The Secure Sockets Layer (SSL) protocol was initially launched in 1994 by Netscape. It has undergone several modifications, most notably rebranding to Transport Layer Security (TLS), and has emerged as one of the most widely utilized encryption protocols on the Internet.
Initially designed to safeguard financial transactions and personal data for rising e-commerce ventures online, its applications have broadened over recent years, encompassing almost all digital communications. Nowadays, almost every widely-used website or service supports encrypted connections. While this is generally beneficial, it has also allowed phishing websites to utilize TLS, making them seem more credible to unsuspecting users, and some harmful software takes advantage of the TLS protocol to obscure their malicious actions.
To address security concerns, many organizations deploy security appliances that analyze TLS connections to ensure adequate protection for their systems. Although it might seem as if these devices can ‘break’ encryption, they operate under the premise that they function as their own certificate authority, trusted by the enterprise clients alone; they do not interfere with anyone else. Most of these appliances tend to allow list certain websites (including healthcare, banking, and other services managing sensitive information) because the potential threats to enterprise security do not justify the risk of exposing deeply personal information about employees. Additionally, these devices often cease to monitor connections when the assessed risk appears minimal. Various regulatory frameworks require certain industries to scrutinize traffic as it exits their networks.
The IETF is set to release version 1.3 of the TLS specification, which addresses multiple issues to ensure the protocol’s relevance for the future:
- It eliminates outdated cryptography that should no longer be in use.
- It minimizes the likelihood of various attacks.
- It enhances connection privacy protections, designed to shield users from ‘pervasive monitoring‘.
However, these advancements could complicate enterprise security models significantly. There are two main issues likely to adversely affect enterprise security.
The first issue is the inability to allow list websites anymore, due to the encryption of server certificates (which authenticate a site). Consequently, security appliances may struggle to determine whether communications are with a legitimate bank or if malware is communicating with its operators without breaking the connection. While theoretically, one could disrupt a connection’s initiation and disengage if it is deemed low risk, this leads us to the second challenge; this is not possible in TLS 1.3. Once a connection is proxied, it must be monitored until completion.
This means that organizations will need to proxy every single TLS 1.3 connection—regardless of necessity—for the entire duration of the connection. This situation could greatly reduce employee privacy within organizations, escalate equipment and energy costs, and likely heighten overall technical risks for both the organization and its staff. Clearly, this is not a favorable scenario.
At present, this poses no major issue as enterprises are capable of limiting support to TLS 1.2, allowing them to manage their risks effectively. However, it’s only a question of time before a major service transitions to exclusively using TLS 1.3, prompting organizations to choose between restricting access or surrendering their capacity to fully manage enterprise risks.
Some may argue that endpoint security will counterbalance the drawbacks. Nevertheless, lessons learned from an over-reliance on endpoint security indicate the importance of layered defenses. Anticipation of new cybersecurity products that claim to assess TLS 1.3 connections simply by analyzing encrypted packet flows is likely, but such solutions may struggle to withstand capable adversaries:
- Attackers have long imitated traffic patterns to conceal themselves, and doing so will become even easier under these conditions.
- Server Name Indicators remain unencrypted, but they originate from the client, rendering them loosely associated with the server being accessed.
- While DNS names continue to be available, complications may arise based on enterprise architecture, especially if encrypted DNS becomes widely adopted through a standard known as DPRIVE.
- Making risk assessments based on IP addresses is weak, and the transition to IPv6 may exacerbate this issue.
- The emergence of IoT hubs may complicate users’ understanding of data transmission if these hubs lack selective proxying capabilities.
It is almost certain that investigating cybersecurity incidents in enterprises will become more challenging, as much of the data used for detecting compromised devices will be harder to obtain. Thus, while TLS 1.3 undoubtedly offers improved protection for individuals, it appears likely to have negative implications for enterprise security if it becomes the default standard.
Efforts must be undertaken at both national and international levels to comprehend the ramifications of this change. For instance, it seems that TLS 1.3 services may be incompatible with the payment industry standard PCI-DSS and the health industry obligations set forth in HIPAA. Other apparent conflicts surely exist, and many potential issues remain unexamined. Furthermore, we require more research into effective enterprise risk management as TLS 1.3 is adopted as the standard over the next few years.
I’m anticipating accusations of being an informant for intelligence agencies opposed to encryption. However, the NCSC has promised transparency and an evidence-based approach, and current findings suggest that, generally, TLS 1.3 may be detrimental for enterprises. We find ourselves in an unusual position where well-designed, well-intentioned encryption may consequently pose a cybersecurity downside. I am not advocating for a change in the standard—it’s likely too late for that. But swift action is necessary to prevent attackers from gaining a substantial advantage.
Ian Levy
Technical Director, National Cyber Security Centre
Based on an article from ncsc.gov.uk: https://www.ncsc.gov.uk/blog-post/tls-13-better-individuals-harder-enterprises
