SlideShare a Scribd company logo

Forward Secrecy

Download as ODP, PDF
Kevin OBrien
Kevin OBrien

The document discusses forward secrecy in encrypted communications. It explains that forward secrecy uses ephemeral keys for each session so that compromising a server's private key at a later date would not allow decryption of past encrypted sessions. It provides examples of Google, Twitter, and Apple implementing forward secrecy by using protocols like elliptic curve Diffie-Hellman key exchange that provide forward secrecy and help protect encrypted data even if server keys are lost or stolen in the future.

Technology
1 of 27
Forward Secrecy Kevin O’Brien Washtenaw Linux Users Group
Encrypted Communication ● Most examples involve Alice and Bob trying to communicate securely ● This is not the actual most common use case ● Most of the time, we as individuals want to exchange messages with servers on the Internet ● This generally involves both Diffie-Hellman and a public key method such as RSA
Example ● I want a secure connection to my bank, and my messages are traveling over the public Internet ● I cannot rule out someone eavesdropping on my messages ● If my connection is not secure, they could get my password to the bank site and steal all of my money
Secure Connections ● Ideally, my bank offers a secure connection by default (if not, get a better bank!) ● This is usually seen as a URL the begins https, instead of the old standby http ● This should denote at the very least an ssl connection, though TLS is preferred these days ● I also have https everywhere installed, which I can get from the Electronic Frontier Foundation ● https://www.eff.org/https-everywhere
Negotiation ● Whether the site offers a secure connection by default, or offers it because my browser plug-in asked for one, this is the beginning of a negotiation ● Which security protocols does the server have available? ● Which one does my browser have? ● What is the strongest protocol we have in common?
The opening bid ● This is the start ● I initiate the connection ● Amazon has not, AFAIK, ever just logged me in and then asked if I need anything today (though if they figure out how to do that…) ● I do it with what is called the ClientHello Message
The ClientHello Message ● This will look something like this: ● TLS_DHE_RSA_WITH_AES_256_CBC_SHA ● Every piece means something ● Again, this is something I am sending to the server
Interpretation 1 ● TLS = establish a TLS (i.e. Transport Layer Security) connection ● DHE = using Diffie-Hellman Ephemeral (for the shared secret used for the session) ● RSA = combined with RSA (the public key protocol used to create the secure initial connection ● WITH_AES_256 = using Advanced Encryption Standard (AES) with 256 bits
Interpretation 2 ● CBC = using Cipher Block Chaining (CBC) ● SHA = and using the Secure Hashing Algorithm (SHA)
Negotiation ● This should represent the highest level of security my browser is capable of handling ● There have been security attacks that worked by forcing a connection at a very low level of security, such as the POODLE attack ● https://en.wikipedia.org/wiki/POODLE ● This is one reason why SSL has been deprecated in favor of TLS, which won’t allow downgrade attacks
The ServerHello Message ● The server then responds with its own message, which will either accept my proposal, or fail and propose something different ● Once there is an agreed protocol, the server will send two things – A certificate containing the public key of the server, which serves to authenticate it – A random 32 byte number which will be used for the Diffie-Hellman Key Exchange – Note that these are sent publicly
Key Exchange ● Now the client (me) creates its own random number, encrypts it using the public key of the server, and sends it to the server ● The server decrypts the message using its private key, and reads the number ● Each side now has a random secret number from the other side, and a Diffie-Hellman Key Exchange is done
Negotiations Completed ● Now that there is a shared secret key, there is a Change Cipher Spec message that switches from the Public Key to the shared Diffie-Hellman key ● This is used for the rest of the communication
How Secure? ● Diffie-Hellman is known to be secure against eavesdropping, particularly if a strong Elliptic Curve algorithm is employed ● The use of a certificate with a Public Key (perhaps using RSA) makes it more difficult to execute a man-in-the- middle attack ● That can happen, though, if someone can get in the middle at the right moment and set up communications with both sides using its own keys
