On the security of TLS 1.2 and TLS 1.3. A comparison

Seminar paper from the year 2021 in the subject Computer Science - IT-Security, grade: 95%, Ruhr-University of Bochum, language: English, abstract: This report analyses the security of older TLS versions by illustrating a taxonomy of attacks and explaining technical details on the BEAST and Lucky Thirteen attack. The fundamentals of TLS are based on the TLS 1.2 standard. Furthermore, the advantages of a migration to TLS 1.3 are highlighted.The internet has become part of our daily lives. When the internet was originally designed, no one was considering the potential threats it might behold. Today, all devices connected to the internet have one thing in common - they rely on secure protocols to protect the information in transit. This is where Secure Socket Layer (SSL) and Transport Layer Security (TLS) come into play.The Transport Layer Security protocol quickly became dominant for use in applications and servers for transferring data across the internet in a secure manner. One way to recognize a secure website is the usage of Hypertext Transfer Protocol Secure (HTTPS). The "S" in HTTPS stands for "Secure" and is an easy characteristic to identify secure website connections. Furthermore, to highlight to a client that TLS is used to protect HTTP, the server may replace the protocol naming in the URL with https and add a lock symbol or even a coloured address bar. Besides, the Google Chrome Web browser has started flagging all unencrypted HTTP sites as "not secure" Moreover, Google is penalizing websites which are not protected. The TLS Protocol is widely used for providing internet security. The protocol has been subject to several version upgrades over the course of its 25-year lifespan. Although TLS 1.3 is the latest version, its predecessor TLS 1.2 is most widely supported by websites. The versions minor to TLS 1.3 have several vulnerabilities which have been exploited in attacks like POODLE, BEAST etc.