0 01101111 01110010 01110111 01100001 01110010 01100100 00100000 01010011 01100101 01100011 01110010 01100101 01100011 011...
Upcoming SlideShare
Loading in …5
×

Symantec™ Perfect Forward Secrecy in Info-Graphic

1,232 views

Published on

Are you worried about value of privacy on the Internet? Must watch this info-graphic about The Value of Perfect Forward Secrecy from Symantec™

Published in: Internet, Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,232
On SlideShare
0
From Embeds
0
Number of Embeds
147
Actions
Shares
0
Downloads
4
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Symantec™ Perfect Forward Secrecy in Info-Graphic

  1. 1. 0 01101111 01110010 01110111 01100001 01110010 01100100 00100000 01010011 01100101 01100011 01110010 01100101 01100011 01111001 101 01100101 00100000 01101111 01100110 00100000 01000110 01101111 01110010 01110111 01100001 01110010 01100100 00100000 01010011 01100101 01100011 01110010 01100101 01100011 01111001 1100001 01101100 01110101 01100101 00100000 01101111 01100110 00100000 01000110 01101111 01110010 01110111 01100001 01110010 01100100 00100000 01010011 01100101 01100011 01110010 0110 01010011 01111001 01101101 01100001 01101110 01110100 01100101 01100011 01 01101101 01100001 01101110 01110100 01100101 01100011 01010110 01100001 01101100 01110101 01100101 00100000 01101111 01100110 00100000 01000110 01101111 01110010 01110111 01100001 01110010 01100100 00100000 0101001 01010110 01100001 01101100 01110101 01100101 00100000 01101111 01100110 00100000 01000110 01101111 01110 01010110 01100001 01101100 01110101 01100101 00100000 01101111 01100110 00100000 0 01010011 01111001 01101101 01100001 01101110 01110100 01100101 01 01010011 01111001 01101101 01100001 01101110 01110100 01100101 01100011 10111 01100001 01110010 01100100 00100000 01010011 01100101 01100011 01110010 01100101 01100011 01111001 1101111 01100110 00100000 01000110 01101111 01110010 01110111 01100001 01110010 01100100 00100000 01010011 01100101 01100011 01110010 01100101 01100011 01111001 01 01100101 00100000 01101111 01100110 00100000 01000110 01101111 01110010 01110111 01100001 01110010 01100100 00100000 01010011 01100101 01100011 01110010 01100101 01100011 01111001 1 01101101 01100001 01101110 01110100 01100101 01100011 1101110 01110100 01100101 01100011 01010110 01100001 01101100 01110101 01100101 00100000 01101111 01100110 00100000 01000110 01101111 01110010 01110111 01100001 01110010 011 01010110 01100001 01101100 01110101 01100101 00100000 01101111 01100110 00100000 0 01010110 01100001 01101100 01110101 01100101 00100000 011011 01010011 01111001 01101101 01100001 0110111 01010011 01111001 01101101 01100001 01101110 01110100 01100101 01 Take one look at the numbers, and you’ll see why it’s worth getting to know Perfect Forward Secrecy When it comes to security, IT professionals need to think ahead: An eavesdropper who records traffic today may successfully decrypt it in the future. A solution is to employ Perfect Forward Secrecy, in which unrecoverable temporary session keys are generated, used and discarded. When implemented correctly with Elliptic Curve Cryptography (ECC), Perfect Forward Secrecy is more secure than RSA algorithms and performs better. The world isn’t safe, and security risks to businesses and consumers are growing. PRISM PROGRAM Program of the National Security Administration (NSA) Revealed by Edward Snowden in spring 2013 Attempt to gain access to the private communications of users of: Microsoft Yahoo! Google Facebook3 ADOBEZAPPOS.COM LIVINGSOCIAL 24 50 38 million customers affected5 million customers affected6,7 million accounts hacked4 JAN 2012 APR 2013 SEP 2013 RSA RSA generates a public and private key to encrypt and decode messages. Continued use of recoverable keys makes stored data accessible if keys are compromised in the future PERFECT FORWARD SECRECY With Perfect Forward Secrecy, keys are randomly generated, exchanged, and discarded. Methods include ECDHE (Elliptical Curve DHE) & DHE (Diffie-Helman, allows shared secret key exchange). Past messages are protected from future attack Potential performance improvement, if implemented correctly