This document discusses various topics related to transport layer security (TLS) including:
- A brief history of TLS and its predecessors SSL.
- An overview of the TLS handshake process and how it establishes encryption between a client and server.
- Explanations of key TLS concepts like public-key cryptography, certificates, and different types of encryption.
- Performance considerations for TLS including reducing latency in the handshake process and optimizing TLS configuration.
- Methods for improving TLS performance such as using session tickets, TLS false start, HTTP/2, and content delivery networks.
The authors built a symbolic model of the TLS 1.3 specification (draft 10) using the Tamarin prover to verify key properties like secrecy of session keys and unilateral/mutual authentication. They found a potential attack during this analysis and disclosed it to the IETF TLS working group. As the specification continued evolving, they started updating their model but noted it was a moving target.
This document summarizes Natasha Rooney's presentation on QUIC and the evolution of HTTP. Some key points include:
- QUIC aims to improve performance over TCP by eliminating head-of-line blocking and reducing latency through 0-RTT connections.
- It achieves this by multiplexing streams over a UDP connection and integrating TLS 1.3 for encryption to provide security.
- Early results show QUIC reducing page load times by 15-18% for video and 3.6-8% for search queries on Google's services.
- As QUIC becomes more widely adopted, it may continue to improve performance for a "long tail" of users on slower or more unreliable networks.
SSL and TLS provide end-to-end security for applications using TCP. They operate at the transport layer and provide services like data encryption, message integrity, and client/server authentication. The key components are the handshake protocol for negotiating encryption parameters and exchanging keys, the record protocol for fragmenting and encrypting application data, and alert and change cipher spec protocols for signaling errors and key changes. Common algorithms include RSA and Diffie-Hellman for key exchange, RC4, 3DES and AES for encryption, and MD5 or SHA for hashing. Sessions define a connection's cryptographic settings while connections are the actual data streams.
TLS (Transport Layer Security) is commonly used to secure HTTPS connections and provide encryption for web traffic. It establishes an encrypted connection between a client and server through a handshake process where the server presents a digital certificate that is verified against trusted certificate authorities. TLS aims to prevent surveillance, spoofing, and modification of transmitted data by providing encryption, authentication, and data integrity. While the certificate authority system has weaknesses, protocols like TLS, HTTPS, and HSTS help secure modern web transactions over the internet.
TLS (Transport Layer Security) is a cryptographic protocol that provides encryption and security for data sent over the internet. It is used by HTTPS to encrypt communication between web browsers and servers. TLS 1.2, the previous standard, had security flaws in how it exchanged encryption keys. TLS 1.3 improves security by using Diffie-Hellman key exchange so keys are not sent directly over the network. To upgrade a website from HTTP to HTTPS, an SSL certificate must be purchased and installed, all links on the site must be changed to HTTPS, and HTTP traffic should be redirected to HTTPS.
TLS had various problems recently. The BEAST attack, the CRIME attack, the Lucky Thirteen attack, problems with RC4 and of course Heartbleed. Standards from the NSA aren't trustworthy any more. Where is TLS today and what improvements are planned?
See also https://blog.hboeck.de/archives/846-Easterhegg-talk-on-TLS.html
Cryptography is the science of secure and hidden communication. It has two main components - encryption and authentication & integrity. Encryption involves hiding messages so that only the intended recipient can read them, while authentication & integrity ensures users are who they claim to be and messages are not altered. Popular symmetric encryption algorithms like DES and AES use the same key for encryption and decryption, while asymmetric algorithms like RSA use different public and private keys to encrypt and decrypt. Cryptanalysis involves analyzing and attempting to break encryption methods.
The authors built a symbolic model of the TLS 1.3 specification (draft 10) using the Tamarin prover to verify key properties like secrecy of session keys and unilateral/mutual authentication. They found a potential attack during this analysis and disclosed it to the IETF TLS working group. As the specification continued evolving, they started updating their model but noted it was a moving target.
This document summarizes Natasha Rooney's presentation on QUIC and the evolution of HTTP. Some key points include:
- QUIC aims to improve performance over TCP by eliminating head-of-line blocking and reducing latency through 0-RTT connections.
- It achieves this by multiplexing streams over a UDP connection and integrating TLS 1.3 for encryption to provide security.
- Early results show QUIC reducing page load times by 15-18% for video and 3.6-8% for search queries on Google's services.
- As QUIC becomes more widely adopted, it may continue to improve performance for a "long tail" of users on slower or more unreliable networks.
SSL and TLS provide end-to-end security for applications using TCP. They operate at the transport layer and provide services like data encryption, message integrity, and client/server authentication. The key components are the handshake protocol for negotiating encryption parameters and exchanging keys, the record protocol for fragmenting and encrypting application data, and alert and change cipher spec protocols for signaling errors and key changes. Common algorithms include RSA and Diffie-Hellman for key exchange, RC4, 3DES and AES for encryption, and MD5 or SHA for hashing. Sessions define a connection's cryptographic settings while connections are the actual data streams.
TLS (Transport Layer Security) is commonly used to secure HTTPS connections and provide encryption for web traffic. It establishes an encrypted connection between a client and server through a handshake process where the server presents a digital certificate that is verified against trusted certificate authorities. TLS aims to prevent surveillance, spoofing, and modification of transmitted data by providing encryption, authentication, and data integrity. While the certificate authority system has weaknesses, protocols like TLS, HTTPS, and HSTS help secure modern web transactions over the internet.
TLS (Transport Layer Security) is a cryptographic protocol that provides encryption and security for data sent over the internet. It is used by HTTPS to encrypt communication between web browsers and servers. TLS 1.2, the previous standard, had security flaws in how it exchanged encryption keys. TLS 1.3 improves security by using Diffie-Hellman key exchange so keys are not sent directly over the network. To upgrade a website from HTTP to HTTPS, an SSL certificate must be purchased and installed, all links on the site must be changed to HTTPS, and HTTP traffic should be redirected to HTTPS.
