SlideShare a Scribd company logo

TLS Optimization

Recent proposals for optimizing SSL/TLS have associated security tradeoffs. This talk covers False Start, Snap Start, and the BEAST attack.

1 of 45
Download to read offline
Optimizing TLS/SSL
                                     Nate Lawson

                                Cal Poly Grad Networks
                                   February 21, 2012




Friday, February 24, 2012
Root Labs


                            • Design and analyze security systems
                            • Emphasis on embedded, kernel, reverse
                              engineering, and cryptography




Friday, February 24, 2012
Focus


                            • Smart phones, set-top boxes, game
                              consoles, 2-factor tokens
                            • Trusted boot, device drivers
                            • Software tamper resistance

Friday, February 24, 2012
Before
                     • Cryptography Research
                      • Paul Kocher’s company (author of SSL
                              3.0)
                            • Co-designed Blu-ray disc security layer,
                              aka BD+
                     • Infogard Labs in SLO

Friday, February 24, 2012
SourceDNA

                     • Software similarity search engine
                      • Scale index to large number of binaries
                      • Perform sophisticated alignment


Friday, February 24, 2012
Overview

                     • SSL walkthrough
                     • False Start
                     • BEAST attack
                     • Snap Start

Friday, February 24, 2012

More Related Content

What's hot

SSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesSSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesJaroslavChmurny
 
Securing TCP connections using SSL
Securing TCP connections using SSLSecuring TCP connections using SSL
Securing TCP connections using SSLSagar Mali
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYMonodip Singha Roy
 
wolfSSL and TLS 1.3
wolfSSL and TLS 1.3wolfSSL and TLS 1.3
wolfSSL and TLS 1.3wolfSSL
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture shortAvirot Mitamura
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layerAhmed Elnaggar
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerPina Parmar
 
Sniffing SSL Traffic
Sniffing SSL TrafficSniffing SSL Traffic
Sniffing SSL Trafficdkaya
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 
Message authentication and hash function
Message authentication and hash functionMessage authentication and hash function
Message authentication and hash functionomarShiekh1
 

What's hot (20)

Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
OpenSSL
OpenSSLOpenSSL
OpenSSL
 
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesSSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
Securing TCP connections using SSL
Securing TCP connections using SSLSecuring TCP connections using SSL
Securing TCP connections using SSL
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
 
wolfSSL and TLS 1.3
wolfSSL and TLS 1.3wolfSSL and TLS 1.3
wolfSSL and TLS 1.3
 
Pgp smime
Pgp smimePgp smime
Pgp smime
 
SSL
SSLSSL
SSL
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
 
SSL/TLS 101
SSL/TLS 101SSL/TLS 101
SSL/TLS 101
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture short
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Sniffing SSL Traffic
Sniffing SSL TrafficSniffing SSL Traffic
Sniffing SSL Traffic
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
Message authentication and hash function
Message authentication and hash functionMessage authentication and hash function
Message authentication and hash function
 

Viewers also liked

Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)Nate Lawson
 
Foundations of Platform Security
Foundations of Platform SecurityFoundations of Platform Security
Foundations of Platform SecurityNate Lawson
 
ACPI and FreeBSD (Part 1)
ACPI and FreeBSD (Part 1)ACPI and FreeBSD (Part 1)
ACPI and FreeBSD (Part 1)Nate Lawson
 
Using FreeBSD to Design a Secure Digital Cinema Server (Usenix 2004)
Using FreeBSD to Design a Secure Digital Cinema Server (Usenix 2004)Using FreeBSD to Design a Secure Digital Cinema Server (Usenix 2004)
Using FreeBSD to Design a Secure Digital Cinema Server (Usenix 2004)Nate Lawson
 
ACPI and FreeBSD (Part 2)
ACPI and FreeBSD (Part 2)ACPI and FreeBSD (Part 2)
ACPI and FreeBSD (Part 2)Nate Lawson
 
Crypto Strikes Back! (Google 2009)
Crypto Strikes Back! (Google 2009)Crypto Strikes Back! (Google 2009)
Crypto Strikes Back! (Google 2009)Nate Lawson
 
