One day Mickey was at the beach when he saw Minnie
Mickey – Hey Minnie
Minnie – Hi Mickey
Mickey – What are you doing here
Minnie – Just came for a walk. I am thinking something
Mickey – What exactly
Minnie – I need to explain TLS to my class tomorrow and I do not know anything
Mickey – Do not worry. I will help you. I know you understand better with a story
Minnie – Great
Mickey – here we go
Mickey – Let’s say you have got a box of precious stones and your friend Goofy requests to have that box
Minnie – Okay
Mickey – And both of you want to transfer it securely
It should not get stolen on the way
No one should be able to see what is inside
No one should be able to replace the content of the box
Minnie – Of course
Mickey – So this is how you start the process
Step 1: Goofy sends you a message that he wants the box but needs to transfer it securely
Step 2: Minnie agrees to use a secure process
Step 3: Minnie now sends his identification details to Goofy along with a key (Public Key) This key will be used to lock the box but cannot be used to unlock. To unlock we will use a Private Key that is with Minnie
Step 4: Goofy uses the public key to generate a shared key that can be used further in the communication
Step 5: Goofy now sends a “Finished” message. But does not send the shared key directly. He sends along with a pre-master key (generated from Minnie’s public key)
Step 6: Minnie receives the message and decrypts and gets the shared key
The secure connection is now established and they can communicate using the shared key
Step 7: Now Minnie uses the shared key to lock the box and sends it to Goofy
Step 8: Goofy uses the shared key to unlock the box and gets the precious stones
Minnie – Oh Great, So this is how TLS works
Mickey – Yes, now let us understand
TLS = Transport Layer Security
TLS is a security protocol to enable secure data transfer
TLS encrypts data sent over the Internet to ensure that hackers are unable to see it
Minnie – This is interesting
Mickey – So in our example, you can see Goofy is the client and Minnie is the server
Client notifies the server that it desires a secure TLS connection instead of a standard insecure connection
Server confirms this and responds with a yes and a digital certificate along with a public key
The digital certificate is the server’s way of saying “Yes, I really am who you think I am”.
Client verifies the certificate and also gets the public key.
Client uses the public key encryption to privately generate a shared key
Client sends a “Finished” message to the server encrypted using the shared key.
Along with this it also sends a pre-master key (encrypted with the server’s public key. This can be used by server to get the shared key
The server can now compute the shared key based on the pre-master key, and attempt to decrypt the “Finished” message with that key.
Finally, Client and Server can exchange data encrypted using shared key
source – https://comodosslstore.com/blog/what-is-ssl-tls-client-authentication-how-does-it-work.html
Minnie – Great now I get how the TLS process works
Mickey – Great do you want to go back home
Minnie – No let’s just sit here and watch the sunset
Mickey – Sure
Minnie – You are my best friend
Mickey – I am always here for you 🙂
about the author | more stories
References
https://en.wikipedia.org/wiki/Transport_Layer_Security
https://flickerleap.com/internet-security-ssl-tls-https
https://www.khanacademy.org/computing/computers-and-internet/xcae6f4a7ff015e7d:online-data-security/xcae6f4a7ff015e7d:secure-internet-protocols/a/transport-layer-security-protocol-tls
