TLS 1.3: better for individuals – harder for enterprises

The Secure Sockets Layer (SSL) protocol was first introduced in 1994 by Netscape. It’s gone through a number of revisions  – notably a name change to Transport Layer Security (TLS) – and has become probably the most widely used encryption protocol on the Internet.

It was originally introduced to protect payment and personal information to support the burgeoning e-commerce platforms on the web. However, over the last few years, it has grown to encompass pretty much everything on the Internet. There are almost no commonly-used sites or services that don’t support encrypted connection. Generally speaking, that’s a good thing. However, phishing sites are also using TLS to make them more believable to users, and some malware uses the TLS protocol to hide its nefarious activities.

Many enterprises have security appliances that seek to look into TLS connections to make sure that the enterprise security is appropriately protected. Whilst it sounds like a magic box that can ‘break’ encryption, it’s not. It only works because an enterprise security appliance can act as its own certificate authority that the enterprise clients will trust; it doesn’t affect anyone else. Most of these appliances usually whitelist a bunch of sites (including healthcare, banking and other services that hold sensitive personal data) because the risk to enterprise security doesn’t warrant the risk of the enterprise knowing really sensitive stuff about its employees. They also drop out of proxying connections when they determine the risk is low. Lots of regulatory regimes make it a requirement for regulated industries to inspect traffic as it leaves their network.

The IETF will soon publish version 1.3 of the TLS specification. Version 1.3 addresses a number of things to make the protocol fit for the future:

  • It removes some old and creaky cryptography which we really shouldn’t be using anymore.
  • It makes a bunch of attacks less likely.
  • It adds some more robust connection privacy protection, intended to protect individuals from ‘pervasive monitoring‘.

The challenge is that these protections will also make the enterprise security model much, much harder. There’s two specific things that I think will have a negative impact on enterprise security.

The first is that it’s impossible to whitelist sites anymore because server certificates (the things that authenticate a site) are encrypted. So, your appliance will be unable to work out (for example) whether you’re communicating with your bank, or if malware on your machine is talking to its criminal masters, without breaking the connection. That wouldn’t be a problem if you could break the start of a connection and then drop out when you find out it’s a low risk (or sensitive site). But that brings us to the second problem; you can’t do this in TLS 1.3. Once you proxy a connection, you have to proxy it until it’s done.

What this means is that enterprises will have to proxy each and every TLS 1.3 connection – whether they need to or not – and for the entire duration of the connection. This reduces the privacy of the employees in that enterprise, massively increases equipment and power costs, and probably increases overall technical risk for the enterprise and its employees. Clearly, that’s not a great outcome.

At the moment, this isn’t a problem as enterprises can just say that they’ll only support TLS 1.2, allowing them to continue managing their enterprise risk. However, it’s only a matter of time before some popular service adopts TLS 1.3 exclusively, at which point enterprises then have to make a choice about denying access, or losing the ability to manage their enterprise risk fully.

Some will say that endpoint security will make up for what we lose. But we’ve seen what happens with reliance on just endpoint security, and that’s why we all prefer layered defences. There’s likely to be a bunch of new cyber security products claiming to be able to work out whether a TLS 1.3 connection is good just by looking at the encrypted packet flows. Such products are unlikely to defend against a competent adversary for long:

  • We’ve seen attackers mimic traffic profiles to hide in the noise for years, and it will be easier for them in this situation.
  • Server Name Indicators are still in the clear, but they’re a request from the client, not tightly bound to the server we’re actually interacting with.
  • DNS names are still available, but that may get harder depending on enterprise architecture and whether encrypted DNS becomes mainstream, through a standard called DPRIVE.
  • Making risk judgements based on IP address is very weak and IPv6 will change that as well, likely for the worse.
  • As IoT hubs start to appear, it may end up being harder for users to understand what’s being sent by their things if the hubs can’t do selective proxying.

It’s almost certainly true that investigation of enterprise cyber security incidents will be harder than it is today, since a good proportion of the data we use to detect compromised devices will be harder to get. So while TLS 1.3 undoubtedly provides better protection for individuals, it certainly looks like it’ll have a negative effect on enterprise security, if it becomes effectively mandatory.

There needs to be work done on both national and international regulations to understand the impact of this change. For example, it looks like TLS 1.3 services are probably incompatible with the payment industry standard PCI-DSS and the US health industry requirements under HIPAA. There are some other obvious conflicts, and certainly some we’ve not even thought of yet. We also need more research into how we continue to provide decent enterprise risk management as TLS 1.3 becomes the standard over the coming few years.

I’m expecting people to accuse me of being an intelligence agency stooge who’s against encryption. We’ve said the NCSC would be transparent and evidence-based, and so far the evidence suggests that TLS 1.3, overall, will be bad for enterprises. We appear to be in the weird position where well-designed, well-intentioned crypto will actually have a downside for cyber security. I’m not asking for the standard to change – it’s almost certainly too late for that. But work needs to happen quickly to ensure that attackers don’t get a massive leg-up.

Ian Levy
Technical Director, National Cyber Security Centre

Source: National Cyber Security Centre

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

/by
You might also like
Serviceteam IT Security News ‘Zoom is malware’: why experts worry about the video conferencing platform
Serviceteam IT Security News Bugs in Logitech Harmony Hub Put Connected IoT Devices at ‘High Risk’
Serviceteam IT Security News Purported Optus hacker releases 10,000 records including email addresses from defence and prime minister’s office
Serviceteam IT Security News Zerodium Offering $1M for Tor Browser Zero Days
Serviceteam IT Security News Calls For Regulation Build After Facebook Privacy Fallout
Serviceteam IT Security News YouTube’s fine and child safety online | Letters