When Crypto Attacks! (Yahoo 2009)
When Crypto Attacks! (Yahoo 2009)When Crypto Attacks! (Yahoo 2009)
When Crypto Attacks! (Yahoo 2009)Nate Lawson
 
Highway to Hell: Hacking Toll Systems (Blackhat 2008)
Highway to Hell: Hacking Toll Systems (Blackhat 2008)Highway to Hell: Hacking Toll Systems (Blackhat 2008)
Highway to Hell: Hacking Toll Systems (Blackhat 2008)Nate Lawson
 
Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)
Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)
Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)Nate Lawson
 
Designing and Attacking DRM (RSA 2008)
Designing and Attacking DRM (RSA 2008)Designing and Attacking DRM (RSA 2008)
Designing and Attacking DRM (RSA 2008)Nate Lawson
 
TLS/SSL MAC security flaw
TLS/SSL MAC security flawTLS/SSL MAC security flaw
TLS/SSL MAC security flawNate Lawson
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets LayerNascenia IT
 

Viewers also liked (14)

tls_resumption_detailed_final
tls_resumption_detailed_finaltls_resumption_detailed_final
tls_resumption_detailed_final
 
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)
 
Foundations of Platform Security
Foundations of Platform SecurityFoundations of Platform Security
Foundations of Platform Security
 
ACPI and FreeBSD (Part 1)
ACPI and FreeBSD (Part 1)ACPI and FreeBSD (Part 1)
ACPI and FreeBSD (Part 1)
 
Using FreeBSD to Design a Secure Digital Cinema Server (Usenix 2004)
Using FreeBSD to Design a Secure Digital Cinema Server (Usenix 2004)Using FreeBSD to Design a Secure Digital Cinema Server (Usenix 2004)
Using FreeBSD to Design a Secure Digital Cinema Server (Usenix 2004)
 
ACPI and FreeBSD (Part 2)
ACPI and FreeBSD (Part 2)ACPI and FreeBSD (Part 2)
ACPI and FreeBSD (Part 2)
 
Crypto Strikes Back! (Google 2009)
Crypto Strikes Back! (Google 2009)Crypto Strikes Back! (Google 2009)
Crypto Strikes Back! (Google 2009)
 
When Crypto Attacks! (Yahoo 2009)
When Crypto Attacks! (Yahoo 2009)When Crypto Attacks! (Yahoo 2009)
When Crypto Attacks! (Yahoo 2009)
 
Highway to Hell: Hacking Toll Systems (Blackhat 2008)
Highway to Hell: Hacking Toll Systems (Blackhat 2008)Highway to Hell: Hacking Toll Systems (Blackhat 2008)
Highway to Hell: Hacking Toll Systems (Blackhat 2008)
 
Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)
Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)
Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)
 
Designing and Attacking DRM (RSA 2008)
Designing and Attacking DRM (RSA 2008)Designing and Attacking DRM (RSA 2008)
Designing and Attacking DRM (RSA 2008)
 
TLS/SSL MAC security flaw
TLS/SSL MAC security flawTLS/SSL MAC security flaw
TLS/SSL MAC security flaw
 
Protocoles SSL/TLS
Protocoles SSL/TLSProtocoles SSL/TLS
Protocoles SSL/TLS
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets Layer
 

Similar to TLS Optimization

1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)Gabriella Davis
 
Data Security Essentials for Cloud Computing - JavaOne 2013
Data Security Essentials for Cloud Computing - JavaOne 2013Data Security Essentials for Cloud Computing - JavaOne 2013
Data Security Essentials for Cloud Computing - JavaOne 2013javagroup2006
 
Reversing banking trojan: an in-depth look into Gataka
Reversing banking trojan: an in-depth look into GatakaReversing banking trojan: an in-depth look into Gataka
Reversing banking trojan: an in-depth look into Gatakajiboutin
 
Boutin reversing banking trojan. an in-depth look into gataka
Boutin   reversing banking trojan. an in-depth look into gatakaBoutin   reversing banking trojan. an in-depth look into gataka
Boutin reversing banking trojan. an in-depth look into gatakaDefconRussia
 
