Network Security Transport Layer - Network Security

What is Network Security Transport Layer?

Network security includes securing data against assaults while it is in transit on a network. To obtain this goal, many real-time security protocols were designed. There are popular standards for real-time network security protocols including S/MIME, SSL/TLS, SSH, and IPsec. As mentioned earlier, those protocols work at special layers of networking model.

In the last chapter, we mentioned a few popular protocols which are designed to provide application layer protection. in this chapter, we will discuss the method of achieving network security at transport Layer and related security protocols.

For TCP/IP protocol based network, physical and data link layers are commonly implemented within the user terminal and network card hardware. TCP and IP layers are carried out within the operating system. anything above TCP/IP is implemented as user method.

Need for Transport Layer Security

Let’s discuss a regular internet-based business transaction.

Bob visits Alice’s website for selling goods. In a form on the website, Bob enters the kind of top and amount preferred, his address and payment card information. Bob clicks on submit and waits for delivery of products with debit of price quantity from his account. All this sounds good, however in absence of network security, Bob will be in for a few surprises.

  • If transactions did not use confidentiality (encryption), an attacker should obtain his payment card information. The attacker can then make purchases at Bob's expense.
  • If no information integrity measure is used, an attacker should adjust Bob's order in terms of type or amount of goods.
  • Lastly, if no server authentication is used, a server should show Alice's famous logo however the site can be a malicious site maintained through an attacker, who is masquerading as Alice. After receiving Bob's order, he should take Bob's money and flee. Or he should perform an identity theft by using collecting Bob's call and credit card details.

Transport layer security schemes can address those issues by way of enhancing TCP/IP based network conversation with confidentiality, information integrity, server authentication, and client authentication.

The security at this residue is normally used to comfortable HTTP based web transactions on a network. however, it is able to be employed through any software running over TCP.

Philosophy of TLS Design

Transport Layer security (TLS) protocols operate above the TCP layer. layout of these protocols use popular application program Interfaces (API) to TCP, called “sockets" for interfacing with TCP layer.

Applications are now interfaced to move security Layer instead of TCP immediately. transport safety Layer presents a simple API with sockets, which is similar and analogous to TCP's API.

Network Security – Transport Layer

In the above diagram, even though TLS technically is living between application and transport layer, from the common attitude it is a transport protocol that acts as TCP layer improved with security services.

TLS is designed to operate over TCP, the reliable layer four protocol (not on UDP protocol), to make layout of TLS much simpler, because it doesn't have to worry about ‘timing out’ and ‘retransmitting lost information’. The TCP layer keeps doing that as usual which serves the want of TLS.

Why TLS is Popular?

The purpose for popularity of using a security at transport Layer is simplicity. layout and deployment of security at this layer does not require any alternate in TCP/IP protocols which are carried out in an operating system. only user techniques and applications needs to be designed/changed that is less complex.

Secure Socket Layer (SSL)

In this section, we discuss the family of protocols designed for TLS. The family consists of SSL versions 2 and 3 and TLS protocol. SSLv2 has been now changed through SSLv3, so we will recognition on SSL v3 and TLS.

Brief History of SSL

In year 1995, Netscape advanced SSLv2 and used in Netscape Navigator 1.1. The SSL version1 become never published and used. Later, Microsoft advanced upon SSLv2 and brought another similar protocol named private Communications technology (PCT).

Netscape substantially improved SSLv2 on various security problems and deployed SSLv3 in 1999. The internet Engineering task force (IETF) in the end, introduced a similar TLS (delivery Layer security) protocol as an open standard. TLS protocol is non-interoperable with SSLv3.

TLS changed the cryptographic algorithms for key expansion and authentication. additionally, TLS suggested use of open crypto Diffie-Hellman (DH) and digital Signature standard (DSS) in place of patented RSA crypto used in SSL. however due to expiry of RSA patent in 2000, there existed no strong reasons for users to shift away from the widely deployed SSLv3 to TLS.

Salient Features of SSL

The salient features of SSL protocol are as follows −

  • SSL presents network connection security through −
    • Confidentiality − information is exchanged in an encrypted form.
    • Authentication − communication entities identify each other through the use of digital certificate. web-server authentication is mandatory whereas purchaser authentication is saved optional.
    • Reliability − maintains message integrity checks.
  • SSL is available for all TCP applications.
  • Supported through almost all web browsers.
  • Presents ease in doing business with new online entities.
  • Developed primarily for web e-commerce.

Architecture of SSL

SSL is precise to TCP and it does not work with UDP. SSL presents application Programming Interface (API) to applications. C and Java SSL libraries/classes are simply available.

SSL protocol is designed to interwork between application and transport layer as proven within the following image –

Network Security – Transport Layer

SSL itself is not a single layer protocol as depicted inside the image; in fact it is composed of sub-layers.

