Post on 16-Apr-2020
transcript
SSL Encryption – What makes your security t ick?
SSL Encryption- What makes your Security tick?
MATTHEW WALSH A C C R E D I T E D W E B S E C U R I T Y C O N S U LTA N T
2
TODAY’S SPEAKER
II
AGENDA
How algorithms affect your SSL certificate
Encryption: What & When? I
What will tomorrow’s SSL be like? III
Questions & Answers IV
SSL Encryption- What makes your Security tick? 4
Encryption: What & When?
SSL Encryption- What makes your Security tick?
WHAT IS CRYPTOGRAPHY?
5
The procedures, processes, etc. of making and using rules when writing e.g.
codes or cyphers.
Cryptography:
The replacement of selected
pieces of written information by
other elements according to a rule
known to only the transmitter and
legitimate recipient
Cypher:
The process of encoding a
message – often using two keys to
encrypt and decrypt – so it can be
read by only the sender and the
intended recipient.
Encryption:
SSL Encryption- What makes your Security tick?
ENCRYPTION THROUGH THE AGES
6
3,000 BC Hieroglyphics of Ancient Egypt
First type of cyphers
Middle-Ages
Widely used for diplomatic purposes
1918 The Enigma
Machine
Decrypted by Britain’s military intelligence at Bletchley Park
SSL Encryption- What makes your Security tick?
SSL ENCRYPTION
7
Encryption has evolved since the
Second World War
With the advent of the Internet and
the vast amounts of confidential
information now exchanged online,
encryption has become an
integral part of daily life.
SSL Encryption- What makes your Security tick? 8
How algorithms impact your SSL certificate
SSL Encryption- What makes your Security tick?
WHAT IS SSL?
9
SSL should be
used for:
> Communications
> Information exchanges
> Transactions
Each SSL session generates a public key to encrypt the
information & a private key to decrypt the information
SSL (Secure Socket Layer):
Standard security technology to
establish encrypted links between a
server and a client.
SSL Encryption:
Encrypts information by generating
keys to restrict unauthorised access
during a session.
SSL Encryption- What makes your Security tick?
SSL ENCRYPTION ALGORITHMS
RSA Rivest Shamir Adleman
DSA Digital Signature Algorithm
ECC Elliptic Curve Cryptography
10
SSL Encryption- What makes your Security tick?
RSA: RIVEST SHAMIR ADLEMAN
1977 Industry Standard
Encryption Algorithm
11
Used by default in SSL certificates, and makes up approx. 99.9% of
issued certificates.
RSA remains a valid algorithm, but the minimum acceptable key
size continues to increase.
The standard key length at the end of 2014 is 2048-bit.
SSL Encryption- What makes your Security tick?
DSA: DIGITAL SIGNATURE ALGORITHM
1991 The U.S Government’s approved & certified
encryption algorithm, developed by the
National Security Agency (NSA)
12
Used by the U.S. Government and endorsed by U.S. Federal
Agencies.
DSA is a valid algorithm mainly used in the USA.
SSL Encryption- What makes your Security tick?
ECC: ELLIPTIC CURVE CRYPTOGRAPHY
1985 The stronger and faster encryption
algorithm
13
Used by certification authorities as an alternative to RSA and DSA.
ECC offers superior performance by generating smaller keys
but delivers stronger encryption.
SSL Encryption- What makes your Security tick?
SWITCHING TO ECC
Why?
> Recommended key-sizes are constantly increasing
> Greater efficiency: ECC offers stronger encryption and generates smaller keys
> Lower bandwidth consumption: Internet enabled devices have skyrocketed
ECC provides far stronger and faster encryption than RSA
14
Benefits
> Stronger and faster encryption
> Greater investment protection
> Mobile optimised
> Lower bandwidth consumption
SSL Encryption- What makes your Security tick? 15
What will tomorrow’s SSL be like?
SSL Encryption- What makes your Security tick?
