16482 - APAC PFS Infographic_Adweb - Adwebtech

Download PDF
0 downloads 322 Views 162KB Size Report
Comment
as RSA signatures. Perfect Forward Secrecy ... Tests were conducted using Elliptic Curve and RSA for key exchange and di
THE VALUE OF PERFECT FORWARD SECRECY

When it comes to security, IT professionals need to think ahead: An eavesdropper who records traffic today may successfully decrypt it in the future. A solution is to employ Perfect Forward Secrecy, in which unrecoverable temporary session keys are generated, used and discarded. When implemented correctly with Elliptic Curve Cryptography (ECC), Perfect Forward Secrecy is more secure than RSA algorithms and performs better.

WHAT IS ECC? ECC is the next-generation algorithm that provides stronger security and better server utilization than current standard encryption methods, but requires shorter key lengths. The result is increased protection and a better customer experience.

THE WORLD ISN’T SAFE, AND SECURITY RISKS TO BUSINESSES AND CONSUMERS ARE GROWING.

HEARTBLEED was a bug in OpenSSL

Estimated costs to eCommerce and online business in the 100s of millions

Online traffic on over half a million trusted websites vulnerable starting June 2012

Data stolen from the Canadian Tax Agency1

2014

2013

Names, passwords and other private information vulnerable to theft

Heartbleed was a bug in OpenSSL which is estimated to encrypt ~2/3 of active websites across the Internet2

PRISM PROGRAM

Revealed by Edward Snowden in spring 2013

Program of the National Security Administration (NSA)

Microsoft

Yahoo!

Google

Facebook3

TIMELINE OF ADDITIONAL DATA BREACHES Names, encrypted passwords, and encrypted credit and debit card numbers were among the types of data stolen in these high-profile breaches.

ZAPPOS.COM

LIVINGSOCIAL

JAN 2012

APR 2013

24

50

million accounts hacked4

million customers affected5

RSA-BASED KEY EXCHANGE RSA can be used to encrypt the random key exchanged between parties, but the key is recoverable by anyone who knows the site certificate’s private key.

CHARACTERISTICS

99.9%

2%

Will move from 2048-bit to 4096-bit key size, supported in 2014 by 2% of sites7

Continued use of recoverable keys makes stored data accessible if keys are compromised in the future

Currently the dominant system, supported by 99.9% of sites6

KEY AGREEMENT WITH PERFECT FORWARD SECRECY With PFS, both sides derive the same key without an encrypted key being exchanged. An observer can’t derive the same key or recover it even if the observer knows the site certificate’s private key.

CHARACTERISTICS Methods include ECDHE (Elliptical Curve DHE) & DHE (Diffie-Hellman, allows shared secret key exchange).

18%

60%

ECDHE supported by 18% of hosts7

DHE supported by 60% of hosts7

PERFORMANCE IMPROVEMENTS FROM ECDHE

Potential performance improvement, if implemented correctly

Past communications are protected from future attack

Perfect Forward Secrecy can be cracked if ciphers are weak or stored incorrectly

All ECDHE servers have ciphers at least as strong as RSA signatures

4 out of 5 DHE-enabled servers allow ciphers weaker than RSA signatures7

PERFECT FORWARD SECRECY, WHEN IMPLEMENTED WITH ECC, OFFERS SIGNIFICANT PERFORMANCE AND SECURITY BENEFITS. SECURITY BENEFITS 256-bit ECC is estimated to be

64,000 times

as tough to crack as 2048-bit RSA

When ECC is applied to DSA (called ECDSA), level of security climbs

By default, ECDHE is properly configured for security with efficient 256-bit key size

160-bit public ECDSA key as secure as 1024-bit RSA key

Ephemeral keys cannot be revealed, so even recorded traffic is safe

THE COMPLETE SSL HANDSHAKE PROCESS CAN BE VERY EXPENSIVE Session resumption allows savings in CPU and network roundtrips to secure a connection based on a “master secret” that has been agreed upon in a prior handshake.