Man-in-the-middle ● I send a ClientHello message to my bank, but just my darn luck, Mallory intercepts my ClientHello ● She in turn sends a ClientHello to my bank, and get back the certificate ● She then creates her own certificate, and send it to me (I am expecting a certificate, after all) ● She can sit in the middle passing messages back and forth while decrypting and reading them ● In the US, companies have the right to do this on their networks (though we hope not to clean out your account)
Securing this ● Number one, pay attention to the certificates. At least that way you’ll know if someone is getting in the middle. ● Measures like OCSP Stapling make this type of attack much harder to do ● TLS also provides improved authentication ● HTTP Public Key Pinning ● DNSSEC
End Points? ● Man-in-the-middle attacks are aimed at data in transit ● What about the end points? ● I have some control over my own computer ● But what about the server?
Server Control ● Servers can fall to malicious cracking ● Servers can be seized by law enforcement ● Possible keys can be taken from the server and used to decrypt communications ● There is a reason governments are starting to insist that companies keep e-mail servers for their citizens within the country, and it is not for your protection
Lost Control ● I might not care if it is only my order of specialty teas from Amazon ● But it might be confidential e-mails ● And if messages are kept for future decryption… ● NSA has a facility that appears to be for that exact purpose ● So even if the data is secure for now, will it be secure in the future?
Forward Secrecy ● Some call it Perfect Forward Secrecy, but it is not perfect ● Remember, this is an arms race ● And in security perfection is very hard to find ● Any encrypted message can be brute force decrypted given enough time and resources ● And with improvements in decryption (e.g. quantum computing) it will take less time and fewer resources
What can you do? ● Forward Secrecy is essentially key protection ● This is done by using new keys for every session ● So even if someone cracked your e-mail written on January 9, it would not help with your e-mail written January 10 ● Nor would it help with your web browsing on January 9
How It Can Fail ● This requires that keys are not stored, but discarded after use ● How can you be sure? ● Incompetence happens a lot with servers ● Remember those governments and the e-mail servers?
O’Brien’s First Law Every government, by its very nature, regards the security and privacy of its citizens as a flaw which it seeks to remedy by all possible means.
Still, A Step Forward ● Being used by more companies ● Google ● Twitter ● Apple ● And others
Google Adam Langley from the Security Team posted a notice on their Security Blog on November 22, 2011 called Protecting data for the long term with forward secrecy. In this short blog post he mentions that Google “support(s) forward secrecy using elliptic curve Diffie-Hellman”. https://security.googleblog.com/2011/11/prot ecting-data-for-long-term-with.html
Twitter On November 22, 2013, Twitter announced in its blog under the heading Forward Secrecy at Twitter that they would also be using forward secrecy, and similarly said the following: There are two main categories of Diffie-Hellman key exchange. Traditional Diffie- Hellman (DHE) depends on the hardness of the Discrete Logarithm Problem and uses significantly more CPU than RSA, the most common key exchange used in SSL. Elliptic Curve Diffie-Hellman (ECDHE) is only a little more expensive than RSA for an equivalent security level. Vincent Bernat (@vince2_) benchmarked ECDHE at a 15% overhead relative to RSA over 2048-bit keys. DHE, by comparison, used 310% more CPU than RSA. https://blog.twitter.com/engineering/en_us/a/ 2013/forward-secrecy-at-twitter.html
Apple Apple published a specification called App Transport Security that is now mandatory for all apps. It has several provisions, but one of them involves forward security. In an article from the SSL store there is a good description of this provision: ATS also requires the use of TLS 1.2 and a cipher suite that provides forward secrecy. Developers will need to ensure their server is configured properly. TLS 1.2 is the most recent version of the SSL/TLS protocol, and most modern servers have it turned on by default. Forward secrecy refers to the way that connections are encrypted. An encryption cipher which supports forward secrecy, like ECDHE, is able to offer security to past sessions even if the private key is compromised. https://www.thesslstore.com/blog/apple-will-require-use-ats-2017/

