ECC and DSA SSL algorithms and how they can help your online business
-
Upload
symantec-website-security -
Category
Technology
-
view
918 -
download
3
Transcript of ECC and DSA SSL algorithms and how they can help your online business
Symantec’s Algorithm Agility
27 March 2013
Andrew HorburyProduct Marketing Manager
Todays Agenda• Symantec’s Algorithm Agility–What we’ve announced–Why we’re doing this–The benefits–Performance in our labs
• Our partners• Q&A
Symantec's Algorithm Agility
Algorithm Agility: what we’ve announced
• First CA to offer 3 crypto algorithms
• Available now in Managed PKI SSL Certificates
More Choices | Improved Performance | Increased Security
• No additional charge for ECC and DSA
Symantec's Algorithm Agility
Algorithm Agility: why we’re doing this?
NISTRecommendations Compliance
Requirements
IncreasedAttacks & Outages
Mobile & CloudProliferation
ECCDSARSA
Symantec's Algorithm Agility
The Big NumbersSource: Symantec's ISTR
5.5Bn Attacks blocked by Symantec ↑ +81%403M Unique variants of malware ↑ +41%4,597 Web attacks per day ↑ +36%4,989 New vulnerabilities discovered ↓ -20%
315 New mobile vulnerabilities ↑ +93%75% Spam rate ↓ -34%
Symantec's Algorithm Agility
Cyber Attacks On The RiseEveryone Has a Part to Play To Help Combat These
Symantec's Algorithm Agility
Frequency of cyber attacks experienced by enterprises*
Viruses, worms, trojans
Malware
Botnets
Web-based attacks
Stolen devices
Malicious code
Malicious insiders
Phishing & social engineering
Denial of service
100%
96%
82%
64%
44%
42%
30%
30%
4%
* Source: Ponemon Institute 2012
Algorithm Agility: the benefits
ECC
• Shorter key than RSA
• 256-bit ECC = 3072-bit RSA
• 10k times harder to crack than RSA 2048
• Meets NIST recommendations
Stronger Encryption
1
Efficient Performance
2
• Efficiency increases with higher server loads• Utilises less server
CPU• PC’s: Faster page load
time
• Ideal for mobile devices
Highly Scalable
3
• Large SSL deployments w/out additional hardware• Securing the
enterprise:• Use fewer
resources
• Lower costs
Future of Crypto Tech
4
• Viable for many years
• Built for Internet of things to come
• Supports billions of new devices coming online
• Ideal for Open Networks
• Truly ‘future proof” trust infrastructure in place.
Symantec's Algorithm Agility
ECC: 10,000 times harder to break than RSA keys
Symantec's Algorithm Agility 8
1.00E+12 1.00E+24 1.00E+28 1.00E+47 1.00E+660
2000
4000
6000
8000
10000
12000
14000
16000
18000
ECCRSA
Key Size (bits)
MIPS Years to break
Current acceptable security
Level [10^24 MIPS years]The longer the RSA key, the
less applicable it becomes in the real-world
ECC maintains very complex cryptography with key
lengths that meet real-world demands
Source: Symantec Internal Research and Testing. Computations http://www.nsa.gov/business/programs/elliptic_curve.shtml Symantec ECC-256 certificates offer the security equivalent of a 3072-bit RSA certificate.
NIST as of1-1-20142048 bits
SymantecECC today256 bits
Improved Server Performance
• ECC 256 has better performance than RSA at 0, 90k, and 200k connections
• ECC performance numbers are expected to significantly improve over time as the industry optimises for ECC as it did for RSA
• With better performance – customers will need to purchase fewer servers to handle SSL connections – a big cost saving
• Performance efficiencies- Uses less server power- Handles more requests- Is more scalable
Source: Symantec Internal Research and Testing
Web pages encrypted w/ECC load faster than those with RSA
Symantec's Algorithm Agility
Improved Desktop Performance and User Experience
As a server gets hit with more traffic,
ECC…without affecting
load…
in less time…
processes more requests…
…than RSASource: Symantec Internal Research and Testing
Symantec's Algorithm Agility
Industry-leading Companies Partner with Symantec to Accelerate ECC Adoption
Symantec's Algorithm Agility
“We believe in constantly furthering web security, which is why Chrome supports Elliptic Curve Digital Signature Algorithm (ECDSA) on all modern operating systems,” Adam Langley, Software Engineer Google.
Availability Today• For Symantec Managed PKI for SSL Customers:– DSA is available with any SSL Certificate. – ECC is available with any Premium SSL certificate
• Symantec is the only company that offers these three different algorithms.
Browsers compatible with ECC (as of 11 March 2013)• Firefox 18 • Internet Explorer relies on the OS Root Store and Windows Root Update
Mechanism, so any version of Internet Explorer on Windows Vista, Windows 7 and Windows 8 will work after you visit a site that chains up to the root.
• Chrome on Windows relies on the OS Root Store and Windows Root Update Mechanism, so any version of Chrome on Windows Vista, Windows 7 and Windows 8 will work after you visit a site that chains up to the root.
Symantec's Algorithm Agility
Recap: ECC is faster and stronger• Greater security Symantec ECC will be 10,000 times harder to
break than an RSA 2048-bit key based on industry computation methods. Symantec 256-bit ECC certificates offer the equivalent security of a 3072-bit RSA certificate.
• Improved server performance - during peak loads with the ability to process more requests per second with lower CPU utilisation. This is becoming more and more important as mobile and tablet adoption place demands on web infrastructure.
• Improved server-to-desktop performance and response time. Our internal testing showed a server with an RSA certificate handled 450 requests per second with an average response time of 150 milliseconds to desktop clients. The server with an ECC certificate under the same conditions netted an average response of just 75 milliseconds.
Symantec's Algorithm Agility
More Information• Algorithm Agility ECC & DSA Blog => http://bit.ly/XGUzTU• Why Symantec and SSL Overview Video => http://bit.ly/VbGU8E• FAQ: ECC and DSA Certificates = > http://bit.ly/VT7a4O • SlideShare: Symantec WSS => http://slidesha.re/XwaUfX• https://www.symantec.com/en/uk/ssl-certificates • http://www.nsa.gov/business/programs/elliptic_curve.shtml
Symantec's Algorithm Agility