Network Endpoint Data 1 TLS 1.3 : Solving new challenges for - - PowerPoint PPT Presentation

network endpoint data
SMART_READER_LITE
LIVE PREVIEW

Network Endpoint Data 1 TLS 1.3 : Solving new challenges for - - PowerPoint PPT Presentation

Sep 22, 2023 305 likes •833 views

Network Endpoint Data 1 TLS 1.3 : Solving new challenges for next-generation firewalls (NGFW) Pass The Salt 2019 2 Who are we ? Nicolas Pamart Damien Deville Thomas Malherbe Apprentice Developer T echnical Leader Developer Does

slide-1
SLIDE 1

1

Network Endpoint Data

slide-2
SLIDE 2

2

TLS 1.3 : Solving new challenges for next-generation firewalls (NGFW)

Pass The Salt 2019

slide-3
SLIDE 3

3

Who are we ?

  • Nicolas Pamart

Apprentice Developer Does stuff, Did not have a choice to talk In front of you nicolas.pamart@stormshield.eu

Damien Deville

T echnical Leader Does stuff damien.deville@stormshield.eu

Thomas Malherbe

Developer Does stuff thomas.malherbe@stormshield.eu www.stormshield.com

slide-4
SLIDE 4

4

We’re on the network ...

slide-5
SLIDE 5

5

We protect users & enforce company policy

slide-6
SLIDE 6

6

With our state of the art IPS

slide-7
SLIDE 7

7

Focus on TLS application filtering

slide-8
SLIDE 8

8

TLS : T ransport layer security

A TLS connection TLS in the network stack

slide-9
SLIDE 9

9

[ ] = Encrypted TLS 1.2 - Handshake TLS 1.2 – Analysed Handshake

slide-10
SLIDE 10

10

With these data

slide-11
SLIDE 11

11

But now … TLS 1.3 encrypts server certificate

slide-12
SLIDE 12

12

Brand new TLS 1.3 handshake

[ ] = Encrypted TLS 1.2 TLS 1.3*

*RFC8446

slide-13
SLIDE 13

13

We are passive*, we do not decrypt

*On the TLS layer

slide-14
SLIDE 14

14

Server certificate is a public information

slide-15
SLIDE 15

15

About certificates

slide-16
SLIDE 16

16

How-to: Get the same certificate

  • Send the same server name indication (SNI)
  • Propose the same cipherlist
  • Send our own KeyShare extension
slide-17
SLIDE 17

17

Wait, usually kernels don’t speak TLS !

slide-18
SLIDE 18

18

Dear userspace daemon, talk for me

slide-19
SLIDE 19

19

Yay ! We saved our feature

slide-20
SLIDE 20

20

But for each connection ?!

slide-21
SLIDE 21

21

slide-22
SLIDE 22

22

Let’s cache certificate !

Pros

  • 0 delay certificate retrieval
  • Less load on server
  • Less load on NGFW

Cons

  • Design the cache : tune entry expiration date & cache size
  • Design the cache #2 : do something that works
slide-23
SLIDE 23

23

Let’s cache it !

slide-24
SLIDE 24

24

Let’s cache it !

slide-25
SLIDE 25

25

How do we identify cache entries ?

slide-26
SLIDE 26

26

Handling session resumption

slide-27
SLIDE 27

27

TLS 1.3 session resumption

slide-28
SLIDE 28

28

TLS 1.3 session resumption : limitations

  • Not really impacting our solution

We base ourselves on ClientHello information => SNI is « theorically* » provided in resumption ClientHello

  • Some malicious peers could not provide SNI during

resumption, thus breaking our filtering

*RFC 8446 section 4.2.11 : Pre-Shared Key Extension

slide-29
SLIDE 29

29

Simple, just check the presence

  • f SNI no ?
slide-30
SLIDE 30

30

The problem with SNI

  • SNI is not mandatory ...
  • Need to check if original session was initiated with SNI
  • How to do that ?
slide-31
SLIDE 31

31

Another cache … for the SNI !

slide-32
SLIDE 32

32

The big picture

slide-33
SLIDE 33

33

SNI not coherent

slide-34
SLIDE 34

34

SNI coherent & Cache HIT - PASS

slide-35
SLIDE 35

35

SNI coherent & Cache HIT - BLOCK

slide-36
SLIDE 36

36

SNI coherent & Cache MISS - PASS

slide-37
SLIDE 37

37

Proof of concept

slide-38
SLIDE 38

38

PoC : design

slide-39
SLIDE 39

39

PoC : supported features

  • SNI coherence cache
  • Certificate Caching
  • Application blacklisting

=> Statistics gathering

slide-40
SLIDE 40

40

PoC : results for 1 day / 1 user

Cache misses: 259 SNI incoherences : 0 Total: 2509 => Ratio: 10.32% cache miss

slide-41
SLIDE 41

41

Final note

slide-42
SLIDE 42

42

World is safer now

  • Facebook is blocked again
  • That’s how we saved the world
slide-43
SLIDE 43

43

www.stormshield.com/join-us/

20+ Open jobs!

Villeneuve d’Ascq – Paris (ILM) - Lyon

slide-44
SLIDE 44

44

22, rue du Gouverneur Général Éboué 92130 Issy-les-Moulineaux FRANCE nicolas.pamart@stormshield.eu +33 (0) 9 69 32 96 29

Get in T

  • uch

Thank you

Looking forward to hearing from you

damien.deville@stormshield.eu thomas.malherbe@stormshield.eu

slide-45
SLIDE 45

45

About encrypted SNI (eSNI)

  • Currently as a draft
  • Can break our solution as we are not able do
  • btain the SNI
  • Encrypted via key given in DNS

=> Solution: We also analyze DNS trafic (If you use DNSsec on top of that you may beat us)

slide-46
SLIDE 46

46

TLS in kernel

  • Requires to have the whole chain of cert in kernel

=> Not enough memory to do that, too costly

  • It is technically possible to do TLS in kernel
slide-47
SLIDE 47

47

About PSK-only servers (if it exists)

  • PSK can be used to authenticate server

=> Thus no need for server certificate => Our solution don’t work (or don’t apply)

  • Solution: Whitelist PSK-only servers
slide-48
SLIDE 48

48

TLS 1.3 early-data

  • Stripped when mimicking ClientHello
  • Concerns about anti-replay
  • We can’t provide sufficient security for anti-replay
slide-49
SLIDE 49

49

TLS 1.2 handshake

[ ] = Encrypted

slide-50
SLIDE 50

50

TLS 1.3 handshake

[ ] = Encrypted

slide-51
SLIDE 51

51

TLS 1.3 session resumption

slide-52
SLIDE 52

52

TLS 1.3 0-RT == Resumption + Early data