SSL certificates have been enabling secure transactions online since the early days of the world wide web. New SSL algorithms will provide the same, or better, levels of security with less stree on servers, meaning website owners could improve server performance, page load speed and conversion by embracing this new technology.
2. Todays Agenda
• Symantec’s Algorithm Agility
– What we’ve announced
– Why we’re doing this
– The benefits
– Performance in our labs
• Our partners
• Q&A
Symantec's Algorithm Agility
3. Algorithm Agility: what we’ve announced
• First CA to offer
3 crypto algorithms
• Available now in
Managed PKI SSL
Certificates
• No additional
charge for ECC and
DSA
More Choices | Improved Performance | Increased Security
Symantec's Algorithm Agility
5. The Big Numbers
Source: Symantec's ISTR
5.5Bn Attacks blocked by Symantec ↑ +81%
403M Unique variants of malware ↑ +41%
4,597 Web attacks per day ↑ +36%
4,989 New vulnerabilities discovered ↓ -20%
315 New mobile vulnerabilities ↑ +93%
75% Spam rate ↓ -34%
Symantec's Algorithm Agility
6. Cyber Attacks On The Rise
Everyone Has a Part to Play To Help Combat These
Frequency of cyber attacks experienced by enterprises*
Viruses, worms, trojans 100%
Malware 96%
Botnets 82%
Web-based attacks 64%
Stolen devices 44%
Malicious code 42%
Malicious insiders 30%
Phishing & social engineering 30%
Denial of service 4%
Symantec's Algorithm Agility * Source: Ponemon Institute 2012
7. Algorithm Agility: the benefits
ECC
1 2 3 4
Stronger Efficient Highly Future of
Encryption Performance Scalable Crypto Tech
• Shorter key than • Efficiency increases • Large SSL • Viable for many years
RSA with higher server deployments w/out • Built for Internet of
loads additional hardware things to come
• 256-bit ECC = 3072-
bit RSA • Utilises less server • Securing the • Supports billions of new
CPU enterprise: devices coming online
• 10k times harder to
crack than RSA • PC’s: Faster page load • Use fewer • Ideal for Open Networks
2048 time resources
• Truly ‘future proof”
• Meets NIST • Ideal for mobile • Lower costs trust infrastructure in
recommendations devices place.
Symantec's Algorithm Agility
8. ECC: 10,000 times harder to break than RSA keys
Current acceptable security
Level [10^24 MIPS years]
18000 The longer the RSA key, the
Symantec less applicable it becomes in
16000 NIST as of the real-world
1-1-2014 ECC today
14000 2048 bits 256 bits
12000
Key Size (bits)
10000
ECC
8000
RSA
6000
4000 ECC maintains very complex
cryptography with key
2000 lengths that meet real-world
0 demands
1.00E+12 1.00E+24 1.00E+28 1.00E+47 1.00E+66
MIPS Years to break
Source: Symantec Internal Research and Testing. Computations http://www.nsa.gov/business/programs/elliptic_curve.shtml
Symantec ECC-256 certificates offer the security equivalent of a 3072-bit RSA certificate.
Symantec's Algorithm Agility 8
9. Improved Server Performance
• ECC 256 has better performance
than RSA at 0, 90k, and 200k
connections
Web pages encrypted w/ECC load
faster than those with RSA • ECC performance numbers are
expected to significantly improve
over time as the industry
optimises for ECC as it did for RSA
• With better performance –
customers will need to purchase
fewer servers to handle SSL
connections – a big cost saving
• Performance efficiencies
Uses less server power
Handles more requests
Is more scalable
Source: Symantec Internal Research and Testing
Symantec's Algorithm Agility
10. Improved Desktop Performance and User Experience
As a server gets hit
with more
traffic, ECC…
processes more
requests…
in less time…
without affecting
load…
…than RSA
Source: Symantec Internal Research and Testing
Symantec's Algorithm Agility
11. Industry-leading Companies Partner with Symantec to
Accelerate ECC Adoption
“We believe in constantly furthering web
security, which is why Chrome supports Elliptic Curve
Digital Signature Algorithm (ECDSA) on all modern
operating systems,” Adam Langley, Software Engineer Google.
