We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byStefan Haskett
Modified about 1 year ago
SSL/TLS Trends, Practices, and Futures Brian A. McHenry, Security Solutions Architect email@example.com @bamchenry @bamchenry
© F5 Networks, Inc. 2 1.Global SSL Encryption Trends and Drivers 2.A Few “Best” Practices 3.Solutions 4.What’s Next? Agenda
© F5 Networks, Inc. 3 Worldwide spending on information security will reach $71.1 billion in 2014 Worldwide spending on information security will reach $71.1 billion in 2014 Data loss prevention segment recording the fastest growth at 18.9 percent Data loss prevention segment recording the fastest growth at 18.9 percent, By 2015, roughly 10% of overall IT security enterprise product capabilities will be delivered in the cloud By 2015, roughly 10% of overall IT security enterprise product capabilities will be delivered in the cloud Regulatory pressure will increase in Western Europe and Asia/Pacific from 2014 Regulatory pressure will increase in Western Europe and Asia/Pacific from 2014 Gartner Says Worldwide Information Security Spending Will Grow Almost 8 Percent in 2014
© F5 Networks, Inc. 4 IoE E-CommercePrivacyMobility SnowdenSnowdenSnowdenSnowden Trajectory and Growth of Encryption Customer Trends: PFS/ECC Demanded PFS/ECC Demanded SSL Labs Application Scoring SSL Labs Application Scoring Emerging Standards: TLS 1.3, HTTP 2.0/SPDY TLS 1.3, HTTP 2.0/SPDY RSA -> ECC RSA -> ECC Thought Leaders and Influence: Google: SHA2, SPDY, Search Ranking by Encryption Google: SHA2, SPDY, Search Ranking by Encryption Microsoft: PFS Mandated Microsoft: PFS Mandated MARKET AMPLIFIERS SSL growing ~30% annually. Entering the Fifth wave of transition (IoE) Source: Netcraft Millions of Certificates (CA) Years
© F5 Networks, Inc. 5 Timeline of SSL Vulnerabilities & Attacks February 2010 September 2011 February 2013 March 2013 … April 2014 RC4 Attacks Weakness in CBC cipher making plaintext guessing possible BEAST & CRIME Client-side or MITB attacks leveraging a chosen-plaintext flaw in TLS 1.0 and TLS compression flaws RFC 5746 TLS extension for secure renegotiation quickly mainstreamed Lucky 13 Another timing attack. August 2009 Insecure renegotiation vulnerability exposes all SSL stacks to DoS attack TIME A refinement and variation of CRIME Heartbleed The end of the Internet as we know it!
© F5 Networks, Inc. 6 SSL Intelligence and Visibility (Full Proxy) Enterprise key & Certificate Management Advance HSM Support: High Performing HSM options High Performing HSM options Virtualized low-bandwidth options Virtualized low-bandwidth options Market Leading HSM Vendor Support Market Leading HSM Vendor Support Flexible & Scalable Encryption: Optimized SSL in Hardware and Software Optimized SSL in Hardware and Software Cipher Diversity (RSA, ECC, DSA) Cipher Diversity (RSA, ECC, DSA) SSL Visibility: Proxy SSL & Forward Proxy SSL Visibility: Proxy SSL & Forward Proxy SSL Traffic Intelligence: SSL Traffic Intelligence: HSTS, HTTP 2.0/SPDY, OCSP Stapling, TLS Server Session Ticket HSTS, HTTP 2.0/SPDY, OCSP Stapling, TLS Server Session Ticket Fully Automated Key and Certificate Management: For all BIG-IP platforms For all BIG-IP platforms For all vendor platforms For all vendor platforms 3 rd Party Integration for best- in-class key encryption: Venafi, Symantec/ VeriSign 3 rd Party Integration for best- in-class key encryption: Venafi, Symantec/ VeriSign PKI Supported Environments PKI Supported Environments The Three Pillars of Effective SSL/TLS Encryption Hardware Security Modules
© F5 Networks, Inc. 7 Data Protection: Microsoft and Google Expands Encryption
