The Evolving Architecture of the Web Nick Sullivan Head of - - PowerPoint PPT Presentation

the evolving architecture of the web
SMART_READER_LITE
LIVE PREVIEW

The Evolving Architecture of the Web Nick Sullivan Head of - - PowerPoint PPT Presentation

Jun 29, 2023 19 likes •793 views

The Evolving Architecture of the Web Nick Sullivan Head of Cryptography CFSSL Universal SSL Keyless SSL Privacy Pass Geo Key Manager Recently Standards work TLS 1.3 C on peting Goals make browsing more performant private HTTP DNS

slide-1
SLIDE 1

The Evolving Architecture of the Web

Nick Sullivan
slide-2
SLIDE 2 Head of Cryptography CFSSL Universal SSL Keyless SSL Privacy Pass Geo Key Manager Recently Standards work TLS 1.3
slide-3
SLIDE 3
slide-4
SLIDE 4

private performant

make browsing more

Conpeting Goals

slide-5
SLIDE 5

HTTP DNS

slide-6
SLIDE 6

HTTP

Client ISP Web Server Operating System Browser Static Content Cache

HTTP

slide-7
SLIDE 7

DNS

Client Resolver Authoritative
 Server Operating System Browser

DNS

slide-8
SLIDE 8 Clients Hosts
slide-9
SLIDE 9 Geographically Centralized Administratively Diverse One IP per Hostname Hosts Clients HTTP
slide-10
SLIDE 10 What a network observer can see Hosts Clients HTTP Unique Client IP Unique Server IP Server URL Website content
slide-11
SLIDE 11

Client IP Server IP Anonymity set 1 1

slide-12
SLIDE 12

IPv4

4.3 Billion Addresses

Not enough for every user

slide-13
SLIDE 13 What a network observer can see Hosts Clients HTTP Client Proxy IP Unique Server IP Server URL Website content Proxy
slide-14
SLIDE 14

Tor VPN Carrier NAT Latency Cost 3 round-the-world 1 round-the-world Small

slide-15
SLIDE 15

Client Server Anonymity set k 1

slide-16
SLIDE 16

New T rends

slide-17
SLIDE 17

HTTPS

Client ISP Host Operating System Browser

HTTPS

slide-18
SLIDE 18

TLS 1.2

Client ISP Host Operating System Browser
slide-19
SLIDE 19

TLS 1.3: coming soon

Client ISP Host Operating System Browser
slide-20
SLIDE 20 What a network observer can see Hosts Clients HTTP Unique Client IP Unique Server IP Server URL Website content HTTPS
slide-21
SLIDE 21

Client Server Anonymity set 1 1

slide-22
SLIDE 22

IPv4

4.3 Billion Addresses

Not enough for every website

slide-23
SLIDE 23 Geographically Centralized Administratively Diverse One IP per Hostname Hosts Clients HTTP
slide-24
SLIDE 24 More Geographically Centralized More Administratively Centralized Multiple Hostname per IPs Hosts Clients Shared Hosts HTTP HTTPS
slide-25
SLIDE 25

SNI

Virtual Hosting

Send the hostname to the server so it can choose the certificate

slide-26
SLIDE 26 Source: Akamai
slide-27
SLIDE 27 What a network observer can see Hosts Clients HTTP Client Unique IP Shared Server IP Hostname HTTPS Shared Hosts
slide-28
SLIDE 28

Client Server

(Shared IP+Hostname)

Anonymity set 1 1

slide-29
SLIDE 29

Internet Scans and IPv6

slide-30
SLIDE 30

Privacy Evolves

Certificate Transparency

Wildcard certificates

slide-31
SLIDE 31

Edge Sesvices

slide-32
SLIDE 32
  • Websites and are delegating
to globally distributed parties
  • Authorized to terminate TLS
  • Reduced Latency
  • Improved DDoS resilience
  • Anycast to reduce number of
IPs needed

