Perfect Forward Secrecy

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey everybody john wagon here with deb central we're coming to you with another light board lesson video and today we're going to talk about this concept known as perfect forward secrecy and and this deals with when you encrypt communications between client and server and the TLS protocol that's used to do that and the handshake that happens in the keys that are exchanged and all that kind of stuff so that's what this that's what this whole concept deals with so to start things out i'm going to talk about a kind of a use case if you will a very common use case of a client that needs to establish a secure communication with the server a web server and in order to do that they go through this TLS handshake and we've done some videos on that i'll link to them and the bottom down here but the the basic concept of what happens when a client communicates with the server is you've got the client over here and you got the server over here and the client sends what's called a client hello message that's the beginning of the TLS handshake and then the server and with that there's a set of cipher suites that are offered up by the client the server has a set of cipher suites that are configured on the server and then it gets to choose which cipher suite is going to be used in this whole communication but ultimately the server is going to send back a certificate and so i'll put a cert right there certificate which includes the public key that the server has and the server of course offers up the public key to everybody because it's public and then the client then is going to compute i'm going to call it a pre-master secret and it computes the premaster secret and then it sends that premaster secret back to the server and then it uses the public key that's included in that certificate it uses the public key to encrypt the premaster secret so when it comes over here then the server can use its private key so I'll put the private key too then decrypt that premaster secret because if you guys remember with asymmetric cryptography the if you encrypt something with the public key the only thing that can can decrypt it is the private key all right so now the server has the premaster secret because it's decrypted that with its private key because it was encrypted with the public key from the client all right and so now it has the premaster secret and then from the premaster secret both the client and the server are going to generate then the master secret or the session key that is used for bulk encryption so so I'll just I'll put you know this is the ultimate not premaster secret but the master secret that both of them are ultimately going to come to and that's going to be used for output kind of a double arrow the bulk encryption and that is used to input to the bulk encryption algorithm which in many cases is AES it doesn't have to be but in many cases it's AES this concept of private and public key typically is used in the concept of the RSA encryption algorithm where you have a public key and a private key that's what RSA is all about and so this is all well and good except if this private key is ever compromised which you would ask yourself why would it ever be compromised well I don't know maybe you got some nation-state hacking group that really goes after it hard then they figure out what the private key is or maybe there's a court order you know you have some kind of subpoena that says hey you know company X you've got to turn over your private key to whoever so for any number of reasons this private key may be compromised and so the situation could happen that you have some nefarious Act or some hacker bad guy that's that's collecting all of the communication down here that's encrypted with these secret keys and he and this bad guy stores it maybe on a hard drive or whatever and he just collects it for years and years and years and then one day in the future for whatever reason he gets the private key from this server and if he gets the private key then he can take that premaster secret and he can decrypt it because that's what the client had he can decrypt that premaster secret and then it's fairly trivial at that point to then general from that premaster secret the actual secret key that's used in this encryption then he can decrypt everything and he can look at all of your communication that you thought was secure and so people said hey let's let's try to figure out a way around that and so that's where this concept of perfect forward secrecy comes into play and perfect forward secrecy tries to get around this or frankly does get around this by using some encryption methodologies that are not reliant on the private key of the server so I'm going to come over here really quick and I'm going to show you another example of what's used in many cases today where you have a client right here and a server over here and so the client sends the hello message just like you normally did so client hello and then what the server is going to do is the server is going to generate a prime number so here's a prime number and then also this thing called a modulo and then the server is going to pick that frankly create that and then send that back over to the client but also as it sends it back over to the client it's going to it's going to generate what I'll call this secret the secret number that's based by the way what I'm describing here is the diffie-hellman key exchange and the diffie-hellman key exchange is really cool it's based on these complex mathematical properties but it does not ever rely on the server or the client using the public or private key in order to exchange the these premaster secrets and ultimately the keys and so the server can pick a known prime number a known modulo and then it and then it picks a random integer so I'm going to say random random integer integer and so using the known prime number and the known modulo and then it's chosen secret I'll call random integer it created it calculates a value and I'll call it the value I'll call it a it sends that over to the client so it sends the prime number the modulo and this calculated value a well the client now has the prime the modulo it's going to it's going to pick its own and integer so I'm going to put random integer over here as well integer and using that same prime number that same modulo and that calculated value