CHALLENGES DURING TRANSITION TO ECC
Pure ECC chain is not yet compatible with all Browsers:
16
> Safari
> Firefox
> Opera
> Microsoft Internet Explorer
Pure ECC chain is not yet compatible with all Mobile
Devices:
> Apple (iOS)
> Android
> Windows Mobile
> BlackBerry
SSL Encryption- What makes your Security tick?
PURE ECC CHAIN
17
ECC Intermediate Certificate
ECC Root Certificate
Pure ECC chain is not yet compatible with all browsers and
mobile devices
A new “hybrid” technology has been developed by CAs
to enable a maximum system compatibility of 99.9%
ECC End entity Certificate
SSL Encryption- What makes your Security tick?
PURE ECC CHAIN WITH A CROSS ROOT
18
ECC End entity Certificate
ECC Intermediate Certificate
ECC Root Certificate
ECC Intermediate Certificate
RSA Root Certificate
Cross root certificates encrypt data using ECC, but offer a
choice of either ECC or RSA root
Provide a choice of either a full or hybrid ECC chain based
on individual server compatibility.
SSL Encryption- What makes your Security tick?
THE SOLUTION – ECC HYBRID CERTIFICATES
19
ECC End entity Certificate
Hybrid certificates encrypt data using ECC but is linked to
trusted RSA root
ECC Intermediate Certificate
Example of Hybrid Certificate:
https://www.ssl247.be/
RSA Root Certificate
Retain the RSA root but provides the advantages of an
ECC intermediate and are compatible with older
servers.
SSL Encryption- What makes your Security tick? 20
QUESTIONS &
ANSWERS
USEFUL LINKS
21
Please note that these links are also available on our other websites (www.SSL247.fr,
www.SSL247.es, www.SSL247.it, www.SSL247.de, etc.)
USEFUL LINKS
• History of cryptology
The impact of modern electronics: http://www.britannica.com/topic/cryptology/Cryptanalysis#toc25640
The history of encryption: https://www.symantec-wss.com/uk/encryption-decoded/int/thanks#tjsf
Data Encryption Standard definition: http://searchsecurity.techtarget.com/definition/Data-Encryption-Standard
• SSL certificates and algorithms
RSA: http://www.symantec.com/page.jsp%3Fid%3D1024-bit-migration-faq#rsa
ECC: https://www.ssl247.co.uk/ssl-certificates/type/ecc
• The future
Protection through innovation: https://www.symantec-wss.com/uk/encryption-decoded/int/thanks#stf
Browser compatibility with ECC: https://www.tbs-certificates.co.uk/navigateursECC.html.en
ECC/RSA Hybrid certificates: http://www.symantec.com/connect/blogs/ensuring-compatibility-without-compromising-
security-case-eccrsa-hybrid-certificates
Symantec’s Webinar about ECC/RSA Hybrid SSL Certificates:
https://www.brighttalk.com/webcast/6331/178025?utm_campaign=add-to-
calendar&utm_medium=calendar&utm_source=brighttalk-transact
USEFUL LINKS
22
More on ECC browser compatibility
Client ECC Support Pure ECC ECC & RSA Hybrid
PC Windows XP or older Not supported Not supported
Windows Vista or newer Supported Supported
Mac OSX V10.9 or newer V10.6 or newer
Smart Phone Android Android 3.x or newer Android 2.3 or newer
IOS IOS 7.x or newer IOS 3.x or newer
Eco System Server to server Depends on the customer environment
ATM & POS Depends on the customer environment
USEFUL LINKS
23
More on ECC server compatibility
Vendor Product ECC CSR ECC cert install
Microsoft Win Server 2008 (IIS 7.0) or newer
Supported
Supported
Apache, nginx OpenSSL 1.0.1e Supported Supported
Oracle Sun Java System Web Server 7.0
Supported Supported
F5 11.5 or newer Supported Supported
IBM HTTP Server 8.0 + PM80235 Supported Supported
Citrix Netscalar No No
USEFUL LINKS
Thank you for your attention!
info@SSL247.co.uk - 0203 740 5927 (London office) - www.SSL247.co.uk
24