Symantec's Algorithm Agility
12. Availability Today
• For Symantec Managed PKI for SSL Customers:
– DSA is available with any SSL Certificate.
– ECC is available with any Premium SSL certificate
• Symantec is the only company that offers these three different
algorithms.
Browsers compatible with ECC (as of 11 March 2013)
• Firefox 18
• Internet Explorer relies on the OS Root Store and Windows Root Update
Mechanism, so any version of Internet Explorer on Windows Vista, Windows
7 and Windows 8 will work after you visit a site that chains up to the root.
• Chrome on Windows relies on the OS Root Store and Windows Root Update
Mechanism, so any version of Chrome on Windows Vista, Windows 7 and
Windows 8 will work after you visit a site that chains up to the root.
Symantec's Algorithm Agility
13. Recap: ECC is faster and stronger
• Greater security Symantec ECC will be 10,000 times harder to
break than an RSA 2048-bit key based on industry computation
methods. Symantec 256-bit ECC certificates offer the equivalent
security of a 3072-bit RSA certificate.
• Improved server performance - during peak loads with the
ability to process more requests per second with lower CPU
utilisation. This is becoming more and more important as
mobile and tablet adoption place demands on web
infrastructure.
• Improved server-to-desktop performance and response time.
Our internal testing showed a server with an RSA certificate
handled 450 requests per second with an average response
time of 150 milliseconds to desktop clients. The server with an
ECC certificate under the same conditions netted an average
response of just 75 milliseconds.
Symantec's Algorithm Agility
14. More Information
• Algorithm Agility ECC & DSA Blog => http://bit.ly/XGUzTU
• Why Symantec and SSL Overview Video => http://bit.ly/VbGU8E
• FAQ: ECC and DSA Certificates = > http://bit.ly/VT7a4O
• SlideShare: Symantec WSS => http://slidesha.re/XwaUfX
• https://www.symantec.com/en/uk/ssl-certificates
• http://www.nsa.gov/business/programs/elliptic_curve.shtml
Symantec's Algorithm Agility
Good Afternoon On behalf of Symantec, I’d like to welcome all of you joining us today my name is Andrew Horbury, I’m a Product Marketing Manager and I will be your presenter for today’s event.It’s great to speak to you today to give you information regarding Algorithm Agility and what it means to our Customer’s Trust. The session today will run for about 30 minutes we will have time at the end so please feel free to send questions my way – should we happen to run out of time then we’ll take the questions offline and answer them then.I’ve also posted a number of resources that you can access at any time during this webinar – these range from datasheets, to an expanded slide deck, a short video clip and links to a huge range of resources on our website. I’ll also share my contact details in case you have specific request and want to contact me after the session.Let’s go ahead and begin.
Let’s discuss our Topic’s for today; we will be covering the following:Symantec’s Algorithm Agility InitiativeWhat we’ve announcedThe “Why’s”And the benefits of Algorithm AgilityWe’ll have some follow-up with our Performance Testing, In-LabWe will discuss our Partners in this initiativeAnd we will sum it up with a Q&A session as well.Let’s go ahead and get started…<NEXT SLIDE>
Since 1976, public key cryptography has become the foundation on which secure communications were established over the Internet. The public key algorithm and infrastructure revolutionised cryptography, and formed the basis for secure e-mail, e-commerce, and many other secure information exchanges. Throughout the development of PKI, new algorithms have been developed and refined which offer higher security and better performance, resulting in improved ability to defend against the growing sophistication of the modern security threat. And we're evolving right with them.For our Enterprise customers, we announced at the RSA conference in early March our Algorithm Agility program. What this means is that any Standard SSL Certificate can now be issued as an RSA or DSA algorithm option, both included for the same price. Any Premium SSL certificate has a third included option of the ECC algorithm, for improved production and performance connections. Briefly first of all I’ll introduce the three algorithms RSA is the most widely used public key algorithm today. RSA stands for inventors Rivest, Shamir and Adleman.DSA (Digital Signature Algorithm) is a U.S. government-approved and certified encryption algorithm that was developed by the National Security Agency in 1991 as an alternative to the current standard RSA algorithm. It offers the same level of security and performance as RSA, but uses a different mathematical algorithm for signing and encryption. A DSA key pair will be the same size as the equivalent