Recommended

Public Key Authentication With SSH
Public Key Authentication With SSHPublic Key Authentication With SSH
Public Key Authentication With SSHDon Norwood
 
Passwords
PasswordsPasswords
PasswordsKevin OBrien
 
SSL certificates
SSL certificatesSSL certificates
SSL certificatesKevin OBrien
 
PBU-Intro_to_PGP
PBU-Intro_to_PGPPBU-Intro_to_PGP
PBU-Intro_to_PGPauremoser
 
Using pgp with mule
Using pgp with muleUsing pgp with mule
Using pgp with muleAnil Kumar V
 
What is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple ExamplesWhat is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple ExamplesCheapSSLsecurity
 
Message Authentication: MAC, Hashes
Message Authentication: MAC, HashesMessage Authentication: MAC, Hashes
Message Authentication: MAC, HashesShafaan Khaliq Bhatti
 
Industry Best Practices for SSH Access
Industry Best Practices for SSH AccessIndustry Best Practices for SSH Access
Industry Best Practices for SSH AccessDevOps.com
 

Recommended

Public Key Authentication With SSH
Public Key Authentication With SSHPublic Key Authentication With SSH
Public Key Authentication With SSHDon Norwood
 
Passwords
PasswordsPasswords
PasswordsKevin OBrien
 
SSL certificates
SSL certificatesSSL certificates
SSL certificatesKevin OBrien
 
PBU-Intro_to_PGP
PBU-Intro_to_PGPPBU-Intro_to_PGP
PBU-Intro_to_PGPauremoser
 
Using pgp with mule
Using pgp with muleUsing pgp with mule
Using pgp with muleAnil Kumar V
 
What is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple ExamplesWhat is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple ExamplesCheapSSLsecurity
 
Message Authentication: MAC, Hashes
Message Authentication: MAC, HashesMessage Authentication: MAC, Hashes
Message Authentication: MAC, HashesShafaan Khaliq Bhatti
 
Industry Best Practices for SSH Access
Industry Best Practices for SSH AccessIndustry Best Practices for SSH Access
Industry Best Practices for SSH AccessDevOps.com
 
Encryption by fastech
Encryption by fastechEncryption by fastech
Encryption by fastechAbdulafeez Fasasi
 
Inro to Secure Sockets Layer: SSL
Inro to Secure Sockets Layer: SSLInro to Secure Sockets Layer: SSL
Inro to Secure Sockets Layer: SSLDipankar Achinta
 
Discussion Question Contrast file encryption and volume encryptio.docx
Discussion Question Contrast file encryption and volume encryptio.docxDiscussion Question Contrast file encryption and volume encryptio.docx
Discussion Question Contrast file encryption and volume encryptio.docxJeniceStuckeyoo
 
The ultimate privacy guide
The ultimate privacy guideThe ultimate privacy guide
The ultimate privacy guideJD Liners
 
TLS - Transport Layer Security
TLS - Transport Layer SecurityTLS - Transport Layer Security
TLS - Transport Layer SecurityByronKimani
 
encryption presentation (SAGE-WA, 2010-10-05)
encryption presentation (SAGE-WA, 2010-10-05)encryption presentation (SAGE-WA, 2010-10-05)
encryption presentation (SAGE-WA, 2010-10-05)Alastair Irvine
 
Tls 1.3
Tls 1.3Tls 1.3
Tls 1.3Kevin OBrien
 
Week12
Week12Week12
Week12s1180181
 
Wo defensive trickery_13mar2017
Wo defensive trickery_13mar2017Wo defensive trickery_13mar2017
Wo defensive trickery_13mar2017Dan Kaminsky
 
