TLS – Transport Security Layer

tls

Transport Layer Security (TLS) is a cryptographic protocols designed to provide communications security over a computer network.
It’s the protocol always used to keep safe your privacy when you connect to your bank over internet (https:// is TLS in  web browsing).

TLS uses RSA certificates and hence asymmetric cryptography to authenticate the counterpart with whom they are communicating,and to negotiate a symmetric session key. This session key is then used to encrypt data flowing between the parties. This allows for data/message confidentiality, and message authentication codes for message integrity and as a by-product, message authentication.

An important property in this context is forward secrecy, so the short-term session key cannot be derived from the long-term asymmetric secret key.

As a consequence of choosing RSA certificates, certificate authorities and a public key infrastructure are necessary to verify the relation between a certificate and its owner, as well as to generate, sign, and administer the validity of certificates. While this can be more beneficial than verifying the identities via a web of trust, the 2013 mass surveillance disclosures made it more widely known that certificate authorities are a weak point from a security standpoint, allowing man-in-the-middle attacks (MITM). The certificate pinning is the solution.