TLS had various problems recently. The BEAST attack, the CRIME attack, the Lucky Thirteen attack, problems with RC4 and of course Heartbleed. Standards from the NSA aren't trustworthy any more. Where is TLS today and what improvements are planned?
See also https://blog.hboeck.de/archives/846-Easterhegg-talk-on-TLS.html
Cryptography is the science of secure and hidden communication. It has two main components - encryption and authentication & integrity. Encryption involves hiding messages so that only the intended recipient can read them, while authentication & integrity ensures users are who they claim to be and messages are not altered. Popular symmetric encryption algorithms like DES and AES use the same key for encryption and decryption, while asymmetric algorithms like RSA use different public and private keys to encrypt and decrypt. Cryptanalysis involves analyzing and attempting to break encryption methods.
All you need to know about transport layer securityMaarten Smeets
Many people think that using HTTPS to offer your site or service to clients makes you secure from eavesdroppers and people trying to manipulate your network traffic. Think again! In this presentation I'll dive into transport layer security. I'll elaborate on what you can achieve with SSL such as authentication, encryption and integrity and how you can achieve it. I'll talk about the client-server handshake, identity and trust, one-way and two-way SSL, keys and keystores and cipher suite choice. By means of several examples, I'll show what it can mean if you make the wrong choices in on premises and cloud scenario's. This presentation is relevant for anyone involved in securing connections between client and server using TLS and people interested in learning more about the topic of TLS in general.
NATS: Simple, Secure and Scalable Messaging For the Cloud Native Erawallyqs
The majority of middleware and messaging systems in use were built in a time that did not have the concept of scale and real-time data that developers operate in today.
With the rise of Cloud Native and Microservices architectures as a design principle and the emphasis on simplicity, speed, and flexibility that come with it, developers need a messaging protocol to match.
Enter NATS. NATS is a remarkably lightweight messaging protocol, and extremely flexible and resilient. It is just a few MB in size, and can scale to publish tens of millions of message from a single server.
This document provides an introduction to SSH and PGP protocols for secure communication. It discusses how SSH uses public-key cryptography to authenticate connections and encrypt data transmitted over untrusted networks, protecting against threats like IP spoofing. It also explains how SSH uses key pairs and configuration files. PGP is introduced as providing encryption, authentication and integrity for email through techniques like hashing, symmetric/asymmetric encryption and digital signatures. It describes how PGP handles the technical challenges of encoding encrypted data for transmission in email systems.
SSL/TLS is a cryptographic protocol that provides security for network communications by encrypting segments of network connections at the transport layer. It uses asymmetric and symmetric encryption, as well as digital signatures, to authenticate servers and optionally clients, and to encrypt data transmission. The handshake process establishes a shared secret between client and server to derive encryption keys, through asymmetric encryption of a randomly generated symmetric key. Subsequent communications are encrypted using the negotiated cipher suite.
Introduction to Secure Socket Layer (SSL) and Tunnel Layer Security (TLS). Shows basic principle of SSL and also little bit of practical applicability.
SSL/TLS is a protocol that provides encryption and authentication for web requests. It evolved from earlier SSL versions into the current TLS standard. During a TLS handshake, the client and server agree on encryption parameters and verify certificates from a certificate authority to establish a secure connection. TLS allows for session resumption to reuse encryption settings for subsequent connections via session identifiers or tickets. However, TLS is still vulnerable to man-in-the-middle and DNS hijacking attacks if certificate authorities are compromised.
An in depth overview of the possibilities of SNMP. How to monitor your environment using SNMP.
Learn what you can do with SNMP and what SNMP can do for you within one hour. Most aspects of SNMP are addressed. Getting the information, setting values, but also how the information is presented and the difference between the OID and the MIBs.
In this presentation I’m trying to make SNMP “simple” again and understandable for everybody.
State of Transport Security in the E-Mail Ecosystem at LargeAaron Zauner
An Internet-wide scanning project analyzed the state of transport security in the email ecosystem. Scans of SMTP(S), POP3(S), IMAP(S) and other ports found widespread issues, including support for weak protocols, ciphers and key lengths. While most certificates used strong cryptography, some hosts still supported RC4, 512-bit DH and other vulnerabilities. The results validated expectations of existing security problems in email transport.
Transport Layer Security (TLS) was designed to provide security at the transport layer and was derived from Secure Sockets Layer (SSL). TLS operates at the transport layer of the internet model and consists of four protocols: the handshake protocol for authentication and key exchange, the change cipher spec protocol for transitioning to the negotiated cryptographic settings, the alert protocol for transmitting error messages, and the record protocol for encapsulation of higher level protocols.
Transport Layer Security (TLS) is the successor to Secure Sockets Layer (SSL) and ensures privacy and security between communicating applications on the internet. TLS encrypts data transmission, works with most browsers and servers, supports flexible encryption algorithms, and is easy to deploy on many systems transparently. It operates directly above TCP and establishes an encrypted connection by negotiating a cipher suite and exchanging certificates and keys between the client and server. Once handshake is complete, both sides can communicate securely until closing the connection. TLS version and cipher suite used can be viewed in browser.
No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...Aaron Zauner
Presented at hack.lu 2015.
Abstract—TLS is the most widely used cryptographic protocol on the Internet. While many recent studies focused on its use in HTTPS, none so far analyzed TLS usage in e-mail related protocols, which often carry highly sensitive information. Since end-to-end encryption mechanisms like PGP are seldomly used, today confidentiality in the e-mail ecosystem is mainly based on the encryption of the transport layer. A well-positioned attacker may be able to intercept plaintext passively and at global scale.
