Presentation is loading. Please wait.

Presentation is loading. Please wait.

THE CASE FOR PREFETCHING AND PREVALIDATING TLS SERVER CERTIFICATES Emily Stark, Lin-Shung Huang, Dinesh Israni, Collin Jackson, Dan Boneh Presented by:

Published byJaren Kin Modified over 9 years ago

Similar presentations

Presentation on theme: "THE CASE FOR PREFETCHING AND PREVALIDATING TLS SERVER CERTIFICATES Emily Stark, Lin-Shung Huang, Dinesh Israni, Collin Jackson, Dan Boneh Presented by:"— Presentation transcript:

1 THE CASE FOR PREFETCHING AND PREVALIDATING TLS SERVER CERTIFICATES Emily Stark, Lin-Shung Huang, Dinesh Israni, Collin Jackson, Dan Boneh Presented by: Nurul Atiqah Abu Talib

2 INTRODUCTION Prefetch and prevalidate server certificates before a user clicks on an HTTPS link Combines with Snap Start  less costly  removing time pressure from the certificate validation process

3 TRANSPORT LAYER SECURITY (TLS) A protocol for encrypting and authenticating traffic between a client and a server

4 TLS HANDSHAKE Initialize Handshake Certificate Response Certificate validation HTTP Request HTTP Respond Negotiate Key Certificate valid?

5 Online Certificate Status Protocol (OCSP) Client asks OCSP responder whether certificate is valid Responder specifies how long response is valid

6 TLS PROBLEMS Common TLS misconfigurations and certificate warnings TLS-enabled servers face heavier load discourages site-wide use of TLS, thereby exposing users to session hijacking and other exploits increases client latency

7 TLS SNAP START (1/2) Zero round trip handshake Initialize Handshake Certificate HTTP Request HTTP Respond Negotiate Key Certificate valid?

8 TLS SNAP START (2/2) Zero round trip handshake Initialize Handshake HTTP Request HTTP Respond Snap Start Extension

9 SNAP START CHALLENGE I (1/2) First visit: Initialize Handshake Snap Start Extension Selected Cipher Suite + orbit Cache

10 SNAP START CHALLENGE I (2/2) Next visit: Client must know server certificate Cached from previous visit Initialize Handshake Snap Start Extension + necessary information from cache HTTP Request HTTP Respond

11 SNAP START CHALLENGE II If cached certificate’s validation status from a previous handshake has expired, the browser still must communicate with a certificate validation authority

12 CONTRIBUTION Detailed statistics from OCSP responders in the real world Certificate prefetching and prevalidation Propose four prefetching strategies Compare strategies and benefits Implementation

13 OCSP IN THE WILD Experimental setup OCSP response times collected from users running Perspectives browser extensions 242 clients, 4474 certificates, 24 responders

14 OCSP MEASUREMENTS (1/2) Cumulative distribution of OCSP lookup response times Median: 291 ms Mean: 498 ms

15 OCSP MEASUREMENTS (2/2) Cumulative distribution of OCSP lookup response times 74.8%

16 METHOD Prefetch certificates Enables Snap Start handshakes more frequently Prevalidate certificates Removes OCSP lookup from critical path Question: When to prefetch? When to prevalidate? How to obtain certificates?

17 WHEN TO PREFETCH? Idea from DNS prefetching To increase responsiveness, resolves domain names before the user clicks on a link Triggered when: While the user is typing Mouse hovers over a link During browser startup

18 HOW TO PREFETCH? Naïve Method: Open TLS connection and obtain information Challenge: Full TLS handshake is expensive

19 SERVER CERTIFICATE PREFETCHING AND PREVALIDATING Prefetching with a truncated handshake Prefetching via HTTP GET Prefetching from a CDN Prefetching from DNS

20 PREFETCHING WITH A TRUNCATED HANDSHAKE (1/2) Initialize Handshake Certificate Alert Message

21 PREFETCHING WITH A TRUNCATED HANDSHAKE (2/2) AdvantagesDisadvantages No public key cryptographyImplementation requires new API in TLS Layer Server admin does nothingDirty server logs due to inaccurate alert usage

22 PREFETCHING VIA HTTP GET AdvantagesDisadvantages Simplest method Much less load than full TLS handshake, but still impacts the server

23 PREFETCHING FROM A CDN AdvantagesDisadvantages Avoid placing any extra load on the server Requests to multiple CDNs to enquire about certificate

24 PREFETCHING FROM DNS AdvantagesDisadvantages DNS TXT record can store certificates Limited Use minimal client bandwidthSwell DNS records No impact on web server

25 PREVALIDATE Certificate prefetched? Prevalidate Normal OCSP lookup

26 ANALYSIS How much does prefetching and prevalidating affect handshake latency?

27 HANDSHAKE LATENCY Normal TLS122 ms Snap Start, no prevalidation83 ms Snap Start, prevalidated certificate30 ms Remove round trips by using Snap Start Remove OCSP by prevalidating certificate and using snap start

28 CONCLUSION (CONT’D) Client latency from TLS handshakes costs websites in traffic and revenue, and discourages websites from using TLS Server certificate prefetching and prevalidation Snap Start handshake with a prevalidated certificate four times faster than a normal TLS handshake 74.8% of OCSP lookups took between 100 ms and 600 ms Prefetching enables an even more dramatic speed-up over standard TLS

Download ppt "THE CASE FOR PREFETCHING AND PREVALIDATING TLS SERVER CERTIFICATES Emily Stark, Lin-Shung Huang, Dinesh Israni, Collin Jackson, Dan Boneh Presented by:"

Similar presentations

ForceHTTPS: Protecting High-Security Web Sites from Network Attacks Collin Jackson and Adam Barth.

ForceHTTPS: Protecting High-Security Web Sites from Network Attacks Collin Jackson and Adam Barth.
Cryptography and Network Security Chapter 16

Cryptography and Network Security Chapter 16
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.

VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
More Trick For Defeating SSL

More Trick For Defeating SSL
By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.

By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.
More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.

More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
WEB SECURITY. WEB ATTACK TYPES Buffer OverflowsXML InjectionsSession Hijacking Attacks WEB Attack Types.

WEB SECURITY. WEB ATTACK TYPES Buffer OverflowsXML InjectionsSession Hijacking Attacks WEB Attack Types.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

Similar presentations

Ads by Google