Types of VPN
Types of VPNTypes of VPN
Types of VPNNetProtocol Xpert
 
#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2Olle E Johansson
 
Mac security - a pragmatic guide
Mac security - a pragmatic guideMac security - a pragmatic guide
Mac security - a pragmatic guideJason Norwood-Young
 
How To Secure Online Activities
How To Secure Online ActivitiesHow To Secure Online Activities
How To Secure Online Activities- Mark - Fullbright
 
$ii7oi5i-12
$ii7oi5i-12$ii7oi5i-12
$ii7oi5i-12Hideyuki Sato
 
Encryption Primer por Cathy Nolan
Encryption Primer por Cathy NolanEncryption Primer por Cathy Nolan
Encryption Primer por Cathy NolanJoao Galdino Mello de Souza
 
Puzzle Lock
Puzzle LockPuzzle Lock
Puzzle LockSenad Aruc
 
Data encryption
Data encryptionData encryption
Data encryptionBalvant Biradar
 
Lesson 1. General Introduction to IT and Cyber Security.pptx
Lesson 1. General Introduction to IT and Cyber Security.pptxLesson 1. General Introduction to IT and Cyber Security.pptx
Lesson 1. General Introduction to IT and Cyber Security.pptxJezer Arces
 
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, WorteksParis Open Source Summit
 
[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies[POSS 2019] TLS for Dummies
[POSS 2019] TLS for DummiesWorteks
 
American icon pmi
American icon pmiAmerican icon pmi
American icon pmiKevin OBrien
 
Diffie_Hellman-Merkle Key Exchange
Diffie_Hellman-Merkle Key ExchangeDiffie_Hellman-Merkle Key Exchange
Diffie_Hellman-Merkle Key ExchangeKevin OBrien
 

More Related Content

Similar to Forward Secrecy

Inro to Secure Sockets Layer: SSL
Inro to Secure Sockets Layer: SSLInro to Secure Sockets Layer: SSL
Inro to Secure Sockets Layer: SSLDipankar Achinta
 
Discussion Question Contrast file encryption and volume encryptio.docx
Discussion Question Contrast file encryption and volume encryptio.docxDiscussion Question Contrast file encryption and volume encryptio.docx
Discussion Question Contrast file encryption and volume encryptio.docxJeniceStuckeyoo
 
The ultimate privacy guide
The ultimate privacy guideThe ultimate privacy guide
The ultimate privacy guideJD Liners
 
TLS - Transport Layer Security
TLS - Transport Layer SecurityTLS - Transport Layer Security
TLS - Transport Layer SecurityByronKimani
 
encryption presentation (SAGE-WA, 2010-10-05)
encryption presentation (SAGE-WA, 2010-10-05)encryption presentation (SAGE-WA, 2010-10-05)
encryption presentation (SAGE-WA, 2010-10-05)Alastair Irvine
 
Wo defensive trickery_13mar2017
Wo defensive trickery_13mar2017Wo defensive trickery_13mar2017
Wo defensive trickery_13mar2017Dan Kaminsky
 
#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2Olle E Johansson
 
Mac security - a pragmatic guide
Mac security - a pragmatic guideMac security - a pragmatic guide
Mac security - a pragmatic guideJason Norwood-Young
 
Lesson 1. General Introduction to IT and Cyber Security.pptx
Lesson 1. General Introduction to IT and Cyber Security.pptxLesson 1. General Introduction to IT and Cyber Security.pptx
Lesson 1. General Introduction to IT and Cyber Security.pptxJezer Arces
 
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, WorteksParis Open Source Summit
 
[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies[POSS 2019] TLS for Dummies
[POSS 2019] TLS for DummiesWorteks
 

Similar to Forward Secrecy (20)

Encryption by fastech
Encryption by fastechEncryption by fastech
Encryption by fastech
 
Inro to Secure Sockets Layer: SSL
Inro to Secure Sockets Layer: SSLInro to Secure Sockets Layer: SSL
Inro to Secure Sockets Layer: SSL
 
