Security Encyclopedia

Transport Layer Security (TLS)

Transport Layer Security (TLS) is a way to secure information as it is carried over the Internet: users browsing websites, emailing, instant messaging, and conversing via Voice Over IP (VoIP). TLS is the successor to Secure Sockets Laye (SSL) and the security it provides is a cornerstone of the modern Internet.

The goal of TLS is to provide a private and secure connection between a web browser and a website server. It does this with a cryptographic handshake between to two systems using public-key cryptography (PKC). They two parties to the connection exchange a secret token, and once this token is validated by each machine it is used for all communications. The connection employs lighter symmetric cryptography to save bandwidth and processing power.

Any remote services connection to a website requires some form of communication, and communication relies on a transport mechanism. To achieve a secure end-to-end communication the transport layer medium must be encrypted. Otherwise data passing through it can be compromised. The potential to steal data carried this way is not only a privacy issue, it would also be a way to steal large amounts of sensitive information.

Example:

“Without TLS protecting the connections between a web sites and their users, the viability of the Internet would be in question. Sensitive information users input such as PII and CHD would be open to eavesdropping and theft, leading to mass instances of identity theft and financial fraud. There’d be no trust in online service and Internet adoption would have stalled.”