We collected and scanned a massive data-set of 20 million IP/port combinations of all related protocols (SMTP, POP3, IMAP) and legacy ports. Over a time span of approx. three months we conducted more than 10 billion TLS handshakes. Additionally, we show that securing server-to-server communication using e.g. SMTP is inherently more difficult than securing client-to- server communication. Lastly, we analyze the volatility of TLS certificates and trust anchors in the e-mail ecosystem and argue that while the overall trend points in the right direction, there are still many steps needed towards secure e-mail.
Nate Lawson presents an overview of the TLS/SSL protocol design. He discusses the security goals of privacy, integrity, and authentication. He explains how these goals are achieved using cryptography primitives like symmetric encryption, public key encryption, certificates, message authentication codes, and secure PRNGs. He walks through the TLS handshake protocol in detail and discusses various attacks against SSL/TLS like side channel attacks, similarly-named certificate attacks, and data injection via renegotiation attacks.
SSL provides encryption and authentication for secure communication over networks. It uses certificates signed by a certificate authority to authenticate servers and establish an encrypted connection. The SSL handshake process involves the client sending a pre-master secret encrypted with the server's public key, both sides then derive encryption keys to encrypt the connection. Debugging SSL issues may require using tools like tcpdump to monitor network traffic or adding debug flags to examine the SSL handshake.
This document discusses adding context support to the NATS client library. It begins with an overview of NATS and context in Go. It then describes enhancing the Subscription.NextMsg method to support context, avoiding blocking indefinitely. This allows building a RequestWithContext method for cancelling requests. The key steps are selecting on the subscription channel or context being done, and returning the context's error on cancellation. Learning from standard library patterns like validating contexts helps make the API clearer.
This slide help you about Security at the transport layer. In this slide we cover About Kerberos Model, Security of Kerberos Model and SSL/TLS Model and How it work and its SSL Architecture and its different phase .
Please note, this article does not intend to promote hacking. The intention is to help you understand the vulnerabilities in ssl and protect yourselves from the same. There are millions of innocent victims who fall prey because they are complacent the moment they see a 'secure https' symbol on their browser. I am trying to dispel that myth.
TLS 1.3 is an update to the Transport Layer Security protocol that improves security and privacy. It removes vulnerable optional parts of TLS 1.2 and only supports strong ciphers to implement perfect forward secrecy. The handshake process is also significantly shortened. TLS 1.3 provides security benefits by removing outdated ciphers and privacy benefits by enabling perfect forward secrecy by default, ensuring only endpoints can decrypt traffic even if server keys are compromised in the future.
Solving HTTP Problems With Code and ProtocolsNatasha Rooney
The document discusses HTTP and protocols related to transporting data over the internet. It describes the layered model including the physical, network, transport, and application layers. It then focuses on protocols like HTTP/1, SPDY, HTTP/2 and QUIC that operate at the application layer, with the goal of improving performance by reducing latency through techniques like header compression, multiplexing, and avoiding head-of-line blocking. It also discusses how QUIC aims to solve issues with TCP by operating over UDP while providing encryption, reliability and other features normally provided by TCP.
This document discusses SIP over TLS. It describes how SIP signaling can be secured using TLS instead of UDP or TCP. The TLS handshake process is explained in detail including the messages exchanged between the client and server. It also discusses how media can be encrypted using SRTP and the different key management protocols that can be used like SDES, DTLS, and ZRTP. Sample packet captures of SIP over TLS calls are also provided.
All you need to know about transport layer securityMaarten Smeets
Many people think that using HTTPS to offer your site or service to clients makes you secure from eavesdroppers and people trying to manipulate your network traffic. Think again! In this presentation I'll dive into transport layer security. I'll elaborate on what you can achieve with SSL such as authentication, encryption and integrity and how you can achieve it. I'll talk about the client-server handshake, identity and trust, one-way and two-way SSL, keys and keystores and cipher suite choice. By means of several examples, I'll show what it can mean if you make the wrong choices in on premises and cloud scenario's. This presentation is relevant for anyone involved in securing connections between client and server using TLS and people interested in learning more about the topic of TLS in general.
NATS: Simple, Secure and Scalable Messaging For the Cloud Native Erawallyqs
The majority of middleware and messaging systems in use were built in a time that did not have the concept of scale and real-time data that developers operate in today.
With the rise of Cloud Native and Microservices architectures as a design principle and the emphasis on simplicity, speed, and flexibility that come with it, developers need a messaging protocol to match.
Enter NATS. NATS is a remarkably lightweight messaging protocol, and extremely flexible and resilient. It is just a few MB in size, and can scale to publish tens of millions of message from a single server.
This document provides an introduction to SSH and PGP protocols for secure communication. It discusses how SSH uses public-key cryptography to authenticate connections and encrypt data transmitted over untrusted networks, protecting against threats like IP spoofing. It also explains how SSH uses key pairs and configuration files. PGP is introduced as providing encryption, authentication and integrity for email through techniques like hashing, symmetric/asymmetric encryption and digital signatures. It describes how PGP handles the technical challenges of encoding encrypted data for transmission in email systems.
SSL/TLS is a cryptographic protocol that provides security for network communications by encrypting segments of network connections at the transport layer. It uses asymmetric and symmetric encryption, as well as digital signatures, to authenticate servers and optionally clients, and to encrypt data transmission. The handshake process establishes a shared secret between client and server to derive encryption keys, through asymmetric encryption of a randomly generated symmetric key. Subsequent communications are encrypted using the negotiated cipher suite.