Discussion Question Contrast file encryption and volume encryptio.docx
Discussion Question Contrast file encryption and volume encryptio.docxDiscussion Question Contrast file encryption and volume encryptio.docx
Discussion Question Contrast file encryption and volume encryptio.docx
 
The ultimate privacy guide
The ultimate privacy guideThe ultimate privacy guide
The ultimate privacy guide
 
TLS - Transport Layer Security
TLS - Transport Layer SecurityTLS - Transport Layer Security
TLS - Transport Layer Security
 
encryption presentation (SAGE-WA, 2010-10-05)
encryption presentation (SAGE-WA, 2010-10-05)encryption presentation (SAGE-WA, 2010-10-05)
encryption presentation (SAGE-WA, 2010-10-05)
 
Tls 1.3
Tls 1.3Tls 1.3
Tls 1.3
 
Week12
Week12Week12
Week12
 
Wo defensive trickery_13mar2017
Wo defensive trickery_13mar2017Wo defensive trickery_13mar2017
Wo defensive trickery_13mar2017
 
Types of VPN
Types of VPNTypes of VPN
Types of VPN
 
#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2
 
Mac security - a pragmatic guide
Mac security - a pragmatic guideMac security - a pragmatic guide
Mac security - a pragmatic guide
 
How To Secure Online Activities
How To Secure Online ActivitiesHow To Secure Online Activities
How To Secure Online Activities
 
$ii7oi5i-12
$ii7oi5i-12$ii7oi5i-12
$ii7oi5i-12
 
Encryption Primer por Cathy Nolan
Encryption Primer por Cathy NolanEncryption Primer por Cathy Nolan
Encryption Primer por Cathy Nolan
 
Puzzle Lock
Puzzle LockPuzzle Lock
Puzzle Lock
 
Data encryption
Data encryptionData encryption
Data encryption
 
Lesson 1. General Introduction to IT and Cyber Security.pptx
Lesson 1. General Introduction to IT and Cyber Security.pptxLesson 1. General Introduction to IT and Cyber Security.pptx
Lesson 1. General Introduction to IT and Cyber Security.pptx
 
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
 
[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies
 

More from Kevin OBrien

Diffie_Hellman-Merkle Key Exchange
Diffie_Hellman-Merkle Key ExchangeDiffie_Hellman-Merkle Key Exchange
Diffie_Hellman-Merkle Key ExchangeKevin OBrien
 
Password best practices and the last pass hack
Password best practices and the last pass hackPassword best practices and the last pass hack
Password best practices and the last pass hackKevin OBrien
 
Linux Directory Structure
Linux Directory StructureLinux Directory Structure
Linux Directory StructureKevin OBrien
 
Hardware Discovery Commands
Hardware Discovery CommandsHardware Discovery Commands
Hardware Discovery CommandsKevin OBrien
 
Introduction to linux
Introduction to linuxIntroduction to linux
Introduction to linuxKevin OBrien
 
Help, my computer is sluggish
Help, my computer is sluggishHelp, my computer is sluggish
Help, my computer is sluggishKevin OBrien
 
Installing Software, Part 3: Command Line
Installing Software, Part 3: Command LineInstalling Software, Part 3: Command Line
Installing Software, Part 3: Command LineKevin OBrien
 
Installing Software, Part 2: Package Managers
Installing Software, Part 2: Package ManagersInstalling Software, Part 2: Package Managers
Installing Software, Part 2: Package ManagersKevin OBrien
 
Installing Software, Part 1 - Repositories
Installing Software, Part 1 - RepositoriesInstalling Software, Part 1 - Repositories
Installing Software, Part 1 - RepositoriesKevin OBrien
 
Installing Linux: Partitioning and File System Considerations
Installing Linux: Partitioning and File System ConsiderationsInstalling Linux: Partitioning and File System Considerations
Installing Linux: Partitioning and File System ConsiderationsKevin OBrien
 
