March 2005. PGP White Paper. Transport Layer Security (TLS) & Encryption: Complementary Security Tools



Similar documents
Enterprise Data Protection

PGP Universal Server 2.5 SmartLine DeviceLock 6.2

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

Encryption. Administrator Guide

Chapter 17. Transport-Level Security

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

Secure Frequently Asked Questions

Cornerstones of Security

Transport Layer Security (TLS) About TLS

Options for encrypted communication with AUDI AG Version of: 31 May 2011

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Boundary Encryption.cloud Deployment Process Overview

VPN. Date: 4/15/2004 By: Heena Patel

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

The Secure Sockets Layer (SSL)

Proxies. Chapter 4. Network & Security Gildas Avoine

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Encryption of Traffic

SSL VPN Technology White Paper

Bridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability

TLS/SSL in distributed systems. Eugen Babinciuc

Overview. SSL Cryptography Overview CHAPTER 1

The Evolving Threat Landscape and New Best Practices for SSL

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Implementing Transparent Security for Desktop Encryption Users

Integrated SSL Scanning

As enterprises conduct more and more

How To Understand And Understand The Security Of A Key Infrastructure

Transport Layer Security Protocols

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

Why you need secure

Secure User Guide

Secure Remote Monitoring of the Critical System Infrastructure. An Application Note from the Experts in Business-Critical Continuity

Virtual Private Networks

IBM Lotus Protector for Mail Encryption

Protocol Rollback and Network Security

SIP Security Controllers. Product Overview

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.

INFORMATION SUPPLEMENT. Migrating from SSL and Early TLS. Version 1.0 Date: April 2015 Author: PCI Security Standards Council

MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE

Technical White Paper BlackBerry Security

Web Security Considerations

Secur User Guide

Chapter 7 Transport-Level Security

Fidelis XPS Power Tools. Gaining Visibility Into Your Cloud: Cloud Services Security. February 2012 PAGE 1 PAGE 1

Introduction to Computer Security

Content Teaching Academy at James Madison University

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

mkryptor allows you to easily send secure s. This document will give you a technical overview of how. mkryptor is a software product from

Securing an IP SAN. Application Brief

Privacy 101. A Brief Guide

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Gateway

Software Engineering 4C03 Research Project. An Overview of Secure Transmission on the World Wide Web. Sean MacDonald

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform

SECURING SAP NETWEAVER DEPLOYMENTS WITH SAFE-T RSACCESS

Web application security: automated scanning versus manual penetration testing.

PineApp TM Mail Encryption Solution TM

SIP Trunking Configuration with

Security Goals Services

Key Management (Distribution and Certification) (1)

You re FREE Guide SSL. (Secure Sockets Layer) webvisions

SECURE YOUR DATA EXCHANGE WITH SAFE-T BOX

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

Three significant risks of FTP use and how to overcome them

Policy Based Encryption E. Administrator Guide

Policy Based Encryption E. Administrator Guide

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn

Websense Content Gateway HTTPS Configuration

cipher: the algorithm or function used for encryption and decryption

Introduction to Computer Security Benoit Donnet Academic Year

How To Understand And Understand The Ssl Protocol ( And Its Security Features (Protocol)

Migration Project Plan for Cisco Cloud Security

Security Policy Revision Date: 23 April 2009

An Oracle White Paper December The Value of Diameter Signaling in Security and Interworking Between 3G and LTE Networks

Archiving User Guide Outlook Plugin. Manual version 3.1

Introduction to Computer Security

Case Study for Layer 3 Authentication and Encryption

Installation and configuration guide

Savitribai Phule Pune University

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

SSL: A False Sense of Security? How the Tenable Solution Restores SSL Effectiveness and Mitigates Related Threats

Overview - Using ADAMS With a Firewall

z/os Firewall Technology Overview

Overview - Using ADAMS With a Firewall

Encryption Made Simple

Sync Security and Privacy Brief

Portal Administration. Administrator Guide

The benefits of using a perimeter-based managed service

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY

Software Defined Perimeter Working Group. SDP Hackathon Whitepaper

Transcription:

March 2005 PGP White Paper Transport Layer Security (TLS) & Encryption: Complementary Security Tools

PGP White Paper TLS & Encryption 1 Table of Contents INTRODUCTION... 2 HISTORY OF TRANSPORT LAYER SECURITY... 2 TLS OPERATING OVERVIEW... 3 ISSUES WITH TLS & EMAIL... 4 MAN IN THE MIDDLE ATTACK... 4 TLS: POINT-TO-POINT SECURITY IN A STORE-AND-FORWARD ENVIRONMENT... 4 TLS: PROTECTS DATA IN MOTION ONLY... 5 COMPREHENSIVE EMAIL SECURITY USING TLS & ENCRYPTION... 5

