Successfully reported this slideshow.
Your SlideShare is downloading. ×

Bringing Elliptic Curve Cryptography into the Mainstream

Nov. 05, 2015
6 likes 1,591 views
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Upcoming SlideShare
What's New in Go Crypto - Gotham Go
What's New in Go Crypto - Gotham Go
Loading in …3
×

Check these out next

Sullivan heartbleed-defcon22 2014
Cloudflare
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
NGINX, Inc.
Sullivan handshake proxying-ieee-sp_2014
Cloudflare
DockerCon Live 2020 - Securing Your Containerized Application with NGINX
Kevin Jones
The 3 Models in the NGINX Microservices Reference Architecture
NGINX, Inc.
Sullivan white boxcrypto-baythreat-2013
Cloudflare
Running Secure Server Software on Insecure Hardware Without Parachute
Cloudflare
Botconf ppt
Cloudflare
1 of 34 Ad

Bringing Elliptic Curve Cryptography into the Mainstream

Nov. 05, 2015
6 likes 1,591 views

Download to read offline

Technology

In this talk I will describe how CloudFlare helped take elliptic curve cryptography from a promising technology with low adoption to core part of the HTTPS revolution.

Two years ago, almost every public key used on the web for HTTPS was an RSA key. In 2013, the zmap team from University of Michigan scanned the entire web and found fewer than twenty non-RSA certificates. Over the next two years, CloudFlare took that number into the millions with the Universal SSL project. We’ll describe how using ECDSA (Elliptic Curve Digital Signature Algorithm) keys instead of RSA keys played a crucial role in enabling this project. With Universal SSL, any website can become HTTPS-enabled for free.

Elliptic curve cryptography is not just useful for HTTPS, there are other protocols for which it provides an advantage over RSA. One of these is DNSSEC, the algorithm that lets administrators digitally sign DNS records for authenticity. DNSSEC been described as difficult deploy and dangerous because of the potential to abuse it in amplification/reflection attacks. In October 2015, CloudFlare launched its automated DNSSEC beta program. We’ll describe some of the tweaks we made to easily scale DNSSEC to millions of zones and how ECDSA keys helped solve some of the protocol’s major issues.

In this talk I will describe how CloudFlare helped take elliptic curve cryptography from a promising technology with low adoption to core part of the HTTPS revolution.

Two years ago, almost every public key used on the web for HTTPS was an RSA key. In 2013, the zmap team from University of Michigan scanned the entire web and found fewer than twenty non-RSA certificates. Over the next two years, CloudFlare took that number into the millions with the Universal SSL project. We’ll describe how using ECDSA (Elliptic Curve Digital Signature Algorithm) keys instead of RSA keys played a crucial role in enabling this project. With Universal SSL, any website can become HTTPS-enabled for free.

Elliptic curve cryptography is not just useful for HTTPS, there are other protocols for which it provides an advantage over RSA. One of these is DNSSEC, the algorithm that lets administrators digitally sign DNS records for authenticity. DNSSEC been described as difficult deploy and dangerous because of the potential to abuse it in amplification/reflection attacks. In October 2015, CloudFlare launched its automated DNSSEC beta program. We’ll describe some of the tweaks we made to easily scale DNSSEC to millions of zones and how ECDSA keys helped solve some of the protocol’s major issues.

Technology
Advertisement

Recommended

What's New in Go Crypto - Gotham Go
Nick Sullivan
12.1k views
53 slides
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23
Nick Sullivan
3.1k views
34 slides
An analysis of TLS handshake proxying
Nick Sullivan
2.4k views
40 slides
Scaling Push Messaging for Millions of Devices @Netflix
C4Media
1.4k views
86 slides
Virus Bulletin 2012
Cloudflare
1.5k views
21 slides
Heartache and Heartbleed - 31c3
Nick Sullivan
1.3k views
52 slides
Sullivan randomness-infiltrate 2014
Cloudflare
959 views
68 slides
Sullivan red october-oscon-2014
Cloudflare
1.1k views
51 slides
Advertisement

More Related Content

Slideshows for you (20)

