Presentation is loading. Please wait.

Presentation is loading. Please wait.

SSL/TLS Trends, Practices, and Futures Brian A. McHenry, Security

Similar presentations


Presentation on theme: "SSL/TLS Trends, Practices, and Futures Brian A. McHenry, Security"— Presentation transcript:

1 SSL/TLS Trends, Practices, and Futures Brian A. McHenry, Security

2 © F5 Networks, Inc. 2 1.Global SSL Encryption Trends and Drivers 2.A Few “Best” Practices 3.Solutions 4.What’s Next? Agenda

3 © F5 Networks, Inc. 3 Worldwide spending on information security will reach $71.1 billion in 2014 Worldwide spending on information security will reach $71.1 billion in 2014 Data loss prevention segment recording the fastest growth at 18.9 percent Data loss prevention segment recording the fastest growth at 18.9 percent, By 2015, roughly 10% of overall IT security enterprise product capabilities will be delivered in the cloud By 2015, roughly 10% of overall IT security enterprise product capabilities will be delivered in the cloud Regulatory pressure will increase in Western Europe and Asia/Pacific from 2014 Regulatory pressure will increase in Western Europe and Asia/Pacific from 2014 Gartner Says Worldwide Information Security Spending Will Grow Almost 8 Percent in 2014

4 © F5 Networks, Inc. 4 IoE E-CommercePrivacyMobility SnowdenSnowdenSnowdenSnowden Trajectory and Growth of Encryption Customer Trends: PFS/ECC Demanded PFS/ECC Demanded SSL Labs Application Scoring SSL Labs Application Scoring Emerging Standards: TLS 1.3, HTTP 2.0/SPDY TLS 1.3, HTTP 2.0/SPDY RSA -> ECC RSA -> ECC Thought Leaders and Influence: Google: SHA2, SPDY, Search Ranking by Encryption Google: SHA2, SPDY, Search Ranking by Encryption Microsoft: PFS Mandated Microsoft: PFS Mandated MARKET AMPLIFIERS SSL growing ~30% annually. Entering the Fifth wave of transition (IoE) Source: Netcraft Millions of Certificates (CA) Years

5 © F5 Networks, Inc. 5 Timeline of SSL Vulnerabilities & Attacks February 2010 September 2011 February 2013 March 2013 … April 2014 RC4 Attacks Weakness in CBC cipher making plaintext guessing possible BEAST & CRIME Client-side or MITB attacks leveraging a chosen-plaintext flaw in TLS 1.0 and TLS compression flaws RFC 5746 TLS extension for secure renegotiation quickly mainstreamed Lucky 13 Another timing attack. August 2009 Insecure renegotiation vulnerability exposes all SSL stacks to DoS attack TIME A refinement and variation of CRIME Heartbleed The end of the Internet as we know it!

6 © F5 Networks, Inc. 6 SSL Intelligence and Visibility (Full Proxy) Enterprise key & Certificate Management Advance HSM Support: High Performing HSM options High Performing HSM options Virtualized low-bandwidth options Virtualized low-bandwidth options Market Leading HSM Vendor Support Market Leading HSM Vendor Support Flexible & Scalable Encryption: Optimized SSL in Hardware and Software Optimized SSL in Hardware and Software Cipher Diversity (RSA, ECC, DSA) Cipher Diversity (RSA, ECC, DSA) SSL Visibility: Proxy SSL & Forward Proxy SSL Visibility: Proxy SSL & Forward Proxy SSL Traffic Intelligence: SSL Traffic Intelligence: HSTS, HTTP 2.0/SPDY, OCSP Stapling, TLS Server Session Ticket HSTS, HTTP 2.0/SPDY, OCSP Stapling, TLS Server Session Ticket Fully Automated Key and Certificate Management: For all BIG-IP platforms For all BIG-IP platforms For all vendor platforms For all vendor platforms 3 rd Party Integration for best- in-class key encryption: Venafi, Symantec/ VeriSign 3 rd Party Integration for best- in-class key encryption: Venafi, Symantec/ VeriSign PKI Supported Environments PKI Supported Environments The Three Pillars of Effective SSL/TLS Encryption Hardware Security Modules

7 © F5 Networks, Inc. 7 Data Protection: Microsoft and Google Expands Encryption

8 © F5 Networks, Inc. 8 Not all curves are considered equal Different Authorities: US NIST (US National Institute of Standards) with (recently superseded in 2009 by the new186-3)NIST US ANSI (American National Standard Institute) with X9.62ANSIX9.62 US NSA (National Security Agency) Suite-B Cryptography for TOP SECRET information exchangeNSASuite-B CryptographyTOP SECRET International SACG (Standards for efficient cryptography group) with Recommended Elliptic Curve Domain ParametersSACGRecommended Elliptic Curve Domain Parameters German ECC Brainpool withECC Brainpool with their Strict Security RequirementsECC BrainpoolStrict Security Requirements ECC Interoperability Forum composed by Certicom, Microsoft, Redhat, Sun, NSA ECC Interoperability Forum If You Thought Encryption was confusing… ECC, PFS and Curves