PGP White Paper TLS & Encryption 2 Introduction Transport Layer Security (TLS) and content encryption can both be used to secure email communications. TLS can only be used to secure part of the path an email message takes from sender to recipient, however, and it does not secure the portion of that path on which most security breaches occur. Nevertheless, TLS is a popular approach to securing email traffic across the Internet. Some security experts have even suggested that enterprises using TLS to secure their email traffic do not need to encrypt email message content. This PGP White Paper addresses this myth, describes the differences between TLS and content encryption, and summarizes why both are required in a comprehensive email security solution. History of Transport Layer Security TLS began life in 1994 as the Secure Socket Layer (SSL) feature of the Netscape Web browser. SSL was developed to solve the two problems most industry watchers then believed would limit the use of the Internet for electronic commerce: The need to provide Web browsers a way to verify that users were actually communicating with the website with which they intended to communicate. Given the recent spate of phishing attacks, this concern was clearly prescient. The need to perform secure transactions over an inherently insecure network, the public Internet. To do this, Netscape concluded it needed a way of encrypting the network traffic from its Web browser to the Web servers it wanted to sell to enterprises for e-commerce applications. Netscape developed SSL to address both of these issues while making two key architectural assumptions about the way SSL would be used: All network traffic secured by SSL would be point-to-point, with no intermediate hops. This assumption is generally valid for Web traffic, but is not generally true for email. The data transmitted over an SSL link only needs to be encrypted while in transit between the Web browser and Web server. The assumption is that the Web browser user will protect the information (credit card number, user name, password, etc.) before typing it into the browser, and that the Web server physically and logically secures that information once it is received. Although SSL was designed to encrypt Web traffic, it sits between the application layer and the transport layer of a network solution and can also be used to secure Simple Mail Transfer Protocol (SMTP), File Transfer Protocol (FTP), and other types of application data. Netscape released three versions of SSL between 1994 and 1996, and SSL 3.0 became the basis for the IETF-approved TLS 1.0 specification. There are some minor differences between TLS and SSL that prevent them from being interoperable; however, TLS can also back down to SSL when required to communicate with an application that is not fully TLS-enabled. In fact, the TLS specification allows two applications attempting to establish a TLS link to back down to older versions of SSL that contain known vulnerabilities.

PGP White Paper TLS & Encryption 3 For procedural reasons, TLS is not and will not likely ever be a proper superset of SSL functionally. TLS does not, for example, provide for the use of the Skipjack encryption algorithm used by U.S. military and intelligence agencies. Nor does TLS provide for certificate-less communication as SSL does. Consequently, SSL in all its current and prior incarnations will probably continue to be in use for a long time. TLS Operating Overview The TLS protocol is made up of two components: The TLS Handshake Protocol used to initiate a TLS session. The Handshake Protocol allows two TLS-capable applications to negotiate which version of the TLS protocol will be used for secure communication, which encryption algorithm will be used to encrypt the data, and allows the initiating application or client to authenticate the recipient application or server. It is this authentication step that allows a Web browser to determine if the Citibank server it thinks it has contacted is actually the Citibank Web server. The TLS Record Protocol used to transmit the client s data securely to the server application. The Record Protocol is also used to encapsulate the TLS Handshake Protocol, although discussion if this functionality exceeds the scope of this paper. Setup of a TLS session that involves both client and server authentication occurs as follows: Client Commands 1. Client contacts the server requesting a TLS session be established and includes in that request the version(s) of TLS and SSL that can be used, ciphers supported by the client, session ID, and other required parameters. 3. The client attempts to authenticate the server Certificate, indicates success or failure to the server, and if successful, indicates that all further communication will be encrypted. The client also forwards its certificate to the server. 5. The client generates a session key using the random data previously provided by the server, encrypts it to the server s public key, and sends it to the server. Server Commands 2. The server responds with the version of TLS/SSL that will be used, the cipher algorithm to be used, and some random data that is used to generate a session key. The server then sends the client its Certificate (which contains a public key) and an indication that client authentication is to be performed. 4. The server authenticates the client Certificate and acknowledges that all further communication will be encrypted. 6. The server decrypts the session key using its private key and acknowledges receipt of the session key.

