Re: [TLS] The future devices that will break TLS 1.4
On Saturday, 13 January 2018 03:31:23 CET Christian Huitema wrote: > On 1/12/2018 1:53 PM, Dan Wing wrote: > > The question I want to ask: What can we do *now* to stop this from > > happening when TLS 1.4 will be deployed? I have the feeling GREASE > > won't be enough... > > Data sets. Machine learning algorithms are trained with data sets. If we > produce reference data sets showing what TLS 1.4 looks like, the vendors > can retrain their AI and start recognizing the new version for what it > is, rather than some unknown attack. doesn't help with already deployed gear, and we really can't predict how TLS 1.4 will look like to give examples of it to them right now -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic signature.asc Description: This is a digitally signed message part. ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] The future devices that will break TLS 1.4
The research that this is built on isn't especially new: https://arxiv.org/abs/1607.01639 The interesting observation in that paper is that the results are obtained only from the subset of malware that uses its own TLS configuration. Those that used the Windows stack in a default configuration were removed from consideration. Now, it's possible that things have improved since that paper, but it suggests the presence of a gap that we might exploit. So I'm not so down on GREASE. On Sat, Jan 13, 2018 at 10:02 AM, Hanno Böckwrote: > Hi, > > This working group just went through a painful process of realizing > that deploying a new TLS version on the Internet is a hard task due to > broken devices. If you're not aware David Benjamin just gave a great > talk summarizing the issues: > https://www.youtube.com/watch?v=_mE_JmwFi1Y > > Today I found this article: > https://www.theregister.co.uk/2018/01/11/cisco_sniff_malware_inside_encrypted_traffic/ > > tl;dr Cisco now says they can identify malware in TLS traffic by > carefully looking at it. > (For context: devices from Cisco were responsible for many of the > issues that made deploying TLS 1.3 hard, e.g. version intolerance on > load balancers and recently by not correctly terminating TLS in a > firewall.) > > > I'll dare to have a look into the future and make this imho very > plausible claim: > Cisco won't be the only vendor selling such things. We will see more > products that magically can identify "bad things" in TLS traffic by > applying everything from AI to Blockchain. > We will almost certainly see a whole new generation of devices doing > weirdness with TLS and who will drop or manipulate packages that contain > things they don't know (like... a version negotiation field with TLS > 1.4 or a large post quantum key exchange message). > > The question I want to ask: What can we do *now* to stop this from > happening when TLS 1.4 will be deployed? I have the feeling GREASE > won't be enough... > > -- > Hanno Böck > https://hboeck.de/ > > mail/jabber: ha...@hboeck.de > GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 > > ___ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] The future devices that will break TLS 1.4
On Sat, Jan 13, 2018 at 12:02 AM, Hanno Böckwrote: > > The question I want to ask: What can we do *now* to stop this from > happening when TLS 1.4 will be deployed? I have the feeling GREASE > won't be enough... Sidebar: TLS 4 ;) -- Tony Arcieri ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] The future devices that will break TLS 1.4
On 1/12/2018 1:53 PM, Dan Wing wrote: > I'll dare to have a look into the future and make this imho very > plausible claim: > Cisco won't be the only vendor selling such things. We will see more > products that magically can identify "bad things" in TLS traffic by > applying everything from AI to Blockchain. Well, of course we will see such products. We know that it is possible to do a lot of pattern recognition based on properties of the encrypted traffic, as well as clear text parts of the headers. And we also know that there are lots of network managers that want to understand what's happening in their networks. The kind of products shown here seems rather preferable to the previous generation of products that required breaking the encryption. > We will almost certainly see a whole new generation of devices doing > weirdness with TLS and who will drop or manipulate packages that contain > things they don't know (like... a version negotiation field with TLS > 1.4 or a large post quantum key exchange message). That's the general problem with machine learning. The attackers will be learning too, and will try to tweak their traffic until it looks innocuous. As attackers do that, filters will try to catch them, and the chances for "false positive" are going to increase. > The question I want to ask: What can we do *now* to stop this from > happening when TLS 1.4 will be deployed? I have the feeling GREASE > won't be enough... Data sets. Machine learning algorithms are trained with data sets. If we produce reference data sets showing what TLS 1.4 looks like, the vendors can retrain their AI and start recognizing the new version for what it is, rather than some unknown attack. -- Christian Huitema ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] The future devices that will break TLS 1.4
