Keyless SSL with Reverse ProxiesFrom theory to reality

Real World Cryptography

January 14th, 2013

!Nick Sullivan

@grittygrease

SSL/TLS• Point-to-point authentication and encryption over TCP

• Browser-server model

• Server certificate bound to a public key, signed by a Certificate Authority

• Private key provides authentication of server to client

• Key establishment with Diffie-Hellman variants

#2

Problems with TLS• Certificate Authority/PKI trust and reliability

• Not even going to touch this

!

• Private key security

• Web servers (nginx, apache, ISS) read private keys from disk

• Security of servers is paramount — use HSMs

#3

Bigger Issue• The web is changing — consolidation at the edge of the network

• CDNs provide distributed global load balancing

• TLS needs to be terminated at caching layer

• Private keys need to be distributed to the edge

!

• This is why banks do not use CDNs — yet

#4

Global Website Traffic

#5

Global Website Traffic with CDN

#6

SSL/TLS State Machine• There is only one step that requires the secret key

• Key Exchange Cipher Suites (i.e. all DHE and ECDHE suites)

• Server Key Exchange — private key signature

• Older Cipher suites (Such as RSA-AES-SHA1)

• Decrypt Premaster Secret — private key decryption

#7

Keyless SSL• Split the state machine geographically

• Private key operation performed at site owner’s facility (in HSM, etc)

• Rest of handshake performed at the edge

• Communicate to signing server with mutually authenticated TLS

!

• All static assets served over TLS from the edge

• Dynamic assets served from origin through reverse proxy

#8

Keyless SSL

#9

Keyless SSL - In Production• This is not an academic exercise or proof of concept

• Based on modified nginx/OpenSSL

• In production currently at top wall street investment bank

#10

Keyless SSL with Reverse ProxiesFrom theory to reality

Real World Cryptography

January 14th, 2013

!Nick Sullivan

@grittygrease