Endpoint

7/2/2018
10:30 AM
David DeSanto
David DeSanto
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
100%
0%

Preparing for Transport Layer Security 1.3

The long-awaited encryption standard update is almost here. Get ready while you can to ensure security, interoperability, and performance.

Despite what may seem like draft after draft of specifications, along with continuous proclamations of "it's almost here!," the latest encryption standard, TLS v1.3, really is almost ready. The Network Working Group of the Internet Engineering Task Force has pushed to make Draft 28 of TLS v1.3 the final standard.

In addition, OpenSSL added Draft 28 to the pre-release version of its 1.1.1 software library; Google's Chrome browser added support for Draft 28, beginning with version 65; and Draft 28 is already enabled by default when accessing Gmail (using Chrome). Because TLS v1.3 will be here officially before you know it, now is the time to prepare.

Every organization should be focusing on three crucial issues to ensure the appropriate level of security, interoperability, and performance:

  1. How to handle zero round-trip-time resumption (0-RTT)
  2. Preparing for downgrades to TLS v1.2
  3. The need for infrastructure and application testing

Worth the Round Trip?
One highly discussed feature of TLS v1.3 is the 0-RTT option, which has the potential to significantly increase performance during an encrypted session between endpoints. Even without 0-RTT, TLS v1.3 speeds connection time between a client and server with a slimmer handshake protocol. Secure web communications using TLS v1.2 require two round trips between the client and server prior to the client making an HTTP request and the server generating a response. TLS v1.3 reduces the requirement to one round trip — which is only one round trip more than a simple nonencrypted HTTP transaction — and offers the ability to inherit trust to accomplish zero round trips, or 0-RTT.

Although the 0-RTT option potentially provides better performance, it creates a significant security risk. With 0-RTT, a transaction becomes easy prey for a replay attack, in which a threat actor can intercept an encrypted client message and resend it to the server, tricking the server into improperly extending trust to the threat actor and thus potentially granting the threat actor access to sensitive data.

Organizations should therefore be wary of allowing or using 0-RTT in their services and applications, due to the potential security risks. Developers need to be particularly attentive to this issue because it requires proactive configuration to ensure security. Unless your application or access is highly sensitive to latency, the new option is not worth the security risk.

Don't Let the Downgrade Drag Security Down
One of the great benefits of TLS v1.3 is that it eliminates support for legacy encryption standards and cipher suites. It allows backward compatibility to TLS v1.2, which, of course, is essential for transitioning to the new standard and to ensure interoperability. Before allowing a fallback to TLS v1.2, however, it is important to review your security settings. Any TLS v1.2 implementation must be configured to support higher security standards. Select strong cipher suites, including ones that leverage elliptic curve key exchange, use large asymmetric keys, and implement perfect forward secrecy. Disabling the lower cryptographic algorithms will help prevent security breaches such as man-in-the-middle attacks.

Testing 1, 2, 3…
Now is the time to be testing your infrastructure and applications for TLS v1.3 compatibility. Changing to this new encryption standard may be disruptive, and you will want to get ahead of any problems or issues. Test for interoperability, security, and performance in a combined, holistic manner, rather than as a series of separate tests that may encourage undesirable trade-offs in decision-making and implementation. Leverage highly realistic traffic mixes and require them to fully emulate your traffic's characteristics including the appropriate levels of encrypted traffic. Validate how internal and external users will interact with your systems and consider what this change in encryption may mean for an employee, customer, partner, or any other relevant stakeholder.

Test network clients, including mobile devices and tablets. Test servers, including any supporting equipment. Test all components of security equipment, including identity and access management systems, next-generation firewalls and data center firewalls, web proxies and SSL/TLS visibility solutions, IDS/IPS and endpoint security. Test storage and backup, both on-site and cloud-based. Test networking infrastructure, including wireless access points, any cloud resources, and anything else that might be involved with encrypted communication. Consider all applications, including email.

There is much to look forward to with TLS v1.3. New levels of security and performance will benefit everyone and address many issues with current encryption, despite the challenges. If you stay ahead of the process, you can transform changes into opportunities for improvement rather than problems that disrupt your business.

Related Content:

Learn from the industry's most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Register before July 27 and save $700! Click for more info

David DeSanto is a security expert with more than 15 years of security research, software development, and product strategy experience. At Spirent, David focuses on driving innovation by looking holistically at security testing and defining product requirements with the ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
Mueller Probe Yields Hacking Indictments for 12 Russian Military Officers
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/13/2018
10 Ways to Protect Protocols That Aren't DNS
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/16/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10869
PUBLISHED: 2018-07-19
redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.
CVE-2018-10870
PUBLISHED: 2018-07-19
redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution.
CVE-2018-12959
PUBLISHED: 2018-07-19
The approveAndCall function of a smart contract implementation for Aditus (ADI), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all contract balances into their account).
CVE-2018-14336
PUBLISHED: 2018-07-19
TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses.
CVE-2018-10620
PUBLISHED: 2018-07-19
AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code t...