Abstract image of a woman sitting on books and studying on a laptop

An analysis of TLS handshake proxying

Nick Sullivan, profile picture
Nick Sullivan

The document examines the analysis of TLS handshake proxying, focusing on balancing performance and security goals in web traffic management. It discusses the importance of private key security and the impacts of key compromise risks, such as server impersonation and retroactive decryption. The proposed solution combines HTTPS with reverse proxies to optimize performance while maintaining a secure architecture for key operations.

Technology
1 of 40
Downloaded 45 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
An Analysis of TLS Handshake Proxying Nick Sullivan (@grittygrease) Douglas Stebila (@dstebila) IEEE TrustCom August 20, 2015 CloudFlare Inc. Queensland University of Technology
Two competing goals on the web • Performance • Security & Privacy 2
Performance on the Web Improving performance by reducing latency 3
Web performance • Fundamentally bound by the speed of light • Content Delivery Networks (CDNs) provide distributed global load balancing and caching 4
Reverse Proxy 5
Traditional traffic routing 6
Routing with reverse proxy 7
Security & Privacy on the Web HTTPS and key compromise risks 8
HTTPS/TLS • Point-to-point authentication and encryption • Visualized in lock icon in your browser address bar 9
HTTPS/TLS • client-server model • Private key operation in handshake proves ownership of the certificate • Client validates certificate via PKI • Handshake establishes session keys 10
Private key compromise risks • Most cryptography is written in memory-unsafe languages like C • Private keys are read from disk, used in memory • Web servers (nginx, Apache) use OpenSSL 11
12 HEARTBLEED
Private key compromise consequences • Private key disclosure breaks TLS trust model • Server impersonation • Retroactive decryption of sessions with RSA handshake 13
Keys on the edge Combining HTTPS and Reverse Proxies 14
TLS with reverse proxies • TLS needs to be terminated at caching layer • Private keys need to be distributed to the edge • Financial institutions are highly regulated — no sharing with third parties • This is why banks do not use CDNs — yet 15
Reverse Proxy With HTTPS 🔒 🔑 🔒 Private Key
Location of TLS Terminators 17
Two contradictory goals • Global load balancing of TLS • Reducing private key attack surface 18
Keyless SSL 19 Private Key
TLS Handshake Proxying Combining HTTPS and Reverse Proxies 20
TLS Handshake Proxying • Compromise between key security and performance • Split the handshake geographically • Private key operation performed at site owner’s facility (in HSM, etc) • Rest of handshake performed at the edge • Communicate to key server over secure tunnel 21
TLS in RSA mode 22 Private Key
TLS in RSA mode with remote private key 23 Private Key
TLS Handshake Proxying • Private key stored in trusted location • Mutually-authenticated TLS tunnel from edge • TLS session resumption • All static assets served over TLS from the edge • Dynamic assets served from origin through reverse proxy 24
Also… • Fully implemented and live! 25
Performance Analysis 26
Geography of TLS 27
28 Geography of TLS With Proxy
29 Geography of TLS Handshake Proxy
Performance estimate • Triangle inequality for the internet topology 30
Performance measurement 31
Additional Performance Notes • Persistent connection between Edge and Key Server is already established • Otherwise the first connection will be slower • Session resumption is even more improved • No need to connect to key server if resumption data is present 32
Security Analysis 33
Security goals of TLS • Server-to-client authentication • Channel security 34
Security goals of TLS Handshake Proxying • Key-server-to-client authentication • Edge-server-to-client authentication • Channel security • Optional: Forward Security 35
Security of the key server • Dedicated TLS connection between key server and edge • TLS client authentication with Private CA • Timing side-channel protection • Message size side-channel protection 36
Security of the edge server • Session ID-based resumption • no claims about shared local session state • sessions expiry determines forward secrecy • Session Ticket-based resumption • sharing state among all edge servers can result in confusion (rely on Host header) • sessions ticket decryption secret lifetime determines forward-secrecy 37
Conclusions 38
TLS Handshake Proxying • Balances two contradictory goals • Global load balancing of TLS • Private key security • Improved performance • Strong security guarantees 39
An Analysis of TLS Handshake Proxying Nick Sullivan (@grittygrease) Douglas Stebila (@dstebila) IEEE TrustCom August 20, 2015 CloudFlare Inc. Queensland University of Technology

More Related Content

PDF
Bringing Elliptic Curve Cryptography into the Mainstream
Nick Sullivan
 
PDF
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23
Nick Sullivan
 
PDF
What's New in Go Crypto - Gotham Go
Nick Sullivan
 
PDF
Virus Bulletin 2012
Cloudflare
 
PDF
Sullivan randomness-infiltrate 2014
Cloudflare
 
PDF
Sullivan handshake proxying-ieee-sp_2014
Cloudflare
 
PDF
Sullivan red october-oscon-2014
Cloudflare
 
PDF
Sullivan heartbleed-defcon22 2014
Cloudflare
 
Bringing Elliptic Curve Cryptography into the Mainstream
Nick Sullivan
 
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23
Nick Sullivan
 
What's New in Go Crypto - Gotham Go
Nick Sullivan
 
Virus Bulletin 2012
Cloudflare
 
Sullivan randomness-infiltrate 2014
Cloudflare
 
Sullivan handshake proxying-ieee-sp_2014
Cloudflare
 
Sullivan red october-oscon-2014
Cloudflare
 
Sullivan heartbleed-defcon22 2014
Cloudflare
 

What's hot (20)

PDF
Sullivan white boxcrypto-baythreat-2013
Cloudflare
 
PDF
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
NGINX, Inc.
 
