Jan. 30, 2019

How does SSL or TLS work to secure TCP connections

Let's demonstrate the usage of TCP and how to secure it.

When data gets sent over the internet’s network, it gets segmented using one of the Transport layer protocols, and most of the time it’s TCP (the Transmission Control Protocol). And if you already know about TCP, it makes sure that data gets sent in the correct sequence to the right end host. However, the data a TCP segment encapsulates is not secure, meaning any intruder on the network can read and understand the data part.

If you use services like eBay, Messenger, and Gmail, for example, and share credit card information, secure chat, and whatever other data you don’t want others to see, You need to have a secure connection between your computer and these services. For this need, a new and more secure version of TCP is created and called SSL (Secure Sockets Layer).

This new layer makes our data encrypted so that others can’t interpret it and adds end-to-end authentication and data integrity. Let’s explain these one by one first:

To demonstrate the use of SSL, let’s follow this example:

Encryption: Makes data exchanged between end hosts unreadable by others.
Integrity: Makes data you send unable to be altered or changed on it’s way to the receiver end.
Authentication: Making sure that data you send are actually sent to the right end, making it impossible for intruders to pretend being the other end.

SSL/TLS protocol makes TCP a secure protocol, and whenever an application needs to send sensitive information over the internet, it is a requirement to use the send over SSL. often times the SSL protocol is used to secure — the application network layer — HTTP protocol. however SSL can be used to secure more data protocols the relay on TCP or a connection based protocol.

if you visit a page on your browser, and at the address bar shows https://..., this means that the HTTP protocol runs over secure TCP, or SSL/TLS, this also means that all data exchanged by your browser and the visited website are encrypted and no intruder or man in the middle can manipulate. this feels safe, doesn’t it.

The phases of an SSL connection

Here we have a simplified view of how SSL/TLS actually works to secure a TCP connection. an ssl connection runs over 3 phases; the handshake, key exchange and the actual data transfer. let’s take an example of a secure connection happening between a Client and a Server.

Beforehand, The SSL Certificate

A server needs first to acquire a valid SSL Certificate with a public key signed by a Certificate Authority (CA), this certificate is sent to any party wanting to connect to this server over SSL, and then that party checks with the CA weather this server is the real server that it needs to connect to. This is called Authenticating the server.

Phase 1: The handshake

The client makes a typical TCP connection to the server, by:

  • sending a SYN packet
  • receiving a SYN/ACK packet from the server
  • and finally sending an ACK packet to the server.

Phase 2: Exchanging keys

Then, after a TCP connection has established, comes the SSL part:

  • the client sends a hello to the server
  • the server sends back the singed certificate with the public key. it doesn’t send it’s private key.
  • the client checks the certificate wheather it’s valid.
  • and if the certificate looks valid, the client generates it’s own private key, encrypts it with the server’s public key, and sends this all back to the server.
  • the server unlooks the data with it’s own private key, gets the client private key.
  • the server uses the client’s private key to unlook the data part of the packets send by the client.

Phase 3: Data Transfer

Once a TCP connection is established, and the two parties able to encrypt and decrypt all transmitted data. The same proccess in last two steps in the second phase are repeated to send all segmented data over the created TCP connection using TCP segments.

These 3 phases mentioned above are just for demonstration and making things clear in the simplist way possible. However, a real SSL connection is way more complicated and has to handle data integrity with even an additional set of keys. This SSL/TLS protocol is updated with new encyption methods and to fix all security flaws that may arise.

You notice that I refer to the secure protocol using two abbriviations, SSL: Secure Socket Layer, and TLS: Tansport Layer Security. The thing is that SSL is actually the older version of this protocol and then TLS came (currently TLSv3) fixing many of the SSL problems. but for historical reasons only, both abbreviation refer to the same protocol.