RSA key. Digital Signature Algorithm (DSA) is a United States Federal Government standard (Federal Information Processing Standard, or FIPS). DSA is on the National Institute of Standards and Technology (NIST) Suite B list.ECC (Elliptic Curve Cryptography) offers greater security as compared to other prevalent algorithms. As an example, Symantec ECC-256 certificates will offer equivalent security of a 3072-bit RSA certificate. Compared to a 2048 RSA key (which is the industry norm), ECC-256 keys are 10,000 times harder to crack. ECC can handle more users and more connections simultaneously with lower latency increases than the RSA alternative at the same mid-range CPU volumes. Elliptic curve cryptography (ECC) is generally considered to be the most efficient and scalable algorithm and again ECC is on the National Institute of Standards and Technology (NIST) Suite B list. To recap, what is Algorithm Agility? And why would Symantec go this route instead of just saying, “Hey, we got some new products, come take a look…” The phrase Algorithm Agility goes back to our way of management and ability to “splice” the PKI technology to take advantage of other meta-technologies. We can do this while keeping an eye on the customer’s bottom-line. Yet, the benefits will outweigh the cost as we can provide proven methods to our existing customer base without additional pricing on new products!I will discuss this further throughout the presentation. Yet, let’s look at some facts behind our Algorithm Agility initiative:We are the first Public CA or PCA to offer 3 Crypto types:Traditional or Industry usage RSADigital Signature Algorithm or DSAElliptic Curve Cryptography or ECCThis is available today in MPKI-SSL. In most cases, based on your current SSL Certificate IssuancesWe can provide these to our customer base at no additional cost or effect to their existing certificate purchases / offeringsSo as the slide says:More ChoicesImproved PerformanceAnd Increased SecurityWith that, let’s move on…<NEXT SLIDE>
In the first instance we need to talk about NIST…. The National Institute of Standards and Technology defines the standard for strong encryption, and provides a rigorous testing process for software vendors. To stay ahead of new and increasingly more sophisticated cyber threats, NIST recommends all websites to migrate from RSA 1024-bit to 2048-bit certificates by 1 January 2014. As a company Symantec began transitioning all our customers to RSA 2048-bit SSL certificates last year. We’ve broadened our SSL portfolio with new security algorithms to address this requirement with increased protection and performance.Looking at compliance. There is a need for Greater Compliance, Privacy and Security Regulatory Requirements, Globally A. This is due US Government Security Standards B. Need for security compliance working with / selling to US Government agencies C. National Security Agency requirementsAlso with Increased attacks, threats & outages. We’ve seen this in the last 3 years with other Public CA’s being attacked. One of those CA’s had to shut its doors, the damage was so great.And Lastly, Mobile & Cloud growth impacts servers and networks requiring better adjustment to an evolving environment. The almost overnight growth of mobile/tablet and cloud has significantly impacted servers and networks and these changing patterns of course have an impact on online infrastructure. I certainly remember struggling on some websites in the run up to Christmas last year when buying gifts. Indeed the speed of a website is often shown as one of the reasons people abandon websites. On average, a visitor to your website will spend a maximum of 10-20 seconds on any one page. So, first impressions are often the only impressions. Indeed our own research via our ISTR has shown significant threats and over the next two slides I want to highlight some of the threats that we have seen in recent months.
There is a huge amount of information covered in Symantec’s Annual Internet Security Threat Report and it’s not something that can be covered in one discussion. However I thought it would be useful to highlight some of the big numbers…And I’m using these numbers to illustrate the number of web based attacks that there is today and show a bona fide reason for being concerned and to highlight why NIST are advocating a move to stronger key lengths.On the slide here you can see that over 400 million unique variants of malware were discovered in 2011 – very significant growth over 2010.Over 4500 web attacks each dayAnd Almost 500 new vulnerabilities discovered If you think back to 2008 when a group of hackers announced that they'd exploited a flaw in the MD5 cryptographic algorithm, using a cluster of 200 PS3s. You can start to see why there is a need to advance. As the computational power increases so the threats increase.
