SSL Encryption – What makes your security t ick?

SSL Encryption- What makes your Security tick?

MATTHEW WALSH A C C R E D I T E D W E B S E C U R I T Y C O N S U LTA N T

2

TODAY’S SPEAKER

II

AGENDA

How algorithms affect your SSL certificate

Encryption: What & When? I

What will tomorrow’s SSL be like? III

Questions & Answers IV

SSL Encryption- What makes your Security tick? 4

Encryption: What & When?

SSL Encryption- What makes your Security tick?

WHAT IS CRYPTOGRAPHY?

5

The procedures, processes, etc. of making and using rules when writing e.g.

codes or cyphers.

Cryptography:

The replacement of selected

pieces of written information by

other elements according to a rule

known to only the transmitter and

legitimate recipient

Cypher:

The process of encoding a

message – often using two keys to

encrypt and decrypt – so it can be

read by only the sender and the

intended recipient.

Encryption:

SSL Encryption- What makes your Security tick?

ENCRYPTION THROUGH THE AGES

6

3,000 BC Hieroglyphics of Ancient Egypt

First type of cyphers

Middle-Ages

Widely used for diplomatic purposes

1918 The Enigma

Machine

Decrypted by Britain’s military intelligence at Bletchley Park

SSL Encryption- What makes your Security tick?

SSL ENCRYPTION

7

Encryption has evolved since the

Second World War

With the advent of the Internet and

the vast amounts of confidential

information now exchanged online,

encryption has become an

integral part of daily life.

SSL Encryption- What makes your Security tick? 8

How algorithms impact your SSL certificate

SSL Encryption- What makes your Security tick?

WHAT IS SSL?

9

SSL should be

used for:

> Communications

> Information exchanges

> Transactions

Each SSL session generates a public key to encrypt the

information & a private key to decrypt the information

SSL (Secure Socket Layer):

Standard security technology to

establish encrypted links between a

server and a client.

SSL Encryption:

Encrypts information by generating

keys to restrict unauthorised access

during a session.

SSL Encryption- What makes your Security tick?

SSL ENCRYPTION ALGORITHMS

RSA Rivest Shamir Adleman

DSA Digital Signature Algorithm

ECC Elliptic Curve Cryptography

10

SSL Encryption- What makes your Security tick?

RSA: RIVEST SHAMIR ADLEMAN

1977 Industry Standard

Encryption Algorithm

11

Used by default in SSL certificates, and makes up approx. 99.9% of

issued certificates.

RSA remains a valid algorithm, but the minimum acceptable key

size continues to increase.

The standard key length at the end of 2014 is 2048-bit.

SSL Encryption- What makes your Security tick?

DSA: DIGITAL SIGNATURE ALGORITHM

1991 The U.S Government’s approved & certified

encryption algorithm, developed by the

National Security Agency (NSA)

12

Used by the U.S. Government and endorsed by U.S. Federal

Agencies.

DSA is a valid algorithm mainly used in the USA.

SSL Encryption- What makes your Security tick?

ECC: ELLIPTIC CURVE CRYPTOGRAPHY

1985 The stronger and faster encryption

algorithm

13

Used by certification authorities as an alternative to RSA and DSA.

ECC offers superior performance by generating smaller keys

but delivers stronger encryption.

SSL Encryption- What makes your Security tick?

SWITCHING TO ECC

Why?

> Recommended key-sizes are constantly increasing

> Greater efficiency: ECC offers stronger encryption and generates smaller keys

> Lower bandwidth consumption: Internet enabled devices have skyrocketed

ECC provides far stronger and faster encryption than RSA

14

Benefits

> Stronger and faster encryption

> Greater investment protection

> Mobile optimised

> Lower bandwidth consumption

SSL Encryption- What makes your Security tick? 15

What will tomorrow’s SSL be like?

SSL Encryption- What makes your Security tick?

