SlideShare a Scribd company logo

Bringing Elliptic Curve Cryptography into the Mainstream

Nick Sullivan
Nick Sullivan

In this talk I will describe how CloudFlare helped take elliptic curve cryptography from a promising technology with low adoption to core part of the HTTPS revolution. Two years ago, almost every public key used on the web for HTTPS was an RSA key. In 2013, the zmap team from University of Michigan scanned the entire web and found fewer than twenty non-RSA certificates. Over the next two years, CloudFlare took that number into the millions with the Universal SSL project. We’ll describe how using ECDSA (Elliptic Curve Digital Signature Algorithm) keys instead of RSA keys played a crucial role in enabling this project. With Universal SSL, any website can become HTTPS-enabled for free. Elliptic curve cryptography is not just useful for HTTPS, there are other protocols for which it provides an advantage over RSA. One of these is DNSSEC, the algorithm that lets administrators digitally sign DNS records for authenticity. DNSSEC been described as difficult deploy and dangerous because of the potential to abuse it in amplification/reflection attacks. In October 2015, CloudFlare launched its automated DNSSEC beta program. We’ll describe some of the tweaks we made to easily scale DNSSEC to millions of zones and how ECDSA keys helped solve some of the protocol’s major issues.

Technology
1 of 34
Download to read offline
Elliptic Curve Cryptography Bringing it to the mainstream Stanford Security Lunch November 4, 2015 Nick Sullivan @grittygrease nick@cloudflare.com
DNS
HTTP
HTTPS The “S” stands for TLS
HTTPS Adoption (2013) • 2,545,693 valid RSA 2048-bit certificates
 Analysis of the HTTPS Certificate Ecosystem, Durumeric, Kasten, Bailey, Halderman (2013) • Zero valid ECDSA certificates 9
CloudFlare Reverse Proxy 10
11 CACloudFlare CloudFlare Edge DNS CSR TXT? Proof TXT? Proof Certificate Proof
Goal Enable HTTPS by default for ~2 million free customers 12
Issue: Scale ~30 Trillion Requests/ Day 13
What is expensive in TLS? • Private key Operations • Bulk encryption 14
Bulk Encryption • Basically free with modern Intel processors • AES-GCM on Haswell is ~1 cycle per byte 15
Private Key Operations • Orders of magnitude slower than symmetric crypto • RSA ~2,000,000 cycles per signature on Haswell • ~500 Quadrillion Cycles/Day 16
We can do better • Session resumption (~33%) 17
ECDSA Elliptic Curve Digital Signature Algorithm
ECDSA • Digital signature algorithm based on elliptic curve crypto • Widely studied, no sub-exponential discrete logarithm • Standardized NIST Curves (P256, P384, P521) • NSA Suite B (Secret and Top Secret) 19
EQUATIONS!!! 20
ECDSA Advantages • Smaller keys (256bit EC ~ 3072bit RSA) • Faster signatures (~800K vs 2M) • Vlad Krasnov improved to ~375K by using x86_64 asm • Merged into OpenSSL, Golang • Saves 300 Quadrillion Cycles/Day (given 100% HTTPS) 21
ECDSA Downsides • Slower signature verification • Less ubiquitous • Roots were added in • Some systems don’t support ECDSA (Android 2, Windows XP) • Patent encumbrances • Not quantum-safe: subject to Shor’s algorithm 22
Universal SSL • Free ECDSA certificates for all customers • HTTPS enabled by default • Total number of HTTPS sites is 
 up by over 2 million • SNI-only so scans undercount 23
What about DNS? 24
Authoritative Servers 25
Cache Poisoning (Kaminsky’s attack) 26 Resolver Authoritative Server Q: what is the IP address of cloudflare.com A: 198.41.213.157 A:6.6.6.6 A:6.6.6.6 A:6.6.6.6 A:6.6.6.6 A:6.6.6.6 A: 6.6.6.6 A: 6.6.6.6
Man-in-the-middle 27 Resolver Authoritative Server Q: what is the IP address of cloudflare.com A: 198.41.213.157A: 6.6.6.6
DNSSEC signature verification 28 A example.com. A RRSIG example.com. DNSKEY KSK example.com. DNSKEY KSK . Verisign Authoritative (i.e. CloudFlare) ICANN DS example.com. DS com. Root Key DNSKEY ZSK example.com. DNSKEY RRSIG example.com. DS RRSIG com. DNSKEY KSK com. DNSKEY ZSK com. DNSKEY RRSIG com. A RRSIG . DNSKEY ZSK . DNSKEY RRSIG .
29
Solution: DNSSEC (done right) Digital signatures in the DNS Live-signed answers Elliptic curve keys 30
Solution: DNSSEC (done right) cloudflare.net. 300 IN A 104.20.36.89 cloudflare.net. 300 IN A 104.20.37.89 cloudflare.net. 300 IN RRSIG A 13 2 300 20151105181354 20151103161354 35273 cloudflare.net. 1lj7NV/tLbTWAk/HeiU4UvxwTDPG8nXGEn408Rm7HELyL0HE3QRQTMha / Y0yTIAJWvQFKwGm2lg61Gpf9uy7uQ== ietf.org. 1800 IN A 4.31.198.44 ietf.org. 1800 IN RRSIG A 5 2 1800 20161012164049 20151013154322 40452 ietf.org. DlaOfMqEIkbTBY8Rv8WJf2MqXBzT64sUr+Ms5zEfV4IIdKhiQoQqU8vH Ga+PcZak5DzfXwXuklriXPI7jN5Zqk/ UnTsX62on0SQft/YkgAogMdZI U5znPsgkq+gX/BA2AkRpBOEBDiPS8sRgJb4r38kZ05BNLTvlweg3hIcX m1JHfbXuyAE4C6bRmD/h5erxvO6Q2UA2EFWHjcrIAAhmLRqHxeq8uhCJ AZMSJyTuJxB+6z+59v4/QxP +z3NnBdzxcTea1aUVYG/zbqiHkNpgRzrN 708UrrqkUwWDodrOYoHndfYoWqI61ifvBkUref0cn0IKWOolfHMsCjdl y6BdTA== 31
Issues addressed Fix zone enumeration with live signing Fix live signing with ECDSA — in the Go language Vlad performance improvements Amplification-neutral 32
ECDSA - Miscellaneous • Randomness breaks ECDSA • Fixed by RFC 6979 • Patent issues • ECDSA is not supported by Red Hat • A Riddle Wrapped in an Enigma • Koblitz & Menezes paper on Suite B • Are the NIST curves safe? 33
Elliptic Curve Cryptography Bringing it to the mainstream Nick Sullivan @grittygrease nick@cloudflare.com