Cybercrimes are intrusive and common occurrences. In some research published by Ponemon Institute (sample size: 50 large enterprise), participating institutions experienced 72 successful attacks per week – or more than 1.4 successful attacks per organization. When compared to last year’s study, this represents a 44 per cent increase in successful attacks experienced by organizations. Everything from Viruses, malware, botnets and web based attacks lead the table on screen here.So whilst at the moment RSA keys are still secure it makes sense to look to the future and understand what works for your infrastructure and for your organisation. Be that RSA or ECC – now is the time to explore.
Algorithm Agility: the benefitsNow let’s focus on ECC and the benefits of algorithm agilityIt provides Stronger Encipherment:It carries a smaller key size than RSAAn example would be a 256 Bit Curve is equivalent to a 3072 Bit RSA Key SizeIt’s 10,000 time harder to crack than an RSA 2048 KeyLast ECC meets all of the NIST RecommendationsNext is Performance Efficiency:The higher the server load, the increase in overall efficiencyIt uses overall less resources on the source node. In other words, less CPU cyclesFor the Client, you would see faster load timesThis is ideal for the mobile device world where power consumption and all the above come into playIt is Highly Scalable:Large SSL Deployments can be conducted without beefing up the hardware requirements to support itOverall, it will suck up fewer resources and lower costs in the longer-termLast, the Future of Crypto Technology:Statistics currently show ECC will be a viable technology in the PKI portfolio for the next many yearsIt’s really designed for the Internet-of-thingsIt will support billions of new devices Ideal for “open networks”, regardless of the layersBeing the leading PKI Provider, we have future-proofed our Trust infrastructure to support these new functions to the PKI Technology. An example is our Generation 7 Root CA that is NIST / Industry compliant for the years to come.Go ahead and take another second to look this slide over, and we’ll move on…
So whilst all three public key cryptography systems are secure, efficient and commercially viable, they differ in the kind of mathematical problem on which they are based. Not only does this affect how vulnerable they are to brute force attacks often used by hackers, but it can also lead to differences in the size of the keys generated by the algorithm to provide a certain level of security. NIST provides guidelines for minimum sizes of the different keys according to the level of security required.The chart on screen now shows that the size of RSA keys grows at a much faster rate than those based on ECC when faced with increasing security requirements. This is important because longer keys require more storage space, more bandwidth to transmit, and potentially, more processor power and time to generate the keys, encrypt, and decrypt with them.Elliptic Curve Cryptography (ECC) creates encryption keys based on the idea of using points on a curve to define the public/private key pair. It is difficult to break using the brute force methods often employed by hackers.The RSA algorithm is, and is likely to continue to be, widely used for some time, and for most TLS Certificates, RSA will remain the algorithm of choice for Web transactions. However, as security demands increase and the use of mobile devices continues to expand, there is a growing need for a more flexible encryption landscape where business owners can customise the kind of protection they get to the needs, scale and technological configurations of their particular businesses. An increasing number of tablets, smart phones, and other mobile devices are driving more traffic onto the web. This is great for business, but can present a challenge for the number of total simultaneous connections to a single site. Algorithm agility can provide a scalable solution without sacrificing security. If you consider that today a 2048 bit key can be challenging within an existing infrastructure then ECC starts to make sense.
In terms of server performance, ECCUses less server power, less cpu resourcesIs able to handle more requestsIt scales well to handle:Any traffic spikesYour business growthEnterprise-wide network security Some testing has shown that RSA key size increases have a negative impact on server loads, and the number of simultaneous connections possible. Enterprise organizations will need the time to test their new larger certificates to discover the tradeoffs in performance, load times, latency, and other factors specific to their environment. Symantec’s algorithm agility will help the Enterprise test plans by providing options in test to determine how to optimize for their specific security ecosystem. Testing parameters will depends on the transaction payload, web server, server hardware, cores, throughput, cipher suite, sessions cache, SSL/TLS implementations.ECC:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHARSA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHAECC 384-256-256 RSA 2048-2048-2048Desktop Page sizes: 0K, 90K, 200KServer specifications8 cores 7 GiB of memory clock frequency: 2.33 ghznetwork: 1 GbpsWeb server: Apache 2.4.3.openssl: 1.0.1cServer time: includes SSL Handshake time (key derivations: ECDHE) + data encryption + file transfer timeWorst case scenario as session reuse = 0%
Improved Desktop Performance and User ExperienceYou can process more requests in less time without affecting the overall load. Initial handshakes are going to be faster because the ECC 256 key operates more efficiently. Thru our internal testing we have seen that our ECC keys are vastly more efficient than an RSA 2048 public key.The 256 curve is much more efficient meaning you can get more out of a smaller key.On the graph here you can see as the server get hits by more traffic you can subsequently see a significant time saving – as requests go up the average response time does not significantly rise. Our testing labs have shown that ECC is vastly more efficient in by almost 100milliseconds. What this means to you as an end user –pages are going to load more efficiently. Mobile clients are going to hang around longer – even if you are using a banking app or an etrade app the response time using ECC will be vastly easier to use from an end users perspective.To highlight this a little bit more in our testing ECC shows better server-to-desktop performance and response time, comparing the RSA certificate handling 450 requests per second with an average response time of 150 milliseconds to the desktop, with an ECC certificate under the same conditions averaging just 75 milliseconds.