All ECDHE servers have ciphers at least as strong as RSA signatures Perfect Forward Secrecy can be cracked if ciphers are weak or stored incorrectly 4 out of 5 DHE-enabled servers allow ciphers weaker than RSA signatures12 60% 18% of hosts10 ECDHE supported by of hosts11 DHE supported by Currently the dominant system, supported by 99.9% of sites8 CHARACTERISTICS CHARACTERISTICS Will move from 2048-bit to 4096-bit key size, supported in 2014 by 2% of sites9 2% 2048-bit 4096-bit SECURITY BENEFITS 256-bit ECC is estimated to be 10,000 times as tough to crack as RSA. When ECC is applied to DSA (called ECDSA), level of security climbs 160-bit public ECDSA key as secure as 1024-bit DSA key By default, ECDHE is properly configured for security with efficient 256-bit key size Requires periodic or upon-connection new random key generation Ephemeral keys cannot be revealed, so even recorded traffic is safe PERFORMANCE BENEFITS Tests were conducted using Elliptic Curve and RSA for key exchange and digital signature. The results?13 For complex page server requests per second: For multi-domain page server requests per second: with ECDHE-ECDSA with RSA-RSA with ECDHE-ECDSA with RSA-RSA Performance improvement of 27% 52% CPU usage cut about 60% with Elliptic Curve Perfect Forward Secrecy better than free in terms of performance Done properly, Perfect Forward Secrecy protects sensitive information yesterday, today, and tomorrow. What’s more, it does so while improving performance and user experience. For more information visit www.symantec.com/SSL or call 1-866-893-6565 or 1-520-477-3111 to speak with a security specialist and find out how certificates with ECC can offer improved performance and protection for your business. © 2014 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, and the Norton Secured Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. TO 360265 338265 01110111 01100001 01110010 01100100 00100000 01010011 01100101 01100011 01110010 01100101 01100011 01111001 0 01101111 01100110 00100000 01000110 01101111 01110010 01110111 01100001 01110010 01100100 00100000 01010011 01100101 01100011 01110010 01100101 01100011 01111001 10101 01100101 00100000 01101111 01100110 00100000 01000110 01101111 01110010 01110111 01100001 01110010 01100100 00100000 01010011 01100101 01100011 01110010 01100101 01100011 011110 1001 01101101 01100001 01101110 01110100 01100101 01100011 1 01101110 01110100 01100101 01100011 THE VALUE OF Perfect Forward Secrecy RSA vs. Perfect Forward Secrecy: Which provides greater security? Perfect Forward Secrecy, when implemented with ECC, offers significant performance and security benefits. Conclusion Sources TIMELINE OF ADDITIONAL DATA BREACHES Names, encrypted passwords, and encrypted credit and debit card numbers were among the types of data stolen in these high-profile breaches. More than 35% increase Nearly 28% increase 1 Finkle, Jim and Egan, Louise. "'Heartbleed' blamed in attack on Canada tax agency, more expected," Reuters. 2 Yadron, Danny. "Massive OpenSSL Bug 'Heartbleed' Threatens Sensitive Data," Wall Street Journal. 3 Lee, Timothy B. “Here’s everything we know about PRISM to date,” Wonkblog, WashingtonPost.com. 4 Hsieh, Tony. “Security Email.” 5 Swisher, Kara. “LivingSocial Hacked — More Than 50 Million Customer Names, Emails, Birthdates and Encrypted Passwords Accessed (Internal Memo),” AllThingsD.com. 6 “Adobe Breach Impacted At Least 38 Million Users,” KrebsOnSecurity.com. 7 Arkin, Brad. “Important Customer Security Announcement,” Adobe Featured Blogs. 8 Huang, Lin-Shung, Adhikarla, Shrikant, Boneh, Dan, and Jackson, Collin. “An Experimental Study of TLS Forward Secrecy Deployment,” September 2013. 9 Ibid. 10 Ibid. 11 Ibid. 12 Ibid. 13 Ibid. HEARTBLEED BUG Online traffic on over half a million trusted websites vulnerable starting June 2012 2013 2014 Estimated costs to eCommerce and online business in the 100s of millions Data stolen from the Canadian Tax Agency1 Names, passwords and other private information vulnerable to theft OpenSSL estimated to encrypt ~2/3 of active websites across the Internet2 RSARSA PERFECT FORWARD SECRECY PERFECT FORWARD SECRECY

×