application layer transport security
play

Application Layer Transport Security Cesar Ghali, Adam Stubblefield, - PowerPoint PPT Presentation

Mar 25, 2024 •107 likes •510 views

Application Layer Transport Security Cesar Ghali, Adam Stubblefield, Ed Knapp, Jiangtao Li, Benedikt Schmidt, Julien Boeuf Real World Crypto, 2019 January 9-11, 2019 Introduction Design Trust Model Protocols Tradeoffs Application Layer

  1. Application Layer Transport Security Cesar Ghali, Adam Stubblefield, Ed Knapp, Jiangtao Li, Benedikt Schmidt, Julien Boeuf Real World Crypto, 2019 January 9-11, 2019

  2. Introduction Design Trust Model Protocols Tradeoffs Application Layer Transport Security - Google

  3. Introduction ● Distributed systems rely on secure communication protocols to protect data in transit ● Google uses Application Layer Transport Security (ALTS) to secure Remote Procedure Calls (RPCs) ○ Google production network issues roughly 10 billion RPCs per second ● ALTS provides transport security protection with zero configuration ALTS is friendly to service replication, load balancing, and rescheduling across ● production machines Application Layer Transport Security - Google

  4. Why Not TLS? ● ALTS development began in 2007 ○ TLS did not fit well with Google security model TLS and its implementations seemed complex, due to support for legacy flow and ○ protocols ● TLS could be modified and adopted … developing from scratch seemed more advantageous ● Key differences: TLS with HTTPs and ALTS have fundamentally different trust models ○ ○ ALTS is simpler in its design and implementation ■ Easier to analyze for bugs and security vulnerabilities ○ ALTS uses Protocol Buffers, more suitable for Google production services Application Layer Transport Security - Google

  5. Introduction Design Trust Model Protocols Tradeoffs Application Layer Transport Security - Google

  6. Design “ Highly reliable, trusted system that allows for service-to-service authentication and ” security with minimal user involvement Application Layer Transport Security - Google

  7. Design - Guiding Principles ● Transparency: ○ All RPCs are ALTS-secured by default No need to worry about credential management or security configurations ○ ○ Peer information propagated to application for authorization ● State-of-the-art cryptography: AES-GCM with auto-rekeying ○ ○ Google controls ALTS: crypto protocols are easily upgraded and deployed ● Identity model: Authentication by identity rather than host name ○ ○ All communications are mutually authenticated Application Layer Transport Security - Google

  8. Design - Guiding Principles ● Key distribution: ○ Identities have corresponding “managed” credentials Deployed and periodically refreshed automatically for each workload without ○ application developer involvement ● Scalability: Efficient session resumption ○ ● Long-lived connections: ○ Accommodate the scale of Google’s infrastructure Simplicity: ● ○ Tailored for service-to-service communication pattern ○ No support for legacy protocols Application Layer Transport Security - Google

  9. Introduction Design Trust Model Protocols Tradeoffs Application Layer Transport Security - Google

  10. Trust Model ● Authenticate application identities, not hosts ● Every network entity has an associated identity ○ Embedded in certificates ○ Used for peer authentication ● Model pursued: ○ Major production services run as identity managed by SREs ○ Development versions run as test identity managed by SREs and developers ● Authorization policy is based on service identities ● Policy example: ○ Production services do not trust the development versions of the services Application Layer Transport Security - Google

  11. Trust Model - Credentials ● Three types, expressed in Protocol Buffers: master certificates, handshaker certificates and resumption keys Application Layer Transport Security - Google

  12. Trust Model - Credentials ● Three types, expressed in Protocol Buffers: master certificates, handshaker certificates and resumption keys Master certificates: ○ Signed by a remote Signing Service ○ Contains RSA public key ○ Associated (master) private key signs handshaker certificates ○ Usually issued for production machines and schedulers of containerized workloads Application Layer Transport Security - Google

  13. Trust Model - Credentials ● Three types, expressed in Protocol Buffers: master certificates, handshaker certificates and resumption keys Handshaker certificates: ○ Signed by master private key ■ Created locally for system services Created and provisioned by scheduler for containerized workloads ■ ○ Contains parameters used in ALTS handshake ○ Contains the master certificate that verifies it Application Layer Transport Security - Google

