TLS1.2 IS DEAD BE READY FOR TLS1.3

Similar documents
TLS 1.1 Security fixes and TLS extensions RFC4346

Overview of TLS v1.3 What s new, what s removed and what s changed?

Verifying Real-World Security Protocols from finding attacks to proving security theorems

Coming of Age: A Longitudinal Study of TLS Deployment

Your Apps and Evolving Network Security Standards

Overview of TLS v1.3. What s new, what s removed and what s changed?

State of TLS usage current and future. Dave Thompson

Understand the TLS handshake Understand client/server authentication in TLS. Understand session resumption Understand the limitations of TLS

SSL/TLS Security Assessment of e-vo.ru

SSL Report: ( )

SSL Report: cartridgeworld.co.uk ( )

SSL/TLS Server Test of

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

SSL Report: printware.co.uk ( )

SSL Report: bourdiol.xyz ( )

SSL Server Rating Guide

SSL/TLS: Still Alive? Pascal Junod // HEIG-VD

32c3. December 28, Nick goto fail;

Attacks on SSL/TLS. Applied Cryptography. Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dez. 6th, 2016

Findings for

MTAT Applied Cryptography

SSL/TLS. Pehr Söderman Natsak08/DD2495

SSL Visibility and Troubleshooting

Version: $Revision: 1142 $

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1

TLS Security and Future

SSL/TLS Server Test of grupoconsultorefe.com

SSL Report: sharplesgroup.com ( )

Defeating All Man-in-the-Middle Attacks

Datapath. Encryption

Transport Level Security

CSCE 715: Network Systems Security

Datapath. Encryption

Solving HTTP Problems With Code and Protocols NATASHA ROONEY

Securing IoT applications with Mbed TLS Hannes Tschofenig Arm Limited

A Cryptographic Analysis of the TLS 1.3 Handshake Protocol Candidates. Felix Günther. Technische Universität Darmstadt, Germany

History. TLS 1.3 Draft 26 Supported in TMOS v14.0.0

Securely Deploying TLS 1.3. September 2017

Internet security and privacy

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

CIS 5373 Systems Security

What s new in TLS 1.3 (and OpenSSL as a result) Rich Salz

ON THE SECURITY OF TLS RENEGOTIATION

A Cryptographic Analysis of the TLS 1.3 draft-10 Full and Pre-shared Key Handshake Protocol. Felix Günther. Technische Universität Darmstadt, Germany

WAP Security. Helsinki University of Technology S Security of Communication Protocols

DROWN - Breaking TLS using SSLv2

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2014

Transport Layer Security

Secure Socket Layer. Security Threat Classifications

The State of TLS in httpd 2.4. William A. Rowe Jr.

Secure Internet Communication

Summary on Crypto Primitives and Protocols

But where'd that extra "s" come from, and what does it mean?

Cipher Suite Practices and Pitfalls:

Systematic Fuzzing and Testing of TLS Libraries Juraj Somorovsky

Protecting TLS from Legacy Crypto

Transport Layer Security

TLS/sRTP Voice Recording AddPac Technology

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

One Year of SSL Internet Measurement ACSAC 2012

Authenticated Encryption in TLS

CS 393 Network Security. Nasir Memon Polytechnic University Module 12 SSL

SharkFest 17 Europe. SSL/TLS Decryption. uncovering secrets. Wednesday November 8th, Peter Wu Wireshark Core Developer

MTAT Applied Cryptography

Chapter 4: Securing TCP connections

Transport Layer Security

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

SECURE YOUR INTEGRATIONS. Maarten Smeets

Security Protocols and Infrastructures

COSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS

Lecture for February 10, 2016

Chapter 8 Web Security

Lecture 10: Communications Security

HTTPS is Fast and Hassle-free with Cloudflare

Introduction. INF3510 Information Security. Lecture 10: Communications Security. Outline. Network Security Concepts. University of Oslo Spring 2018

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

IPsec and SSL/TLS. Applied Cryptography. Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dec. 1st, /43

Universität Hamburg. SSL & Company. Fachbereich Informatik SVS Sicherheit in Verteilten Systemen. Security in TCP/IP. UH, FB Inf, SVS, 18-Okt-04 2

FIPS Compliance of Industry Protocols in Edward Morris September 25, 2013

E-commerce security: SSL/TLS, SET and others. 4.1

SSL Time-Diagram. Second Variant: Generation of an Ephemeral Diffie-Hellman Key

Overview. SSL Cryptography Overview CHAPTER 1

Using SRP for TLS Authentication

Security of network applications. Standard situation. Channel security. Antonio Lioy - Politecnico di Torino ( ) 1

SSL/ TLS Cipher Suite Analysis and strong Cipher Enablement

Randomness Extractors. Secure Communication in Practice. Lecture 17

THE WORLD OF TLS. Security, Attacks, TLS 1.3

Security Protocols. Professor Patrick McDaniel CSE545 - Advanced Network Security Spring CSE545 - Advanced Network Security - Professor McDaniel

The Road to TLS 1.3. Eric Rescorla Mozilla The Road to TLS 1.3 1

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Comodo Certificate Manager Software Version 5.0