Sullivan heartbleed-defcon22 2014
Cloudflare
988 views
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
NGINX, Inc.
454 views
Sullivan handshake proxying-ieee-sp_2014
Cloudflare
1.3k views
DockerCon Live 2020 - Securing Your Containerized Application with NGINX
Kevin Jones
660 views
The 3 Models in the NGINX Microservices Reference Architecture
NGINX, Inc.
1.1k views
Sullivan white boxcrypto-baythreat-2013
Cloudflare
793 views
Running Secure Server Software on Insecure Hardware Without Parachute
Cloudflare
12.7k views
Botconf ppt
Cloudflare
3.2k views
Bridges and Tunnels: A Drive Through OpenStack Networking
markmcclain
2.8k views
Serverless for the Cloud Native Era with Fission
NATS
2.9k views
GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...
wallyqs
1.6k views
NGINX Plus PLATFORM For Flawless Application Delivery
Ashnikbiz
1.1k views
DEFCON 28: 21 Jump Server: Going Bastionless in the Cloud
Colin Estep
179 views
Advanced Crypto Service Provider – cryptography as a service
Smart Coders
698 views
Monitoring Highly Dynamic and Distributed Systems with NGINX Amplify
NGINX, Inc.
393 views
Certificate based access type in openstack Manila @ openstack paris nov. 2014
Deepak Shetty
460 views
MRA AMA Part 7: The Circuit Breaker Pattern
NGINX, Inc.
610 views
Redecentralizing the Web: IPFS and Filecoin
Facultad de Informática UCM
2.1k views
Using NGINX as an Effective and Highly Available Content Cache
Kevin Jones
1.6k views
NATS vs HTTP
Apcera
3k views
Sullivan heartbleed-defcon22 2014
Cloudflare
988 views
33 slides
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
NGINX, Inc.
454 views
28 slides
Sullivan handshake proxying-ieee-sp_2014
Cloudflare
1.3k views
18 slides
DockerCon Live 2020 - Securing Your Containerized Application with NGINX
Kevin Jones
660 views
28 slides
The 3 Models in the NGINX Microservices Reference Architecture
NGINX, Inc.
1.1k views
40 slides
Sullivan white boxcrypto-baythreat-2013
Cloudflare
793 views
27 slides

Similar to Bringing Elliptic Curve Cryptography into the Mainstream (20)

ION Bucharest - Deploying DNSSEC
Deploy360 Programme (Internet Society)
596 views
Signing DNSSEC answers on the fly at the edge: challenges and solutions
APNIC
1.2k views
IoT Secure Bootsrapping : ideas
Jean-Baptiste Trystram
1.6k views
DANE and Application Uses of DNSSEC
Shumon Huque
426 views
Dns protocol design attacks and security
Michael Earls
3.7k views
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
NGINX, Inc.
5.2k views
State of the Web
CASCouncil
1.3k views
An Introduction to DANE - Securing TLS using DNSSEC
Carlos Martinez Cagnazzo
650 views
The Trusted Cloud Transfer Protocol (TCTP)
Mathias Slawik
780 views
SSL overview
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
2.7k views
DNS - MCSE 2019
Milad Es'Haghi
144 views
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...
Felipe Prado
70 views
ieeehs042204d
John Hines
87 views
Using hypervisor and container technology to increase datacenter security pos...
Black Duck by Synopsys
344 views
Using hypervisor and container technology to increase datacenter security pos...
Tim Mackey
828 views
Servers.com Company Presentation 2020
Servers.com
52 views
Consul and Complex Networks
slackpad
1.8k views
Alternatives and Enhancements to CAs for a Secure Web
CASCouncil
486 views
Nginx Deep Dive Kubernetes Ingress
Knoldus Inc.
1.3k views
An Overview of DNSSEC
Carlos Martinez Cagnazzo
975 views
ION Bucharest - Deploying DNSSEC
Deploy360 Programme (Internet Society)
596 views
46 slides
Signing DNSSEC answers on the fly at the edge: challenges and solutions
APNIC
1.2k views
41 slides
IoT Secure Bootsrapping : ideas
Jean-Baptiste Trystram
1.6k views
48 slides
DANE and Application Uses of DNSSEC
Shumon Huque
426 views
40 slides
Dns protocol design attacks and security
Michael Earls
3.7k views
49 slides
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
NGINX, Inc.
5.2k views
29 slides
Advertisement