Introduction to Secure Socket Layer (SSL) and Tunnel Layer Security (TLS). Shows basic principle of SSL and also little bit of practical applicability.
SSL/TLS is a protocol that provides encryption and authentication for web requests. It evolved from earlier SSL versions into the current TLS standard. During a TLS handshake, the client and server agree on encryption parameters and verify certificates from a certificate authority to establish a secure connection. TLS allows for session resumption to reuse encryption settings for subsequent connections via session identifiers or tickets. However, TLS is still vulnerable to man-in-the-middle and DNS hijacking attacks if certificate authorities are compromised.
An in depth overview of the possibilities of SNMP. How to monitor your environment using SNMP.
Learn what you can do with SNMP and what SNMP can do for you within one hour. Most aspects of SNMP are addressed. Getting the information, setting values, but also how the information is presented and the difference between the OID and the MIBs.
In this presentation I’m trying to make SNMP “simple” again and understandable for everybody.
State of Transport Security in the E-Mail Ecosystem at LargeAaron Zauner
An Internet-wide scanning project analyzed the state of transport security in the email ecosystem. Scans of SMTP(S), POP3(S), IMAP(S) and other ports found widespread issues, including support for weak protocols, ciphers and key lengths. While most certificates used strong cryptography, some hosts still supported RC4, 512-bit DH and other vulnerabilities. The results validated expectations of existing security problems in email transport.
Transport Layer Security (TLS) was designed to provide security at the transport layer and was derived from Secure Sockets Layer (SSL). TLS operates at the transport layer of the internet model and consists of four protocols: the handshake protocol for authentication and key exchange, the change cipher spec protocol for transitioning to the negotiated cryptographic settings, the alert protocol for transmitting error messages, and the record protocol for encapsulation of higher level protocols.
Transport Layer Security (TLS) is the successor to Secure Sockets Layer (SSL) and ensures privacy and security between communicating applications on the internet. TLS encrypts data transmission, works with most browsers and servers, supports flexible encryption algorithms, and is easy to deploy on many systems transparently. It operates directly above TCP and establishes an encrypted connection by negotiating a cipher suite and exchanging certificates and keys between the client and server. Once handshake is complete, both sides can communicate securely until closing the connection. TLS version and cipher suite used can be viewed in browser.
No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...Aaron Zauner
Presented at hack.lu 2015.
Abstract—TLS is the most widely used cryptographic protocol on the Internet. While many recent studies focused on its use in HTTPS, none so far analyzed TLS usage in e-mail related protocols, which often carry highly sensitive information. Since end-to-end encryption mechanisms like PGP are seldomly used, today confidentiality in the e-mail ecosystem is mainly based on the encryption of the transport layer. A well-positioned attacker may be able to intercept plaintext passively and at global scale.
We collected and scanned a massive data-set of 20 million IP/port combinations of all related protocols (SMTP, POP3, IMAP) and legacy ports. Over a time span of approx. three months we conducted more than 10 billion TLS handshakes. Additionally, we show that securing server-to-server communication using e.g. SMTP is inherently more difficult than securing client-to- server communication. Lastly, we analyze the volatility of TLS certificates and trust anchors in the e-mail ecosystem and argue that while the overall trend points in the right direction, there are still many steps needed towards secure e-mail.
Nate Lawson presents an overview of the TLS/SSL protocol design. He discusses the security goals of privacy, integrity, and authentication. He explains how these goals are achieved using cryptography primitives like symmetric encryption, public key encryption, certificates, message authentication codes, and secure PRNGs. He walks through the TLS handshake protocol in detail and discusses various attacks against SSL/TLS like side channel attacks, similarly-named certificate attacks, and data injection via renegotiation attacks.
SSL provides encryption and authentication for secure communication over networks. It uses certificates signed by a certificate authority to authenticate servers and establish an encrypted connection. The SSL handshake process involves the client sending a pre-master secret encrypted with the server's public key, both sides then derive encryption keys to encrypt the connection. Debugging SSL issues may require using tools like tcpdump to monitor network traffic or adding debug flags to examine the SSL handshake.
This document discusses adding context support to the NATS client library. It begins with an overview of NATS and context in Go. It then describes enhancing the Subscription.NextMsg method to support context, avoiding blocking indefinitely. This allows building a RequestWithContext method for cancelling requests. The key steps are selecting on the subscription channel or context being done, and returning the context's error on cancellation. Learning from standard library patterns like validating contexts helps make the API clearer.
This slide help you about Security at the transport layer. In this slide we cover About Kerberos Model, Security of Kerberos Model and SSL/TLS Model and How it work and its SSL Architecture and its different phase .
Please note, this article does not intend to promote hacking. The intention is to help you understand the vulnerabilities in ssl and protect yourselves from the same. There are millions of innocent victims who fall prey because they are complacent the moment they see a 'secure https' symbol on their browser. I am trying to dispel that myth.
TLS 1.3 is an update to the Transport Layer Security protocol that improves security and privacy. It removes vulnerable optional parts of TLS 1.2 and only supports strong ciphers to implement perfect forward secrecy. The handshake process is also significantly shortened. TLS 1.3 provides security benefits by removing outdated ciphers and privacy benefits by enabling perfect forward secrecy by default, ensuring only endpoints can decrypt traffic even if server keys are compromised in the future.
Solving HTTP Problems With Code and ProtocolsNatasha Rooney
The document discusses HTTP and protocols related to transporting data over the internet. It describes the layered model including the physical, network, transport, and application layers. It then focuses on protocols like HTTP/1, SPDY, HTTP/2 and QUIC that operate at the application layer, with the goal of improving performance by reducing latency through techniques like header compression, multiplexing, and avoiding head-of-line blocking. It also discusses how QUIC aims to solve issues with TCP by operating over UDP while providing encryption, reliability and other features normally provided by TCP.