Recommended

What's New in Go Crypto - Gotham Go
What's New in Go Crypto - Gotham GoWhat's New in Go Crypto - Gotham Go
What's New in Go Crypto - Gotham GoNick Sullivan
 
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23Nick Sullivan
 
An analysis of TLS handshake proxying
An analysis of TLS handshake proxyingAn analysis of TLS handshake proxying
An analysis of TLS handshake proxyingNick Sullivan
 
Scaling Push Messaging for Millions of Devices @Netflix
Scaling Push Messaging for Millions of Devices @NetflixScaling Push Messaging for Millions of Devices @Netflix
Scaling Push Messaging for Millions of Devices @NetflixC4Media
 
Virus Bulletin 2012
Virus Bulletin 2012Virus Bulletin 2012
Virus Bulletin 2012Cloudflare
 
Heartache and Heartbleed - 31c3
Heartache and Heartbleed - 31c3Heartache and Heartbleed - 31c3
Heartache and Heartbleed - 31c3Nick Sullivan
 
Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Cloudflare
 
Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Cloudflare
 

Recommended

What's New in Go Crypto - Gotham Go
What's New in Go Crypto - Gotham GoWhat's New in Go Crypto - Gotham Go
What's New in Go Crypto - Gotham GoNick Sullivan
 
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23Nick Sullivan
 
An analysis of TLS handshake proxying
An analysis of TLS handshake proxyingAn analysis of TLS handshake proxying
An analysis of TLS handshake proxyingNick Sullivan
 
Scaling Push Messaging for Millions of Devices @Netflix
Scaling Push Messaging for Millions of Devices @NetflixScaling Push Messaging for Millions of Devices @Netflix
Scaling Push Messaging for Millions of Devices @NetflixC4Media
 
Virus Bulletin 2012
Virus Bulletin 2012Virus Bulletin 2012
Virus Bulletin 2012Cloudflare
 
Heartache and Heartbleed - 31c3
Heartache and Heartbleed - 31c3Heartache and Heartbleed - 31c3
Heartache and Heartbleed - 31c3Nick Sullivan
 
Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Cloudflare
 
Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Cloudflare
 
Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Cloudflare
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEATLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEANGINX, Inc.
 
Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Cloudflare
 
DockerCon Live 2020 - Securing Your Containerized Application with NGINX
DockerCon Live 2020 - Securing Your Containerized Application with NGINXDockerCon Live 2020 - Securing Your Containerized Application with NGINX
DockerCon Live 2020 - Securing Your Containerized Application with NGINXKevin Jones
 
The 3 Models in the NGINX Microservices Reference Architecture
The 3 Models in the NGINX Microservices Reference ArchitectureThe 3 Models in the NGINX Microservices Reference Architecture
The 3 Models in the NGINX Microservices Reference ArchitectureNGINX, Inc.
 
Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Cloudflare
 
Running Secure Server Software on Insecure Hardware Without Parachute
Running Secure Server Software on Insecure Hardware Without ParachuteRunning Secure Server Software on Insecure Hardware Without Parachute
Running Secure Server Software on Insecure Hardware Without ParachuteCloudflare
 
Botconf ppt
Botconf pptBotconf ppt
Botconf pptCloudflare
 
Bridges and Tunnels: A Drive Through OpenStack Networking
Bridges and Tunnels: A Drive Through OpenStack NetworkingBridges and Tunnels: A Drive Through OpenStack Networking
Bridges and Tunnels: A Drive Through OpenStack Networkingmarkmcclain
 
Serverless for the Cloud Native Era with Fission
Serverless for the Cloud Native Era with FissionServerless for the Cloud Native Era with Fission
Serverless for the Cloud Native Era with FissionNATS
 
GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...
GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...
GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...wallyqs
 
NGINX Plus PLATFORM For Flawless Application Delivery
NGINX Plus PLATFORM For Flawless Application DeliveryNGINX Plus PLATFORM For Flawless Application Delivery
NGINX Plus PLATFORM For Flawless Application DeliveryAshnikbiz
 
DEFCON 28: 21 Jump Server: Going Bastionless in the Cloud
DEFCON 28: 21 Jump Server: Going Bastionless in the CloudDEFCON 28: 21 Jump Server: Going Bastionless in the Cloud
DEFCON 28: 21 Jump Server: Going Bastionless in the CloudColin Estep
 
Advanced Crypto Service Provider – cryptography as a service
Advanced Crypto Service Provider – cryptography as a serviceAdvanced Crypto Service Provider – cryptography as a service
Advanced Crypto Service Provider – cryptography as a serviceSmart Coders
 
Monitoring Highly Dynamic and Distributed Systems with NGINX Amplify
Monitoring Highly Dynamic and Distributed Systems with NGINX AmplifyMonitoring Highly Dynamic and Distributed Systems with NGINX Amplify
Monitoring Highly Dynamic and Distributed Systems with NGINX AmplifyNGINX, Inc.
 
Certificate based access type in openstack Manila @ openstack paris nov. 2014
Certificate based access type in openstack Manila @ openstack paris nov. 2014Certificate based access type in openstack Manila @ openstack paris nov. 2014
Certificate based access type in openstack Manila @ openstack paris nov. 2014Deepak Shetty
 
MRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker PatternMRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker PatternNGINX, Inc.
 
Redecentralizing the Web: IPFS and Filecoin
Redecentralizing the Web: IPFS and FilecoinRedecentralizing the Web: IPFS and Filecoin
Redecentralizing the Web: IPFS and FilecoinFacultad de Informática UCM
 
Using NGINX as an Effective and Highly Available Content Cache
Using NGINX as an Effective and Highly Available Content CacheUsing NGINX as an Effective and Highly Available Content Cache
Using NGINX as an Effective and Highly Available Content CacheKevin Jones
 
NATS vs HTTP
NATS vs HTTPNATS vs HTTP
NATS vs HTTPApcera
 
ION Bucharest - Deploying DNSSEC
ION Bucharest - Deploying DNSSECION Bucharest - Deploying DNSSEC
ION Bucharest - Deploying DNSSECDeploy360 Programme (Internet Society)
 
Signing DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsSigning DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsAPNIC
 

More Related Content

What's hot

Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Cloudflare
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEATLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEANGINX, Inc.
 
Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Cloudflare
 
DockerCon Live 2020 - Securing Your Containerized Application with NGINX
DockerCon Live 2020 - Securing Your Containerized Application with NGINXDockerCon Live 2020 - Securing Your Containerized Application with NGINX
DockerCon Live 2020 - Securing Your Containerized Application with NGINXKevin Jones
 
The 3 Models in the NGINX Microservices Reference Architecture
The 3 Models in the NGINX Microservices Reference ArchitectureThe 3 Models in the NGINX Microservices Reference Architecture
The 3 Models in the NGINX Microservices Reference ArchitectureNGINX, Inc.
 
Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Cloudflare
 
Running Secure Server Software on Insecure Hardware Without Parachute
Running Secure Server Software on Insecure Hardware Without ParachuteRunning Secure Server Software on Insecure Hardware Without Parachute
Running Secure Server Software on Insecure Hardware Without ParachuteCloudflare
 
Bridges and Tunnels: A Drive Through OpenStack Networking
Bridges and Tunnels: A Drive Through OpenStack NetworkingBridges and Tunnels: A Drive Through OpenStack Networking
Bridges and Tunnels: A Drive Through OpenStack Networkingmarkmcclain
 
Serverless for the Cloud Native Era with Fission
Serverless for the Cloud Native Era with FissionServerless for the Cloud Native Era with Fission
Serverless for the Cloud Native Era with FissionNATS
 
GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...
GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...
GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...wallyqs
 
NGINX Plus PLATFORM For Flawless Application Delivery
NGINX Plus PLATFORM For Flawless Application DeliveryNGINX Plus PLATFORM For Flawless Application Delivery
NGINX Plus PLATFORM For Flawless Application DeliveryAshnikbiz
 
DEFCON 28: 21 Jump Server: Going Bastionless in the Cloud
DEFCON 28: 21 Jump Server: Going Bastionless in the CloudDEFCON 28: 21 Jump Server: Going Bastionless in the Cloud
DEFCON 28: 21 Jump Server: Going Bastionless in the CloudColin Estep
 
Advanced Crypto Service Provider – cryptography as a service
Advanced Crypto Service Provider – cryptography as a serviceAdvanced Crypto Service Provider – cryptography as a service
Advanced Crypto Service Provider – cryptography as a serviceSmart Coders
 
Monitoring Highly Dynamic and Distributed Systems with NGINX Amplify
Monitoring Highly Dynamic and Distributed Systems with NGINX AmplifyMonitoring Highly Dynamic and Distributed Systems with NGINX Amplify
Monitoring Highly Dynamic and Distributed Systems with NGINX AmplifyNGINX, Inc.
 
Certificate based access type in openstack Manila @ openstack paris nov. 2014
Certificate based access type in openstack Manila @ openstack paris nov. 2014Certificate based access type in openstack Manila @ openstack paris nov. 2014
Certificate based access type in openstack Manila @ openstack paris nov. 2014Deepak Shetty
 
MRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker PatternMRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker PatternNGINX, Inc.
 
Using NGINX as an Effective and Highly Available Content Cache
Using NGINX as an Effective and Highly Available Content CacheUsing NGINX as an Effective and Highly Available Content Cache
Using NGINX as an Effective and Highly Available Content CacheKevin Jones
 
NATS vs HTTP
NATS vs HTTPNATS vs HTTP
NATS vs HTTPApcera
 

What's hot (20)

Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEATLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
 
Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014
 
DockerCon Live 2020 - Securing Your Containerized Application with NGINX
DockerCon Live 2020 - Securing Your Containerized Application with NGINXDockerCon Live 2020 - Securing Your Containerized Application with NGINX
DockerCon Live 2020 - Securing Your Containerized Application with NGINX
 
The 3 Models in the NGINX Microservices Reference Architecture
The 3 Models in the NGINX Microservices Reference ArchitectureThe 3 Models in the NGINX Microservices Reference Architecture
The 3 Models in the NGINX Microservices Reference Architecture
 
Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013
 
Running Secure Server Software on Insecure Hardware Without Parachute
Running Secure Server Software on Insecure Hardware Without ParachuteRunning Secure Server Software on Insecure Hardware Without Parachute
Running Secure Server Software on Insecure Hardware Without Parachute
 
Botconf ppt
Botconf pptBotconf ppt
Botconf ppt
 
Bridges and Tunnels: A Drive Through OpenStack Networking
Bridges and Tunnels: A Drive Through OpenStack NetworkingBridges and Tunnels: A Drive Through OpenStack Networking
Bridges and Tunnels: A Drive Through OpenStack Networking
 
Serverless for the Cloud Native Era with Fission
Serverless for the Cloud Native Era with FissionServerless for the Cloud Native Era with Fission
Serverless for the Cloud Native Era with Fission
 
GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...
GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...
GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...
 
NGINX Plus PLATFORM For Flawless Application Delivery
NGINX Plus PLATFORM For Flawless Application DeliveryNGINX Plus PLATFORM For Flawless Application Delivery
NGINX Plus PLATFORM For Flawless Application Delivery
 
DEFCON 28: 21 Jump Server: Going Bastionless in the Cloud
DEFCON 28: 21 Jump Server: Going Bastionless in the CloudDEFCON 28: 21 Jump Server: Going Bastionless in the Cloud
DEFCON 28: 21 Jump Server: Going Bastionless in the Cloud
 
Advanced Crypto Service Provider – cryptography as a service
Advanced Crypto Service Provider – cryptography as a serviceAdvanced Crypto Service Provider – cryptography as a service
Advanced Crypto Service Provider – cryptography as a service
 
Monitoring Highly Dynamic and Distributed Systems with NGINX Amplify
Monitoring Highly Dynamic and Distributed Systems with NGINX AmplifyMonitoring Highly Dynamic and Distributed Systems with NGINX Amplify
Monitoring Highly Dynamic and Distributed Systems with NGINX Amplify
 
Certificate based access type in openstack Manila @ openstack paris nov. 2014
Certificate based access type in openstack Manila @ openstack paris nov. 2014Certificate based access type in openstack Manila @ openstack paris nov. 2014
Certificate based access type in openstack Manila @ openstack paris nov. 2014
 
MRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker PatternMRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker Pattern
 
Redecentralizing the Web: IPFS and Filecoin
Redecentralizing the Web: IPFS and FilecoinRedecentralizing the Web: IPFS and Filecoin
Redecentralizing the Web: IPFS and Filecoin
 
Using NGINX as an Effective and Highly Available Content Cache
Using NGINX as an Effective and Highly Available Content CacheUsing NGINX as an Effective and Highly Available Content Cache
Using NGINX as an Effective and Highly Available Content Cache
 
NATS vs HTTP
NATS vs HTTPNATS vs HTTP
NATS vs HTTP
 

Similar to Bringing Elliptic Curve Cryptography into the Mainstream

Signing DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsSigning DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsAPNIC
 
DANE and Application Uses of DNSSEC
DANE and Application Uses of DNSSECDANE and Application Uses of DNSSEC
DANE and Application Uses of DNSSECShumon Huque
 
Dns protocol design attacks and security
Dns protocol design attacks and securityDns protocol design attacks and security
Dns protocol design attacks and securityMichael Earls
 
TLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured CommunicationsTLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured CommunicationsNitin Ramesh
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open SourceTLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open SourceNGINX, Inc.
 
State of the Web
State of the WebState of the Web
State of the WebCASCouncil
 
An Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSECAn Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSECCarlos Martinez Cagnazzo
 
The Trusted Cloud Transfer Protocol (TCTP)
The Trusted Cloud Transfer Protocol (TCTP)The Trusted Cloud Transfer Protocol (TCTP)
The Trusted Cloud Transfer Protocol (TCTP)Mathias Slawik
 
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...Felipe Prado
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Tim Mackey
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Black Duck by Synopsys
 
Servers.com Company Presentation 2020
Servers.com Company Presentation 2020Servers.com Company Presentation 2020
Servers.com Company Presentation 2020Servers.com
 
Consul and Complex Networks
Consul and Complex NetworksConsul and Complex Networks
Consul and Complex Networksslackpad
 
Alternatives and Enhancements to CAs for a Secure Web
Alternatives and Enhancements to CAs for a Secure WebAlternatives and Enhancements to CAs for a Secure Web
Alternatives and Enhancements to CAs for a Secure WebCASCouncil
 
Nginx Deep Dive Kubernetes Ingress
Nginx Deep Dive Kubernetes IngressNginx Deep Dive Kubernetes Ingress
Nginx Deep Dive Kubernetes IngressKnoldus Inc.
 