CHALLENGES DURING TRANSITION TO ECC

Pure ECC chain is not yet compatible with all Browsers:

16

> Safari

> Firefox

> Opera

> Microsoft Internet Explorer

Pure ECC chain is not yet compatible with all Mobile

Devices:

> Apple (iOS)

> Android

> Windows Mobile

> BlackBerry

SSL Encryption- What makes your Security tick?

PURE ECC CHAIN

17

ECC Intermediate Certificate

ECC Root Certificate

Pure ECC chain is not yet compatible with all browsers and

mobile devices

A new “hybrid” technology has been developed by CAs

to enable a maximum system compatibility of 99.9%

ECC End entity Certificate

SSL Encryption- What makes your Security tick?

PURE ECC CHAIN WITH A CROSS ROOT

18

ECC End entity Certificate

ECC Intermediate Certificate

ECC Root Certificate

ECC Intermediate Certificate

RSA Root Certificate

Cross root certificates encrypt data using ECC, but offer a

choice of either ECC or RSA root

Provide a choice of either a full or hybrid ECC chain based

on individual server compatibility.

SSL Encryption- What makes your Security tick?

THE SOLUTION – ECC HYBRID CERTIFICATES

19

ECC End entity Certificate

Hybrid certificates encrypt data using ECC but is linked to

trusted RSA root

ECC Intermediate Certificate

Example of Hybrid Certificate:

https://www.ssl247.be/

RSA Root Certificate

Retain the RSA root but provides the advantages of an

ECC intermediate and are compatible with older

servers.

SSL Encryption- What makes your Security tick? 20

QUESTIONS &

ANSWERS

USEFUL LINKS

21

Please note that these links are also available on our other websites (www.SSL247.fr,

www.SSL247.es, www.SSL247.it, www.SSL247.de, etc.)

USEFUL LINKS

• History of cryptology

The impact of modern electronics: http://www.britannica.com/topic/cryptology/Cryptanalysis#toc25640

The history of encryption: https://www.symantec-wss.com/uk/encryption-decoded/int/thanks#tjsf

Data Encryption Standard definition: http://searchsecurity.techtarget.com/definition/Data-Encryption-Standard

• SSL certificates and algorithms

RSA: http://www.symantec.com/page.jsp%3Fid%3D1024-bit-migration-faq#rsa

ECC: https://www.ssl247.co.uk/ssl-certificates/type/ecc

• The future

Protection through innovation: https://www.symantec-wss.com/uk/encryption-decoded/int/thanks#stf

Browser compatibility with ECC: https://www.tbs-certificates.co.uk/navigateursECC.html.en

ECC/RSA Hybrid certificates: http://www.symantec.com/connect/blogs/ensuring-compatibility-without-compromising-

security-case-eccrsa-hybrid-certificates

Symantec’s Webinar about ECC/RSA Hybrid SSL Certificates:

https://www.brighttalk.com/webcast/6331/178025?utm_campaign=add-to-

calendar&utm_medium=calendar&utm_source=brighttalk-transact

USEFUL LINKS

22

More on ECC browser compatibility

Client ECC Support Pure ECC ECC & RSA Hybrid

PC Windows XP or older Not supported Not supported

Windows Vista or newer Supported Supported

Mac OSX V10.9 or newer V10.6 or newer

Smart Phone Android Android 3.x or newer Android 2.3 or newer

IOS IOS 7.x or newer IOS 3.x or newer

Eco System Server to server Depends on the customer environment

ATM & POS Depends on the customer environment

USEFUL LINKS

23

More on ECC server compatibility

Vendor Product ECC CSR ECC cert install

Microsoft Win Server 2008 (IIS 7.0) or newer

Supported

Supported

Apache, nginx OpenSSL 1.0.1e Supported Supported

Oracle Sun Java System Web Server 7.0

Supported Supported

F5 11.5 or newer Supported Supported

IBM HTTP Server 8.0 + PM80235 Supported Supported

Citrix Netscalar No No

USEFUL LINKS

Thank you for your attention!

info@SSL247.co.uk - 0203 740 5927 (London office) - www.SSL247.co.uk

24