1 / 20

SSL/TLS Trends, Practices, and Futures

Explore the global trends in SSL/TLS encryption, best practices for implementation, and upcoming advancements in the field. Gain insights into the growth of encryption, emerging standards, and the three pillars of effective SSL/TLS encryption. Learn about the importance of key and certificate management, hardware security modules, and encryption optimization. Discover the latest developments in TLS 1.3 and HTTP/2.

mthrasher
Download Presentation

SSL/TLS Trends, Practices, and Futures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SSL/TLS Trends, Practices, and Futures Brian A. McHenry, Security Solutions Architect bam@f5.com @bamchenry

  2. Agenda • Global SSL Encryption Trends and Drivers • A Few “Best” Practices • Solutions • What’s Next?

  3. Gartner Says Worldwide Information Security Spending Will Grow Almost 8 Percent in 2014 • Worldwide spending on information security will reach $71.1 billion in 2014 • Data loss prevention segment recording the fastest growth at 18.9 percent, • By 2015, roughly 10% of overall IT security enterprise product capabilities will be delivered in the cloud • Regulatory pressure will increase in Western Europe and Asia/Pacific from 2014

  4. Trajectory and Growth of Encryption SSL growing ~30% annually. Entering the Fifth wave of transition (IoE) E-Commerce Privacy Mobility IoE Snowden Market AMPLIFIERS • Customer Trends: • PFS/ECC Demanded • SSL Labs Application Scoring • Emerging Standards: • TLS 1.3, HTTP 2.0/SPDY • RSA -> ECC • Thought Leaders and Influence: • Google: SHA2, SPDY, Search Ranking by Encryption • Microsoft: PFS Mandated Millions of Certificates (CA) Source: Netcraft Years

  5. Timeline of SSL Vulnerabilities & Attacks Heartbleed The end of the Internet as we know it! TIME A refinement and variation of CRIME BEAST & CRIME Client-side or MITB attacks leveraging a chosen-plaintext flaw in TLS 1.0 and TLS compression flaws Lucky 13 Another timing attack. August 2009 Insecure renegotiation vulnerability exposes all SSL stacks to DoS attack RFC 5746 TLS extension for secure renegotiation quickly mainstreamed RC4 Attacks Weakness in CBC cipher making plaintext guessing possible TLS August 2009 September 2011 February 2010 … February 2013 March 2013 March 2013 April 2014

  6. The Three Pillars of Effective SSL/TLS Encryption • SSL Intelligence and Visibility (Full Proxy) • Enterprise key & Certificate Management • Hardware Security Modules • Fully Automated Key and Certificate Management: • For all BIG-IP platforms • For all vendor platforms • 3rd Party Integration for best-in-class key encryption: Venafi, Symantec/ VeriSign • PKI Supported Environments • Flexible & Scalable Encryption: • Optimized SSL in Hardware and Software • Cipher Diversity (RSA, ECC, DSA) • SSL Visibility: Proxy SSL & Forward Proxy • SSL Traffic Intelligence: • HSTS, HTTP 2.0/SPDY, OCSP Stapling, TLS Server Session Ticket • Advance HSM Support: • High Performing HSM options • Virtualized low-bandwidth options • Market Leading HSM Vendor Support

  7. Data Protection: Microsoft and Google Expands Encryption

  8. If You Thought Encryption was confusing…ECC, PFS and Curves Not all curves are considered equal Different Authorities: • US NIST (US National Institute of Standards) with 186-2 (recently superseded in 2009 by the new186-3) • US ANSI (American National Standard Institute) with X9.62 • US NSA (National Security Agency) Suite-B Cryptography for TOP SECRET information exchange • International SACG (Standards for efficient cryptography group) with Recommended Elliptic Curve Domain Parameters • German ECC BrainpoolwithECC Brainpool with their Strict Security Requirements • ECC Interoperability Forum composed by Certicom, Microsoft, Redhat, Sun, NSA

  9. If You Thought Encryption was confusing…ECC, PFS and Curves Not all curves are considered equal Different Names: • Secp246r1, Prime256v1, NIST P-256 Different Kinds of Curves: • ECC over Prime Field (Elliptic Curve) • ECC over Binary Field (Koblitz Curve) Other Curves: • Curve25519 (Google) • Mumford (Microsoft) • Brainpool

  10. Some SSL Best Practices

  11. SSL: Not Just for Security • Google has begun adjusting page rank based on SSL implementations • F5 customers have third-party/B2B requirements for strong encryption • SSL Labs’ Pulse tool has made testing easy • Users and businesses are choosing services based on Pulse grades

  12. Achieving A+ Grades on SSLLabs.com • Require Secure Renegotiation • Disable SSLv2 and SSLv3 Use an explicit, strong cipher string, such as: • !SSLv3:!TLSv1:!EXPORT:!DH:!MD5:!RC4:RSA+AES:RSA+3DES:ECDHE+AES:ECDHE+3DES:ECDHE+RSA:@STRENGTH • Prefer Perfect Forward Secrecy (PFS) • Done via prioritizing Ephemeral (DHE, ECDHE) ciphers in the string above • Enable HTTP Strict Transport Security (HSTS) • RFC 6797

  13. HSTS is enabled by the “Strict-Transport-Security” HTTP header e.g.: Strict-Transport-Security: max-age=10886400; includeSubDomains; preload When received, browsers will: Automatically convert HTTP references to HTTPS references Disallow certificate exemptions (self-signed, etc.) Cache HSTS information and reuse stored values for new sessions More detail: HTTP Strict Transport Security Available in 12.0

  14. What’s Next?

  15. TLS 1.3 and HTTP/2 Update HTTP/2 ratified this month. • RFC due soon • ALPN integrates application protocol negotiation into the TLS handshake • TLS encrypted by default TLS 1.3 RFC expected in April 2016 • Remove renegotiation • AEAD ciphers only

  16. A Quick Primer on Certificate Revocation If a SSL certificate is stolen or compromised, sites need a way to revoke the certificate so it will no longer be trusted. Revocation is handled by either CRL or OCSP. CRL: Certificate Revocation List The browser retrieves the list of all revoked certificates from the CA. The browser then parses the whole list looking for the certificate in question. OCSP: Online Certificate Status Protocol The browser sends the certificate to the CA for validation. The CA responds that the certificate is good, revoked, or unknown. OCSP is more efficient than CRL, but there’s room for improvement! New Feature: OCSP Stapling

  17. OCSP and CRL checks add significant overhead: DNS (1334ms) TCP handshake (240ms) SSL handshake (376ms) Follow certificate chain (1011ms) DNS to CA (300ms) TCP to CA (407ms) OCSP to CA #1 (598ms) TCP to CA #2 (317ms) OCSP to CA #2 (444ms) Finish SSL handshake (1270ms) <TOTAL: 6.3 Seconds> Add up the time for each step and you'll see that over 30% of the SSL overhead comes from checking whether the certificate has been revoked. These checks are serial and block downloads. OCSP & CRL Checks Hurt Performance This portion is revocation check overhead.

  18. OCSP Stapling allows the server to attach CA signed information regarding the certificates validity. Processing with OCSP enabled: DNS (1334ms) TCP handshake (240ms) SSL handshake (376ms) Follow certificate chain (1011ms) Process OCSP Data (10ms) Finish SSL handshake (1270ms) <TOTAL: 4.2 Seconds> OCSP Stapling also eliminates communication with a third party during certificate validation. This may be considered better security since it prevents information leakage. OCSP Stapling to the Rescue

More Related