Embed Size (px)
DESCRIPTION
THE CASE FOR PREFETCHING AND PREVALIDATING TLS SERVER CERTIFICATES. Emily Stark, Lin- Shung Huang, Dinesh Israni , Collin Jackson, Dan Boneh Presented by: Nurul Atiqah Abu Talib. INTRODUCTION. P refetch and prevalidate server certificates before a user clicks on an HTTPS link - PowerPoint PPT Presentation
Citation preview
THE CASE FOR PREFETCHING AND PREVALIDATING TLS SERVER CERTIFICATES
Emily Stark, Lin-Shung Huang, DineshIsrani, Collin Jackson, Dan Boneh
Presented by:Nurul Atiqah Abu Talib
INTRODUCTION• Prefetch and prevalidate server certificates before a user clicks
on an HTTPS link• Combines with Snap Start
less costly removing time pressure from the certificate validation process
TRANSPORT LAYER SECURITY (TLS)
• A protocol for encrypting and authenticating traffic between a client and a server
TLS HANDSHAKE
Initialize Handshake
Certificate
Response
Certificate validation
HTTP Request
HTTP Respond
Negotiate Key
Negotiate Key
Certificate valid?
Online Certificate Status Protocol (OCSP)
• Client asks OCSP responder whether certificate is valid• Responder specifies how long response is valid
TLS PROBLEMS• Common TLS misconfigurations and certificate warnings• TLS-enabled servers face heavier load• discourages site-wide use of TLS, thereby exposing users to
session hijacking and other exploits• increases client latency
TLS SNAP START (1/2)• Zero round trip handshake
Initialize Handshake
Certificate
HTTP Request
HTTP Respond
Negotiate Key
Negotiate Key
Certificate valid?
TLS SNAP START (2/2)• Zero round trip handshake
Initialize Handshake
HTTP Request
HTTP Respond
Snap Start Extension
SNAP START CHALLENGE I (1/2)• First visit:
Initialize Handshake
Snap Start Extension
Selected Cipher Suite + orbit
Cache
SNAP START CHALLENGE I (2/2)• Next visit:
• Client must know server certificate• Cached from previous visit
Initialize HandshakeSnap Start Extension
+ necessary information from
cache
HTTP Request
HTTP Respond
SNAP START CHALLENGE II• If cached certificate’s validation status from a previous
handshake has expired, the browser still must communicate with a certificate validation authority
CONTRIBUTION• Detailed statistics from OCSP responders in the real world• Certificate prefetching and prevalidation• Propose four prefetching strategies• Compare strategies and benefits• Implementation
OCSP IN THE WILD• Experimental setup• OCSP response times collected from users running Perspectives
browser extensions• 242 clients, 4474 certificates, 24 responders
OCSP MEASUREMENTS (1/2)• Cumulative distribution of OCSP lookup response times
Median: 291 ms
Mean: 498 ms
OCSP MEASUREMENTS (2/2)• Cumulative distribution of OCSP lookup response times
74.8%
METHOD• Prefetch certificates• Enables Snap Start handshakes more frequently
• Prevalidate certificates• Removes OCSP lookup from critical path
• Question:• When to prefetch? When to prevalidate?• How to obtain certificates?
WHEN TO PREFETCH?• Idea from DNS prefetching• To increase responsiveness, resolves domain names before the
user clicks on a link
• Triggered when:• While the user is typing• Mouse hovers over a link• During browser startup
HOW TO PREFETCH?• Naïve Method: Open TLS connection and obtain information• Challenge: Full TLS handshake is expensive
SERVER CERTIFICATE PREFETCHING AND PREVALIDATING
Prefetching with a truncated handshakePrefetching via HTTP GETPrefetching from a CDNPrefetching from DNS
PREFETCHING WITH A TRUNCATED HANDSHAKE (1/2)
Initialize Handshake
Certificate
Alert Message
PREFETCHING WITH A TRUNCATED HANDSHAKE (2/2)
Advantages Disadvantages
No public key cryptography Implementation requires new API in TLS Layer
Server admin does nothing Dirty server logs due to inaccurate alert usage
PREFETCHING VIA HTTP GET
Advantages Disadvantages
Simplest method • Much less load than full TLS handshake, but still impacts the server
PREFETCHING FROM A CDN
Advantages Disadvantages
Avoid placing any extra load on the server
Requests to multiple CDNs to enquire about certificate
PREFETCHING FROM DNS
Advantages Disadvantages
DNS TXT record can store certificates
Limited
Use minimal client bandwidth Swell DNS records
No impact on web server
PREVALIDATE
Certificate prefetched?
Prevalidate
Normal OCSP lookup
ANALYSIS
• How much does prefetching and prevalidating affect handshake latency?
HANDSHAKE LATENCY
Normal TLS 122 ms
Snap Start, no prevalidation 83 ms
Snap Start, prevalidated certificate 30 ms
Remove round trips by using Snap Start
Remove OCSP by prevalidating certificate and using snap start
CONCLUSION (CONT’D)• Client latency from TLS handshakes costs websites in traffic
and revenue, and discourages websites from using TLS• Server certificate prefetching and prevalidation• Snap Start handshake with a prevalidated certificate • four times faster than a normal TLS handshake
• 74.8% of OCSP lookups took between 100 ms and 600 ms • Prefetching enables an even more dramatic speed-up over
standard TLS