The ifconfig Command
The ifconfig CommandThe ifconfig Command
The ifconfig CommandKevin OBrien
 
Find and Locate: Two Commands
Find and Locate: Two CommandsFind and Locate: Two Commands
Find and Locate: Two CommandsKevin OBrien
 
The Shell Game Part 4: Bash Shortcuts
The Shell Game Part 4: Bash ShortcutsThe Shell Game Part 4: Bash Shortcuts
The Shell Game Part 4: Bash ShortcutsKevin OBrien
 
The Shell Game Part 3: Introduction to Bash
The Shell Game Part 3: Introduction to BashThe Shell Game Part 3: Introduction to Bash
The Shell Game Part 3: Introduction to BashKevin OBrien
 
The Shell Game Part 2: What are your shell choices?
The Shell Game Part 2: What are your shell choices?The Shell Game Part 2: What are your shell choices?
The Shell Game Part 2: What are your shell choices?Kevin OBrien
 
The Shell Game Part 1: What is a shell?
The Shell Game Part 1: What is a shell?The Shell Game Part 1: What is a shell?
The Shell Game Part 1: What is a shell?Kevin OBrien
 

More from Kevin OBrien (19)

American icon pmi
American icon pmiAmerican icon pmi
American icon pmi
 
Diffie_Hellman-Merkle Key Exchange
Diffie_Hellman-Merkle Key ExchangeDiffie_Hellman-Merkle Key Exchange
Diffie_Hellman-Merkle Key Exchange
 
Password best practices and the last pass hack
Password best practices and the last pass hackPassword best practices and the last pass hack
Password best practices and the last pass hack
 
Encryption basics
Encryption basicsEncryption basics
Encryption basics
 
Linux Directory Structure
Linux Directory StructureLinux Directory Structure
Linux Directory Structure
 
Hardware Discovery Commands
Hardware Discovery CommandsHardware Discovery Commands
Hardware Discovery Commands
 
Introduction to linux
Introduction to linuxIntroduction to linux
Introduction to linux
 
Help, my computer is sluggish
Help, my computer is sluggishHelp, my computer is sluggish
Help, my computer is sluggish
 
The ps Command
The ps CommandThe ps Command
The ps Command
 
Installing Software, Part 3: Command Line
Installing Software, Part 3: Command LineInstalling Software, Part 3: Command Line
Installing Software, Part 3: Command Line
 
Installing Software, Part 2: Package Managers
Installing Software, Part 2: Package ManagersInstalling Software, Part 2: Package Managers
Installing Software, Part 2: Package Managers
 
Installing Software, Part 1 - Repositories
Installing Software, Part 1 - RepositoriesInstalling Software, Part 1 - Repositories
Installing Software, Part 1 - Repositories
 
Installing Linux: Partitioning and File System Considerations
Installing Linux: Partitioning and File System ConsiderationsInstalling Linux: Partitioning and File System Considerations
Installing Linux: Partitioning and File System Considerations
 
The ifconfig Command
The ifconfig CommandThe ifconfig Command
The ifconfig Command
 
Find and Locate: Two Commands
Find and Locate: Two CommandsFind and Locate: Two Commands
Find and Locate: Two Commands
 
The Shell Game Part 4: Bash Shortcuts
The Shell Game Part 4: Bash ShortcutsThe Shell Game Part 4: Bash Shortcuts
The Shell Game Part 4: Bash Shortcuts
 
The Shell Game Part 3: Introduction to Bash
The Shell Game Part 3: Introduction to BashThe Shell Game Part 3: Introduction to Bash
The Shell Game Part 3: Introduction to Bash
 
The Shell Game Part 2: What are your shell choices?
The Shell Game Part 2: What are your shell choices?The Shell Game Part 2: What are your shell choices?
The Shell Game Part 2: What are your shell choices?
 
