edge 2014: the evolution of tls/ssl - improving the foundations of internet security
DESCRIPTION
The Evolution of TLS/SSL - Improving the Foundations of Internet Security by Brian Sniffen, Chief Security Architect, Akamai Technologies In the wake of the Heartbleed vulnerability, attention has turned to TLS, the fundamental building block of Internet encryption and authentication. In this session we'll look at the evolving TLS standard and concentrate on new ciphers, authentication mechanisms, and asymmetric key changes - how they propose to impact the security of our data, and considerations for implementation and performance. Akamai Edge is the premier event for Internet innovators, tech professionals and online business pioneers who together are forging a Faster Forward World. At Edge, the architects, experts and implementers of the most innovative global online businesses gather face-to-face for an invaluable three days of sharing, learning and together pushing the limits of the Faster Forward World. Learn more at: http://www.akamai.com/edgeTRANSCRIPT
The Evolution of TLS & SSL Brian Sniffen
©2014 AKAMAI | FASTER FORWARDTM
TLS Timeline
1990Web
1995SSL 2
SSL 31996
2006TLS 1.1
TLS 1.22008
2015TLS 1.3
1999TLS 1.0
TimeNow
©2014 AKAMAI | FASTER FORWARDTM
Akamai Security Research & Architecture
• Crypto engineering expertise • Technical backstop • Product review • Akamai Architecture Group seat • Safety engineering • Incident management
©2014 AKAMAI | FASTER FORWARDTM
How much SSL?
Industry standard: 30%
Akamai sees: 37%
50% by 2016?
©2014 AKAMAI | FASTER FORWARDTM
How much traffic is SSL?
36-38% 32–36%
©2014 AKAMAI | FASTER FORWARDTM
24–26% 35–37%
Bad App
©2014 AKAMAI | FASTER FORWARDTM
85–90% 80-85% WinXP EOL
©2014 AKAMAI | FASTER FORWARDTM
TLS 1.3
Adoption goal: Everyone runs this by 2017
Big Site Operators speed
1-RTT setup 0-RTT resume
Crypto Warriors forward secrecy
encrypt handshake non-NIST ciphers
Pragmatists remove CBC remove RC4
remove compression fewer HTTP integrations
©2014 AKAMAI | FASTER FORWARDTM
TLS 1.3 Speed Features
ClientHelloClientKeyExchange
ServerHelloServerKeyExchange[ChangeCipherSpec]EncryptedExtensions
CertificateCertificateRequestCertificateVerify
Finished
[ChangeCipherSpec]Certificate
CertificateVerifyFinished
Application Data Application Data
©2014 AKAMAI | FASTER FORWARDTM
TLS 1.3 Speed Features
ServerHelloServerKeyExchange[ChangeCipherSpec]
Finished
ClientHelloClientKeyExchange
[ChangeCipherSpec]Finished
Application Data Application Data
©2014 AKAMAI | FASTER FORWARDTM
TLS 1.3 Pragmatic features
Q: “What would happen if we remove everything we know is bad?” A: Simpler code runs blazingly fast A: Fewer protocol bugs A: New protocol bugs
©2014 AKAMAI | FASTER FORWARDTM
TLS 1.3 Crypto War features
• RSA Key Exchange is out • Custom DHE groups are out • DSA with random nonces may be out • Extensions are encrypted • DJB ciphers are in
©2014 AKAMAI | FASTER FORWARDTM
TLS Private Innovations: A history
• Delegated “Keyless” SSL • National cipher suites (Camellia, SEED, etc.) • SPDY / HTTP 2 requires TLS • TLS False Start • Eternal Chrome sessions • Post-CA trust models
©2014 AKAMAI | FASTER FORWARDTM
Implementation bugs
• Gotofail • Heartbleed • NSS Signature Verification
Any device running year-old TLS software is insecure.
©2014 AKAMAI | FASTER FORWARDTM
Let’s see the future: Optimistic
• We all have TLS 1.3 in 2015 • New devices, fast-cycle browsers have TLS 1.3 in 2015 • Possible to operate an e-commerce site on TLS 1.3-only in 2015
• Plausible to drop TLS 1.2 in 2018
©2014 AKAMAI | FASTER FORWARDTM
Let’s see the future: Grim
• Crash off of TLS 1.2 in 2016
• No crypto software older than six months is trustworthy
• Typical leaf cert lifespan < 3 months
©2014 AKAMAI | FASTER FORWARDTM
Wild Guesses about Akamai SSL Support
New features: 2014: SCSV 2015: SNI, TLS 1.3, PFS, OCSP Stapling, SHA-2, Certificate Transparency 2016: post-DSA EC (Ed25519?) Walking the plank: 3DES, RC4, SSL3, SSL2
©2014 AKAMAI | FASTER FORWARDTM
Advice
• Pin an Edge-Origin Cert (or run your own CA) • Test clients with EC-DHE now • Turn on TLS 1.2 • Turn off SSL 3 (and check that SSL 2 is off!) • Don’t hard-code client-Edge elements