for a it's going to calculate a value for and I'll call it B and it's going to send that value B back over to the server and this is the this is the key exchange the server key exchange and the client key exchange which can be a part of the TLS handshake it doesn't have to be like a like I showed over here and it depends on what cipher Suites you choose if you choose if you don't choose a dipping Hellman key exchange part of your cipher suite then you're not going to have the key exchange part over here you're going to you're going to use RSA for that but if you choose a difficulty exchange cipher suite then you will have a server key exchange and client key exchange as a part of your TLS handshake nonetheless when these a when this value a and B both gets sent back and forth then each one of them can use the Associated values to then go and this is where the diffie-hellman key exchange mathematics gets like really complicated and really cool actually they can both generate the same I'm going to call it a pre master master secret and then I'll just put that over here as well so a premaster secret goodness premaster secret just so ultimately they have arrived at the same thing that the RSA key exchange arrived at as well but they've arrived there without ever having to know the private key of the server and again it's based on this complex math of what the difficulty exchange is founded on and it's really cool stuff so based on all this then they can arrive they can do all the complex math they arrive at the same free master secret and then the same the same basic concept happens at that point where they take the premaster secret and using that using that information using those values then they can then generate the master secret so I'll put you know secret down here and secret down here so this leads to that this leads to that and then this now can be used as the key again probably and I'll just put a tes again I'm choosing AES because it's a really common bulk encryption algorithm and so you have arrived now at a master secret using a bulk encryption algorithm but you've arrived there without ever having to know the private key of the server such a really cool thing alrighty so what this does and the way that this all ties back now to perfect forward secrecy is if the private key of the server is ever compromised if you use this stuff if you use the diffie-hellman key exchange then it doesn't matter if the private key is ever compromised because when this when these random integers I'll just circle this right here these random integers are chosen then these things are just randomly chosen and and I'll also introduce another another word it's called ephemeral u ephemeral and what ephemeral means is very short-lived it doesn't take you know it's not around for very long kind of thing it's kind of like a kind of like a New Year's resolution you know for most people it just doesn't last very long but nonetheless ephemeral the basic concept of ephemeral is it just does not last long so if you pick a different ephemeral key exchange for your cipher suite then what's happening is every single time the client establishes a new session with the server then brand new random integers are chosen and these are called ephemeral this would be an ephemeral key exchange and that is that again the random integers have chosen brand-new ones every single time and so even if you did happen to choose or happen to compromise the random integers that that that are used in the creation of all these premaster secrets and secrets and all that even if you were to grab hold of one of those if you use ephemeral keys then you would only have enough information to compromise the communication of that one session between the client and the server and so the next time it establishes a new session it's a completely different set of random integers and you would have no idea what they're talking about or you would have no idea what the encryption what the secret would be that you know encrypted all that stuff so so anyway so perfect forward secrecy is not necessarily a checkbox that you normally have or that you would have say on your big IPO or otherwise it is an outcome of choosing a certain type of cipher suite key exchange so when you choose the diffie-hellman key exchange you ultimately achieve the this idea of forward secrecy and if you choose diffie-hellman ephemeral key exchange then you achieve the effect of the what we call a perfect forward secrecy because you're going to have brand-new random integers every single time and so so when you're in your big IP and you're doing your configurations and all that don't necessarily look for hey let me check box the the perfect forward secrecy check box what you need to do is you need to choose the right cipher suites that then would provide the effect of perfect forward secrecy and so I can link to that in the bottom of this video to show you the actual cipher suites basically what you need to do is you need to make sure that diffie-hellman is chosen as the key exchange mechanism and ultimately diffie-hellman ephemeral so when you're when you're configuring your client SSL profile on your big IP you need to make sure you choose the right cipher suites that would then achieve the effect of perfect forward secrecy so hopefully you've learned a couple of things on you know the way that it's not the way that key exchange is done in some instances the way that it can be done and this is by far the better choice because it provides more secrecy in the future so if anyone is ever capturing all your communication they try to go back and decrypt it later on if you're doing this stuff where you have a brand-new you know ephemeral key every single session it doesn't matter they're not going to be able to read all your stuff so anyway get out there configure that big IP properly again will liable linked to two different resources in the bottom of this video that way you can check it all out so again hopefully you've learned a couple things here about perfect forward secrecy thanks for watching this edition of lightboard less in it we'll see you guys out there in the community you
Info
Channel: F5 DevCentral
Views: 50,030
Rating: 4.8669 out of 5
Keywords: f5, devcentral, lightboard, pfs, ssl
Id: IkM3R-KDu44
Channel Id: undefined
Length: 13min 26sec (806 seconds)
Published: Tue Apr 25 2017
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.