Designing Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015

TLS 1.3. Eric Rescorla Mozilla IETF 92 TLS 1

Ecosystem at Large

Wireless LAN Security. Gabriel Clothier

A Technology Brief on SSL/TLS Traffic

TLS in Practice including the road to 1.3

SSL / TLS. Crypto in the Ugly Real World. Malvin Gattinger

Information Security CS 526

How to Configure SSL Interception in the Firewall

Transcription:

TLS1.2 IS DEAD BE READY FOR TLS1.3 28 March 2017 Enterprise Architecture Technology & Operations

Presenter Photo Motaz Alturayef Jubial Cyber Security Conference

70% Privacy and security concerns are driving encrypted traffic growth, which is expected to represent 70 percent of all Internet traffic this year. Source: Sandvine, Global Internet Phenomena Spotlight, 2016

The history of SSL and TLS? SSL1 and SSL2 Created by Netscape and contained significant flaws SSL3 Created by Netscape to address SSL2 flaws TLS 1.0 Standardized SSL3 with almost no changes RFC2246 TLS 1.1 Security fixes and TLS extensions RFC4346 TLS 1.2 Added support for authenticated encryption (AES-GCM, CCM modes) and removed hard-coded primitives RFC5246 1994 1995 1999 2006 2008 Crap hits the fan First set of public SSL exploits

SSL isn t perfect SSL vulnerabilities exposed August 2009 Insecure renegotiation vulnerability exposes all SSL stacks to DoS attack RFC 5746 TLS extension for secure renegotiation quickly mainstreamed BEAST & CRIME Client-side or MITB attacks leveraging a chosen-plaintext flaw in TLS 1.0 and TLS compression flaws Lucky 13 Another timing attack RC4 Attacks Weakness in CBC cipher making plaintext guessing possible TIME A refinement and variation of CRIME Heartbleed The end of the Internet as we know it! August 2009 February 2010 September 2011 February 2013 March 2013 March 2013 April 2014 POODLE Padding oracle attack on SSLv3 Dire POODLE Padding oracle attack on TLS FREAK Implementation attack on export ciphers LogJam Implementation attack on weak DH

How TLS1.2 works Client Server Client Hello Support Cipher Suites Server Hello Chosen Cipher Suites Key Share Key Share Finished Finished HTTP GET HTTP Response

How TLS1.3 works Client Server Client Hello Support Cipher Suites Key Share Server Hello Chosen Cipher Suites Key Share Finished Certificate and Signature Finished HTTP GET HTTP Response

Speeding Up TLS1.2 Resumption Client Server Client Hello Session ID Server Hello Finished Finished HTTP GET HTTP Response

TLS1.3 0-RTT Resumption Client Server Client Hello Session Ticket Key Share HTTP GET Server Hello Key Share Finished HTTP Response

TLS1.3 is Anti-Downgrade TLS1.3 uses a smart of way of detecting of there is a MiTM trying to downgrade the connection. This Achieved by sending Random number with ClientHello So connection cannot be downgraded if the client support TLS1.3

Removed with TLS1.3 Static RSA HandShake CBC RC4 SHA1 MD5 Compression Renegotiation

Keeping Your SSL up to Date

Understanding SSL? Key Exchange For exchanging keying information at the start of the session Message (bulk) Encryption Uses the master secret to encrypt data between parties RSA DHE_RSA ECDH(E)_RSA ECDH(E)_ECDSA RSA AES DES/3DES RC4 Camellia Message Authentication Produces one-way encrypted hashes of data for data integrity MD5 SHA

Reading SSL? Cryptographic notation Protocol Authentication Algorithm Strength Mode TLS_ECHDE_RSA_WITH_AES_128_GCM_SHA256 Key Exchange Message (bulk) Encryption Message Authentication Ivan Ristic: Bulletproof SSL and TLS

SSL Strength SSL intelligence and best practices Achieving an A+ grade Require Secure Renegotiation [A-] Disable SSLv2 and SSLv3 (default in 11.5+) [B] Disable RC4 [B/C] Disable 3DES SHA1 Certs as no longer accepted Prefer Perfect Forward Secrecy (prioritize ECDHE, DHE) [A-/B], Min 2048 Enable TLS_FALLBACK_SCSV [A] Enable HSTS [A] Patch to TMOS 11.4.1HF7, 11.5.1HF7, 11.5.2 or 11.6 [C or F] Use an explicit and strong cipher string Extra credit for PCI compliance Disable TLS 1.0 Reference : https://github.com/ssllabs/research/wiki/ssl-server-rating-guide NATIVE:!SSLv2:!EXPORT:DHE+AES-GCM:DHE+AES:DHE+3DES:RSA+AES-GCM:RSA+AES:RSA+3DES:ECDHE+AES-GCM:ECDHE+AES:ECDHE+3DES:-MD5:-SSLv3:-RC4

Sources CloudFlair: An overview of TLS 1.3 and Q&A Presentation By Filippo Valsorda F5 Networks: SSL Presenation RFC: The Transport Layer Security (TLS) Protocol Version 1.3 draft-ietf-tls-tls13-19

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback