next up previous
Next: Murphi model of TLS Up: Analyzing the TLS protocol Previous: Introduction

The TLS protocol

The TLS (Transport Layer Security) protocol is a further development of the SSL (Secure Socket Layer) protocol developed by Netscape Communications Corp. Thus, it is based mainly on SSL which has been widely used for about three years. The purpose of this protocol is to create a secure connection between two computers over an insecure network. It uses the TCP protocol for a reliable connection and is based on top of it. It is quite easy to integrate into an application, because the protocol is capable of establishing and handling a secure connection completely on its own. SSL is implemented in all important web browsers. The purpose of TLS is to replace SSL because SSL still has some unsolved security issues. The most important part of TLS is the handshake between a client and a server to which the client wants to connect. During this handshake all security parameters and secrets are exchanged. Thus, this is the most vulnerable point of the protocol. My work is based on the internet draft 5 by the Internet Engineering Task Force. This draft was replaced just some days ago by a new draft with minor changes.

Figure 1: Message flow for a handshake
\includegraphics [width=8cm]{handshake.eps}

Figure 1 shows how a connection is established. At first the client sends a ClientHello message to the server which includes the desired cipher suite and a random value. The server has to respond with a ServerHello message which includes the chosen cipher suite, a session ID and another random value. The cipher suite determines which algorithm should be used for the key exchange and the encryption. Dependent of the chosen cipher suite, the server sends a certificate and parameters for the key exchange. Afterwards a ServerHelloDone is sent to indicate that the server is finished. Then the client has to send its parameters for the key exchange. Afterwards a ChangeCipherSpec message is sent, followed by a Finished message which is now encrypted with the key just exchanged. After this is done by both sides, the handshake is finished. Now both client and server are in possession of a master secret with which all following messages, the application data, are encrypted.
next up previous
Next: Murphi model of TLS Up: Analyzing the TLS protocol Previous: Introduction
Tim Wellhausen
2000-01-20