Visibility beyond TLS1.3
After the 28th draft, the ink has finally dried on the approval of TLS1.3 into the industry but how did we get here?
Well, there was an upmost urgency to come up with robust treatment of encrypted data. Various systematic vulnerabilities were exposed in the attacks of Heartbleed (2014), Poodle (2014), Logjam (2015), Freak (2015). Revealing that attackers could read memory space and passwords due to SSL and that the whole security mechanism was vulnerable to exploit.
This led to the development of PFS (Perfect Forward Secrecy). Whilst cryptography is a large and intricate topic; the core problem of RSA-1 access was that if a user was granted access to (or indeed intercepted) the private key for a server, they would have the ability to retroactively decrypt the traffic that’s captured. This was exposed in the Snowden leaks, when it was realised that cyber criminals were capturing raw packet data, getting the keys and actually decrypting the data and getting hold of the sensitive details within them.
PFS prevents retroactive decryption, as a number one benefit. With PFS and TLS1.3 encryption occurs at session level, which is fast, efficient and therefore prevents retroactive tampering or inspection. Essentially meaning that every key is unique to every session, contrasting starkly to the current model which meant that if they access to a server-based RSA key, that would give the ability to decrypt everything.
So, when do we expect TLS1.3 to be fully implemented? Well, this depends on server and client adoption which will force migration to the new model. Vendors such as Microsoft are expected to default to PFS encryption schemes and ATS (Apple Transport Security) require app developers to support PFS.
Thankfully for our customers, ExtraHop are equipped with the necessary tools to help enterprise organisations with the implementation of TLS1.3. ExtraHop can help simply by watching the packet data as their AI allows them to easily identify the old, outdated or known vulnerable encryption suites. Therefore, they can audit an organisations cryptographic landscape.
If implementation of TLS1.3 is a concern being raised to you, contact us to discuss further;
firstname.lastname@example.org | 0116 243 8600