Sullivan handshake proxying-ieee-sp_2014

Post on 20-Jun-2015

681 views 0 download

Preview:

Click to see full reader

Tags:

Report this document
SHARE

description

Two of the major concerns for serving information over the internet are latency and security. Reducing latency improves response times, making content delivery seem more instantaneous and improving user experience. The most common approach to improving security is TLS, where data is sent over an authenticated encryption tunnel between a server and a client. The Internet’s architecture and the physical realities of how networks are spread geographically can cause these two goals to be competitive. This talk introduces a model to deal with private key security in this situation.

Transcript of Sullivan handshake proxying-ieee-sp_2014

TLS Handshake ProxyingFrom theory to reality

IEEE S&P April 20, 2014 Nick Sullivan

@grittygrease

Two competing goals on the web• Security & Privacy

• Performance

2

Privacy: SSL/TLS• Point-to-point authentication and encryption

• The little lock icon in your browser

!

• Browser-server model

• Server certificate bound to a public key, signed by a Certificate Authority

• Private key provides authentication of server to client

• Session key established with handshake

3

4

Private Key

Problem with TLS• Web servers (nginx, apache, ISS) read private keys from disk, use in

memory

• Private key disclosure allows

• Server impersonation

• Retroactive decryption of sessions with RSA handshake

5

Private key security - protection• Process memory disclosure

• Secure allocation

• Separate process for private key

• Machine DMA attack

• Encrypted memory

• Hardware: HSM or TPM

• Machine compromise or theft

• ???

6

Web performance• The web is changing — consolidation at the edge of the network

• CDNs provide distributed global load balancing

• TLS needs to be terminated at caching layer

• Private keys need to be distributed to the edge

!

• This is why banks do not use CDNs — yet

7

Traditional traffic routing

8

Anycast routing with reverse proxy

9

Two contradictory goals• Global load balancing of TLS

• Private key security

10

Keyless SSL• Compromise between key security and performance

!

• Split the state machine geographically

• Private key operation performed at site owner’s facility (in HSM, etc)

• Rest of handshake performed at the edge

• Communicate to signing server over secure tunnel

11

Keyless SSL

12

Keyless SSL• All static assets served over TLS from the edge

• Dynamic assets served from origin through reverse proxy

13

14

Private Key

15

Private Key

Keyless SSL - In Production

• This is not an academic exercise or proof of concept

• Based on modified nginx/OpenSSL

• Customers include

• Top Wall Street investment bank

• Top Silicon Valley Internet company

16

Keyless SSL - Security

• Formal proof of security: joint work with Douglas Stebila

• Code audit by iSEC partners

17

TLS Handshake ProxyingFrom theory to reality

IEEE S&P April 20, 2014 Nick Sullivan

@grittygrease

Top related

Introduction to Proxying and Squid
 Documents
Good handshake
 Education
Brochure Inholland HANDSHAKE
 Documents
Technical analysis of the Ultrasurf proxying software · Technical analysis of the Ultrasurf proxying software Jacob Appelbaum jacob@torproject.org The Tor Project Abstract Ultrasurf
 Documents
Secret Handshake (Amharic)
 Documents
Handshake Motif
 Documents
Diversity & Inclusion - Handshake
 Documents
Terry L@u's Blog_ Client Access Server Proxying and Redirection
 Documents
Proxying - Haifux
 Documents
THE PROPER HANDSHAKE
 Documents
Lazy Loading and Object Proxying Shenangians
 Technology
Split Handshake
 Documents
The Handshake . . .
 Documents
TLS Handshake Proxying - From theory to reality
 Software
Realizing the Full Potential of PSM using Proxying
 Documents
Handshake Pitchdeck
 Business
Security Handshake Pitfalls
 Documents
Handshake - Business Etiquette
 Documents
Handshake to Fingerprint
 Career
Analysing the EAP-TLS Handshake and the 4-Way Handshake of ... · Analysing the EAP-TLS Handshake and the 4-Way Handshake of the 802.11i Standard. Abdullah Alabdulatif1, Xiaoqi Ma2.
 Documents

Copyright © 2022 FDOCUMENTS