On Fri, 12 Jan 2018 15:53:05 -0800 Dan Wingwrote: > Those bugs that interfere with TLS handshakes are un-related to > Cisco's Encrypted Traffic Analytics ("ETA"). Different technologies. I haven't claimed that. I just think it's very plausible to assume that a company that already created two independent problems for TLS 1.3 will do the same in future products that mess with TLS in "new and exciting ways". And for the unlikely case that Cisco is able to learn from past mistakes I'm absolutely sure there will be others creating similar products that won't. -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] The future devices that will break TLS 1.4
On Jan 12, 2018, at 3:02 PM, Hanno Böckwrote: > > Hi, > > This working group just went through a painful process of realizing > that deploying a new TLS version on the Internet is a hard task due to > broken devices. If you're not aware David Benjamin just gave a great > talk summarizing the issues: > https://www.youtube.com/watch?v=_mE_JmwFi1Y > > Today I found this article: > https://www.theregister.co.uk/2018/01/11/cisco_sniff_malware_inside_encrypted_traffic/ > > tl;dr Cisco now says they can identify malware in TLS traffic by > carefully looking at it. > (For context: devices from Cisco were responsible for many of the > issues that made deploying TLS 1.3 hard, e.g. version intolerance on > load balancers and recently by not correctly terminating TLS in a > firewall.) Those bugs that interfere with TLS handshakes are un-related to Cisco's Encrypted Traffic Analytics ("ETA"). Different technologies. -d > I'll dare to have a look into the future and make this imho very > plausible claim: > Cisco won't be the only vendor selling such things. We will see more > products that magically can identify "bad things" in TLS traffic by > applying everything from AI to Blockchain. > We will almost certainly see a whole new generation of devices doing > weirdness with TLS and who will drop or manipulate packages that contain > things they don't know (like... a version negotiation field with TLS > 1.4 or a large post quantum key exchange message). > > The question I want to ask: What can we do *now* to stop this from > happening when TLS 1.4 will be deployed? I have the feeling GREASE > won't be enough... > > -- > Hanno Böck > https://hboeck.de/ > > mail/jabber: ha...@hboeck.de > GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 > > ___ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
[TLS] The future devices that will break TLS 1.4
Hi, This working group just went through a painful process of realizing that deploying a new TLS version on the Internet is a hard task due to broken devices. If you're not aware David Benjamin just gave a great talk summarizing the issues: https://www.youtube.com/watch?v=_mE_JmwFi1Y Today I found this article: https://www.theregister.co.uk/2018/01/11/cisco_sniff_malware_inside_encrypted_traffic/ tl;dr Cisco now says they can identify malware in TLS traffic by carefully looking at it. (For context: devices from Cisco were responsible for many of the issues that made deploying TLS 1.3 hard, e.g. version intolerance on load balancers and recently by not correctly terminating TLS in a firewall.) I'll dare to have a look into the future and make this imho very plausible claim: Cisco won't be the only vendor selling such things. We will see more products that magically can identify "bad things" in TLS traffic by applying everything from AI to Blockchain. We will almost certainly see a whole new generation of devices doing weirdness with TLS and who will drop or manipulate packages that contain things they don't know (like... a version negotiation field with TLS 1.4 or a large post quantum key exchange message). The question I want to ask: What can we do *now* to stop this from happening when TLS 1.4 will be deployed? I have the feeling GREASE won't be enough... -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls