SSL’s potential weaknesses can be overcome says David Hicks, creating flexibility for today’s online needs.
From online shopping to online banking applications, secure sockets layer (SSL) has become the ubiquitous security solution on the web.
As applications become decentralized and shift to the web, the use of SSL authentication and encryption will continue to grow. SSL-based virtual private networks (VPNs) allow remote access to web-based applications and network resources without the need for additional client software and associated overheads. An SSL VPN only requires that the client has a browser that supports SSL (virtually all do), and optionally, an SSL certificate to authenticate to the web server.
Preventing unauthorized access
The introduction of XML (eXtensible Markup Language) has given rise to web services, a whole new generation of applications using the web as their foundation. As data flows from client to server, and server to server, during web services transactions, the need for SSL's authentication and encryption is paramount to protect sensitive corporate data from unauthorized access.
Unfortunately, SSL suffers from two potential weaknesses. First, the digital credentials used to authenticate the identity of a web server can be stolen or copied. Second, the intensive cryptographic processes required to drive SSL sessions can impact web server performance. To address this, hardware security modules (HSMs) offer protection for digital credentials, and SSL accelerators offload computationally intensive cryptographic calculations, adding increased security and performance to applications relying on SSL.
The secure sockets layer (SSL) protocol secures client-server communication sessions through the use of public key-based authentication and strong encryption to allow private information to be transmitted across the internet.
There are two primary issues that need to be dealt with when establishing an SSL session. The first is establishing the identity of the people or computers at either end of the link, and the second is the creation and exchange of keying material used to encrypt communications during the session. These two operations rely on proven cryptographic techniques.
Missing keys and stolen identities
When two computers negotiate a new SSL session, they use digital credentials (SSL certificates) to establish their identities to each other and exchange keying materials. The exchange of key materials is accomplished by encrypting the material using the web server's public key (carried on the web server's SSL certificate). Upon receiving the encrypted material, the web server decrypts it using its private key.
A problem arises if an interloper compromises the server's private key. An intruder who has obtained a copy of a server's private key can effectively masquerade as that server, since they can now perform the decryption operation and successfully proceed with the rest of the handshake. With the stolen private key in hand, the thief could establish a rogue web site, and using the valid key holder's identity, prey on unsuspecting victims lulled into a false sense of security by the seemingly valid identity.
Due to the high stakes surrounding the security of private keys, HSMs were designed to provide a more secure, hardware-based environment to store private keys and perform cryptographic operations with them. HSMs reduce the risks associated with storing private keys in a vulnerable software format by providing physical and logical isolation of key materials from the computers and applications that use them. Additionally, tamper-resistant physical designs, coupled with strict operational policies, ensure that direct physical attack and attacks from trusted insiders are prevented.
Take the holistic view
Contrary to common assumptions, it is not the ongoing encryption of session data that taxes web servers offering SSL, but rather a few operations performed during the SSL handshake. Of special importance is the exchange of the 'pre-master secret' from the client to the web server, since it relies on computationally intensive asymmetric cryptographic operations.
A web server's capacity to set up SSL sessions is constrained by a number of factors, making it important to maintain a holistic view of the web server's hardware, software and content, with regard to performance expectations. Web servers rely on their computer's processing power to perform SSL operations, processing power that must be shared with all other applications running on the computer.
Additionally, standard computer processors are not designed for specialized cryptographic processing. A web server's processor speed, memory capacity, operating system and web server software all play important roles in determining the overall SSL performance.
To allow web servers to cope with large volumes of SSL connections, hardware-based SSL accelerators have been designed to offload asymmetric decryptions required during the SSL handshake, freeing the web server to serve more web pages and accept more client connections.
Unfortunately, security is often compromised by hardware SSL accelerators that have been optimized for maximum performance - the very security that SSL is supposed to offer in the first place. Is it possible to have strong key management without sacrificing superior SSL performance?
In many situations, having both the security of an HSM and the performance boost offered by an SSL accelerator is required. In these situations a hybrid product that offers both SSL acceleration and hardware key management is needed to provide SSL identity protection in addition to hardware acceleration to cope with large traffic. A truly secure SSL accelerator must rate high on both performance and security to guarantee that SSL sessions are immune to hacking and fraud.
David Hicks is marketing manager for Chrysalis-ITS (www.chrysalis-its.com).