This document discusses SIP over TLS. It describes how SIP signaling can be secured using TLS instead of UDP or TCP. The TLS handshake process is explained in detail including the messages exchanged between the client and server. It also discusses how media can be encrypted using SRTP and the different key management protocols that can be used like SDES, DTLS, and ZRTP. Sample packet captures of SIP over TLS calls are also provided.
This document summarizes a talk given by Chris Conlon from wolfSSL on September 15, 2017 in Tokyo, Japan about TLS 1.3. It provides background on Chris Conlon and his role at wolfSSL, an overview of wolfSSL's products and services including their lightweight SSL/TLS library. It also discusses the history and components of the SSL/TLS protocol, common vulnerabilities, and the goals of the new TLS 1.3 specification.
Slides of the Webinar "SSL, impact and optimisation"
INTRODUCTION
What is SSL?
The purpose of SSL
History of SSL / TLS
Overview of a TLS connection
PART 1
What is the role of an SSL certificate?
Levels of validation
Options for certificates: SAN and Wildcard
The certificate ordering process
Certificate chain
SSL algorithms: encryption & authentication
Examples
PART 2
TLS and IPV4 exhaustion
HAProxy and SNI
TLS impacts
SSL offloading
SEO
Security of the SSL protocol
The document discusses analyzing SSL traffic and decrypting SSL connections. It provides an overview of cryptographic techniques used in SSL like symmetric and asymmetric encryption, hashing, digital signatures, and certificates. It then covers the SSL/TLS protocol structure, analyzing SSL handshakes and record layers, decrypting SSL using private keys, and tools like SSLstrip for man-in-the-middle attacks.
Transport-level and Web Security discusses SSL/TLS and SSH. It provides an overview of how SSL/TLS works to secure HTTP and other TCP/IP protocols. The document describes the TLS protocol stack and how TLS sessions and connections are established. It explains the TLS handshake protocol in detail, including the four phases to establish a secure session and connection. Key topics covered include cipher suites, certificates, and how cryptographic keys are derived. Common attacks on TLS/SSL implementations are also summarized.
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
SSL is a protocol that allows clients and servers to securely communicate over the internet. It uses public-key encryption to authenticate servers, optionally authenticate clients, and establish an encrypted connection to securely transmit data. The SSL handshake allows the client and server to negotiate encryption parameters to generate shared secrets and session keys, which are then used to encrypt all further communication during the SSL session. Common implementations of SSL include OpenSSL and Apache-SSL.
The Secure Sockets Layer (SSL) protocol establishes an encrypted connection between a client and server through authentication and exchange of encryption keys. It uses public key encryption during the handshake to authenticate the server and optionally the client, and to generate a shared secret. This premaster secret is then used to derive the master secret and session keys to encrypt all following communication within the SSL session.
Joseph Salowey, Tableau Software
Transport Layer Security (TLS) 1.3 is almost here. The protocol that protects most of the Internet secure connections is getting the biggest ever revamp, and is losing a round-trip. We will explore differences between TLS 1.3 and previous versions in detail, focusing on the performance and security improvements of the new protocol as well as some of the challenges we face around securely implementing new features such as 0-RTT resumption.
TLS 1.3: Everything You Need to Know - CheapSSLsecurityCheapSSLsecurity
TLS 1.3 has been passed as a web standard by IETF and it comes with significant advancements. Learn how it could make our virtual world safer and faster.
SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic protocols that provide secure communication over the internet. They allow for confidentiality, integrity, and authentication between two applications communicating over TCP. SSL/TLS works by encrypting the segments of TCP connections above the transport layer through the use of symmetric and asymmetric cryptography. It establishes a secure channel over an insecure network such as the internet.
This document discusses IPSec and SSL/TLS as approaches to securing network communications at different layers of the protocol stack. It provides an overview of how IPSec operates at the network/IP layer using techniques like AH and ESP to provide authentication and encryption of IP packets. It also summarizes how SSL/TLS works at the transport layer to establish a secure connection and protect communications between applications using ciphersuites, handshaking, and record layer encryption. The document outlines some strengths and weaknesses of each approach.
The document discusses three major secure network protocols: IPSec, TLS, and DNSSEC. It provides an overview of how each protocol operates and establishes secure connections. IPSec operates at the network layer and can secure communication between hosts or tunnel traffic through gateways. TLS secures connections at the transport layer, typically for HTTPS. DNSSEC adds security extensions to DNS to provide authentication and integrity for domain name lookups.
TLS is a cryptographic protocol that provides communication security over the internet. It allows for confidentiality and authentication of communications through key exchange and encryption of the record layer. However, TLS has faced numerous attacks over the years that exploit weaknesses in its implementations, cipher suites, and compatibility with older versions. Ideal patches often require removing vulnerable features completely, but real-world patches typically aim to preserve compatibility and usability while improving security. As a result, attacks on TLS continue to emerge as new vulnerabilities are discovered.
This document discusses various aspects of web security including:
1. Secure Socket Layer (SSL) and Transport Layer Security (TLS) which provide secure communication over the internet.
2. Secure Electronic Transaction (SET) which is an open encryption standard that protects credit card transactions on the internet.
3. The document outlines different security considerations for the web including vulnerabilities of web servers and the need for mechanisms like SSL, TLS at the transport layer and SET at the application layer.
SSL/TLS is a protocol that provides secure communication over the Internet through the use of cryptography. It allows for authentication of server and client, data integrity, and confidentiality. SSL/TLS uses both symmetric and asymmetric encryption. It has gone through several versions starting from SSLv1 in 1995 to the current TLSv1.3. The TLS handshake establishes a secure connection through negotiation of cryptographic parameters, authentication, and key exchange. Application data is then sent securely over the established connection through encryption and integrity checks.
