A deep dive into SSL and TLS: The protocols that secure the Internet

SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are cryptographic protocols that secure data transmitted over the Internet. They ensure:

• Confidentiality - your data is only accessible by client and server.
• Integrity - your data isn’t altered in transit.
• Authentication - you’re sure you’re talking to the real server.

When you see the padlock icon in your browser that’s TLS protecting your connection.

SSL was the original protocol designed and developed by Taher Elgamal at Netscape in 1994 , but it’s now obsolete due to security flaws. TLS is its modern, secure successor. Today, when people say “SSL,” they often mean “TLS.” The current version widely used is TLS 1.3, which is faster and more secure than older versions.

The Internet

At its core, the Internet is not one big “thing” owned by a single company. it’s thousands of independent networks connected together. These networks belong to:

• Internet Service Providers (ISPs)
• Telecom companies
• Cloud providers (e.g., AWS, Azure, GCP)
• Enterprises
• Governments
• Universities

Each network is called an Autonomous System (AS), and they peer with each other using protocols like Border Gateway Protocol (BGP) to share routes.

What is an Autonomous System (AS)?

• An Autonomous System is a collection of IP networks (prefixes) that are managed by a single organization and that share a common routing policy.
• Each AS has a globally unique number called an Autonomous System Number (ASN).
• Routers inside an AS speak internal routing protocols (like OSPF, IS-IS, or iBGP), and communicate with other AS using BGP (Border Gateway Protocol).
• Example:
  1. Google (AS15169)
  2. Cloudflare (AS13335)
  3. Jio(AS55836)
  4. Airtel(AS9498)

Why ASNs matter and who Assigns it ?

There is a hierarchy of organizations that manage Internet number resources (IP addresses and ASNs):

1. IANA (Internet Assigned Numbers Authority)

   • IANA is at the top level.
   • It manages global IP address space and ASN pools.
   • It is operated by ICANN (Internet Corporation for Assigned Names and Numbers).

2. RIRs (Regional Internet Registries)

   • IANA delegates blocks of IP addresses and ASN ranges to 5 RIRs, each covering a specific region:
   • ARIN (North America)
   • LACNIC (Latin America & Caribbean)
   • RIPE NCC (Europe, Middle East, parts of Central Asia)
   • APNIC (Asia Pacific)
   • AFRINIC (Africa)

3. NIRs (National Internet Registries)

   • In some regions, there are National Internet Registries (NIRs) that further manage allocation within a country.
   • For example these are some NIRs operating under APNIC:
     • IRINN, Indian Registry for Internet Names and Numbers
     • CNNIC, China Internet Network Information Center
     • JPNIC, Japan Network Information Center

4. Local ISPs, Enterprises, Organizations

   • These entities apply to their RIR or NIR to request an ASN. -They must justify why they need an ASN (usually because they plan to run BGP with other networks).
   • Once assigned, they are globally registered.

Every BGP router announces IP prefixes with its ASN as it helps establish routing policies, peering agreements, and routing decisions.

When you visit google.com, your data may flow through:

Each router uses BGP to decide how to route traffic across AS boundaries.

Since your packets cross multiple ASes you don’t control. Any compromised router in any AS could inspect or modify unencrypted traffic.

TLS ensures that even though your data flows through all these ASes, only you and the server can read it.

How SSL/TLS protects your data ?

When you connect to a website over HTTPS, TLS works behind the scenes to secure your connection.

Since your data is flowing through someone else networks and routers to the destination server anyone in midle can read and write to the data.

TLS protects your data in three key ways:

1. Confidentiality

   • Data is only accessible by client and server.
   • TLS achieves confidentiality through a cryptographic technique called Encryption.
   • TLS encrypts all the data you send and receive.
   • Even if someone intercepts your traffic (e.g. ISP, hacker, rogue router), they only see scrambled, unreadable data.
   • Only your browser and the server have the keys to decrypt the data.

2. Integrity

   • Data hasn’t been modified between client and server.
   • TLS achieves integrity through a cryptographic technique called Hashing.
   • TLS ensures that the data hasn’t been tampered with during transmission but it does’t prevent from modification.
   • If any data is altered, it will be detected instantly and the connection will fail.

3. Authentication

   • Client and server are indeed who they say they are.
   • TLS achieves authentication through a system called PKI (Pulbic key infrastructure).
   • TLS verifies the identity of the server using digital certificates issued by trusted Certificate Authorities (CAs).
   • This prevents attackers from impersonating a real website (e.g., phishing, man-in-the-middle attacks).

Learning Resources

• Practical TLS Playlist

Conclusion