Edge Services

slide-33
SLIDE 33 More Geographically Centralized More Administratively Centralized Multiple IPs per Hostname Hosts Clients Shared Hosts HTTP HTTPS
slide-34
SLIDE 34 Geographically Distributed Administratively Centralized Multiple IPs per Hostname Anycast Hosts HTTP HTTPS Hosts Clients
slide-35
SLIDE 35 Client ISP Host Operating System Browser Edge

HTTPS

slide-36
SLIDE 36 Client ISP Host Operating System Browser Edge

HTTPS

slide-37
SLIDE 37

Questioos

Can we improve privacy? Can we improve latency? Can we improve both???

slide-38
SLIDE 38 Client Operating System Browser SNI: burrito.com Edge

HTTP 1.1

Resolver SNI: beans.com Q: beans.com A: 1.2.3.5 Q: burrito.com A: 1.2.3.4 burrito.com beans.com
slide-39
SLIDE 39

Safety in Numbess

slide-40
SLIDE 40 Client Operating System Browser SNI: burrito.com Edge

Meek

Resolver Q: burrito.com A: 1.2.3.4 burrito.com Origin beans.com Host burrito.com Host
slide-41
SLIDE 41 Client Operating System Browser SNI: burrito.com Edge

Meek

Resolver Q: burrito.com A: 1.2.3.4 burrito.com

Mismatch: SNI, Host, SAN

GET https://beans.com Origin GET beans.com beans.com Host burrito.com Host
slide-42
SLIDE 42 Client Operating System Browser SNI: burrito.com Edge

HTTP/2

Resolver GET https://beans.com Q: beans.com A: 1.2.3.4 Q: burrito.com A: 1.2.3.4 burrito.com beans.com

Connection Coalescing

GET https://burrito.com
slide-43
SLIDE 43 Client Operating System Browser SNI: burrito.com
 SNI: burrito.com Edge

HTTP/2

Resolver GET https://beans.com Q: burrito.com A: 1.2.3.4 burrito.com beans.com

ORIGIN Frame

GET https://burrito.com ORIGIN: beans.com
slide-44
SLIDE 44 What a network observer can see Hosts Clients HTTP Client Unique IP Shared Server IP First Hostname HTTPS Anycast Hosts
slide-45
SLIDE 45

Anonymity set 1 ~20 Client Server

(Shared IP+Certificate)
slide-46
SLIDE 46 Client Operating System Browser SNI: burrito.com Edge

HTTP/2

Resolver GET https://beans.com Q: burrito.com A: 1.2.3.4 burrito.com

CERTIFICATE Frame

GET https://burrito.com ORIGIN: beans.com beans.com CERTIFICATE:
slide-47
SLIDE 47 Client Operating System Browser SNI: burrito.com Edge Resolver Q: burrito.com A: 1.2.3.4 burrito.com
slide-48
SLIDE 48

What this changes

Having a certificate gives you routing authority

slide-49
SLIDE 49

Anonymity set 1 k

k is the set of domains on certificates that can be obtained through “First Hostname”

Client Server

(Shared IP+First Hostname)
slide-50
SLIDE 50

Meek-like circumvention protection

Only send the CERTIFICATE frame on certain resources

slide-51
SLIDE 51 Client Resolver Authoritative
 Server Operating System Browser

DNS

slide-52
SLIDE 52 Client Resolver Root Server Operating System Browser

Cache Miss

TLD Server Authoritative Q: e.we.com me.we.com me.we.com me.we.com Client Subnet
slide-53
SLIDE 53 Client Resolver Root Server Operating System Browser

Caching

TLD Server Authoritative Q: e.we.com me.we.com Client Subnet me.we.com me.we.com
slide-54
SLIDE 54 Client Resolver Root Server Operating System Browser

QNAME Minimization

TLD Server Authoritative Q: e.we.com .com .we.com me.we.com Client Subnet
slide-55
SLIDE 55 ISP