© F5 Networks, Inc. 8 Not all curves are considered equal Different Authorities: US NIST (US National Institute of Standards) with 186-2 (recently superseded in 2009 by the new186-3)NIST186-2186-3 US ANSI (American National Standard Institute) with X9.62ANSIX9.62 US NSA (National Security Agency) Suite-B Cryptography for TOP SECRET information exchangeNSASuite-B CryptographyTOP SECRET International SACG (Standards for efficient cryptography group) with Recommended Elliptic Curve Domain ParametersSACGRecommended Elliptic Curve Domain Parameters German ECC Brainpool withECC Brainpool with their Strict Security RequirementsECC BrainpoolStrict Security Requirements ECC Interoperability Forum composed by Certicom, Microsoft, Redhat, Sun, NSA ECC Interoperability Forum If You Thought Encryption was confusing… ECC, PFS and Curves
© F5 Networks, Inc. 9 Not all curves are considered equal Different Names: Secp246r1, Prime256v1, NIST P-256 Different Kinds of Curves: ECC over Prime Field (Elliptic Curve) ECC over Binary Field (Koblitz Curve) Other Curves: Curve25519 (Google) Mumford (Microsoft) Brainpool If You Thought Encryption was confusing… ECC, PFS and Curves
Some SSL Best Practices
© F5 Networks, Inc. 11 Google has begun adjusting page rank based on SSL implementations Google has begun adjusting page rank based on SSL implementations F5 customers have third-party/B2B requirements for strong encryption F5 customers have third-party/B2B requirements for strong encryption SSL Labs’ Pulse tool has made testing easy SSL Labs’ Pulse tool has made testing easy Users and businesses are choosing services based on Pulse grades Users and businesses are choosing services based on Pulse grades SSL: Not Just for Security
© F5 Networks, Inc. 12 Require Secure Renegotiation Require Secure Renegotiation Disable SSLv2 and SSLv3 Use an explicit, strong cipher string, such as: Disable SSLv2 and SSLv3 Use an explicit, strong cipher string, such as: !SSLv3:!TLSv1:!EXPORT:!DH:!MD5:!RC4:RSA+AES:RSA+3DES:ECDHE+AES:ECDHE+ 3DES:ECDHE+RSA:@STRENGTH !SSLv3:!TLSv1:!EXPORT:!DH:!MD5:!RC4:RSA+AES:RSA+3DES:ECDHE+AES:ECDHE+ 3DES:ECDHE+RSA:@STRENGTH Prefer Perfect Forward Secrecy (PFS) Prefer Perfect Forward Secrecy (PFS) Done via prioritizing Ephemeral (DHE, ECDHE) ciphers in the string above Done via prioritizing Ephemeral (DHE, ECDHE) ciphers in the string above Enable HTTP Strict Transport Security (HSTS) Enable HTTP Strict Transport Security (HSTS) RFC 6797 RFC 6797 Achieving A+ Grades on SSLLabs.com
© F5 Networks, Inc. 13 HSTS is enabled by the “Strict-Transport-Security” HTTP header e.g.: Strict-Transport-Security: max-age=10886400; includeSubDomains; preload When received, browsers will: Automatically convert HTTP references to HTTPS references Disallow certificate exemptions (self-signed, etc.) Cache HSTS information and reuse stored values for new sessions More detail: HTTP Strict Transport Security AVAILABLE IN 12.0
© F5 Networks, Inc. 14
© F5 Networks, Inc. 16 HTTP/2 ratified this month. RFC due soon RFC due soon ALPN integrates application protocol negotiation into the TLS handshake ALPN integrates application protocol negotiation into the TLS handshake TLS encrypted by default TLS encrypted by default TLS 1.3 RFC expected in April 2016 Remove renegotiation Remove renegotiation AEAD ciphers only AEAD ciphers only TLS 1.3 and HTTP/2 Update
© F5 Networks, Inc. 17 A Quick Primer on Certificate Revocation If a SSL certificate is stolen or compromised, sites need a way to revoke the certificate so it will no longer be trusted. Revocation is handled by either CRL or OCSP. CRL: Certificate Revocation List The browser retrieves the list of all revoked certificates from the CA. The browser then parses the whole list looking for the certificate in question. OCSP: Online Certificate Status Protocol The browser sends the certificate to the CA for validation. The CA responds that the certificate is good, revoked, or unknown. OCSP is more efficient than CRL, but there’s room for improvement! New Feature: OCSP Stapling