MySQL Security in a Cloudy World
MySQL Security in a Cloudy WorldMySQL Security in a Cloudy World
MySQL Security in a Cloudy WorldDave Stokes
 
Cryptography Challenges for Computational Privacy in Public Clouds
Cryptography Challenges for Computational Privacy in Public CloudsCryptography Challenges for Computational Privacy in Public Clouds
Cryptography Challenges for Computational Privacy in Public CloudsSashank Dara
 
A Technical Dive into Defensive Trickery
A Technical Dive into Defensive TrickeryA Technical Dive into Defensive Trickery
A Technical Dive into Defensive TrickeryDan Kaminsky
 
Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Amazon Web Services
 
Data Security for Project Managers
Data Security for Project ManagersData Security for Project Managers
Data Security for Project ManagersJoseph Wojowski
 
Reinventing anon email
Reinventing anon emailReinventing anon email
Reinventing anon emailantitree
 
Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013javagroup2006
 
key aggregate cryptosystem for scalable data sharing in cloud
key aggregate cryptosystem for scalable data sharing in cloudkey aggregate cryptosystem for scalable data sharing in cloud
key aggregate cryptosystem for scalable data sharing in cloudSravan Narra
 
Common crypto attacks and secure implementations
Common crypto attacks and secure implementationsCommon crypto attacks and secure implementations
Common crypto attacks and secure implementationsTrupti Shiralkar, CISSP
 
Pki 201 Key Management
Pki 201 Key ManagementPki 201 Key Management
Pki 201 Key ManagementNCC Group
 
Encryption in the Age of Breaches
Encryption in the Age of BreachesEncryption in the Age of Breaches
Encryption in the Age of BreachesKarthik Bhat
 
Today's Unified Communications: To upgrade, coexist, or go 'all in' with the ...
Today's Unified Communications: To upgrade, coexist, or go 'all in' with the ...Today's Unified Communications: To upgrade, coexist, or go 'all in' with the ...
Today's Unified Communications: To upgrade, coexist, or go 'all in' with the ...C/D/H Technology Consultants
 
How to secure your emails for sensitive docs
How to secure your emails for sensitive docsHow to secure your emails for sensitive docs
How to secure your emails for sensitive docsDavid Strom
 
Advanced Blockchain Technologies on Privacy & Scalability (All Things Open)
Advanced Blockchain Technologies on Privacy & Scalability (All Things Open) Advanced Blockchain Technologies on Privacy & Scalability (All Things Open)
Advanced Blockchain Technologies on Privacy & Scalability (All Things Open) Kaleido
 
All you need to know about transport layer security
All you need to know about transport layer securityAll you need to know about transport layer security
All you need to know about transport layer securityMaarten Smeets
 

Similar to TLS Optimization (20)

1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
 
Data Security Essentials for Cloud Computing - JavaOne 2013
Data Security Essentials for Cloud Computing - JavaOne 2013Data Security Essentials for Cloud Computing - JavaOne 2013
Data Security Essentials for Cloud Computing - JavaOne 2013
 
Reversing banking trojan: an in-depth look into Gataka
Reversing banking trojan: an in-depth look into GatakaReversing banking trojan: an in-depth look into Gataka
Reversing banking trojan: an in-depth look into Gataka
 
Boutin reversing banking trojan. an in-depth look into gataka
Boutin   reversing banking trojan. an in-depth look into gatakaBoutin   reversing banking trojan. an in-depth look into gataka
Boutin reversing banking trojan. an in-depth look into gataka
 
MySQL Security in a Cloudy World
MySQL Security in a Cloudy WorldMySQL Security in a Cloudy World
MySQL Security in a Cloudy World
 
Cryptography Challenges for Computational Privacy in Public Clouds
Cryptography Challenges for Computational Privacy in Public CloudsCryptography Challenges for Computational Privacy in Public Clouds
Cryptography Challenges for Computational Privacy in Public Clouds
 
A Technical Dive into Defensive Trickery
A Technical Dive into Defensive TrickeryA Technical Dive into Defensive Trickery
A Technical Dive into Defensive Trickery
 
SSL/TLS 101
SSL/TLS 101SSL/TLS 101
SSL/TLS 101
 
Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012
 
Data Security for Project Managers
Data Security for Project ManagersData Security for Project Managers
Data Security for Project Managers
 