PDF
DockerCon Live 2020 - Securing Your Containerized Application with NGINX
Kevin Jones
 
PDF
Heartache and Heartbleed - 31c3
Nick Sullivan
 
PDF
Running Secure Server Software on Insecure Hardware Without Parachute
Cloudflare
 
PDF
Scaling Push Messaging for Millions of Devices @Netflix
C4Media
 
PPTX
The 3 Models in the NGINX Microservices Reference Architecture
NGINX, Inc.
 
PPTX
Botconf ppt
Cloudflare
 
PPTX
MRA AMA Part 7: The Circuit Breaker Pattern
NGINX, Inc.
 
PDF
Serverless for the Cloud Native Era with Fission
NATS
 
PDF
DEFCON 28: 21 Jump Server: Going Bastionless in the Cloud
Colin Estep
 
PPTX
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
NGINX, Inc.
 
PDF
Bridges and Tunnels: A Drive Through OpenStack Networking
markmcclain
 
PDF
NATS vs HTTP
Apcera
 
PDF
GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...
wallyqs
 
PDF
Monitoring Highly Dynamic and Distributed Systems with NGINX Amplify
NGINX, Inc.
 
PDF
Overview of SSL: choose the option that's right for you
Cloudflare
 
PDF
Managing secrets at scale
Alex Schoof
 
PPTX
RSK sidechain
Oscar Guindzberg
 
PPTX
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare
Cloudflare
 
Sullivan white boxcrypto-baythreat-2013
Cloudflare
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
NGINX, Inc.
 
DockerCon Live 2020 - Securing Your Containerized Application with NGINX
Kevin Jones
 
Heartache and Heartbleed - 31c3
Nick Sullivan
 
Running Secure Server Software on Insecure Hardware Without Parachute
Cloudflare
 
Scaling Push Messaging for Millions of Devices @Netflix
C4Media
 
The 3 Models in the NGINX Microservices Reference Architecture
NGINX, Inc.
 
Botconf ppt
Cloudflare
 
MRA AMA Part 7: The Circuit Breaker Pattern
NGINX, Inc.
 
Serverless for the Cloud Native Era with Fission
NATS
 
DEFCON 28: 21 Jump Server: Going Bastionless in the Cloud
Colin Estep
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
NGINX, Inc.
 
Bridges and Tunnels: A Drive Through OpenStack Networking
markmcclain
 
NATS vs HTTP
Apcera
 
GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...
wallyqs
 
Monitoring Highly Dynamic and Distributed Systems with NGINX Amplify
NGINX, Inc.
 
Overview of SSL: choose the option that's right for you
Cloudflare
 
Managing secrets at scale
Alex Schoof
 
RSK sidechain
Oscar Guindzberg
 
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare
Cloudflare
 
Ad

Viewers also liked (20)

PPT
Metric and Dashboard
Chen Huang
 
PPT
Secure Socket Layer
Naveen Kumar
 
PDF
Aplication and Transport layer- a practical approach
Sarah R. Dowlath
 
PDF
Advanced Crypto Service Provider – cryptography as a service
Smart Coders
 
PPTX
SSL TLS Protocol
Devang Badrakiya
 
PPTX
SSL/TLS
Sirish Kumar
 
DOCX
SSL-image
Rajat Toshniwal
 
PDF
Recover A RSA Private key from a TLS session with perfect forward secrecy
Priyanka Aash
 
PDF
TLS/SSL MAC security flaw
Nate Lawson
 
PPTX
Unified log-meetup-20160420
Oli Deakin
 
PPTX
3429 How to transform your messaging environment to a secure messaging envi...
Robert Parker
 
