Potential Security Risk with Transport Layer Security (TLS) Protocol




Lock Icon

Internet applications like Facebook, online shopping and online banking are now part of our daily routine. To save time and minimize effort, most of our transactions or communications are done online.

Most of us are enjoying the benefits of online activities but at the same time are also aware of the possible dangers that come with it. As much as we try to be responsible and careful, there will always be someone or something that would compromise the whole system.


Let us take Transport Layer Security (TLS) protocol as an example. TLC protocol makes sure that there is privacy and security between the online application and the user. The protocol has two-layers that encrypts, authenticates and provides cryptographic data.


This has been considered as the next generation protocol after Secure Socket Layer (SSL). With this protocol, users get to enjoy secure online banking and even credit card transactions. That is why this protocol is commonly used by a lot of email systems, banking operations and applications such as Facebook.



Currently, there has been no major security risk brought by the flaw of this protocol.





However, research discovered a weakness with Transport Layer Security (TLS) protocol. Through TLS, attackers may interfere on the connection between client and user. During the whole exchange of data between application and user, the attacker would be able to intercept the exchange and maybe able to insert malicious data to benefit the attacker.


This is also commonly referred to as ‘Man-in-the Middle’ attack. This occurs during the termination of the Transport Layer Security session. The manner by which the protocol ends the session seems to let slip bits of information. The attacker may then connect these bits of data to progressively figure out the information being exchanged.


Currently, there has been no major security risk brought by the flaw of this protocol. But with its prevalent use, many companies are already dealing with the matter before serious attack is used on the TLS protocol. They have been testing their systems and putting up suitable defenses where needed.



Leave a Comment

*