9 © F5 Networks, Inc. 9 Not all curves are considered equal Different Names: Secp246r1, Prime256v1, NIST P-256 Different Kinds of Curves: ECC over Prime Field (Elliptic Curve) ECC over Binary Field (Koblitz Curve) Other Curves: Curve25519 (Google) Mumford (Microsoft) Brainpool If You Thought Encryption was confusing… ECC, PFS and Curves

10 Some SSL Best Practices

11 © F5 Networks, Inc. 11 Google has begun adjusting page rank based on SSL implementations Google has begun adjusting page rank based on SSL implementations F5 customers have third-party/B2B requirements for strong encryption F5 customers have third-party/B2B requirements for strong encryption SSL Labs’ Pulse tool has made testing easy SSL Labs’ Pulse tool has made testing easy Users and businesses are choosing services based on Pulse grades Users and businesses are choosing services based on Pulse grades SSL: Not Just for Security

12 © F5 Networks, Inc. 12 Require Secure Renegotiation Require Secure Renegotiation Disable SSLv2 and SSLv3 Use an explicit, strong cipher string, such as: Disable SSLv2 and SSLv3 Use an explicit, strong cipher string, such as: !SSLv3:!TLSv1:!EXPORT:!DH:!MD5:!RC4:RSA+AES:RSA+3DES:ECDHE+AES:ECDHE+ !SSLv3:!TLSv1:!EXPORT:!DH:!MD5:!RC4:RSA+AES:RSA+3DES:ECDHE+AES:ECDHE+ Prefer Perfect Forward Secrecy (PFS) Prefer Perfect Forward Secrecy (PFS) Done via prioritizing Ephemeral (DHE, ECDHE) ciphers in the string above Done via prioritizing Ephemeral (DHE, ECDHE) ciphers in the string above Enable HTTP Strict Transport Security (HSTS) Enable HTTP Strict Transport Security (HSTS) RFC 6797 RFC 6797 Achieving A+ Grades on SSLLabs.com

13 © F5 Networks, Inc. 13 HSTS is enabled by the “Strict-Transport-Security” HTTP header e.g.: Strict-Transport-Security: max-age= ; includeSubDomains; preload When received, browsers will: Automatically convert HTTP references to HTTPS references Disallow certificate exemptions (self-signed, etc.) Cache HSTS information and reuse stored values for new sessions More detail: HTTP Strict Transport Security AVAILABLE IN 12.0

14 © F5 Networks, Inc. 14

15 What’s Next?

16 © F5 Networks, Inc. 16 HTTP/2 ratified this month. RFC due soon RFC due soon ALPN integrates application protocol negotiation into the TLS handshake ALPN integrates application protocol negotiation into the TLS handshake TLS encrypted by default TLS encrypted by default TLS 1.3 RFC expected in April 2016 Remove renegotiation Remove renegotiation AEAD ciphers only AEAD ciphers only TLS 1.3 and HTTP/2 Update

17 © F5 Networks, Inc. 17 A Quick Primer on Certificate Revocation If a SSL certificate is stolen or compromised, sites need a way to revoke the certificate so it will no longer be trusted. Revocation is handled by either CRL or OCSP. CRL: Certificate Revocation List The browser retrieves the list of all revoked certificates from the CA. The browser then parses the whole list looking for the certificate in question. OCSP: Online Certificate Status Protocol The browser sends the certificate to the CA for validation. The CA responds that the certificate is good, revoked, or unknown. OCSP is more efficient than CRL, but there’s room for improvement! New Feature: OCSP Stapling

18 © F5 Networks, Inc. 18 OCSP and CRL checks add significant overhead: OCSP and CRL checks add significant overhead: DNS (1334ms) DNS (1334ms) TCP handshake (240ms) TCP handshake (240ms) SSL handshake (376ms) SSL handshake (376ms) Follow certificate chain (1011ms) Follow certificate chain (1011ms) DNS to CA (300ms) DNS to CA (300ms) TCP to CA (407ms) TCP to CA (407ms) OCSP to CA #1 (598ms) OCSP to CA #1 (598ms) TCP to CA #2 (317ms) TCP to CA #2 (317ms) OCSP to CA #2 (444ms) OCSP to CA #2 (444ms) Finish SSL handshake (1270ms) Finish SSL handshake (1270ms) Add up the time for each step and you'll see that over 30% of the SSL overhead comes from checking whether the certificate has been revoked. Add up the time for each step and you'll see that over 30% of the SSL overhead comes from checking whether the certificate has been revoked. These checks are serial and block downloads. These checks are serial and block downloads. OCSP & CRL Checks Hurt Performance This portion is revocation check overhead.

19 © F5 Networks, Inc. 19 OCSP Stapling allows the server to attach CA signed information regarding the certificates validity. Processing with OCSP enabled: DNS (1334ms) DNS (1334ms) TCP handshake (240ms) TCP handshake (240ms) SSL handshake (376ms) SSL handshake (376ms) Follow certificate chain (1011ms) Follow certificate chain (1011ms) Process OCSP Data (10ms) Process OCSP Data (10ms) Finish SSL handshake (1270ms) Finish SSL handshake (1270ms) OCSP Stapling also eliminates communication with a third party during certificate validation. This may be considered better security since it prevents information leakage. OCSP Stapling to the Rescue

20


Download ppt "SSL/TLS Trends, Practices, and Futures Brian A. McHenry, Security"

Similar presentations


Ads by Google