Recently uploaded (20)

HDL.pptx
Abdulrahman181781
0 views
Poster1.pptx
ssuserb448e2
0 views
عرض الميزات.pptx
yakotalordea
0 views
NIO-Grizly.pdf
Mohit Kumar
0 views
Artificial Intelligence Outline (1).ppt
AmnaNadeem27
0 views
Chapter13.ppt
sahilkumar579884
0 views
UI/UX Design: Exploring the world of creativity by GDSC Crimsons and GDSC Blu...
KookiesEra
0 views
MENA Early Stage Data Handbook 2023 - Limited Release - Clearworld
Eden Rabbie
0 views
Importance of Robots in Mechatronics
SprayTechDevelopers
0 views
mammography
VanshikaGarg76
0 views
Pengantar Game - Chapter 2 - Game Genre.pptx
ssusera96b6f
3 views
ch01.pdf
surahyo2
0 views
Nereus Pitch Deck
Masaki Nakada
6 views
Safety on Lifts and escalators.pptx
sachin chauhan
0 views
Acknowledgment.pptx
HabtamuTadesseWorku
4 views
5G Basic Call Flows.pdf
IbrahimSayed61
0 views
liquid dosage form.pptx
HebaYassin10
0 views
The Importance of Accessibility in Software Design.pdf
Bahaa Al Zubaidi
0 views
Upgrade transactional database performance with Dell PowerEdge R660 servers r...
Principled Technologies
4 views
how does internet works.pptx
22I334MURUGAVELE
0 views
HDL.pptx
Abdulrahman181781
0 views
16 slides
Poster1.pptx
ssuserb448e2
0 views
1 slide
عرض الميزات.pptx
yakotalordea
0 views
6 slides
NIO-Grizly.pdf
Mohit Kumar
0 views
59 slides
Artificial Intelligence Outline (1).ppt
AmnaNadeem27
0 views
6 slides
Chapter13.ppt
sahilkumar579884
0 views
64 slides

