keyless ssl: rwc 2013
DESCRIPTION
This is a short talk given at Real World Cryptography 2014 on advances in SSL and reverse proxies.TRANSCRIPT
![Page 1: Keyless SSL: RWC 2013](https://reader038.vdocuments.mx/reader038/viewer/2022100517/55756624d8b42a2e248b484f/html5/thumbnails/1.jpg)
Keyless SSL with Reverse ProxiesFrom theory to reality
Real World Cryptography
January 14th, 2013
!Nick Sullivan
@grittygrease
![Page 2: Keyless SSL: RWC 2013](https://reader038.vdocuments.mx/reader038/viewer/2022100517/55756624d8b42a2e248b484f/html5/thumbnails/2.jpg)
SSL/TLS• Point-to-point authentication and encryption over TCP
• Browser-server model
• Server certificate bound to a public key, signed by a Certificate Authority
• Private key provides authentication of server to client
• Key establishment with Diffie-Hellman variants
#2
![Page 3: Keyless SSL: RWC 2013](https://reader038.vdocuments.mx/reader038/viewer/2022100517/55756624d8b42a2e248b484f/html5/thumbnails/3.jpg)
Problems with TLS• Certificate Authority/PKI trust and reliability
• Not even going to touch this
!
• Private key security
• Web servers (nginx, apache, ISS) read private keys from disk
• Security of servers is paramount — use HSMs
#3
![Page 4: Keyless SSL: RWC 2013](https://reader038.vdocuments.mx/reader038/viewer/2022100517/55756624d8b42a2e248b484f/html5/thumbnails/4.jpg)
Bigger Issue• The web is changing — consolidation at the edge of the network
• CDNs provide distributed global load balancing
• TLS needs to be terminated at caching layer
• Private keys need to be distributed to the edge
!
• This is why banks do not use CDNs — yet
#4
![Page 5: Keyless SSL: RWC 2013](https://reader038.vdocuments.mx/reader038/viewer/2022100517/55756624d8b42a2e248b484f/html5/thumbnails/5.jpg)
Global Website Traffic
#5
![Page 6: Keyless SSL: RWC 2013](https://reader038.vdocuments.mx/reader038/viewer/2022100517/55756624d8b42a2e248b484f/html5/thumbnails/6.jpg)
Global Website Traffic with CDN
#6
![Page 7: Keyless SSL: RWC 2013](https://reader038.vdocuments.mx/reader038/viewer/2022100517/55756624d8b42a2e248b484f/html5/thumbnails/7.jpg)
SSL/TLS State Machine• There is only one step that requires the secret key
• Key Exchange Cipher Suites (i.e. all DHE and ECDHE suites)
• Server Key Exchange — private key signature
• Older Cipher suites (Such as RSA-AES-SHA1)
• Decrypt Premaster Secret — private key decryption
#7
![Page 8: Keyless SSL: RWC 2013](https://reader038.vdocuments.mx/reader038/viewer/2022100517/55756624d8b42a2e248b484f/html5/thumbnails/8.jpg)
Keyless SSL• Split the state machine geographically
• Private key operation performed at site owner’s facility (in HSM, etc)
• Rest of handshake performed at the edge
• Communicate to signing server with mutually authenticated TLS
!
• All static assets served over TLS from the edge
• Dynamic assets served from origin through reverse proxy
#8
![Page 9: Keyless SSL: RWC 2013](https://reader038.vdocuments.mx/reader038/viewer/2022100517/55756624d8b42a2e248b484f/html5/thumbnails/9.jpg)
Keyless SSL
#9
![Page 10: Keyless SSL: RWC 2013](https://reader038.vdocuments.mx/reader038/viewer/2022100517/55756624d8b42a2e248b484f/html5/thumbnails/10.jpg)
Keyless SSL - In Production• This is not an academic exercise or proof of concept
• Based on modified nginx/OpenSSL
• In production currently at top wall street investment bank
#10
![Page 11: Keyless SSL: RWC 2013](https://reader038.vdocuments.mx/reader038/viewer/2022100517/55756624d8b42a2e248b484f/html5/thumbnails/11.jpg)
Keyless SSL with Reverse ProxiesFrom theory to reality
Real World Cryptography
January 14th, 2013
!Nick Sullivan
@grittygrease