  14. Trust Model - Credentials ● Three types, expressed in Protocol Buffers: master certificates, handshaker certificates and resumption keys ALTS certificate chain Application Layer Transport Security - Google

  15. Trust Model - Credentials ● Three types, expressed in Protocol Buffers: master certificates, handshaker certificates and resumption keys Resumption keys: ○ Secret used to encrypt resumption tickets ○ Identified by a Resumption ID ○ Resumption ID unique for workloads running with the same identity and in the same datacenter cell Application Layer Transport Security - Google

  16. Trust Model - Certificate Issuance ● To participate in ALTS secure handshake, entities need handshake certificates ○ First: issuer obtains a master certificate Application Layer Transport Security - Google

  17. Trust Model - Certificate Issuance ● To participate in ALTS secure handshake, entities need handshake certificates ○ First: issuer obtains a master certificate Application Layer Transport Security - Google

  18. Trust Model - Certificate Categories ● Three certificate categories, based on what they’re issued for: Human certificates: ○ RPCs issued by humans to production services are ALTS-secured ○ Humans obtain handshake certificates from internal CA ■ Provisioning requests authenticated using username, password and 2FA Valid for less than a day ○ Application Layer Transport Security - Google

  19. Trust Model - Certificate Categories ● Three certificate categories, based on what they’re issued for: Machine certificates: ○ Production machines have machine master certificates issued by internal CA ○ Corresponding private key creates handshake certificates for core daemons ○ Machine master certificates rotated every few months ○ Machine handshake certificates rotated every few hours Application Layer Transport Security - Google

  20. Trust Model - Certificate Categories ● Three certificate categories, based on what they’re issued for: Workload certificates: ○ Handshake certificates issued to production workloads running on Borg ○ Used by application for ALTS handshake ○ Rotated every two days on average Application Layer Transport Security - Google

  21. Trust Model - Certificate Categories Application Layer Transport Security - Google

  22. Introduction Design Trust Model Protocols Tradeoffs Application Layer Transport Security - Google

  23. Protocols ALTS uses two protocols Handshake protocol Record protocol ● Session key and peer identity exchange ● Provides data confidentiality and integrity ● Automatic rekeying Application Layer Transport Security - Google

  24. Protocols - Handshake ● Diffie-Hellman-based authentication key exchange protocol ● ALTS infrastructure ensures all entities have certificate with ○ Their identities ○ Elliptic Curve DH (ECDH) keys rotated frequently Supports Perfect Forward Secrecy (PFS) with additional ephemeral ECDH keys and ● session resumption Clients and servers negotiate ● ○ Shared session encryption key ○ Record protocol to use Application Layer Transport Security - Google

  25. Protocols - Handshake 1. Client sends ClientInit containing ● Client handshake certificate List of handshake-related ciphers ● ● Record protocols ● (Optional) Resumption ID and ticket Application Layer Transport Security - Google

  26. Protocols - Handshake 2. Server ● Verifies client certificate Chooses protocols to use ● ● Computes DH exchange result and derives (using the session transcript): ○ Record protocol secret, M ○ Resumption secret, R ○ Authenticator secret, A Sends ServerInit containing: ● ○ Server handshake certificate Chosen protocols ○ ○ (Optional) resumption ticket Application Layer Transport Security - Google

  27. Protocols - Handshake 3. Server sends ● ServerFinished containing authenticator HMAC over pre-defined bit string ○ ○ Using secret A Application Layer Transport Security - Google

  28. Protocols - Handshake 4. Client receives ServerInit ● Verifies server certificate Derives the same M , R and A ● Application Layer Transport Security - Google

  29. Protocols - Handshake 5. Client receives ServerFinished ● Uses A to verify its authenticator Application Layer Transport Security - Google

  30. Protocols - Handshake 5. Client receives ServerFinished ● Uses A to verify its authenticator Client can start sending data encrypted with M Application Layer Transport Security - Google

  31. Protocols - Handshake 6. Client sends ● ClientFinished containing authenticator HMAC over pre-defined bit string ○ ○ Using secret A ● (Optional) Resumption ticket Application Layer Transport Security - Google