  • Lower sub-layer contains of the only thing of SSL protocol known as as SSL report Protocol. This component presents integrity and confidentiality services.
  • Upper sub-layer contains of three SSL-associated protocol components and an application protocol. application element presents the data transfer provider between client/server interactions. Technically, it can operate on top of SSL layer as well. 3 SSL associated protocol components are −
    • SSL Handshake Protocol
    • Change Cipher Spec Protocol
    • Alert Protocol.
  • Those three protocols control all of SSL message exchanges and are discussed later in this section.

Network Security – Transport Layer

Functions of SSL Protocol Components

The four sub-components of the SSL protocol deal with numerous tasks for comfortable communication among the client device and the server.

  • Record Protocol
    • The file layer formats the upper layer protocol messages.
    • It fragments the information into manageable blocks (max length 16 KB). It optionally compresses the data.
    • Encrypts the information.
    • Presents a header for every message and a hash (Message Authentication Code (MAC)) at the end.
    • Hands over the formatted blocks to TCP layer for transmission.

Network Security – Transport Layer

  • SSL Handshake Protocol
    • It is the maximum complex part of SSL. it is invoked earlier than any application records is transmitted. It creates SSL sessions between the customer and the server.
    • Establishment of session includes Server authentication, Key and algorithm negotiation, establishing keys and consumer authentication (optional).
    • A session is recognized through specific set of cryptographic security parameters.
    • Multiple secure TCP connections among a client and a server can share the same session.
    • Handshake protocol moves through four levels. these are mentioned inside the next section.
  • ChangeCipherSpec Protocol
    • Simplest part of SSL protocol. It comprises of a single message exchanged between communicating entities, the client and the server.
    • As every entity sends the ChangeCipherSpec message, it adjustments its side of the connection into the secure state as agreed upon.
    • The cipher parameters pending state is copied into the current state.
    • Change of this Message suggests all future information exchanges are encrypted and integrity is protected.
  • SSL Alert Protocol
    • This protocol is used to file errors – including unexpected message, bad record MAC, security parameters negotiation failed, etc.
    • It is also used for other purposes – including notify closure of the TCP connection, notify receipt of bad or unknown certificate, etc.

Establishment of SSL Session

As mentioned above, there are four phases of SSL session establishment. these are specially handled through SSL Handshake protocol.

Phase 1 − Establishing security capabilities.

  • This phase comprises of change of messages – Client_hello and Server_hello.

Network Security – Transport Layer

  • Client hello includes of list of cryptographic algorithms supported by using the customer, in decreasing order of choice.
  • Server_hello includes the chosen Cipher Specification (CipherSpec) and a new session_id.
  • The CipherSpec includes fields like −
    • Cipher algorithm (DES, 3DES, RC2, and RC4)
    • MAC algorithm (based on MD5, SHA-1)
    • Public-key algorithm (RSA)
    • Both messages have “nonce” to prevent replay attack.

Phase 2 − Server authentication and key exchange.

Network Security – Transport Layer

  • Server sends certificates. client software comes configured with public keys of various “trusted” organizations (CAs) to test certificate.
  • Server sends chosen cipher suite.
  • Server may request client certificates. usually it is not done.
  • Server shows end of Server_hello.

Phase 3 − client authentication and key exchange.

Network Security – Transport Layer

  • Client sends certificates, simplest if requested through the server.
  • It also sends the Pre-master secret (PMS) encrypted with the server’s public key.
  • Client also sends Certificate_verify message if certificates is sent through him to prove he has the private key related to this certificate. basically, the client signs a hash of the previous messages.

Phase 4 − finish.

Network Security – Transport Layer

  • Client and server send Change_cipher_spec messages to each other to reason the pending cipher state to be copied into the current state.
  • From now on, all information is encrypted and integrity protected.
  • Message “finished” from every end verifies that the key change and authentication techniques were successful.

All four phases, mentioned above, show up inside the establishment of TCP session. SSL session establishment begins after TCP SYN/ SYNACK and finishes before TCP Fin.

Resuming a Disconnected Session

  • It is possible to resume a disconnected session (through Alert message), if the consumer sends a hello_request to the server with the encrypted session_id data.
  • The server then determines if the session_id is valid. If proven, it exchanges ChangeCipherSpec and completed messages with the client and comfortable communications resume.
  • This avoids recalculating of session cipher parameters and saves computing on the server and the client end.

