What is TLS? And why Transport Encryption is not sufficient? – The Android Soul

Privacy and security are the two most valuable terms in this rapidly-expanding era of technology. From regular individuals to hotshot corporations, everyone is wary of the privacy of the security of the information they are exchanging.

In the aftermath of the COVID-19 pandemic, almost all corporations have turned to video conferencing applications to keep their operations afloat. Now, with so much sensitive information flying about, the need for top-notch privacy measures isnt unwarranted.

Today, in an attempt to ease your mind, well take a look at the most popular encryption protocol that companies are using Transport Layer Security (TLS) and tell you whether its capable of making your conferences tamper-proof.

Transport Layer Security (TLS) is a widely-used security protocol that facilitates privacy and security for information exchanged over the internet. TLS is a worthy successor of the Secure Socket Layer (SSL) protocol, which was first introduced by Netscape in 1996.

TLS 1.3 is the current industry-standard. It succeeded TLS 1.2 in 2018.

Before two parties start exchanging data over a TLS connection, a sequence, called TLS Handshake, is carried out. Through the handshake, the parties agree upon the encryption keys that would be used throughout the session. TLS uses Public Key Cryptography to set the encryption/session keys over an encrypted channel. The handshake once again makes use of the Public Keys to carry out the authentication process.

After the authentication and encryption are confirmed, the data packets are signed off with a unique Message Authentication Code (MAC). This allows the clients to verify the integrity of the data packages. Once all prerequisites are met, clients can exchange data over a secure TLS connection.

Now that youre familiar with the basics of TLS, lets take a look at how it works in the real world.

For example, imagine you are texting with your friend over a TLS connection which is standard for almost all video conferencing apps and websites. Now, every text or media file you send is first encrypted and sent directly to the server. The server decrypts the package, verifies, encrypts it again, and sends it over to the intended recipient. Finally, the message is again decrypted at your friends end, allowing them to read and respond accordingly.

As mentioned, COVID-19 has directed a lot of traffic to video conferencing platforms. The likes of Zoom, Microsoft Teams, and Google Meet have benefitted greatly from the lockdown measures, but they havent particularly done enough to ensure our security.

Related: Zoom vs Google Meet

Almost all leading video conferencing platforms use Transport Layer Security or Transport Encryption to safeguard our data. And while that seems secure enough for most occasions, its hardly the gold standard of security and privacy.

Unlike End-to-End Encryption, TSL allows your server to decrypt the data you are transmitting. So, unless youre sharing public / non-sensitive info, you could deem it unnecessary and exploitation of your privacy. It also makes your messages vulnerable to government intrusion, meaning they could take harsh actions if they intended.

Additionally, in a TSL connection, the server and client computer are free to pick the form of encryption their session would have. So, they could pick a standard that isnt as robust as youd like, leaving you vulnerable to cyber-attacks.

Although this issue is usually prevalent when communicating with a secure website, its still something worth pondering over.

Read more from the original source:
What is TLS? And why Transport Encryption is not sufficient? - The Android Soul

Related Posts
This entry was posted in $1$s. Bookmark the permalink.