Direct Style Effect Systems -The Print[A] Example- A Comprehension Aid
Rootconf2019
1. Lets talk TLS 1.3
Huzaifa Sidhpurwala
Red Hat Product Security Team
2. We are going to talk about:
●
What is SSL/TLS and why is it so important?
●
Security flaws affecting older versions of
SSL/TLS
●
What is new in TLS 1.3 (security, performance)
●
Implementations
3. What is SSL/TLS a.k.a why do I
care?
●
Most used protocol on the internet.
●
Currently all protocols are wrapped in SSL/TLS
to secure them on internet.
●
Most flaws found with SSL/TLS, higher attack
surface.
●
Most implemented protocol on the internet:
OpenSSL, NSS, GnuTLS, java etc
4. Heartbleed
●
First of its kind!
●
Implementation flaw in heartbeat extension in
OpenSSL
●
Lead researchers to look deeper in SSL/TLS
code.
5. LUCKY-13
●
Timing attack against CBC
●
Known previously, but this time they found a
novel way to exploit it.
●
All open source SSL/TLS code was found to be
vulnerable.
6. BEAST
●
Affects TLS 1.0 and earlier.
●
Purely a client-side flaw, normally affects
browsers with malicious extensions.
●
Can be used to predict plain text.
12. Session resumption with TLS
●
Session identifiers:
– Servers keep track of sessions via session ids.
Client re-connects with session id to resume the
session.
●
Session tickets:
– After handshake, a session ticket (blob of session
key + associated data) encrypted with server key is
sent to be stored with the client.
– On resumption client presents this to the server.
13. Session resumption in TLS 1.3
●
Both of the previous methods are not obsolete.
●
Replaced by PSK mode in TLS 1.3
●
“The idea is that after a session is established, the
client and server can derive a shared secret called
the “resumption master secret”. This can either be
stored on the server with an id (session id style) or
encrypted by a key known only to the server (session
ticket style). This session ticket is sent to the client
and redeemed when resuming a connection.”
15. TLS 1.3 security
●
Remove old and obsolete crypto
– RSA
– RC4, SHA1, MD5 (sloth)
– CBC (lucky-13, poodle)
– No compression (crime)
– Remove PKCS #1 v1.5
16. TLS 1.3 security
●
Add new crypto features
– Anti-downgrade feature.
– New session resumption features
– New ECC curves
– Privacy of certs during handshakes
– ChaCha20/Poly1305