I want to highlight a few of the companies who we are actively working with today to broaden the availability of ECC support. Of course a key part of this support is the ability of Web browsers to support a vendor's specific certificate crypto "root" . The Microsoft Internet Explorer, Google Chrome and Mozilla Firefox browsers typically have coded into the various versions the certificate "root" information, and this has been done in the case of ECC SSL. Google software engineer Adam Langley quoted on screen here underscores Google’s commitment to ECC saying, "We believe in constantly furthering security, which is why Chrome supports Elliptic Curve Digital Signature Algorithm on all modern operating systems." Akamai have also publically committed to ECC with Stephen Ludin, chief architect, of Akamai Technologies stating“The future is going to necessitate increasingly higher security cryptography and Akamai sees ECC as a technology that will allow cloud platforms to scale to meet those security demands without the crippling complexity of today’s common algorithms, it is a significant step forward to better protect our data online in this hyper-connected world. As the Certificate Authority ecosystem for ECC gets ready, we will be building support into the Akamai Intelligent Platform.”In terms of browsers OPERA released in January 2013 support for ECC stating “At Opera we are committed to both high quality and security, and we welcome the adoption of new and improved security standards on the web. Elliptic Curve Cryptography provides significant improvements over earlier algorithm standards, and we are delighted to see Symantec support it. Opera's Presto engine added support for ECC in version 395” So along with the companies mentioned on the slide there is significant traction the marketplace.
The algorithm agility program for the Managed PKI for SSL lets you get up to three alternate certificates for the price of one certificate. Each certificate uses a different public key algorithm but is otherwise identical in terms of the product type, organization, common name, subject alternative name (SANs), licenses, and validity end date. The Norton™ Secured Seal also works in the same way for all three types of certificates.After you get the certificates, you can search, renew, and revoke each one independently.In terms of browser compatibility: here’s what we see today
To recap: ECC is an Algorithm that is faster and strongerFirstly Symantec is the first CA to commercially offer SSL certificates using Elliptic Curve Cryptography (ECC). And based on our internal testing, ECC advancements deliverthe following advantages:Greater security as Symantec ECC will be 10,000 times harder to break than an RSA 2048-bit key based on industry computation methods. Symantec 256-bit ECC certificates offer the equivalent security of a 3072-bit RSA certificate.Improved server performance during peak loads with the ability to process more requests per second with lower CPU utilisation. This is becoming more and more important as mobile and tablet adoption place ever increasing demands on web infrastructure.Improved server-to-desktop performance and response time. Our own internal testing showed a server with an RSA certificate handled 450 requests per second with an average response time of 150 milliseconds to the desktop clients. The server with an ECC certificate under the same conditions netted an average response of just 75 milliseconds.ECC delivers higher scalability to handle the demands of online interactions across billions of connected endpoints, enabling organizations to make greater gains in their online information sharing, cloud services and ecommerce initiatives. Plus for end users, improved computational performance and enhanced infrastructure utilization increase their overall productivity for a more favourable experience. In other words customers and end users get a slicker faster experience on sites. Imagine being a customer trying to buy those elusive Prince tickets online a few years back – the difference between then and now would have been truly amazing.
Here are a few links where you can find out more information – as I said earlier this information is also available on the BrightTALK webinar platform.