the latter offered a more secure and efficient protocol for message authentication, key material generation, and better algorithms.
Up until now, TLS updates, up to 1.2 were similar in many respects. However, the latest protocol offers quite a few advantages.
The “handshake” between a client and a server has been streamlined. As per new standards, encryption will be initiated earlier in order to minimize the amount of data transmitted in the clear.
Thanks to “forward secrecy”, hackers won’t be able to lift decryption keys from one exchange and use it to decrypt others later on. For data security professionals, this is a huge step forward for the internet as a whole.
According to Patrick Crowley, Technical Leader, Cisco Stealthwatch Cloud:
“Suppose someone started recording encrypted traffic in our network on January 1st and then discovered a server’s private key on January 31st. That person could decrypt all of the server’s traffic and make off with the credit card numbers we entered yesterday, our lab results from last week, and our team’s patent application from the week before. With the forward secrecy in TLS 1.3, there’s no longer a single secret value that will decrypt multiple sessions.
“Instead, TLS 1.3 uses the Ephemeral Diffie-Hellman key exchange protocol, which generates a one-time key that’s used only for the current network session. At the end of the session, the key is discarded. While attackers can still record and store encrypted network traffic, to decode it they need the unique key for each session. A session key won’t decode data sent during an earlier session or help an attacker discover future session keys. Forward secrecy is a best practice for security—which is why we’re all for it.
The new protocol has also removed legacy encryption algorithms altogether to prevent hackers from forcing the system to use them, making it easier to break the cipher on the messages.
Further, TLS 1.3 has introduced a 0-RTT or zero-round-trip-time mode which will help server and client machines that have been acquainted before to get right to exchanging data without wasting time with introductions all over again.
According to Cloudflare, the company that claims to “serve more web traffic than Twitter, Amazon, Apple, Instagram, Bing, & Wikipedia combined”, extended a warm welcome to 0-RTT.
The company believes that up to 40 percent of the traffic they see comes from visitors who have recently visited a site and are resuming a previous connection. The company believes 0-RTT will lead to faster connections and a smoother web experience – which will especially be noticeable on mobile networks.