The TLS/SSL protocol provides privacy and integrity of communications over TCP by encrypting message content and verifying message integrity. It operates in layers, with the TLS record protocol handling fragmentation, compression, encryption, and MAC verification of messages, and the TLS handshake protocol allowing client and server to authenticate and establish encryption parameters before transmitting application data. Openssl is an open source implementation of the TLS/SSL protocols and cryptographic functions used for tasks like generating certificates.
Similar to TLS Perf: from three to zero in one spec (20)
This document summarizes a workshop on optimizing bandwidth on mobile networks with increasing encryption. It lists the technical program committee and goals of exploring solutions while maintaining privacy and security. Sessions covered setting the scene on challenges with encryption, potential network/transport solutions, optimizing applications, and addressing regulation. Ideas generated included evolving TCP, providing network feedback to endpoints, blind caching, collaboration frameworks, and metrics. Next steps include publishing minutes and reports, and developing ideas on mailing lists.
Web Authentication: a Future Without Passwords?Natasha Rooney
The document discusses web authentication and the future of passwords. It provides an overview of public key cryptography concepts like asymmetric encryption. It then summarizes the FIDO Alliance standards of UAF and U2F which aim to provide passwordless authentication using public key cryptography during a registration process where keys are created and stored locally and on the server. It describes how the W3C Web Authentication working group is developing browser APIs and specifications to enable FIDO-based authentication directly in web applications by creating and validating credentials and assertions. The document provides code examples of how the WebAuthN API could be used for registration and authentication without requiring storage of sensitive user data locally or on the server.
The document discusses the work of the W3C Web Application Security Working Group (WebAppSec WG). It provides updates on several WebAppSec WG specifications and proposals, including Clear Site Data, Confinement with Origin Web Labels (COWL), Credential Management, and others. It notes the goals of each specification, provides examples of their use, and outlines current work and upcoming discussions at the W3C TPAC meeting. The document is a high-level summary of the WebAppSec WG's ongoing efforts to improve web application security.
The document discusses Service Workers and how they can be used to cache assets and manage network requests. It provides code snippets for registering a Service Worker, caching assets during install, detecting and responding to fetch events by checking the cache and falling back to the network if needed, and updating the Service Worker by deleting old caches.
STV (Single Transferable Vote) is a voting system that aims for proportional representation. Voters rank candidates in order of preference. The process involves multiple rounds of counting votes. In each round, candidates who reach a quota threshold are elected, and surplus votes from elected candidates are transferred to voters' next preferred candidates. Candidates with the fewest votes are eliminated and their votes are transferred in subsequent rounds until all seats are filled. There are arguments both for and against STV, including that it gives minority candidates a better chance while complexities may reduce voter understanding, and second choice candidates are at a disadvantage.
TCP and Mobile Networks Turbulent RelationshipNatasha Rooney
This document discusses TCP and its turbulent relationship with mobile networks. It provides an overview of TCP including that it is connection-oriented, reliable, uses cumulative ACKs, delivers packets in-order, is full-duplex, and uses a sliding window. The document then discusses issues TCP has over mobile networks, including that the congestion window remains small due to disconnections and high bit error rates. It proposes collecting data from mobile operators anonymously to send to the IETF to develop new, more mobile-friendly protocols.
JQuery UK February 2015: Service Workers On VacayNatasha Rooney
Webapps are awesome, and travel is awesome, but the two together suck. Roaming, aeroplanes, bad connections and flakey wifi make native apps so much more attractive when travelling. The offline-capable gap between web native needs to be quashed, and Service Worker is coming to do the quashing! This talk will go through the simple use case of creating an offline-capable webapp using caching in ServiceWorker, complete with pulling in data and retaining data for offline view.
The document discusses the GSMA's involvement with the W3C through the Web and Mobile Interest Group. It provides an overview of the GSMA as a telecom association representing mobile operators worldwide. It then discusses the Web and Mobile Interest Group's goals of accelerating the development of web technologies for mobile applications. Specifically, it aims to highlight needs across industries, support W3C work, and create an open ecosystem for innovation. The group was preceded by the Coremob and Webmob communities and focuses on topics like offline capabilities, payments, and security to develop the core mobile web platform.
Making it Work Offline: Current & Future Offline APIs for Web AppsNatasha Rooney
We go through the current APIs for creating offline capable web apps such as LocalStorage, App Cache and a bit of IndexedDB. We also take a look at the work going behind the new solution "ServiceWorker" and how it may change the game.
Demo to support the presentation is here: https://github.com/nrooney/offlineanime
FirefoxOS Meetup - Updates on Offline in HTML5 Web AppsNatasha Rooney
This document summarizes Natasha Rooney's presentation on offline web apps. The presentation discussed issues with the App Cache API and introduced Service Workers as a new solution. It highlighted that App Cache was not well-suited for separating caching of shell content from dynamic content. Service Workers address this by allowing developers more control over caching and fallbacks. The presentation concluded that Service Workers enable better support for offline apps through features like multiple caches, fallbacks, and promises.
