TLS 1.3 Makes Security Tools Obsolete?

Question

I am a student and relative noob in IT security performing research for three reasons: school, my employer and personal curiosity, and I hoped maybe someone could answer a question for me.

In a video posted to YouTube by Akamai (https://www.youtube.com/watch?v=eW_A7tUuop4), the features and present direction of the proposed changes to the TLS protocol were discussed. While I am very much for the added security benefits that TLS 1.3 will add, I am also concerned as an interested party in critical infrastructure. There were three camps mentioned as being represented in the implementation considerations of TLS 1.3 but the organisations who run critical infrastructure did not seem to be amongst them (except to say that the crypto warriors wish to obfuscate information from them). How or what is proposed for those of us who NEED to be monitoring network traffic in order to ensure our good intended employees aren't inadvertently bringing bad traffic into our networks, to continue to do our jobs effectively? As I understand it, our employee would still be able to travel to (lets say) Facebook and click away but the difference would be the inability for the network monitors to see if that link was from a malicious host... is this accurate (very simplistically to one degree or another)? Do you have any information or recommendations on how to handle this situation? There are some that I can think of but there are questions as to their ethical and legal ramifications... but this is all assuming I am interpreting the situation correctly.

To the best of my knowledge and extensive research on the web, I have been unable to locate discussions related to this topic. I found mention of it on one site where it read:

There are security tradeoffs with encrypted communications, given that many of today's security tools can't perform their tasks if the network flows are encrypted. How do you reconcile that? (http://www.darkreading.com/perimeter/qanda-internet-encryption-as-the-new-normal/d/d-id/1317783)

Which was promptly blown off as an "We recognize that and will address it later" answer (and hasn't that been the problem with IT security to date? ... I digress). It could quite possibly be that I am not using the right search terms but so far the discussion has far been one of semantics (i.e. the price of encrypting SNI, version intolerance effects, Requiring OCSP for EV, etc.) as opposed to practical application from the security admin POV.

Answer 1

I don't see how TLS 1.3 should harm the current way TLS interception is done.

Currently TLS interception is done by having a man-in-the-middle proxy. Connections from client to server will be handled by this proxy the following way:

• Create TLS connection between proxy and server.
• Create a new server certificate (often just a clone of the original certificate) but sign it by the proxy CA.
• Make a TLS handshake for the connection between client and proxy using the new certificate. Since the client trusts the proxy CA it will accept the new certificate. There are some limits when certificate pinning is used by the client, but browsers like Firefox and Chrome ignore pinning if the proxy CA was explicitly added to the system. Other clients like Dropbox simply fail.

With this setup the proxy can read and manipulate the traffic. This kind of setup will still work with TLS 1.3 because all it does is in effect to make two TLS connections out of one. And even if TLS 1.3 is not implemented by the intercepting proxy it will work in most cases because the TLS connection will then use TLS 1.2 or lower, same as it would do if a TLS 1.3 client talkes with a TLS 1.2 server or the other way. Only if client or server exclude all protocols except TLS 1.3 it will fail in this case.

If you think there are features in TLS 1.3 which make this typical TLS interception setup impossible than please point them out in your question.

Answer 2

that's my video! Thanks for watching!

I've got a couple answers. First, proxies will still work: you just need to get the client to trust an "enterprise" cert. Second, you're right that the old snooping model where a middle-box knows the RSA private key of the server (and forces RSA key exchange) will not work. Since most browsers have moved hard to ECDHE key exchange, that won't work with TLS 1.2 either!

But you know, my job is playing defense for a major infrastructure player too. So let me back up to address the bigger question: how does an operator of infrastructure, responsible for the safety of machines "inside" some membrane, manage what my well-intentioned users are bringing into my network? We've never had a great answer to this. Airgaps work, I guess, but Manning and Snowden are data points indicating that the NSA didn't have this managed tightly enough. The rest of us are not going to hit their standard. So what can we do?

My answer is: give up on having a network with a hard exterior where only good things get in---but I can get to my AD domain controller, my printers, my video conferencing hardware, my file store, my thermostats and HVAC. The HVAC controllers, the video chat machines, the printers, the "room wizards" are all going to have the problems of consumer IOT added to the problems of enterprise monoculture. That's not a terrain I'd choose to defend. Relatedly: my colleagues are all going to take their laptops home and connect them to home wifi (with the Chromebook their kid takes to school, and the game consoles). They'll take them too Starbucks. They'll use them with in-flight Wi-Fi, and nothing I do will stop them from clicking on "Free Airport WiFi". I have to give them machines suitable for use in that environment. iPads are great. Chromebook are great. Other answers can be found—and there are plenty of vendors eager to show you how.

For example, Google's talked with justifiable pride about their BeyondCorp and ZeroTrust models. They got beyond the corporate network. Now user workstations get role-based access grants to specific applications, which are conditional on passing tests of configuration quality. Akamai does have products in this space, and I'm proud of them. Others do too.