PGP White Paper TLS & Encryption 4 At this point, both the client and the server may use the session key to encrypt messages to one another until the session is complete. Issues with TLS & Email There is no denying that TLS is a good solution to the problems it was originally designed to solve. It is not, however, a very good way to secure email message traffic because email inherently violates the two previously mentioned design assumptions upon which TLS is based. TLS is also susceptible to a common type of cryptographic attack known as Man in the Middle, which exploits the back down functionality cited earlier. Man in the Middle Attack The TLS Handshake Protocol requires the two communicating servers agree on the algorithms and parameters to be used to secure the communications link. Although TLS will always attempt to use the most secure combination of parameters, it is designed to back down to less-secure and/or older protocols and algorithms when required to establish a secure session. A Man in the Middle can manipulate the protocol to convince a TLS-enabled mail server to use one of these less-secure configurations either by asserting the more-secure algorithms aren t supported or by blocking the ports required to use them. Once the less-secure algorithms and parameters are in use, the attacker can then exploit known weaknesses in what are typically older protocols. This type of attack can be mitigated by using care in configuring a TLS-enabled server, but this requirement places a burden on IT management to review the TLS configuration regularly to ensure nothing has been altered deliberately or inadvertently by IT technical staff. Worse, it means that enterprises depending solely on TLS for email security must depend on all of their trading partners to exercise similar diligence to prevent email transmissions from being breached by this sort of attack. TLS: Point-to-Point Security in a Store-and-Forward Environment The first core design assumption of TLS that is broken by email is that TLS s communication security is point-to-point. The SMTP protocol used by all email systems globally is designed as a store-andforward transfer mechanism. The reasons for this design are beyond the scope of this paper, but the most important benefit of this approach is that mail goes through even if one of the email servers along its intended route is unavailable. Therefore, for a comprehensive TLS-based email security system to be implemented, TLS must be provisioned on all links across which the email is expected to flow. This approach is so problematic that no one even attempts it. Instead, TLS-based email security systems focus on the link between a sending enterprise s outbound email server and the recipient s inbound gateway. Thus, the mail is only secured while it is traversing the public Internet on that one hop. The problem with this approach is that it secures the link on which the least number of security breaches occur. It is a widely accepted tenet of enterprise information security that up to 70% of all breaches occur inside the enterprise s firewall 1 when email is still moving unprotected by any type of encryption or other security. The only way to ensure the security of email from its point of origin to its final destination is to use a content encryption solution such as PGP Desktop or PGP Universal. 1 CSI/FBI Computer Crime & Security Survey, 2003

PGP White Paper TLS & Encryption 5 The other consequence of attempting to secure email using TLS is that this approach assumes email always takes its intended path to the recipient. If an email server or mail transport agent (MTA) fails or the network link between the sending and receiving MTAs fail, the email could follow almost any route across the Internet to its destination, completely circumventing the TLS security system. Although this problem can be mitigated by configuring the sending MTA to hold all email until the intended network path and/or receiving MTA are again available, it means that key business transactions may be delayed and that outbound email is exposed to anyone with access to the sending MTA where they re staged. TLS: Protects Data in Motion Only The second TLS design assumption violated by email is that data need only be protected while it is in motion. This is a good assumption when securing information being submitted by a Web browser to a Web server, but it carries potentially tragic consequences in the case of email. A quick check of the headers of any email reveals that it resides on at least six different systems in its lifespan: Sender s desktop or laptop system (or mail server, depending on the configuration) Sending enterprise gateway MTA Recipient enterprise gateway MTA Recipient enterprise mail server End user recipient s desktop or laptop system The foregoing is the minimum number of times (five) an email is stored on a client or server system. In many cases, it may also be received, stored, and resent by transparent email proxy servers within the sender s or recipient s Internet Service Provider (ISP) infrastructure. A complete and effective email security solution protects messages both in motion and at rest. No deployment of TLS, regardless of configuration, can achieve this level of security. Comprehensive Email Security Using TLS & Encryption The only way to completely secure email is to use both TLS and a content encryption solution such as PGP Desktop or PGP Universal. Encrypting email content guarantees end-to-end security and ensures that email traversing the public Internet is not subject to the sort of attacks to which TLS is vulnerable. However, TLS does have a role even when an email content encryption solution is used. PGP Universal does, in fact, use TLS for certain email client communication when no desktop encryption functionality is available or when PGP Universal is deployed in a cluster configuration. PGP Universal handles these TLS connections transparently and requires no administrator intervention to ensure their integrity. PGP Universal s usage of TLS is also consistent with the design assumptions cited above and is not subject to TLS s inherent vulnerabilities. There is also one application of secure email that requires use of both content encryption and TLS when email is crossing the public Internet. In certain (rather rare) cases, it is desirable to encrypt both the message content and the message headers that contain the To, From, and Subject lines of

PGP White Paper TLS & Encryption 6 the message. These applications are typically limited to military and national intelligence deployments. In these extremely sensitive applications, the combination of both content encryption and TLS while the email is traversing the public Internet is the best solution. TLS clearly plays an important role in securing sensitive data on the Internet. Given its relative simplicity and low cost, it is also a simple way to secure email traffic. As this paper has shown, however, TLS is a vulnerable and incomplete approach for securing real-world enterprise email content. To achieve this mission-critical objective, content encryption solutions such as PGP Universal are the preferred solution. PGP Corporation 3460 West Bayshore Road Palo Alto, CA 94303 USA Tel: +1 650 319 9000 Fax: +1 650 319 9001 Sales: +1 877 228 9747 Support: www.pgpsupport.com www.pgp.com 2005 PGP Corporation All rights reserved. No part of this document may be reproduced, stored in a retrieval system, or transmitted in any form by any means without the prior written approval of PGP Corporation. The information described in this document may be protected by one or more U.S. patents, foreign patents, or pending applications. PGP is a registered trademark of PGP Corporation. Product and brand names used in the document may be trademarks or registered trademarks of their respective owners. Any such trademarks or registered trademarks are the sole property of their respective owners. The information in this document is provided as is without warranty of any kind, either express or implied, including, but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. This document could include technical inaccuracies or typographical errors. All strategic and product statements in this document are subject to change at PGP Corporation's sole discretion, including the right to alter or cancel features, functionality, or release dates. Changes to this document may be made at any time without notice.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information