SSL Session Keys

We have visible that in section three of SSL session establishment, a pre-master secret is sent through the client to the server encrypted using server’s public key. The master secret and various consultation keys are generated as follows −

  • The master secret is generated (through pseudo random variety generator) using −
    • The pre-master secret.
    • Two nonces (RA and RB) exchanged in the client_hello and server_hello messages.
  • Six secret values are then derived from this master secret as −
    • Secret key used with MAC (for data sent by server)
    • Secret key used with MAC (for information sent by client)
    • secret key and IV used for encryption (through server)
    • Secret key and IV used for encryption (through client)

TLS Protocol

In order to provide an open internet wellknown of SSL, IETF released The transport Layer security (TLS) protocol in January 1999. TLS is described as a proposed net standard in RFC 5246.

Salient Features

  • TLS protocol has equal objectives as SSL.
  • It permits client/server packages to communicate in a secure way through authenticating, preventing eavesdropping and resisting message change.
  • TLS protocol sits above the reliable connection-oriented transport TCP layer in the networking layers stack.
  • The architecture of TLS protocol is much like SSLv3 protocol. It has two sub protocols: the TLS file protocol and the TLS Handshake protocol.
  • Though SSLv3 and TLS protocol have similar architecture, numerous adjustments were made in architecture and functioning particularly for the handshake protocol.

Comparison of TLS and SSL Protocols

There are major eight differences between TLS and SSLv3 protocols. these are as follows −

  • Protocol version − The header of TLS protocol section includes the version number 3.1 to differentiate among variety 3 carried by SSL protocol section header.
  • Message Authentication − TLS employs a keyed-hash message authentication code (H-MAC). benefit is that H-MAC operates with any hash function, not just MD5 or SHA, as explicitly stated by using the SSL protocol.
  • Session Key generation − There are two differences between TLS and SSL protocol for generation of key material.
    • Method of computing pre-master and master secrets is similar. but in TLS protocol, computation of grasp secret makes use of the HMAC standard and pseudorandom function (PRF) output instead of ad-hoc MAC.
    • The algorithm for computing consultation keys and initiation values (IV) is unique in TLS than SSL protocol.
  • Alert Protocol Message −
    • TLS protocol supports all of the messages utilized by the Alert protocol of SSL, besides No certificates alert message being made redundant. The customer sends empty certificates in case client authentication is not required.
    • Many additional Alert messages are covered in TLS protocol for other mistakes situations including record_overflow, decode_error etc.
  • Supported Cipher Suites − SSL helps RSA, Diffie-Hellman and Fortezza cipher suites. TLS protocol supports all suits except Fortezza.
  • Client Certificate Types − TLS defines certificate types to be requested in a certificate_request message. SSLv3 support all of these. additionally, SSL support certain other forms of certificate including Fortezza.
  • CertificateVerify and finished Messages −
    • In SSL, complex message method is used for the certificate_verify message. With TLS, the verified data is contained inside the handshake messages itself hence avoiding this complicated manner.
    • Finished message is computed in unique manners in TLS and SSLv3.
  • Padding of data − In SSL protocol, the padding introduced to user data before encryption is the minimum quantity required to make the full facts-size same to a multiple of the cipher’s block length. In TLS, the padding can be any amount that results in data-size that is a multiple of the cipher’s block period, up to a maximum of 255 bytes.

The above differences between TLS and SSLv3 protocols are summarized in the following table.

Network Security – Transport Layer

Secure Browsing - HTTPS

In this phase, we will speak the use of SSL/TLS protocol for performing secure web browsing.

HTTPS Defined

Hyper text transfer Protocol (HTTP) protocol is used for web browsing. The feature of HTTPS is just like HTTP. The only difference is that HTTPS offers “secure” internet browsing. HTTPS stands for HTTP over SSL. This protocol is used to offer the encrypted and authenticated connection between the client web browser and the website server.

Network Security – Transport Layer

The secure browsing through HTTPS ensures that the following content are encrypted −

  • URL of the requested internet page.
  • Web page contents provided by means of the server to the user client.
  • Contents of forms filled in through user.
  • Cookies set up in each directions.

Working of HTTPS

HTTPS application protocol commonly uses one of two famous transport layer security protocols - SSL or TLS. The process of secure browsing is defined in the following points.

  • You request a HTTPS connection to a webpage by entering https:// observed through URL in the browser address bar.
  • Web browser initiates a connection to the web server. Use of https invokes the use of SSL protocol.
  • An application, browser in this case, uses the system port 443 instead of port 80 (used in case of http).
  • The SSL protocol is going through a handshake protocol for setting up a secure session as discussed in earlier sections.
  • The website to start with sends its SSL digital certificates to your browser. On verification of certificates, the SSL handshake progresses to change the shared secrets for the session.
  • When a trusted SSL digital certificate is used by the server, users get to see a padlock icon within the browser address bar. whilst an extended Validation certificates is installed on a website, the address bar turns green.