Similar to Bringing Elliptic Curve Cryptography into the Mainstream (20)

ION Bucharest - Deploying DNSSEC
ION Bucharest - Deploying DNSSECION Bucharest - Deploying DNSSEC
ION Bucharest - Deploying DNSSEC
 
Signing DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsSigning DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutions
 
IoT Secure Bootsrapping : ideas
IoT Secure Bootsrapping : ideasIoT Secure Bootsrapping : ideas
IoT Secure Bootsrapping : ideas
 
DANE and Application Uses of DNSSEC
DANE and Application Uses of DNSSECDANE and Application Uses of DNSSEC
DANE and Application Uses of DNSSEC
 
Dns protocol design attacks and security
Dns protocol design attacks and securityDns protocol design attacks and security
Dns protocol design attacks and security
 
TLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured CommunicationsTLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured Communications
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open SourceTLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
 
State of the Web
State of the WebState of the Web
State of the Web
 
An Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSECAn Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSEC
 
The Trusted Cloud Transfer Protocol (TCTP)
The Trusted Cloud Transfer Protocol (TCTP)The Trusted Cloud Transfer Protocol (TCTP)
The Trusted Cloud Transfer Protocol (TCTP)
 
SSL overview
SSL overviewSSL overview
SSL overview
 
DNS - MCSE 2019
DNS - MCSE 2019DNS - MCSE 2019
DNS - MCSE 2019
 
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...
 
ieeehs042204d
ieeehs042204dieeehs042204d
ieeehs042204d
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...
 
Servers.com Company Presentation 2020
Servers.com Company Presentation 2020Servers.com Company Presentation 2020
Servers.com Company Presentation 2020
 
Consul and Complex Networks
Consul and Complex NetworksConsul and Complex Networks
Consul and Complex Networks
 
Alternatives and Enhancements to CAs for a Secure Web
Alternatives and Enhancements to CAs for a Secure WebAlternatives and Enhancements to CAs for a Secure Web
Alternatives and Enhancements to CAs for a Secure Web
 
Nginx Deep Dive Kubernetes Ingress
Nginx Deep Dive Kubernetes IngressNginx Deep Dive Kubernetes Ingress
Nginx Deep Dive Kubernetes Ingress
 

Recently uploaded

DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Decarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceDecarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceIES VE
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...caitlingebhard1
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceWSO2
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 

Recently uploaded (20)

DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Decarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceDecarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational Performance
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 