DNS Over HTTPS

Client Authoritative
 Server Operating System Browser Edge
 Resolver

DOH

slide-56
SLIDE 56 Client DOH
 Resolver Root Server Operating System Browser

DOH Resolver

TLD Server Authoritative Q: e.we.com .com .we.com me.we.com Client Subnet ISP
 Resolver
slide-57
SLIDE 57

Latency

ISPs


 Closer to user Smaller cache UDP

Edge DoH


 Globally Distributed TLS 1.3 0RTT

slide-58
SLIDE 58

Challenges in the Enterprise

slide-59
SLIDE 59 Client Browser SNI: burrito.com Edge

HTTP/2

DoH Resolver GET https://beans.com burrito.com

ORIGIN/CERT + DoH

GET https://burrito.com ORIGIN: beans.com beans.com CERTIFICATE: SNI: resolver.com Q: burrito.com A: 1.2.3.4 resolver.com
slide-60
SLIDE 60 Client Browser Edge

HTTP/2

DoH Resolver burrito.com

ORIGIN/CERT + DoH

SNI: resolver.com resolver.com SNI: burrito.com
slide-61
SLIDE 61

SNI

Encryption

Encrypt SNI with client ephemeral key + server public key from DNS

slide-62
SLIDE 62 Client Browser eSNI: E(burrito.com) Edge

TLS 1.3

DoH Resolver burrito.com

O/C + DoH + eSNI

SNI: resolver.com Q: burrito.com A: 1.2.3.4, PubKey resolver.com
slide-63
SLIDE 63 What a network observer can see Hosts Clients HTTP Client Unique IP Shared Server IP First Hostname (SNI) HTTPS Anycast Hosts
slide-64
SLIDE 64

Anonymity set 1 K

K is the set of domains that can be served on the IP

Caveat: If Server IP is static, then this give a hint about first hostname.

Client Server

slide-65
SLIDE 65 Client SNI: resolver.com Edge

HTTP/2

Resolver GET https://beans.com Q: beans.com A: 1.2.3.5 resolver.com

DOH “VPN”

ORIGIN: beans.com beans.com CERTIFICATE: Browser
slide-66
SLIDE 66 Client SNI: resolver.com Edge

HTTP/2

Resolver resolver.com

DOH “VPN”

Browser
slide-67
SLIDE 67

Client IP Server IP Anonymity set 1 K

K is the set of domains that can be served on the IP

No dynamic IP requirement
slide-68
SLIDE 68

Where are we now?

ORIGIN implemented in Firefox CERTIFICATE being standardized by IETF DOH supported by Google DNS, 1.1.1.1 eSNI about to be submitted to IETF
slide-69
SLIDE 69

ORIGIN

Privacy improvement limited by shared certs Latency skip both DNS and HTTPS Security certificate compromise risk
slide-70
SLIDE 70

CERTIFICATE

Privacy hide any bean in any burrito Latency extends origin benefits to any cert Security exchange DNS for CT or OCSP stapling
slide-71
SLIDE 71

DOH

Privacy first hop improvement Latency depends on provider, TLS 1.3 Security security against attacks, allows passive DNS
slide-72
SLIDE 72

eSNI

Privacy first domain privacy given dynamic IPs Latency depends on DoH for reliability Security risk of more MiTM
slide-73
SLIDE 73

Open Questions

How much privacy does this actually give people? Does this incentivize further consolidation? Does increased performance and privacy outweigh the legitimate need for external visibility?
slide-74
SLIDE 74

Website Fingerprinting

Removing explicit signals does not protect you from passive ones

slide-75
SLIDE 75

Consolidation

Better performance when using a popular provider

slide-76
SLIDE 76

Is visibility necessary?

Safety vs. Security

slide-77
SLIDE 77

The Evolving Architecture of the Web

Nick Sullivan