上海大字 SHANGH AI JIAO TONG INTVEANTY TLS Record Layer Nmnl The transport Layer Security (tls record protocol secures application data using the keys created during the Handshake The record protocol is responsible for securing application data and verifying its integrity and origin. It manages the following Dividing outgoing messages into manageable blocks, and reassembling incoming messages Compressing outgoing blocks and decomposing incoming blocks (optional) Applying a Message Authentication Code(mac) to outgoing messages, and verifying incoming using the MAc Encrypting outgoing messages and decrypting incoming messages
▪ The Transport Layer Security (TLS) Record protocol secures application data using the keys created during the Handshake. The Record Protocol is responsible for securing application data and verifying its integrity and origin. It manages the following: ▪ Dividing outgoing messages into manageable blocks, and reassembling incoming messages. ▪ Compressing outgoing blocks and decomposing incoming blocks (optional). ▪ Applying a Message Authentication Code (MAC) to outgoing messages, and verifying incoming using the MAC. ▪ Encrypting outgoing messages and decrypting incoming messages. TLS Record Layer
上海大字 SHANGH AI JIAO TONG INTVEANTY TLS Handshake ATS Client Server Message types Client Hello (generate random number) Code Description SSL version, supported ciphers, ect Hello Request Server Hello (generate random number) Clienthello Cipher Suite(RSA, TSL1. 0, ect) Server Certificate Serverhello Server Key Exchange(public key) CLient Certificate Request] NewSession Ticket Server Hello Done 11 Certificate client Key Exchange (genera number pre-master-secret 12 ServerKey Exchange CLient Certificate] 13 CertificateRequest Certificate Verify Change Cipher Spec 14 ServerHelloDone 15 Certificate verify Change Cipher Spec 16 ClientKey Exchange Application Data 20 Finished Encrypte Record
TLS Handshake
A Comprehensive Symbolic analysis of TLS1.3 CCS2017 Cas Cremers, Marko horvat, Jonathan Hoyland Sam Scott, Thyla van der Merwe 上海通大字 SHANGHAI JIAO TONG UNIVERSITY
A Comprehensive Symbolic Analysis of TLS1.3 CCS2017 Cas Cremers, Marko Horvat, Jonathan Hoyland, Sam Scott, Thyla van der Merwe
上海大字 SHANGH AI JIAO TONG INTVEANTY Disadvantages of TLS D Performance Third Party Certification Allows Insecure Encryption
▪ Performance ▪ Third Party Certification ▪ Allows Insecure Encryption Disadvantages of TLS
上海大字 SHANGH AI JIAO TONG INTVEANTY Performance Nmnl SYN 0ms 28 ms SYN ACK ACK 56 ms Serverhello Clienthello 84m 〔 ertificate ServerHelloDone ClientKey Exchange 112ms Change CipherSpec Finished 140ms…… Change Cipher Spec a Finished Application Data 196ms卜…… lication data 224 ms
Performance