The Shell Game Part 1: What is a shell?
The Shell Game Part 1: What is a shell?The Shell Game Part 1: What is a shell?
The Shell Game Part 1: What is a shell?
 

Recently uploaded

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 

Recently uploaded (20)

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

Forward Secrecy

  • 2. Encrypted Communication ● Most examples involve Alice and Bob trying to communicate securely ● This is not the actual most common use case ● Most of the time, we as individuals want to exchange messages with servers on the Internet ● This generally involves both Diffie-Hellman and a public key method such as RSA
  • 3. Example ● I want a secure connection to my bank, and my messages are traveling over the public Internet ● I cannot rule out someone eavesdropping on my messages ● If my connection is not secure, they could get my password to the bank site and steal all of my money
  • 4. Secure Connections ● Ideally, my bank offers a secure connection by default (if not, get a better bank!) ● This is usually seen as a URL the begins https, instead of the old standby http ● This should denote at the very least an ssl connection, though TLS is preferred these days ● I also have https everywhere installed, which I can get from the Electronic Frontier Foundation ● https://www.eff.org/https-everywhere
  • 5. Negotiation ● Whether the site offers a secure connection by default, or offers it because my browser plug-in asked for one, this is the beginning of a negotiation ● Which security protocols does the server have available? ● Which one does my browser have? ● What is the strongest protocol we have in common?
  • 6. The opening bid ● This is the start ● I initiate the connection ● Amazon has not, AFAIK, ever just logged me in and then asked if I need anything today (though if they figure out how to do that…) ● I do it with what is called the ClientHello Message
  • 7. The ClientHello Message ● This will look something like this: ● TLS_DHE_RSA_WITH_AES_256_CBC_SHA ● Every piece means something ● Again, this is something I am sending to the server
  • 8. Interpretation 1 ● TLS = establish a TLS (i.e. Transport Layer Security) connection ● DHE = using Diffie-Hellman Ephemeral (for the shared secret used for the session) ● RSA = combined with RSA (the public key protocol used to create the secure initial connection ● WITH_AES_256 = using Advanced Encryption Standard (AES) with 256 bits
  • 9. Interpretation 2 ● CBC = using Cipher Block Chaining (CBC) ● SHA = and using the Secure Hashing Algorithm (SHA)
  • 10. Negotiation ● This should represent the highest level of security my browser is capable of handling ● There have been security attacks that worked by forcing a connection at a very low level of security, such as the POODLE attack ● https://en.wikipedia.org/wiki/POODLE ● This is one reason why SSL has been deprecated in favor of TLS, which won’t allow downgrade attacks
  • 11. The ServerHello Message ● The server then responds with its own message, which will either accept my proposal, or fail and propose something different ● Once there is an agreed protocol, the server will send two things – A certificate containing the public key of the server, which serves to authenticate it – A random 32 byte number which will be used for the Diffie-Hellman Key Exchange – Note that these are sent publicly
  • 12. Key Exchange ● Now the client (me) creates its own random number, encrypts it using the public key of the server, and sends it to the server ● The server decrypts the message using its private key, and reads the number ● Each side now has a random secret number from the other side, and a Diffie-Hellman Key Exchange is done
  • 13. Negotiations Completed ● Now that there is a shared secret key, there is a Change Cipher Spec message that switches from the Public Key to the shared Diffie-Hellman key ● This is used for the rest of the communication
  • 14. How Secure? ● Diffie-Hellman is known to be secure against eavesdropping, particularly if a strong Elliptic Curve algorithm is employed ● The use of a certificate with a Public Key (perhaps using RSA) makes it more difficult to execute a man-in-the- middle attack ● That can happen, though, if someone can get in the middle at the right moment and set up communications with both sides using its own keys