Network Security – Transport Layer

  • Once installed, this session includes many secure connections between the web server and the browser.

Use of HTTPS

  • Use of HTTPS presents confidentiality, server authentication and message integrity to the user. It allows safe conduct of e-commerce at the internet.
  • Prevents information from eavesdropping and denies identity theft which are common assaults on HTTP.

Present day web browsers and web servers are ready with HTTPS assist. the use of HTTPS over HTTP, however, requires more computing power at the client and the server give up to carry out encryption and SSL handshake.

Secure Shell Protocol (SSH)

The salient features of SSH are as follows −

  • SSH is a network protocol that runs on top of the TCP/IP layer. it is designed to update the TELNET which supplied unsecure way of remote logon facility.
  • SSH presents a secure client/server communication and can be used for tasks including report switch and e-mail.
  • SSH2 is a common protocol which offers improved network communication safety over earlier version SSH1.

SSH Defined

SSH is prepared as three sub-protocols.

Network Security – Transport Layer

  • Transport Layer Protocol − This a part of SSH protocol presents information confidentiality, server (host) authentication, and information integrity. it may optionally offer data compression as well.
    • Server Authentication − Host keys are uneven like public/private keys. A server uses a public key to show its identity to a client. The client verifies that contacted server is a “known” host from the database it maintains. once the server is authenticated, session keys are generated.
    • Session Key Establishment − After authentication, the server and the consumer agree upon cipher for use. session keys are generated through both the customer and the server. session keys are generated before person authentication so that usernames and passwords may be sent encrypted. those keys are generally replaced at regular periods (say, each hour) throughout the session and are destroyed right now after use.
    • Data Integrity − SSH uses Message Authentication Code (MAC) algorithms to for information integrity check. it is an improvement over 32 bit CRC used by SSH1.
  • User Authentication Protocol − This part of SSH authenticates the person to the server. The server verifies that access is given to supposed customers only. Many authentication techniques are currently used including, typed passwords, Kerberos, public-key authentication, etc.
  • Connection Protocol − This presents multiple logical channels over a single underlying SSH connection.

SSH services

SSH presents three important services that allow provision of many secure solutions. those services are briefly described as follows −

  • Secure Command-Shell (remote Logon) − It permits the user to edit files, view the contents of directories, and access applications on related device. systems administrators can remotely begin/view/stop services and processes, create consumer bills, and alternate document/directories permissions and so forth. All responsibilities which can be possible at a machine’s command prompt can now be achieved securely from the remote machine using secure remote logon.
  • Secure File Transfer − SSH file transfer Protocol (SFTP) is designed as an extension for SSH-2 for secure record transfer. In essence, it is a separate protocol layered over the at ease Shell protocol to address report transfers. SFTP encrypts each the username/password and the report data being transferred. It uses the equal port as the secure Shell server, i.e. system port no 22.
  • Port Forwarding (Tunneling) − It allows information from unsecured TCP/IP based programs to be secured. After port forwarding has been set up, secure Shell reroutes traffic from a program (usually a client) and sends it across the encrypted tunnel to this system on the other side (usually a server). multiple programs can transmit information over a single multiplexed secure channel, eliminating the need to open many ports on a firewall or router.

Network Security – Transport Layer

Benefits & limitations

The benefits and limitations of using communication security at transport layer are as follows −

  • Benefits
    • Transport Layer security is transparent to applications.
    • Server is authenticated.
    • Application layer headers are hidden.
    • It is more excellent-grained than security mechanisms at layer three (IPsec) as it works on the transport connection level.
  • Limitations
    • Applicable to TCP-based applications most effective (not UDP).
    • TCP/IP headers are in clear.
    • Suitable for direct communication between the customer and the server. Does not cater for secure applications using chain of servers (e.g. email)
    • SSL does not offer non-repudiation as consumer authentication is optional.
    • If needed, client authentication desires to be applied above SSL.


A large number of web applications have emerged at the internet within the past decade. Many e-Governance and e-trade portal have come online. those programs require that consultation among the server and the client is secure supplying confidentiality, authentication and integrity of sessions.

One manner of mitigating a ability assault all through a user’s session is to use a secure conversation protocol. of such communication protocols, secure Sockets Layer (SSL) and transport Layer security (TLS), are mentioned in this chapter. both of those protocol feature at transport layer.

Another transport layer protocol, secure Shell (SSH), designed to update the TELNET, presents comfortable method of remote logon facility. it is capable of presenting various services inclusive of secure Command Shell and SFTP.

Employment of transport layer security has many advantages. however, the security protocol designed at these layer may be used with TCP only. They do not provide security for communication implemented using UDP.

All rights reserved © 2020 Wisdom IT Services India Pvt. Ltd Protection Status

Network Security Topics