Featured News

What is TLS? And why Transport Encryption is not sufficient?

Privacy and security are the two most valuable terms in this rapidly-expanding era of technology. From regular individuals to hotshot corporations, everyone is wary of the privacy of the security of the information they are exchanging.

In the aftermath of the COVID-19 pandemic, almost all corporations have turned to video conferencing applications to keep their operations afloat. Now, with so much sensitive information flying about, the need for top-notch privacy measures isn’t unwarranted.

Today, in an attempt to ease your mind, we’ll take a look at the most popular encryption protocol that companies are using — Transport Layer Security (TLS) — and tell you whether it’s capable of making your conferences tamper-proof.

What is TLS?

Transport Layer Security (TLS) is a widely-used security protocol that facilitates privacy and security for information exchanged over the internet. TLS is a worthy successor of the Secure Socket Layer (SSL) protocol, which was first introduced by Netscape in 1996.

TLS 1.3 is the current industry-standard. It succeeded TLS 1.2 in 2018.

How does TLS protect your data?

  • Uses same pre-defined keys for encryption and decryption
  • Public Key Cryptography is used to authenticate
  • Undetected loss is prevented with the use of integrity checks

Before two parties start exchanging data over a TLS connection, a sequence, called TLS Handshake, is carried out. Through the handshake, the parties agree upon the encryption keys that would be used throughout the session. TLS uses Public Key Cryptography to set the encryption/session keys over an encrypted channel. The handshake once again makes use of the Public Keys to carry out the authentication process.

After the authentication and encryption are confirmed, the data packets are signed off with a unique Message Authentication Code (MAC). This allows the clients to verify the integrity of the data packages. Once all prerequisites are met, clients can exchange data over a secure TLS connection.

A real-world example of TLS

Now that you’re familiar with the basics of TLS, let’s take a look at how it works in the real world.

For example, imagine you are texting with your friend over a TLS connection — which is standard for almost all video conferencing apps and websites. Now, every text or media file you send is first encrypted and sent directly to the server. The server decrypts the package, verifies, encrypts it again, and sends it over to the intended recipient. Finally, the message is again decrypted at your friend’s end, allowing them to read and respond accordingly.

Is TLS enough?

As mentioned, COVID-19 has directed a lot of traffic to video conferencing platforms. The likes of Zoom, Microsoft Teams, and Google Meet have benefitted greatly from the lockdown measures, but they haven’t particularly done enough to ensure our security.

Related: Zoom vs Google Meet

Almost all leading video conferencing platforms use Transport Layer Security or Transport Encryption to safeguard our data. And while that seems secure enough for most occasions, it’s hardly the gold standard of security and privacy.

Unlike End-to-End Encryption, TSL allows your server to decrypt the data you are transmitting. So, unless you’re sharing public / non-sensitive info, you could deem it unnecessary and exploitation of your privacy. It also makes your messages vulnerable to government intrusion, meaning they could take harsh actions if they intended.

Additionally, in a TSL connection, the server and client computer are free to pick the form of encryption their session would have. So, they could pick a standard that isn’t as robust as you’d like, leaving you vulnerable to cyber-attacks.

Although this issue is usually prevalent when communicating with a “secure” website, it’s still something worth pondering over.

Sushan

A mediocre engineer hoping to do something extraordinary with his pen (well, keyboard). Loves Pink Floyd, lives football, and is always up for a cup of Americano.