Reinventing anon email
Reinventing anon emailReinventing anon email
Reinventing anon email
 
Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013
 
key aggregate cryptosystem for scalable data sharing in cloud
key aggregate cryptosystem for scalable data sharing in cloudkey aggregate cryptosystem for scalable data sharing in cloud
key aggregate cryptosystem for scalable data sharing in cloud
 
Common crypto attacks and secure implementations
Common crypto attacks and secure implementationsCommon crypto attacks and secure implementations
Common crypto attacks and secure implementations
 
Pki 201 Key Management
Pki 201 Key ManagementPki 201 Key Management
Pki 201 Key Management
 
Encryption in the Age of Breaches
Encryption in the Age of BreachesEncryption in the Age of Breaches
Encryption in the Age of Breaches
 
Today's Unified Communications: To upgrade, coexist, or go 'all in' with the ...
Today's Unified Communications: To upgrade, coexist, or go 'all in' with the ...Today's Unified Communications: To upgrade, coexist, or go 'all in' with the ...
Today's Unified Communications: To upgrade, coexist, or go 'all in' with the ...
 
How to secure your emails for sensitive docs
How to secure your emails for sensitive docsHow to secure your emails for sensitive docs
How to secure your emails for sensitive docs
 
Advanced Blockchain Technologies on Privacy & Scalability (All Things Open)
Advanced Blockchain Technologies on Privacy & Scalability (All Things Open) Advanced Blockchain Technologies on Privacy & Scalability (All Things Open)
Advanced Blockchain Technologies on Privacy & Scalability (All Things Open)
 
All you need to know about transport layer security
All you need to know about transport layer securityAll you need to know about transport layer security
All you need to know about transport layer security
 

Recently uploaded

"Testing of Helm Charts or There and Back Again", Yura Rochniak
"Testing of Helm Charts or There and Back Again", Yura Rochniak"Testing of Helm Charts or There and Back Again", Yura Rochniak
"Testing of Helm Charts or There and Back Again", Yura RochniakFwdays
 
Power of 2024 - WITforce Odyssey.pptx.pdf
Power of 2024 - WITforce Odyssey.pptx.pdfPower of 2024 - WITforce Odyssey.pptx.pdf
Power of 2024 - WITforce Odyssey.pptx.pdfkatalinjordans1
 
"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin
"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin
"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro KozhevinFwdays
 
Battle of React State Managers in frontend applications
Battle of React State Managers in frontend applicationsBattle of React State Managers in frontend applications
Battle of React State Managers in frontend applicationsEvangelia Mitsopoulou
 
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)Jay Zhao
 
Pragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdfPragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdfinfogdgmi
 
"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, Google
"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, Google"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, Google
"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, GoogleISPMAIndia
 
How we think about an advisor tech stack
How we think about an advisor tech stackHow we think about an advisor tech stack
How we think about an advisor tech stackSummit
 
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions..."How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...Fwdays
 
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...Product School
 
Revolutionizing The Banking Industry: The Monzo Way by CPO, Monzo
Revolutionizing The Banking Industry: The Monzo Way by CPO, MonzoRevolutionizing The Banking Industry: The Monzo Way by CPO, Monzo
Revolutionizing The Banking Industry: The Monzo Way by CPO, MonzoProduct School
 
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...htrindia
 
Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...Product School
 
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docxLeveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docxVotarikari Shravan
 
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptxThe Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptxNeo4j
 
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...Neo4j
 
Artificial Intelligence, Design, and More-than-Human Justice
Artificial Intelligence, Design, and More-than-Human JusticeArtificial Intelligence, Design, and More-than-Human Justice
Artificial Intelligence, Design, and More-than-Human JusticeJosh Gellers
 
"Running Open-Source LLM models on Kubernetes", Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes", Volodymyr TsapFwdays
 
Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31
Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31
Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31shyamraj55
 
Campotel: Telecommunications Infra and Network Builder - Company Profile
Campotel: Telecommunications Infra and Network Builder - Company ProfileCampotel: Telecommunications Infra and Network Builder - Company Profile
Campotel: Telecommunications Infra and Network Builder - Company ProfileCampotelPhilippines
 