THE SSL HANDSHAKE Client

Server Client Hello Cipher Suite confirmed8

Server Hello Certificate Client verifies server’s certificate chain, verifies signed server ECDHE public key, computes pre-master secret, generates ECDHE key pair and transmits

Server computes ECDHE key pair and transmits

Server Key Exchange Server Hello done

Server computes pre-master secret

Client key exchange Change Cipher Spec

First encryption message

Encrypted Finished Change Cipher sepc Handshake completes

Encrypted Finished Application Data Application Data Application Data

COMPARABLE KEY SIZES Symmetric Key Size (bits)8

RSA, DSA and Diffie-Hellman key size (bits)

Elliptic Curve Key Size (bits)

112

2048

224

128

3072

256

192

7680

384

256

15360

521

PERFORMANCE BENEFITS Tests were conducted using Elliptic Curve and RSA for key exchange and digital signature.

ECC’S ALGORITHM IS AN ELLIPTICAL CURVE, THE SECURITY STRENGTH GROWS EXPONENTIALLY TO THE KEY LENGTH – MUCH STRONGER SECURITY WITH SHORTER KEY RSA STRENGTH GROWS IN DIRECT PROPORTION TO THE KEY LENGTH – IF YOU NEED MORE SECURITY, YOU USE A LONGER KEY ECC

Strength

RSA

Key Length

ECDHE-ECDSA PERFORMED FASTER THAN RSA-RSA. USING ELLIPTIC CURVE CRYPTOGRAPHY (ECC), ENABLING FORWARD SECRECY ACTUALLY IMPROVES PERFORMANCE.9 Cipher suite

Key exchange

Authentication9

RSA-RSA

RSA-2048

RSA-2048

ECDHE-ECDSA

ECDHE-256

ECDSA-256

Server throughput of different configurations under synthetic traffic9 Complex Page

Simple Page

Multi-domain Page

Server throughput (requests/second)

400

300

200

100

0 GET

HEAD

GET

HEAD

GET

HEAD

Request type Cipher suite:

ECDHE-ECDSA

RSA-RSA

CONCLUSION Done properly, Perfect Forward Secrecy protects sensitive information yesterday, today, and tomorrow. What’s more, it does so while improving performance and user experience.

RSA

ECC

Adweb Technologies Pvt Ltd 309/3, Shree Krishna Commercial Centre, 6 S. V., Off S V Rd, Udyog Nagar, Goregaon West, Mumbai, Maharashtra 400062 Telephone: (+9122) 42978084 Website: https://ssl.adwebtech.com Email: [email protected]

SOURCES 1

Finkle, Jim and Egan, Louise. "'Heartbleed' blamed in attack on Canada tax agency, more expected," Reuters.

2

Yadron, Danny. "Massive OpenSSL Bug 'Heartbleed' Threatens Sensitive Data," Wall Street Journal.

3

Lee, Timothy B. “Here’s everything we know about PRISM to date,” Wonkblog, WashingtonPost.com.

4 5

Hsieh, Tony. “Security Email.” Swisher, Kara. “LivingSocial Hacked — More Than 50 Million Customer Names, Emails, Birthdates and Encrypted Passwords Accessed (Internal Memo),” AllThingsD.com.

6

Huang, Lin-Shung, Adhikarla, Shrikant, Boneh, Dan, and Jackson, Collin. “An Experimental Study of TLS Forward Secrec Deployment,” September 2013.

7

Ibid.

8

Elliptic Curve Cryptography (ECC) Certificates Performance Analysis. https://www.symantec-secured.com/images/16482/ecc-pfs.pdf

9

An Experimental Study of TLS Forward Secrecy Deployments. https://www.symantec-secured.com/images/16482/b_ecc_certs_performance_analysis.pdf

© 2015 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.