PDF
Kubernetes в Avito - Евгений Ольков
AvitoTech
 
PDF
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
Gabriella Davis
 
PDF
Automation and ansible
Boaventura Rodrigues Neto
 
PDF
An introduction to MQTT - Pub / Sub for the masses
Dominik Obermaier
 
PPTX
Best Practice TLS for IBM Domino
Jared Roberts
 
PPT
SSL
theekuchi
 
PPTX
CCNA RS_NB - Chapter 5
Irsandi Hasan
 
PPTX
Docker ansible-make-chef-puppet-unnecessary-minnihan
jbminn
 
PPT
Wireshark
ashiesh0007
 
Metric and Dashboard
Chen Huang
 
Secure Socket Layer
Naveen Kumar
 
Aplication and Transport layer- a practical approach
Sarah R. Dowlath
 
Advanced Crypto Service Provider – cryptography as a service
Smart Coders
 
SSL TLS Protocol
Devang Badrakiya
 
SSL/TLS
Sirish Kumar
 
SSL-image
Rajat Toshniwal
 
Recover A RSA Private key from a TLS session with perfect forward secrecy
Priyanka Aash
 
TLS/SSL MAC security flaw
Nate Lawson
 
Unified log-meetup-20160420
Oli Deakin
 
3429 How to transform your messaging environment to a secure messaging envi...
Robert Parker
 
Kubernetes в Avito - Евгений Ольков
AvitoTech
 
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
Gabriella Davis
 
Automation and ansible
Boaventura Rodrigues Neto
 
An introduction to MQTT - Pub / Sub for the masses
Dominik Obermaier
 
Best Practice TLS for IBM Domino
Jared Roberts
 
SSL
theekuchi
 
CCNA RS_NB - Chapter 5
Irsandi Hasan
 
Docker ansible-make-chef-puppet-unnecessary-minnihan
jbminn
 
Wireshark
ashiesh0007
 
Ad

Similar to An analysis of TLS handshake proxying (20)

PDF
CNIT 141: 13. TLS
Sam Bowne
 
PPTX
All you need to know about transport layer security
Maarten Smeets
 
PDF
CNIT 141 13. TLS
Sam Bowne
 
PDF
CNIT 141: 13. TLS
Sam Bowne
 
PDF
020618 Why Do we Need HTTPS
Jackio Kwok
 
PPT
SecureSocketLayer.ppt
PranavUndre1
 
PDF
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
Jyothishmathi Institute of Technology and Science Karimnagar
 
PDF
Network Security Applications
Hatem Mahmoud
 
PPSX
Secure socket layer
Nishant Pahad
 
PPSX
Secure socket layer
Nishant Pahad
 
PPT
cryptography and network security thid.ppt
ubaidullah75790
 
PPTX
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
Monodip Singha Roy
 
PPTX
SECURE SOCKET LAYER ( WEB SECURITY )
Monodip Singha Roy
 
PPTX
Data Security Essentials for Cloud Computing - JavaOne 2013
javagroup2006
 
PDF
Network Security_Module_2_Dr Shivashankar
Dr. Shivashankar
 
PDF
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
NiharikaDubey17
 
PPTX
Webservice security considerations and measures
Maarten Smeets
 
PDF
The Trusted Cloud Transfer Protocol (TCTP)
Mathias Slawik
 
PDF
Webinar SSL English
SSL247®
 
PPTX
Secure Socket Layer (SSL)
Samip jain
 
CNIT 141: 13. TLS
Sam Bowne
 
All you need to know about transport layer security
Maarten Smeets
 
CNIT 141 13. TLS
Sam Bowne
 
CNIT 141: 13. TLS
Sam Bowne
 
020618 Why Do we Need HTTPS
Jackio Kwok
 
SecureSocketLayer.ppt
PranavUndre1
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
Jyothishmathi Institute of Technology and Science Karimnagar
 
Network Security Applications
Hatem Mahmoud
 
Secure socket layer
Nishant Pahad
 
Secure socket layer
Nishant Pahad
 
cryptography and network security thid.ppt
ubaidullah75790
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
Monodip Singha Roy
 
SECURE SOCKET LAYER ( WEB SECURITY )
Monodip Singha Roy
 
Data Security Essentials for Cloud Computing - JavaOne 2013
javagroup2006
 
Network Security_Module_2_Dr Shivashankar
Dr. Shivashankar
 
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
NiharikaDubey17
 
Webservice security considerations and measures
Maarten Smeets
 
The Trusted Cloud Transfer Protocol (TCTP)
Mathias Slawik
 
Webinar SSL English
SSL247®
 
Secure Socket Layer (SSL)
Samip jain
 

Recently uploaded (20)

PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PPTX
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
PPTX
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
PDF
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PDF
A Late Bloomer's Guide to GenAI: Ethics, Bias, and Effective Prompting - Boha...
Mindy Bohannon
 
PDF
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
PDF
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PPTX
O2C Customer Invoices to Receipt V15A.pptx
ssuserbfa915
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
PDF
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
PDF
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PDF
Five Habits of High-Impact Board Members
OnBoard
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PDF
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
A Late Bloomer's Guide to GenAI: Ethics, Bias, and Effective Prompting - Boha...
Mindy Bohannon
 
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
O2C Customer Invoices to Receipt V15A.pptx
ssuserbfa915
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
Five Habits of High-Impact Board Members
OnBoard
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 

An analysis of TLS handshake proxying