Recently uploaded (20)

"Testing of Helm Charts or There and Back Again", Yura Rochniak
"Testing of Helm Charts or There and Back Again", Yura Rochniak"Testing of Helm Charts or There and Back Again", Yura Rochniak
"Testing of Helm Charts or There and Back Again", Yura Rochniak
 
Power of 2024 - WITforce Odyssey.pptx.pdf
Power of 2024 - WITforce Odyssey.pptx.pdfPower of 2024 - WITforce Odyssey.pptx.pdf
Power of 2024 - WITforce Odyssey.pptx.pdf
 
"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin
"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin
"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin
 
Battle of React State Managers in frontend applications
Battle of React State Managers in frontend applicationsBattle of React State Managers in frontend applications
Battle of React State Managers in frontend applications
 
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)
 
Pragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdfPragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdf
 
"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, Google
"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, Google"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, Google
"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, Google
 
How we think about an advisor tech stack
How we think about an advisor tech stackHow we think about an advisor tech stack
How we think about an advisor tech stack
 
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions..."How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
 
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
 
Revolutionizing The Banking Industry: The Monzo Way by CPO, Monzo
Revolutionizing The Banking Industry: The Monzo Way by CPO, MonzoRevolutionizing The Banking Industry: The Monzo Way by CPO, Monzo
Revolutionizing The Banking Industry: The Monzo Way by CPO, Monzo
 
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
 
Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...
 
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docxLeveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
 
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptxThe Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
 
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
 
Artificial Intelligence, Design, and More-than-Human Justice
Artificial Intelligence, Design, and More-than-Human JusticeArtificial Intelligence, Design, and More-than-Human Justice
Artificial Intelligence, Design, and More-than-Human Justice
 
"Running Open-Source LLM models on Kubernetes", Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes", Volodymyr Tsap
 
Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31
Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31
Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31
 
Campotel: Telecommunications Infra and Network Builder - Company Profile
Campotel: Telecommunications Infra and Network Builder - Company ProfileCampotel: Telecommunications Infra and Network Builder - Company Profile
Campotel: Telecommunications Infra and Network Builder - Company Profile
 