  32. Protocols - Handshake 7. Server receives ClientFinished ● Verifies the authenticator Application Layer Transport Security - Google

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Transport Layer Security The TLS Protocol Transport Layer Security (TLS) Security goals:

Transport Layer Security The TLS Protocol Transport Layer Security (TLS) Security goals:

IN3210 Network Security Transport Layer Security The TLS Protocol Transport Layer Security (TLS) Security goals: Authentication Integrity Confidentiality Transparent security protocol between TCP and application

1k views • 66 slides
1 Transport Layer Transport Layer Outline Message, Segment, Datagram Transport-layer

1 Transport Layer Transport Layer Outline Message, Segment, Datagram Transport-layer

Transport Layer Transport Layer Chapter 3: Transport Layer Mobile network Our goals: Global ISP understand principles learn about transport Chapter 3 behind transport layer protocols in the Transport Layer Internet: layer

678 views • 5 slides
Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer! Application Transport Network Link Physical CSE 461 University of Washington 2 Recall Transport layer provides end-to-end connectivity across

1.96k views • 165 slides
Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer! Application Transport Network Link Physical CSE 461 University of Washington 2 Recall Transport layer provides end-to-end connectivity across

528 views • 31 slides
Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer! Application Transport Network Link Physical CSE 461 University of Washington 2 Recall Transport layer provides end-to-end connectivity across

1.91k views • 168 slides
Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer! Application Transport Network Link Physical CSE 461 University of Washington 2 Three-Way Handshake (3) Suppose delayed, duplicate Active

709 views • 50 slides
Transport Where we are in the Course Moving on up to the Transport Layer! Application

Transport Where we are in the Course Moving on up to the Transport Layer! Application

Transport Where we are in the Course Moving on up to the Transport Layer! Application Transport Network Link Physical CSEP 561 University of Washington 2 Recall Transport layer provides end-to-end connectivity across the network

1.5k views • 148 slides
1 Transport Layer Transport Layer RTT Estimation RTT Estimation Basic Idea SampleRTT :

1 Transport Layer Transport Layer RTT Estimation RTT Estimation Basic Idea SampleRTT :

Transport Layer Transport Layer Outline Mobile network Transport-layer Connection-oriented Global ISP services transport: TCP Transport Layer Multiplexing and segment structure Home network demultiplexing reliable data

264 views • 5 slides
Addressing in the TCP/IP model Layer 4 Address Resolution: Ports and more Transport Layer

Addressing in the TCP/IP model Layer 4 Address Resolution: Ports and more Transport Layer

IN2140: Introduction to Operating Systems and Data Communication Addressing in the TCP/IP model Layer 4 Address Resolution: Ports and more Transport Layer Function Transport layer tasks 5 5 Application Application Application 1.

140 views • 11 slides
Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug

Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug

Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics TCP Layer Responsible for reliable end-to-end transfer of application data.

632 views • 32 slides
Transport Protocols in the Internet Overview & Essential of UDP Transport Layer Function

Transport Protocols in the Internet Overview & Essential of UDP Transport Layer Function

IN2140: Introduction to Operating Systems and Data Communication Transport Protocols in the Internet Overview & Essential of UDP Transport Layer Function Transport layer tasks 5 5 Application Application 1. Addressing Transport

304 views • 13 slides
Introduction to the Transport Layer CSC 249 Feb 13, 2018 1 Transport Layer Overview q Tasks

Introduction to the Transport Layer CSC 249 Feb 13, 2018 1 Transport Layer Overview q Tasks

Introduction to the Transport Layer CSC 249 Feb 13, 2018 1 Transport Layer Overview q Tasks performed by the transport layer v Services provided to the application layer v Services expected from the network layer q Multiplexing and

437 views • 8 slides
Application-Layer Protocols The World-Wide Web (HTTP) Reliable file transfer (FTP)

Application-Layer Protocols The World-Wide Web (HTTP) Reliable file transfer (FTP)

COMP 431 Application-Layer Protocols Internet Services & Protocols Outline application application transport Example client/server systems and network their application-level protocols: link physical Application-Layer Protocols