Bringing Elliptic Curve Cryptography into the Mainstream

  • 1. Elliptic Curve Cryptography Bringing it to the mainstream Stanford Security Lunch November 4, 2015 Nick Sullivan @grittygrease nick@cloudflare.com
  • 2.
  • 3.
  • 4. DNS
  • 7.
  • 8.
  • 9. HTTPS Adoption (2013) • 2,545,693 valid RSA 2048-bit certificates
 Analysis of the HTTPS Certificate Ecosystem, Durumeric, Kasten, Bailey, Halderman (2013) • Zero valid ECDSA certificates 9
  • 12. Goal Enable HTTPS by default for ~2 million free customers 12
  • 13. Issue: Scale ~30 Trillion Requests/ Day 13
  • 14. What is expensive in TLS? • Private key Operations • Bulk encryption 14
  • 15. Bulk Encryption • Basically free with modern Intel processors • AES-GCM on Haswell is ~1 cycle per byte 15
  • 16. Private Key Operations • Orders of magnitude slower than symmetric crypto • RSA ~2,000,000 cycles per signature on Haswell • ~500 Quadrillion Cycles/Day 16
  • 17. We can do better • Session resumption (~33%) 17
  • 18. ECDSA Elliptic Curve Digital Signature Algorithm
  • 19. ECDSA • Digital signature algorithm based on elliptic curve crypto • Widely studied, no sub-exponential discrete logarithm • Standardized NIST Curves (P256, P384, P521) • NSA Suite B (Secret and Top Secret) 19
  • 21. ECDSA Advantages • Smaller keys (256bit EC ~ 3072bit RSA) • Faster signatures (~800K vs 2M) • Vlad Krasnov improved to ~375K by using x86_64 asm • Merged into OpenSSL, Golang • Saves 300 Quadrillion Cycles/Day (given 100% HTTPS) 21
  • 22. ECDSA Downsides • Slower signature verification • Less ubiquitous • Roots were added in • Some systems don’t support ECDSA (Android 2, Windows XP) • Patent encumbrances • Not quantum-safe: subject to Shor’s algorithm 22
  • 23. Universal SSL • Free ECDSA certificates for all customers • HTTPS enabled by default • Total number of HTTPS sites is 
 up by over 2 million • SNI-only so scans undercount 23
  • 26. Cache Poisoning (Kaminsky’s attack) 26 Resolver Authoritative Server Q: what is the IP address of cloudflare.com A: 198.41.213.157 A:6.6.6.6 A:6.6.6.6 A:6.6.6.6 A:6.6.6.6 A:6.6.6.6 A: 6.6.6.6 A: 6.6.6.6
  • 27. Man-in-the-middle 27 Resolver Authoritative Server Q: what is the IP address of cloudflare.com A: 198.41.213.157A: 6.6.6.6
  • 28. DNSSEC signature verification 28 A example.com. A RRSIG example.com. DNSKEY KSK example.com. DNSKEY KSK . Verisign Authoritative (i.e. CloudFlare) ICANN DS example.com. DS com. Root Key DNSKEY ZSK example.com. DNSKEY RRSIG example.com. DS RRSIG com. DNSKEY KSK com. DNSKEY ZSK com. DNSKEY RRSIG com. A RRSIG . DNSKEY ZSK . DNSKEY RRSIG .
  • 29. 29
  • 30. Solution: DNSSEC (done right) Digital signatures in the DNS Live-signed answers Elliptic curve keys 30
  • 31. Solution: DNSSEC (done right) cloudflare.net. 300 IN A 104.20.36.89 cloudflare.net. 300 IN A 104.20.37.89 cloudflare.net. 300 IN RRSIG A 13 2 300 20151105181354 20151103161354 35273 cloudflare.net. 1lj7NV/tLbTWAk/HeiU4UvxwTDPG8nXGEn408Rm7HELyL0HE3QRQTMha / Y0yTIAJWvQFKwGm2lg61Gpf9uy7uQ== ietf.org. 1800 IN A 4.31.198.44 ietf.org. 1800 IN RRSIG A 5 2 1800 20161012164049 20151013154322 40452 ietf.org. DlaOfMqEIkbTBY8Rv8WJf2MqXBzT64sUr+Ms5zEfV4IIdKhiQoQqU8vH Ga+PcZak5DzfXwXuklriXPI7jN5Zqk/ UnTsX62on0SQft/YkgAogMdZI U5znPsgkq+gX/BA2AkRpBOEBDiPS8sRgJb4r38kZ05BNLTvlweg3hIcX m1JHfbXuyAE4C6bRmD/h5erxvO6Q2UA2EFWHjcrIAAhmLRqHxeq8uhCJ AZMSJyTuJxB+6z+59v4/QxP +z3NnBdzxcTea1aUVYG/zbqiHkNpgRzrN 708UrrqkUwWDodrOYoHndfYoWqI61ifvBkUref0cn0IKWOolfHMsCjdl y6BdTA== 31
  • 32. Issues addressed Fix zone enumeration with live signing Fix live signing with ECDSA — in the Go language Vlad performance improvements Amplification-neutral 32
  • 33. ECDSA - Miscellaneous • Randomness breaks ECDSA • Fixed by RFC 6979 • Patent issues • ECDSA is not supported by Red Hat • A Riddle Wrapped in an Enigma • Koblitz & Menezes paper on Suite B • Are the NIST curves safe? 33
  • 34. Elliptic Curve Cryptography Bringing it to the mainstream Nick Sullivan @grittygrease nick@cloudflare.com