TLS Optimization

  • 1. Optimizing TLS/SSL Nate Lawson Cal Poly Grad Networks February 21, 2012 Friday, February 24, 2012
  • 2. Root Labs • Design and analyze security systems • Emphasis on embedded, kernel, reverse engineering, and cryptography Friday, February 24, 2012
  • 3. Focus • Smart phones, set-top boxes, game consoles, 2-factor tokens • Trusted boot, device drivers • Software tamper resistance Friday, February 24, 2012
  • 4. Before • Cryptography Research • Paul Kocher’s company (author of SSL 3.0) • Co-designed Blu-ray disc security layer, aka BD+ • Infogard Labs in SLO Friday, February 24, 2012
  • 5. SourceDNA • Software similarity search engine • Scale index to large number of binaries • Perform sophisticated alignment Friday, February 24, 2012
  • 6. Overview • SSL walkthrough • False Start • BEAST attack • Snap Start Friday, February 24, 2012
  • 7. History • SSL (Secure Sockets Layer) v2.0 (1994) • Serious security problems including incomplete MAC coverage of padding • SSL v3.0 (1996) • Major revision to address security problems • TLS (Transport Layer Security) 1.0 (1999) • Added new crypto algorithm support • IETF takes over • TLS 1.1 (2006) • Address Vaudenay’s CBC attacks on record layer • TLS 1.2 (2008) • SHA/MD5 for Finished message now SHA-256 Friday, February 24, 2012
  • 8. Layered model • SSL provides security at the transport layer (OSI model L4) • Stream of bytes in, private/untampered stream of bytes out • Application logic is unmodified • Can be adapted to datagram service also (DTLS) • Compare to IPSEC • Mostly used as an L3 protocol (datagram tunneling) Friday, February 24, 2012
  • 9. Security goals • Privacy • Data within SSL session should not be recoverable by anyone except the endpoints • Integrity • Data in transit should not be modified without detection • Authentication • No endpoint should be able to masquerade as another Friday, February 24, 2012
  • 10. Attacker capabilities • Normal participant • Can talk to server that is also talking to other parties • Passive eavesdropping • Observe any or all messages sent by other parties • Active (Man in the Middle) • Insert or replay old messages • Modify • Delete or reorder Friday, February 24, 2012
  • 11. Symmetric crypto • Block ciphers turn plaintext block into ciphertext using a secret key • Recipient inverts (decrypts) block using same key • Examples: AES, 3DES Friday, February 24, 2012
  • 12. Block chaining • Often requires “chaining” to encrypt messages longer than a single block • This does not provide integrity protection Friday, February 24, 2012
  • 13. Public key crypto • Data transformed with one key can only be inverted with the other key (asymmetric) • Examples: RSA, (EC)Diffie-Hellman, (EC)DSA • Can encrypt data to a recipient without also being able to decrypt it afterward • Can sign data by encrypting it with one key and publishing the other Friday, February 24, 2012
  • 15. Certificates • Associate a name with a public key • Trusted party uses private key to sign the message “joe.com = 0x09f9…” • Public key of trusted party came with your web browser • Key management still a problem • Expire certs and explicitly revoke them if a private key is compromised (CRL) • Or, check with the trusted party each time you want to use one (OCSP) Friday, February 24, 2012
  • 16. TLS Handshake Client Server ClientHello ServerHello Certificate ServerHelloDone ClientKeyExchange [ChangeCipherSpec] Finished [ChangeCipherSpec] Finished ApplicationData ApplicationData Friday, February 24, 2012
  • 17. Hello • Initiates connection and specifies parameters Client / ServerHello Version • Initiator sends list (i.e., RandomData SessionID CipherSuites) and CipherSuites responder selects one CompressionMethods item from list • SessionID is used for resuming (explained later) Friday, February 24, 2012
  • 18. Certificate • Provides a signed public key value to the other Certificate party ASN.1Cert • Other side must verify (X.509 v3 format) information • CN field is myhost.com = IP address in TCP connection • Cert chain back to root Friday, February 24, 2012
  • 19. ServerHelloDone • Signifies end of server auth process • Allows multi-pass authentication handshake • Cert-based auth is single-pass Friday, February 24, 2012
  • 20. ClientKeyExchange • Client sends encrypted premaster secret to server ClientKeyExchange RSA-PubKey-Encrypt( • ClientVersion Assumes RSA public key PreMasterSecret[48] crypto (most common) ) • Server checks ClientVersion matches highest advertised version Friday, February 24, 2012
  • 21. ChangeCipherSpec • Indicates following datagrams will be encrypted MasterSecret computation • Disambiguates case Hash( PreMasterSecret where next message may ClientRandom be error or encrypted ServerRandom data ) • Each side now calculates data encryption key (K) Friday, February 24, 2012