281 views • 13 slides
Application-Layer Protocols: The World-Wide Web (HTTP) Reliable file transfer (FTP) The

Application-Layer Protocols: The World-Wide Web (HTTP) Reliable file transfer (FTP) The

COMP 431 Application-Layer Protocols Internet Services & Protocols Outline application application transport network Example client/server systems and link their application-level protocols: physical Application-Layer Protocols:

432 views • 10 slides
Lecture 14 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 14 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 14 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL: Secure Sockets Layer v widely deployed security v original goals: protocol Web e-commerce transactions supported by almost all browsers,

609 views • 21 slides
Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL: Secure Sockets Layer v widely deployed security v original goals: protocol Web e-commerce supported by almost all transactions browsers, web

570 views • 21 slides
1 HTTP Client-server paradigm Typical network app has two application pieces: client and server

1 HTTP Client-server paradigm Typical network app has two application pieces: client and server

Network Applications Drive Network Design Important to remember that network applications are the reason we care about 3: Application Protocols: building a network infrastructure HTTP and DNS Applications range from text based command

504 views • 14 slides
CSCD58 W INTER 2018 W EEK 3 - A PPLICATION L AYER Brian Harrington University of Toronto

CSCD58 W INTER 2018 W EEK 3 - A PPLICATION L AYER Brian Harrington University of Toronto

Admin Protocol Stack Application Layer Break HTTP DNS P2P CSCD58 W INTER 2018 W EEK 3 - A PPLICATION L AYER Brian Harrington University of Toronto Scarborough January 23, 2018 Admin Protocol Stack Application Layer Break HTTP DNS P2P

512 views • 38 slides
Application Layer CS 3516 Computer Networks CS 3516 Computer Networks 2: Application Layer 2

Application Layer CS 3516 Computer Networks CS 3516 Computer Networks 2: Application Layer 2

Application Layer CS 3516 Computer Networks CS 3516 Computer Networks 2: Application Layer 2 Chapter 2: Application Layer Some network apps learn about protocols Goals: conceptual, e-mail social networks by examining

371 views • 14 slides
CORBA BY VIRAJ N BHAT www.caip.rutgers.edu/~virajb Topics to be covered Remote Procedure

CORBA BY VIRAJ N BHAT www.caip.rutgers.edu/~virajb Topics to be covered Remote Procedure

CORBA BY VIRAJ N BHAT www.caip.rutgers.edu/~virajb Topics to be covered Remote Procedure Calls. Conceptual overview of CORBA CORBA IDL Understanding the Broker-OA and BOA Interoperability Applications of CORBA Remote

799 views • 46 slides
04832250 Computer Networks (Honor Track) A Data Communication and Device Networking

04832250 Computer Networks (Honor Track) A Data Communication and Device Networking

04832250 Computer Networks (Honor Track) A Data Communication and Device Networking Perspective A Data Communication and Device Networking Perspective Module 1: Protocol Support for Network Applications Prof. Chenren Xu

1.3k views • 59 slides
Application Layer Security for the Internet of Things CASTOR Software Days 15-10-2019 Francesca

Application Layer Security for the Internet of Things CASTOR Software Days 15-10-2019 Francesca

Application Layer Security for the Internet of Things CASTOR Software Days 15-10-2019 Francesca Palombini, Ericsson Research HTTP TCP QUIC TLS IP and many more Francesca Palombini - Ericsson Research 2 The IoT is happening Gartner

306 views • 16 slides
Application Layer Protocols and Data Encoding for Constrained Devices W3C Web of Things

Application Layer Protocols and Data Encoding for Constrained Devices W3C Web of Things

Hauke Petersen Computer Systems and Telematics Breakout session on Application Layer Protocols and Data Encoding for Constrained Devices W3C Web of Things Workshop Contents 1) Constrained devices 2) Radio/Network technologies 3) Common

1.15k views • 7 slides
1 Creating a network app application transport network data link write programs that

1 Creating a network app application transport network data link write programs that

Last time Mobile network Internet overview Global ISP whats a protocol? network edge, core, access network Home network Regional ISP Regional ISP packet-switching versus k t it hi circuit-switching Internet/ISP

524 views • 20 slides

More recommend