Bringing Elliptic Curve Cryptography into the Mainstream

  1. 1. Elliptic Curve Cryptography Bringing it to the mainstream Stanford Security Lunch November 4, 2015 Nick Sullivan @grittygrease nick@cloudflare.com
  2. 2. DNS
  3. 3. HTTP
  4. 4. HTTPS The “S” stands for TLS
  5. 5. HTTPS Adoption (2013) • 2,545,693 valid RSA 2048-bit certificates
 Analysis of the HTTPS Certificate Ecosystem, Durumeric, Kasten, Bailey, Halderman (2013) • Zero valid ECDSA certificates 9
  6. 6. CloudFlare Reverse Proxy 10
  7. 7. 11 CACloudFlare CloudFlare Edge DNS CSR TXT? Proof TXT? Proof Certificate Proof
  8. 8. Goal Enable HTTPS by default for ~2 million free customers 12
  9. 9. Issue: Scale ~30 Trillion Requests/ Day 13
  10. 10. What is expensive in TLS? • Private key Operations • Bulk encryption 14
  11. 11. Bulk Encryption • Basically free with modern Intel processors • AES-GCM on Haswell is ~1 cycle per byte 15
  12. 12. Private Key Operations • Orders of magnitude slower than symmetric crypto • RSA ~2,000,000 cycles per signature on Haswell • ~500 Quadrillion Cycles/Day 16
  13. 13. We can do better • Session resumption (~33%) 17
  14. 14. ECDSA Elliptic Curve Digital Signature Algorithm
  15. 15. ECDSA • Digital signature algorithm based on elliptic curve crypto • Widely studied, no sub-exponential discrete logarithm • Standardized NIST Curves (P256, P384, P521) • NSA Suite B (Secret and Top Secret) 19
  16. 16. EQUATIONS!!! 20
  17. 17. ECDSA Advantages • Smaller keys (256bit EC ~ 3072bit RSA) • Faster signatures (~800K vs 2M) • Vlad Krasnov improved to ~375K by using x86_64 asm • Merged into OpenSSL, Golang • Saves 300 Quadrillion Cycles/Day (given 100% HTTPS) 21
  18. 18. ECDSA Downsides • Slower signature verification • Less ubiquitous • Roots were added in • Some systems don’t support ECDSA (Android 2, Windows XP) • Patent encumbrances • Not quantum-safe: subject to Shor’s algorithm 22
  19. 19. Universal SSL • Free ECDSA certificates for all customers • HTTPS enabled by default • Total number of HTTPS sites is 
 up by over 2 million • SNI-only so scans undercount 23
  20. 20. What about DNS? 24
  21. 21. Authoritative Servers 25
  22. 22. Cache Poisoning (Kaminsky’s attack) 26 Resolver Authoritative Server Q: what is the IP address of cloudflare.com A: 198.41.213.157 A:6.6.6.6 A:6.6.6.6 A:6.6.6.6 A:6.6.6.6 A:6.6.6.6 A: 6.6.6.6 A: 6.6.6.6
  23. 23. Man-in-the-middle 27 Resolver Authoritative Server Q: what is the IP address of cloudflare.com A: 198.41.213.157A: 6.6.6.6
  24. 24. DNSSEC signature verification 28 A example.com. A RRSIG example.com. DNSKEY KSK example.com. DNSKEY KSK . Verisign Authoritative (i.e. CloudFlare) ICANN DS example.com. DS com. Root Key DNSKEY ZSK example.com. DNSKEY RRSIG example.com. DS RRSIG com. DNSKEY KSK com. DNSKEY ZSK com. DNSKEY RRSIG com. A RRSIG . DNSKEY ZSK . DNSKEY RRSIG .
  25. 25. 29
  26. 26. Solution: DNSSEC (done right) Digital signatures in the DNS Live-signed answers Elliptic curve keys 30
  27. 27. Solution: DNSSEC (done right) cloudflare.net. 300 IN A 104.20.36.89 cloudflare.net. 300 IN A 104.20.37.89 cloudflare.net. 300 IN RRSIG A 13 2 300 20151105181354 20151103161354 35273 cloudflare.net. 1lj7NV/tLbTWAk/HeiU4UvxwTDPG8nXGEn408Rm7HELyL0HE3QRQTMha / Y0yTIAJWvQFKwGm2lg61Gpf9uy7uQ== ietf.org. 1800 IN A 4.31.198.44 ietf.org. 1800 IN RRSIG A 5 2 1800 20161012164049 20151013154322 40452 ietf.org. DlaOfMqEIkbTBY8Rv8WJf2MqXBzT64sUr+Ms5zEfV4IIdKhiQoQqU8vH Ga+PcZak5DzfXwXuklriXPI7jN5Zqk/ UnTsX62on0SQft/YkgAogMdZI U5znPsgkq+gX/BA2AkRpBOEBDiPS8sRgJb4r38kZ05BNLTvlweg3hIcX m1JHfbXuyAE4C6bRmD/h5erxvO6Q2UA2EFWHjcrIAAhmLRqHxeq8uhCJ AZMSJyTuJxB+6z+59v4/QxP +z3NnBdzxcTea1aUVYG/zbqiHkNpgRzrN 708UrrqkUwWDodrOYoHndfYoWqI61ifvBkUref0cn0IKWOolfHMsCjdl y6BdTA== 31
  28. 28. Issues addressed Fix zone enumeration with live signing Fix live signing with ECDSA — in the Go language Vlad performance improvements Amplification-neutral 32
  29. 29. ECDSA - Miscellaneous • Randomness breaks ECDSA • Fixed by RFC 6979 • Patent issues • ECDSA is not supported by Red Hat • A Riddle Wrapped in an Enigma • Koblitz & Menezes paper on Suite B • Are the NIST curves safe? 33
  30. 30. Elliptic Curve Cryptography Bringing it to the mainstream Nick Sullivan @grittygrease nick@cloudflare.com

×