  • 22. Finished • Indicates all protocol negotiation is complete and data may be Finished exchanged AES-K-Encrypt( Magic MD5(handshake_messages) • Includes hashes of all SHA1(handshake_messages) handshake messages ) seen by each side • Also, magic integers 0x434C4E54 or 0x53525652 (why?) Friday, February 24, 2012
  • 23. ApplicationData ApplicationData • Encapsulates encrypted AES-CBC-K-Encrypt( data for duration of Type session Version Length Data • Can span multiple TCP MAC Padding packets PaddingLength ) Friday, February 24, 2012
  • 25. TLS Handshake Client Server ClientHello ServerHello Certificate ServerHelloDone ClientKeyExchange [ChangeCipherSpec] Finished [ChangeCipherSpec] Finished ApplicationData ApplicationData Friday, February 24, 2012
  • 26. Session resumption Client Server ClientHello ServerHello [ChangeCipherSpec] Finished [ChangeCipherSpec] Finished ApplicationData (request) ApplicationData (response) Friday, February 24, 2012
  • 28. False Start Client Server ClientHello ServerHello Certificate ServerHelloDone ClientKeyExchange [ChangeCipherSpec] Finished ApplicationData (request) [ChangeCipherSpec] Finished ApplicationData (response) Friday, February 24, 2012
  • 29. Security • Attacker spoofing server can modify: • Version • RandomData • SessionID • CipherSuites & CompressionMethods • Certificate • Client will only detect after Finished message received or timeout Friday, February 24, 2012
  • 31. CBC encryption P1 P2 P3 IV ⊕ ⊕ ⊕ AESEnc AESEnc AESEnc C1 C2 C3 Friday, February 24, 2012
  • 32. IV reuse P1 P2 P3 P4 IV ⊕ ⊕ IV’ ⊕ ⊕ AESEnc AESEnc AESEnc AESEnc C1 C2 C3 C4 Friday, February 24, 2012
  • 33. Process 1. Send message with 1 unknown byte 2. Send another message with guess for that byte aligned with same slot 3. If ciphertext matches, guess was correct Repeat for up to 256 * n bytes of secret Friday, February 24, 2012
  • 34. HTTP GET /example HTTP/1.1 Host: server.example.com Origin: http://example.com Cookie: 0123456789abcdef Friday, February 24, 2012
  • 35. HTTP GET /example?PAD=AAA HTTP/1.1 Host: server.example.com Origin: http://example.com Cookie: 0123456789abcdef Friday, February 24, 2012
  • 36. IV reuse P1 P2 P3 P4 P5 P6 IV ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ AESEn AESEn AESEn AESEn AESEn AESEn C1 C2 C3 C4 C5 C6 ... ?PAD=AAA_ HTTP/1.1rnCookie: 0 123456789abcdef Friday, February 24, 2012
  • 37. IV reuse P1 P2 P3 P4 P5 P6 IV ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ AESEn AESEn AESEn AESEn AESEn AESEn C1 C2 C3 C4 C5 C6 ... ?PAD=AA_H TTP/1.1rnCookie: 01 23456789abcdef Friday, February 24, 2012
  • 38. IV reuse P1 P2 P3 P4 P5 P6 IV ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ AESEn AESEn AESEn AESEn AESEn AESEn C1 C2 C3 C4 C5 C6 ... ?PAD=A_HT TP/1.1rnCookie: 012 3456789abcdef Friday, February 24, 2012
  • 39. Relations G =15 bytes known data || 1 byte guess P3 = C2 ⊕ G C3 = AES(C2 ⊕ C2 ⊕ G) = AES(G) Friday, February 24, 2012
  • 40. Attacker requirements • Ability to choose or influence some of the message •Internal alignment via adjustment of padding fields •Choice of plaintext guess • Partial knowledge of the original message • See each previous record’s C2 (IV’) Friday, February 24, 2012
  • 41. Snap Start Client Server ClientHello Snap Start Extension ClientKeyExchange [ChangeCipherSpec] Finished ApplicationData (request) [ChangeCipherSpec] Finished ApplicationData (response) Friday, February 24, 2012
  • 42. Snap Start changes • Server advertises initial orbit and cipher suite in Hello extension • On next connection, client sends: • Prior orbit, cipher suite • Chosen random_bytes • Checksum of predicted server handshake Friday, February 24, 2012
  • 43. Limitations • Client uses cached cipher suite • Client chooses random_bytes • Server must track some number of previous values and reject connection if reused • Server must validate timestamp • No SessionID and so no resume or must use session tickets Friday, February 24, 2012
  • 44. Conclusions • SSL provides a well-tested secure transport layer • Security protocols require careful interdependence of components • Easy to make mistakes designing security and crypto in particular Friday, February 24, 2012
  • 45. References TLS Overview, http://en.wikipedia.org/wiki/Transport_Layer_Security False Start draft, https://tools.ietf.org/html/draft-bmoeller-tls-falsestart-00 Snap Start draft (withdrawn), http://www.imperialviolet.org/binary/draft-agl- tls-snapstart-00.html Security criticism of False & Snap Start, http://www.ietf.org/mail-archive/ web/tls/current/msg06933.html BEAST Attack description, http://www.educatedguesswork.org/2011/09/ security_impact_of_the_rizzodu.html Fixing BEAST, http://www.educatedguesswork.org/2011/11/ rizzoduong_beast_countermeasur.html Friday, February 24, 2012