as RSA signatures. Perfect Forward Secrecy ... Tests were conducted using Elliptic Curve and RSA for key exchange and di
THE VALUE OF PERFECT FORWARD SECRECY
When it comes to security, IT professionals need to think ahead: An eavesdropper who records traffic today may successfully decrypt it in the future. A solution is to employ Perfect Forward Secrecy, in which unrecoverable temporary session keys are generated, used and discarded. When implemented correctly with Elliptic Curve Cryptography (ECC), Perfect Forward Secrecy is more secure than RSA algorithms and performs better.
WHAT IS ECC? ECC is the next-generation algorithm that provides stronger security and better server utilization than current standard encryption methods, but requires shorter key lengths. The result is increased protection and a better customer experience.
THE WORLD ISN’T SAFE, AND SECURITY RISKS TO BUSINESSES AND CONSUMERS ARE GROWING.
HEARTBLEED was a bug in OpenSSL
Estimated costs to eCommerce and online business in the 100s of millions
Online traffic on over half a million trusted websites vulnerable starting June 2012
Data stolen from the Canadian Tax Agency1
2014
2013
Names, passwords and other private information vulnerable to theft
Heartbleed was a bug in OpenSSL which is estimated to encrypt ~2/3 of active websites across the Internet2
PRISM PROGRAM
Revealed by Edward Snowden in spring 2013
Program of the National Security Administration (NSA)
Microsoft
Yahoo!
Google
Facebook3
TIMELINE OF ADDITIONAL DATA BREACHES Names, encrypted passwords, and encrypted credit and debit card numbers were among the types of data stolen in these high-profile breaches.
ZAPPOS.COM
LIVINGSOCIAL
JAN 2012
APR 2013
24
50
million accounts hacked4
million customers affected5
RSA-BASED KEY EXCHANGE RSA can be used to encrypt the random key exchanged between parties, but the key is recoverable by anyone who knows the site certificate’s private key.
CHARACTERISTICS
99.9%
2%
Will move from 2048-bit to 4096-bit key size, supported in 2014 by 2% of sites7
Continued use of recoverable keys makes stored data accessible if keys are compromised in the future
Currently the dominant system, supported by 99.9% of sites6
KEY AGREEMENT WITH PERFECT FORWARD SECRECY With PFS, both sides derive the same key without an encrypted key being exchanged. An observer can’t derive the same key or recover it even if the observer knows the site certificate’s private key.
CHARACTERISTICS Methods include ECDHE (Elliptical Curve DHE) & DHE (Diffie-Hellman, allows shared secret key exchange).
18%
60%
ECDHE supported by 18% of hosts7
DHE supported by 60% of hosts7
PERFORMANCE IMPROVEMENTS FROM ECDHE
Potential performance improvement, if implemented correctly
Past communications are protected from future attack
Perfect Forward Secrecy can be cracked if ciphers are weak or stored incorrectly
All ECDHE servers have ciphers at least as strong as RSA signatures
4 out of 5 DHE-enabled servers allow ciphers weaker than RSA signatures7
PERFECT FORWARD SECRECY, WHEN IMPLEMENTED WITH ECC, OFFERS SIGNIFICANT PERFORMANCE AND SECURITY BENEFITS. SECURITY BENEFITS 256-bit ECC is estimated to be
64,000 times
as tough to crack as 2048-bit RSA
When ECC is applied to DSA (called ECDSA), level of security climbs
By default, ECDHE is properly configured for security with efficient 256-bit key size
160-bit public ECDSA key as secure as 1024-bit RSA key
Ephemeral keys cannot be revealed, so even recorded traffic is safe
THE COMPLETE SSL HANDSHAKE PROCESS CAN BE VERY EXPENSIVE Session resumption allows savings in CPU and network roundtrips to secure a connection based on a “master secret” that has been agreed upon in a prior handshake.
THE SSL HANDSHAKE Client
Server Client Hello Cipher Suite confirmed8
Server Hello Certificate Client verifies server’s certificate chain, verifies signed server ECDHE public key, computes pre-master secret, generates ECDHE key pair and transmits
Server computes ECDHE key pair and transmits
Server Key Exchange Server Hello done
Server computes pre-master secret
Client key exchange Change Cipher Spec
First encryption message
Encrypted Finished Change Cipher sepc Handshake completes
Encrypted Finished Application Data Application Data Application Data
COMPARABLE KEY SIZES Symmetric Key Size (bits)8
RSA, DSA and Diffie-Hellman key size (bits)
Elliptic Curve Key Size (bits)
112
2048
224
128
3072
256
192
7680
384
256
15360
521
PERFORMANCE BENEFITS Tests were conducted using Elliptic Curve and RSA for key exchange and digital signature.
ECC’S ALGORITHM IS AN ELLIPTICAL CURVE, THE SECURITY STRENGTH GROWS EXPONENTIALLY TO THE KEY LENGTH – MUCH STRONGER SECURITY WITH SHORTER KEY RSA STRENGTH GROWS IN DIRECT PROPORTION TO THE KEY LENGTH – IF YOU NEED MORE SECURITY, YOU USE A LONGER KEY ECC
Strength
RSA
Key Length
ECDHE-ECDSA PERFORMED FASTER THAN RSA-RSA. USING ELLIPTIC CURVE CRYPTOGRAPHY (ECC), ENABLING FORWARD SECRECY ACTUALLY IMPROVES PERFORMANCE.9 Cipher suite
Key exchange
Authentication9
RSA-RSA
RSA-2048
RSA-2048
ECDHE-ECDSA
ECDHE-256
ECDSA-256
Server throughput of different configurations under synthetic traffic9 Complex Page
Simple Page
Multi-domain Page
Server throughput (requests/second)
400
300
200
100
0 GET
HEAD
GET
HEAD
GET
HEAD
Request type Cipher suite:
ECDHE-ECDSA
RSA-RSA
CONCLUSION Done properly, Perfect Forward Secrecy protects sensitive information yesterday, today, and tomorrow. What’s more, it does so while improving performance and user experience.
RSA
ECC
Adweb Technologies Pvt Ltd 309/3, Shree Krishna Commercial Centre, 6 S. V., Off S V Rd, Udyog Nagar, Goregaon West, Mumbai, Maharashtra 400062 Telephone: (+9122) 42978084 Website: https://ssl.adwebtech.com Email:
[email protected]
SOURCES 1
Finkle, Jim and Egan, Louise. "'Heartbleed' blamed in attack on Canada tax agency, more expected," Reuters.
2
Yadron, Danny. "Massive OpenSSL Bug 'Heartbleed' Threatens Sensitive Data," Wall Street Journal.
3
Lee, Timothy B. “Here’s everything we know about PRISM to date,” Wonkblog, WashingtonPost.com.
4 5
Hsieh, Tony. “Security Email.” Swisher, Kara. “LivingSocial Hacked — More Than 50 Million Customer Names, Emails, Birthdates and Encrypted Passwords Accessed (Internal Memo),” AllThingsD.com.
6
Huang, Lin-Shung, Adhikarla, Shrikant, Boneh, Dan, and Jackson, Collin. “An Experimental Study of TLS Forward Secrec Deployment,” September 2013.
7
Ibid.
8
Elliptic Curve Cryptography (ECC) Certificates Performance Analysis. https://www.symantec-secured.com/images/16482/ecc-pfs.pdf
9
An Experimental Study of TLS Forward Secrecy Deployments. https://www.symantec-secured.com/images/16482/b_ecc_certs_performance_analysis.pdf
© 2015 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.