Updates on Offline: “My AppCache won’t come back” and “ServiceWorker Tricks ...Natasha Rooney
My slides from my talk "Updates on Offline: “My AppCache won’t come back” and “ServiceWorker Tricks for Cache”" from Over the Air 2013 held in September in Bletchley Park. We had a good run-through of offline APIs in web, the mysteries of App Cache, and updates on the current status of ServiceWorker.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
26. @thisNatasha
7. Application Data HTTP /
IMAP
6. Data Presentation,
Encryption
SSL / TLS
5. Session and connection
management
-
4. Transport of packets and
streams
TCP / UDP
3. Routing and delivery of
datagrams on the Network
IP / IPSec
2. Local Data Connection Ethernet
1. Physical data connection
(cables)
CAT5
OSI Model
35. @thisNatasha@thisNatasha
6-10 messages
Handshake
Full handshake with server
authentication
- Exchange capabilities
- Agree on params
- Validate certs
- Agree master secret
- Verify handshake was not
modified
Abbreviated handshake
(resumes earlier session)
36. @thisNatasha
Handshake Flow
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Key Exchange
Authentication Algorithm Strength Mode
Cipher MAC or PRF
TLS/HandshakeCheatSheet Key Exchange Method: creates the pre master secret.
Premaster secret is combined with PRF to create master
secret
RSA, DHE_RSA,
ECDHE_RSA,
ECDHE_ECDSA
Authentication Method: Uses public key crypto and
certificates public key together. Once certificate is
validated the client can used public key.
RSA or ECDSA
Certs: X.509, ASN.1
DER encoding.
Server
Hello,
Certificate
- Server selects cipher & compression
method
- Server send certificate
- Client authenticates
Key Exchange Pre-master secret exchanged between
client & server, client validates certificate
Master
Secret
Client & Server can compute Master Secret.
MAC Server verifies MAC, returns to client to
verify also.
Finished Handshake complete.
Client Hello Client sends TLS Version, Ciphersuites,
Compression methods
Ciphers, Standards and Terms
Encryption
3DES, AES, ARIA,
CAMELLIA, RC4, and
SEED
[1] Steam: adds MAC [2]
Block: adds IV and
padding after encryption
[3] Encryption (AEAD):
encryption and integrity
validation, using nonce,
no padding, no IV.
Master Secret
Pre-master secret:
combines params to
help client and server
create master secret.
Master Secret: both
server and client create
this from pre-master
secret to symmetrically
encrypt
Integrity Validation
PRF: Pseudorandom
Function. Takes a
secret, a seed, and a
unique label. TLS1.2
suites use PRF based
on HMAC and SHA256
MAC: used for integrity
validation in handshake
and record.
44. @thisNatasha@thisNatasha
Key Exchange
Depends on negotiated algorithm
suite and algorithm
- RSA: attackers can de-encrypt
everything if has server private
key, being replaced
- DHE_RSA: has forward secrecy but
slow
- ECDHE_RSA and ECDHE_ECDSA: Fast and
forward secrecy. Can be used with
RSA or ECDSA
- Server speaks first
- Server sends params and signature
of params for authentication
45. @thisNatasha@thisNatasha
Authentication
Certificate + Public Key
Coupled with Key Exchange
Public Key Crypto (RSA or ECDSA)
RSA method:
- Client creates a random value as
premaster secret
- Encrypts with public key
- Server decrypts
- Constructs Session Keys
- Finished.
48. @thisNatasha
Handshake Flow
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Key Exchange
Authentication Algorithm Strength Mode
Cipher MAC or PRF
TLS/HandshakeCheatSheet Key Exchange Method: creates the pre master secret.
Premaster secret is combined with PRF to create master
secret
RSA, DHE_RSA,
ECDHE_RSA,
ECDHE_ECDSA
Authentication Method: Uses public key crypto and
certificates public key together. Once certificate is
validated the client can used public key.
RSA or ECDSA
Certs: X.509, ASN.1
DER encoding.
Server
Hello,
Certificate
- Server selects cipher & compression
method
- Server send certificate
- Client authenticates
Key Exchange Pre-master secret exchanged between
client & server, client validates certificate
Master
Secret
Client & Server can compute Master Secret.
MAC Server verifies MAC, returns to client to
verify also.
Finished Handshake complete.
Client Hello Client sends TLS Version, Ciphersuites,
Compression methods
Ciphers, Standards and Terms
Encryption
3DES, AES, ARIA,
CAMELLIA, RC4, and
SEED
[1] Steam: adds MAC [2]
Block: adds IV and
padding after encryption
[3] Encryption (AEAD):
encryption and integrity
validation, using nonce,
no padding, no IV.
Master Secret
Pre-master secret:
combines params to
help client and server
create master secret.
Master Secret: both
server and client create
this from pre-master
secret to symmetrically
encrypt
Integrity Validation
PRF: Pseudorandom
Function. Takes a
secret, a seed, and a
unique label. TLS1.2
suites use PRF based
on HMAC and SHA256
MAC: used for integrity
validation in handshake
and record.
69. @thisNatasha
Optimise TCP
- initcwnd around 10 segments
- Slow start can restart, even after 1 second
- Keep TCP Connections Open: Use Keep Alives (HTTP1.1)
83. @thisNatasha@thisNatasha
Optimising the Handshake
Key Size: Longer keys
- better protection
- More CPU intensive
Key Algorithm: RSA sucks.
- RSA required strength too slow
- ECDSA faster (3072 bit RSA)
Key Exchange: RSA, DHE or ECDHE
- RSA has no forward secrecy
- DHE is slow
- ECDHE is your friend
(security and performance are influenced by
named curve)
Key Exchange
85. @thisNatasha@thisNatasha
Performance Hits: size, must be
validated, revocation checked
Certificates
Only include needed certs
Make sure a complete chain can be
created
Use ECDSA certs (1kb shorter than
RSA)
Don’t use too many hostnames on
the same cert
87. @thisNatasha@thisNatasha
Get your revocation info out quick,
select a fast CA,
and use OSCP stapling
Revocation
Checking
CRL: Certificate Revocation Lists
OSCP: Online Cert Status Protocol
Browsers CRLs download can be 10secs
OSCP certificate lookup in 1 request
Use CAs with fast and reliable OCSP
responders
Use CAs which update their
responders quickly
OSCP Stapling (450 bytes on
handshake)
88. @thisNatasha@thisNatasha
Full handshake will happen once,
rest will be abbreviated
Session
Resumption
Server admin could:
Configure session caching so
sessions remain valid for a day
Clients do the rest!
