sullivan handshake proxying-ieee-sp_2014
DESCRIPTION
Two of the major concerns for serving information over the internet are latency and security. Reducing latency improves response times, making content delivery seem more instantaneous and improving user experience. The most common approach to improving security is TLS, where data is sent over an authenticated encryption tunnel between a server and a client. The Internet’s architecture and the physical realities of how networks are spread geographically can cause these two goals to be competitive. This talk introduces a model to deal with private key security in this situation.TRANSCRIPT
TLS Handshake ProxyingFrom theory to reality
IEEE S&P April 20, 2014 Nick Sullivan
@grittygrease
Two competing goals on the web• Security & Privacy
• Performance
2
Privacy: SSL/TLS• Point-to-point authentication and encryption
• The little lock icon in your browser
!
• Browser-server model
• Server certificate bound to a public key, signed by a Certificate Authority
• Private key provides authentication of server to client
• Session key established with handshake
3
4
Private Key
Problem with TLS• Web servers (nginx, apache, ISS) read private keys from disk, use in
memory
• Private key disclosure allows
• Server impersonation
• Retroactive decryption of sessions with RSA handshake
5
Private key security - protection• Process memory disclosure
• Secure allocation
• Separate process for private key
• Machine DMA attack
• Encrypted memory
• Hardware: HSM or TPM
• Machine compromise or theft
• ???
6
Web performance• The web is changing — consolidation at the edge of the network
• CDNs provide distributed global load balancing
• TLS needs to be terminated at caching layer
• Private keys need to be distributed to the edge
!
• This is why banks do not use CDNs — yet
7
Traditional traffic routing
8
Anycast routing with reverse proxy
9
Two contradictory goals• Global load balancing of TLS
• Private key security
10
Keyless SSL• Compromise between key security and performance
!
• Split the state machine geographically
• Private key operation performed at site owner’s facility (in HSM, etc)
• Rest of handshake performed at the edge
• Communicate to signing server over secure tunnel
11
Keyless SSL
12
Keyless SSL• All static assets served over TLS from the edge
• Dynamic assets served from origin through reverse proxy
13
14
Private Key
15
Private Key
Keyless SSL - In Production
• This is not an academic exercise or proof of concept
• Based on modified nginx/OpenSSL
• Customers include
• Top Wall Street investment bank
• Top Silicon Valley Internet company
16
Keyless SSL - Security
• Formal proof of security: joint work with Douglas Stebila
• Code audit by iSEC partners
17
TLS Handshake ProxyingFrom theory to reality
IEEE S&P April 20, 2014 Nick Sullivan
@grittygrease