The importance of TLS in Linux

The Internet of Things (IoT) has led to the proliferation of connected devices. This surge has also opened doors to compromised data. As new technologies fuel growth, let's take a closer look at how we can deal with data security and privacy in this hyper-connected age.

To ensure Internet security, Netscape Communication Corporation developed the Secure Socket Layer (SSL) protocol, the first-ever secure layer for internet communication to prevent data leak and intrusions. For years, the SSL protocol remained the most popular version of SSL. To deal with the challenges that arose in the late 90s, an upgraded, more secure version called the Transport Layer Security (TLS), was built on top of SSL.

At its core, the TLS was developed from the ground up as an applications-independent protocol. This means that along with web browsers, TLS can also be used for other applications, such as email, audio and video communication, file transfer, internet telephony (VoIP), and now, IoT.

In this article, we will illustrate how TLS works, the various protocols it supports, how it implements data encryption, and why it’s important to enable it on Linux systems to secure data.

How TLS works

TLS encrypts data during transit to prevent hacking while on its way to its destination. This means that there is no eavesdropping or modification to the content during transit, just like tamper-proof packaging. To make this encryption (and later decryption) possible, TLS uses both symmetric and asymmetric cryptography to ensure there’s no compromise to performance and security.

TLS uses symmetric cryptography to encrypt the data with a secret key. While the secret key has 128-bit encryption by default, it's recommended to use 256-bit-long keys for unmatched security. Symmetric cryptography makes sure that no resource or time is wasted in the computation itself. However, both encryption and decryption use the same secret key. This implies that the key has to be shared securely with both parties.

How TLS works Fig 1. How TLS works

In asymmetric cryptography, there are two key pairs for TLS (as with SSL): a public key, and a private key. The public key encrypts the data, while the server uses its private key for decryption. The advantage here is that the public key can be shared without any security in place.

Even though the public key is open to the world, the mathematical relationship between the public and the private keys cannot be easily derived or duplicated, especially when the keys are larger. While it is common to use keys with a minimum length of 1024 bits, 2048-bit keys are preferred.

TLS uses this asymmetric encryption to securely generate and share a session key. This key is then used to encrypt all data being exchanged between the parties. TLS also discards the key when the session is over.

Another layer of security is applied where a client can validate if the public key shared by the server actually belongs to the server. This is validated using a certificate issued by the Certificate Authority (CA) (www.ssl.com/faqs/what-is-a-certificate-authority/). A CA issues digital certificates that attests the authenticity of the certificate’s owner. This also certifies that the owner controls the domain to which the public key belongs and it can therefore be trusted by clients.

TLS protocols

The transport layer can be broadly divided into three layers:

  • The physical layer: IEEE 802.3 (Ethernet) and 802.11 (WLAN) protocols reside here. These protocols physically transmit data between devices irrespective of the type of data being transmitted. There is security in place, but this is not TLS.
  • The network layer: This includes the IP address of every device on the network so that data can be sent to it. The IP address of a device on a private network is unique to that network. There are two versions of IP: IPv4 and IPv6. But again, this doesn’t include TLS.
  • The transport layer: This layer contains two protocols, Transmission Control Protocol (TCP) (www.guru99.com/tcp-ip-model.html) and User Datagram Protocol (UDP). UDP is targeted at data size and transmission speed rather than the security of the data. Therefore, it is generally used in applications where a lot of data has to be transmitted quickly—usually in private networks. For other applications, TCP is used.

TLS must be enabled on every server that hosts applications communicating over TCP/IP. By default, TCP, or any kind of security, is not enabled on servers

There are two types of protocols in the application layer: HTTP and HTTPS. HTTP doesn’t provide security and leads to issues like man-in-the-middle attacks. HTTPS is used instead of HTTP to keep data secure during transit. To configure HTTPS on a server, you need to provide the following data:

  • The type of encryption (SSL or TLS)
  • The certificates provided by a CA
  • The port
  • Other parameters

SSL was deprecated in its third version in 2015 in favor of the TLS, which has proven to be more secure. Today, most modern applications use TLS for encryption, which is indicated with a padlock symbol in browsers—a universally recognized symbol.

TLS encryption

As shown above, TLS encrypts data in transit. But how does TLS ensure that? Below is the sequence of events that happen during the encryption.

  • TLS uses a cryptographic hash function to calculate the hash of the message being transmitted. This function is similar to a checksum, except that it’s used to detect intentional tampering of data instead of accidental tampering.

  • Passing the data through a cryptographic hash function generates a string of random bits. Even a small modification in the data could lead to massive changes in the string generated by the function, making it easy to check if the data has been tampered with. Moreover, a cryptographic hash function does not need a key to process the data, so it’s easier to calculate the hash at the receiving end. TLS uses the popular Secure Hash Algorithm (SHA) to calculate this hash.

  • TLS can also go one step further by using a cryptographic key along with the data being processed by a hash function. Including this key generates a message authentication code (MAC), also known as HMAC.

  • Once calculated, the HMAC is appended to the original message before it’s encrypted with a secret key and transmitted to the server.

When the server decrypts the data with the secret key, the server can calculate the HMAC again to compare it with the original transmitted by the client. If they match, it proves that the message wasn’t compromised during transit. If they don’t, it means the message has been exposed to tampering.

Why is TLS important in Linux?

TLS plays a crucial role in making sure that the data being transmitted over the internet is secure and safe from man-in-the-middle attacks. But how do we make sure TLS is enabled on the web servers themselves?

The majority of servers on the internet today are deployed on Linux machines. That explains why there is already ample support for TLS in Linux. All of the informational and technical guides needed to set up and enable TLS for Linux are available for any given server and operating system of choice.

Fortunately, almost all of the methods discussed above are supported natively by Linux (by default). Linux is also usually the place where data transmission begins, terminates, and comes to rest. This makes it all the more important to ensure that TLS works as expected on all Linux machines, leaving no loophole or weak points.

Summary

Today, online (or digital) transactions require sharing sensitive, personal information online. Unauthorized access to these transactions mid-stream can result in exposing potentially-sensitive data. If someone else gains access to it midstream, it can lead to extreme trouble.

To avoid letting this data fall into the hands of bad actors, it needs to be doubly secured during transit. Today, the TLS is the best method in use, as it encrypts data during transit all the way from the source to the destination. This means that even if somebody eavesdrops, they won’t know what’s being said, thanks to private keys.

Linux is the most preferred operating system for servers today so enabling TLS for Linux becomes crucial to ensure data security.

Was this article helpful?
Network monitoring made simple

Easily administer network devices, monitor traffic, and manage device configurations in one place.

Related Articles

Write For Us

Write for Site24x7 is a special writing program that supports writers who create content for Site24x7 "Learn" portal. Get paid for your writing.

Write For Us

Write for Site24x7 is a special writing program that supports writers who create content for Site24x7 “Learn” portal. Get paid for your writing.

Apply Now
Write For Us