98. @thisNatasha@thisNatasha
TCP packets may arrive out-of-order
Need to be buffered!
Buffering Latency
Extra time:
- Buffering
- TCP Recovery (extra RTT)
- Overflowing initcwnd
TLS Tuning (experiment!):
- turn TLS record size down (16kb)
- 4kb
Better to leave to the web servers:
- Discover MTU
- They vary record size over
connection lifetime
99. @thisNatasha@thisNatasha
Inequality between client and server
CPU time can be used to DoS
(but more are moving to ECDHE_RSA or
ECDHE_ECDSA)
CPU time
inequality
RSA can be used to DoS
(still uses RSA for auth)
With ECDHE_ECDSA clients will then
do 1.5 times more work
101. @thisNatasha@thisNatasha
In the Past
- CPUs were slow
- TLS (SSL) was heavy
- Hardware Accelerators and
Certs were expensive
Now
- Clients and Servers have fast
processors, plenty of RAM
- Hardware accelerators not needed
- Certificates are cheap
- Latency is most of the issue.
111. @thisNatasha@thisNatasha
or/ Session Resumption
TLS 1.3 Abbreviated
handshake
Identifiers and Tickets are
obsolete!
Replaces with PSK
(pre-shared key mode)
PSK created on previous connection
after the handshake
PSK then presented on next visit!
119. @thisNatasha@thisNatasha
Some Caveats
0-RTT Security
No server random means replay
attacks still possible
1 RTT needed to get ephemeral
secret, so this has no Forward
Secrecy
MITM could tamper with 0-RTT data
if key is compromised
122. @thisNatasha@thisNatasha
Old Certificate way
Issuance and Identity
Verification
- Generate a Certificate Signing
Request (CSR).
- ⌘C⌘V CSR into a CA webpage
- Prove domain ownership by:
- Put a CA-provided challenge on
the web server.
- Put a CA-provided challenge at
a DNS location (target domain)
- Receive CA challenge via
e-mail corresponding to the
domain and respond
- Download the certificate and
install
127. @thisNatasha@thisNatasha
Domain Validation
Used to be done by email...
Agent creates new key pair
Proves to CA it has access to server
CA asks domain to complete “challenges”:
- Agent creates a file on server
- CA provides a nonce
- Agent signs nonce with private key
- Agent tells CA it’s ready to complete
validation
128. @thisNatasha
Certificate Issuance and Revocation
- Thank-you public key crypto!
Issue Certificate
- Agent asks CA to issue a cert with a
public key
- Agent also authorises by signing with
authorised key
- CA verifies both signatures
- CA issues cert with public key from CSR
CSR: PKCS#10 Certificate Signing Request
Revoke Certificate
- Agent signs revocation request with key
pair
- CA verifies authorisation
- CA publishes to CRL, OCSP
- Browsers learn they shouldn’t accept
cert
CRL, OCSP
137. @thisNatasha
Extra Credit: Multiple sites on one cert.
Ivan Ristic Says:
There’s a trick you can use if you want to keep handshake size down to a minimum but still have to host
multiple sites on the same IP address: (1) get a separate certificate for each hostname you wish to run and
configure your web server to serve these certificates to the clients that support SNI; (2) get one fallback
certificate that contains all the hostnames you have on the same IP address and configure your web server to
serve it to the clients that do not support SNI. If you do this, your SNI clients (the majority) will get
small certificates for the sites they wish to access, and everyone else (a small number of legacy clients)
will get the single long certificate.
138. @thisNatasha
Security of RTT Handshakes
At first glance, 0-RTT mode seems similar to session resumption or PSK, and you might wonder why one wouldn’t merge these mechanisms. The
differences however are subtle but important, and the security properties of 0-RTT handshakes are weaker than those for other kinds of TLS
data:
1. To protect against replay attacks the server must incorporate a server random into the master secret. That is unfortunately not possible
before the first round-trip and so the poor server can’t easily tell whether it’s a valid request or an attacker replaying a recorded conversation.
Replay protection will be in place again after the ServerHello message is sent.
2. The semi-static DH share given in the server configuration, used to derive the static secret and encrypt first flight data, defies forward
secrecy. We need at least one round-trip to establish the ephemeral secret. As configurations are shared between clients, and recovering the
server’s DH share becomes more attractive, expiration dates should be limited sensibly. The maximum allowed validity is 7 days.
3. If the server’s DH share is compromised a MITM can tamper with the 0-RTT data sent by the client, without being detected. This does not
extend to the full session as the client can retrospectively authenticate the server via the remaining handshake messages.
From
https://timtaubert.de/blog/2015/11/more-privacy-less-latency
-improved-handshakes-in-tls-13/
139. @thisNatasha
Content
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Key Exchange
Authentication Algorithm Strength Mode
Cipher MAC or PRF
Encryption Algorithm
Encryption Key Size (Strength)
Encryption Cipher Mode
3DES, AES, ARIA,
CAMELLIA, RC4, and
SEED.
Encryption: stream Plaintext + MAC
Encryption: block (encryption uses CBC
block mode)
Plaintext + MAC +
padding (encrypt) IV
(leave plain)
Encryption: authenticated (AEAD) Plaintext, seq number,
record header
(encrypt) Nonce
(leave plain)
CipherCheatSheet application protocol and the three
Handshake sub-protocols: the
Handshake Protocol, the Change
Cipher Spec Protocol, and the Alert
Protocol
Record Protocol