  • 15. Man-in-the-middle ● I send a ClientHello message to my bank, but just my darn luck, Mallory intercepts my ClientHello ● She in turn sends a ClientHello to my bank, and get back the certificate ● She then creates her own certificate, and send it to me (I am expecting a certificate, after all) ● She can sit in the middle passing messages back and forth while decrypting and reading them ● In the US, companies have the right to do this on their networks (though we hope not to clean out your account)
  • 16. Securing this ● Number one, pay attention to the certificates. At least that way you’ll know if someone is getting in the middle. ● Measures like OCSP Stapling make this type of attack much harder to do ● TLS also provides improved authentication ● HTTP Public Key Pinning ● DNSSEC
  • 17. End Points? ● Man-in-the-middle attacks are aimed at data in transit ● What about the end points? ● I have some control over my own computer ● But what about the server?
  • 18. Server Control ● Servers can fall to malicious cracking ● Servers can be seized by law enforcement ● Possible keys can be taken from the server and used to decrypt communications ● There is a reason governments are starting to insist that companies keep e-mail servers for their citizens within the country, and it is not for your protection
  • 19. Lost Control ● I might not care if it is only my order of specialty teas from Amazon ● But it might be confidential e-mails ● And if messages are kept for future decryption… ● NSA has a facility that appears to be for that exact purpose ● So even if the data is secure for now, will it be secure in the future?
  • 20. Forward Secrecy ● Some call it Perfect Forward Secrecy, but it is not perfect ● Remember, this is an arms race ● And in security perfection is very hard to find ● Any encrypted message can be brute force decrypted given enough time and resources ● And with improvements in decryption (e.g. quantum computing) it will take less time and fewer resources
  • 21. What can you do? ● Forward Secrecy is essentially key protection ● This is done by using new keys for every session ● So even if someone cracked your e-mail written on January 9, it would not help with your e-mail written January 10 ● Nor would it help with your web browsing on January 9
  • 22. How It Can Fail ● This requires that keys are not stored, but discarded after use ● How can you be sure? ● Incompetence happens a lot with servers ● Remember those governments and the e-mail servers?
  • 23. O’Brien’s First Law Every government, by its very nature, regards the security and privacy of its citizens as a flaw which it seeks to remedy by all possible means.
  • 24. Still, A Step Forward ● Being used by more companies ● Google ● Twitter ● Apple ● And others
  • 25. Google Adam Langley from the Security Team posted a notice on their Security Blog on November 22, 2011 called Protecting data for the long term with forward secrecy. In this short blog post he mentions that Google “support(s) forward secrecy using elliptic curve Diffie-Hellman”. https://security.googleblog.com/2011/11/prot ecting-data-for-long-term-with.html
  • 26. Twitter On November 22, 2013, Twitter announced in its blog under the heading Forward Secrecy at Twitter that they would also be using forward secrecy, and similarly said the following: There are two main categories of Diffie-Hellman key exchange. Traditional Diffie- Hellman (DHE) depends on the hardness of the Discrete Logarithm Problem and uses significantly more CPU than RSA, the most common key exchange used in SSL. Elliptic Curve Diffie-Hellman (ECDHE) is only a little more expensive than RSA for an equivalent security level. Vincent Bernat (@vince2_) benchmarked ECDHE at a 15% overhead relative to RSA over 2048-bit keys. DHE, by comparison, used 310% more CPU than RSA. https://blog.twitter.com/engineering/en_us/a/ 2013/forward-secrecy-at-twitter.html
  • 27. Apple Apple published a specification called App Transport Security that is now mandatory for all apps. It has several provisions, but one of them involves forward security. In an article from the SSL store there is a good description of this provision: ATS also requires the use of TLS 1.2 and a cipher suite that provides forward secrecy. Developers will need to ensure their server is configured properly. TLS 1.2 is the most recent version of the SSL/TLS protocol, and most modern servers have it turned on by default. Forward secrecy refers to the way that connections are encrypted. An encryption cipher which supports forward secrecy, like ECDHE, is able to offer security to past sessions even if the private key is compromised. https://www.thesslstore.com/blog/apple-will-require-use-ats-2017/