© F5 Networks, Inc. 18 OCSP and CRL checks add significant overhead: OCSP and CRL checks add significant overhead: DNS (1334ms) DNS (1334ms) TCP handshake (240ms) TCP handshake (240ms) SSL handshake (376ms) SSL handshake (376ms) Follow certificate chain (1011ms) Follow certificate chain (1011ms) DNS to CA (300ms) DNS to CA (300ms) TCP to CA (407ms) TCP to CA (407ms) OCSP to CA #1 (598ms) OCSP to CA #1 (598ms) TCP to CA #2 (317ms) TCP to CA #2 (317ms) OCSP to CA #2 (444ms) OCSP to CA #2 (444ms) Finish SSL handshake (1270ms) Finish SSL handshake (1270ms) Add up the time for each step and you'll see that over 30% of the SSL overhead comes from checking whether the certificate has been revoked. Add up the time for each step and you'll see that over 30% of the SSL overhead comes from checking whether the certificate has been revoked. These checks are serial and block downloads. These checks are serial and block downloads. OCSP & CRL Checks Hurt Performance This portion is revocation check overhead.
© F5 Networks, Inc. 19 OCSP Stapling allows the server to attach CA signed information regarding the certificates validity. Processing with OCSP enabled: DNS (1334ms) DNS (1334ms) TCP handshake (240ms) TCP handshake (240ms) SSL handshake (376ms) SSL handshake (376ms) Follow certificate chain (1011ms) Follow certificate chain (1011ms) Process OCSP Data (10ms) Process OCSP Data (10ms) Finish SSL handshake (1270ms) Finish SSL handshake (1270ms) OCSP Stapling also eliminates communication with a third party during certificate validation. This may be considered better security since it prevents information leakage. OCSP Stapling to the Rescue
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Putting the Network to Work Manish Vachharajani Senior Architect, F5 Networks.
CP3397 ECommerce. Today’s Lecture Authentication using passwords SSL / TLS SET.
Can SSL and TOR be intercepted? Secure Socket Layer.
Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
HTTPS in 2015 Eric Quick Introductions.
Secure Socket Layer (SSL). 2 TCP/IP Protocol Stack IP TCP Application Layer Transport Layer Network Layer Physical Layer IP packet HTTP ICMP UDP LDAP.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown Edited by Dick Steflik.
HTTPS in 2015 Eric Quick Introductions Eric
Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training WatchGuard XCS What’s New in version 10.1.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
CSCI 6962: Server-side Design and Programming SSL and HTTPS for Secure Communication.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
ITA, , 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.
1 Cryptography CSS 329 Lecture 13:SSL. 2 Lecture Outline SSL/TLS.
Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Washington System Center © 2005 IBM Corporation August 25, 2005 RDS Training Secure Socket Layer (SSL) Overview z/Series Security (Mary Sweat, Greg Boyd)
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
XMPP Concrete Implementation Updates: 1. Why XMPP 2 »XMPP protocol provides capabilities that allows realization of the NHIN Direct. Simple – Built on.
Network Security Essentials Chapter 5 Fourth Edition by William Stallings (Based on Lecture slides by Lawrie Brown)
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Security Systems | ST/SRM3-NA | 4/6/2016 © 2016 Robert Bosch LLC and affiliates. All rights reserved. 1 Ensure data security in a hyper-connected world.
Chapter 8 Web Security. Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats integrity.
EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
David Adrian, Karthikeyan Bhargavan, etc. Presented by Eunyoung Cho.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training What’s New in Fireware v
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Topic 14: Secure Communication1 Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication.
1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev ) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos.
Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
© 2017 SlidePlayer.com Inc. All rights reserved.