TLS (Transport Layer Security) protocol is the successor to SSL (Secure Sockets Layer) that provides privacy and data integrity between two communicating applications. TLS 1.3 will be unparalleled in terms of privacy and performance, as compared to its earlier counterparts – TLS & HTTP secure. The top five advantages include:
1. Improved encrypted connections:
The latest TLS1.3 version includes improvements in security and performance by achieving encrypted connections between client and server that are more secure and faster than ever.
2. Faster Handshakes:
Use of 1-RTT (round trip time) between client and server while performing full handshake makes it better than the earlier version of TLS protocol where 2-RTT was required before the client sent application data.
3. High level confidentiality:
The Ephemeral mode Diffie-Hellman key exchange instead of static RSA keys ensures forward secrecy. It means that if someone at some point in the future were to get access to a server’s private key, they will not be able to crack the past conversations even if they access a conversation log.
Essentially, this ensures that any compromise of a private or long-term key today or in the future will not compromise the confidentiality of past sessions, thus ensuring the security of transaction history..
4. Enriched browsing experience:
The Zero-RTT makes it faster to connect and load web pages, do multiple transactions over the internet and in general provides a much more responsive browsing and internet experience.
5. Platform for new avenues:
TLS1.3 can be used as the Cryptographic infrastructure for exciting new protocols such as QUIC (Quick UDP Internet Connection is based on UDP often used by gaming, streaming media and VoIP services).
And there’s a bonus point! It is a lightweight protocol which makes it perfect to go on all your IOT network devices. This is achieved by reduced TLS certificate size during authentication..
For example, let us consider a connected IoT device like a wind sensor.
A wind sensor keeps on measuring the wind speed and needs to send this information to the application server.
Scenario 1: Information being conveyed by the IOT device using HTTP POST with TLS1.2
Additionally, if the same IoT device talks to same server again, there will be no RTT at all. This is because the parameters chosen in the initial handshake are sent along with the application data in the first packet itself, to ensure zero RTT.
The Path is set:
Popular browsers like Google Chrome and Firefox have already rolled out draft versions of TLS1.3. Most of the design concerns are figured out and soon we will see TLS1.3 in all web applications. The new WebApps are going to be super secure and faster than ever.
Make your Move:
As the stage is set we recommend you make your move and start implementing TLS1.3 across all your IOT devices.
You might have to remember one thing though - all IOT devices have space constraints, which can pose a challenge while moving to TLS 1.3. This can be mitigated using elliptic curve cryptography algorithms, which have smaller keys in TLS Certificate size, which in turn saves memory space on the connected IoT device.
Technical Lead at Wipro’s Industrial & Engineering Services vertical.
Suresha Ejari is a Technical Lead at Wipro’s Industrial & Engineering Services vertical. He handles development of the Security Validation Framework and manages Vulnerability Assessment Penetration Testing. He has previously worked as a Security Expert performing threat model analysis for various hardware devices.