Symantec’s Algorithm Agility

27 March 2013

Andrew HorburyProduct Marketing Manager

Todays Agenda• Symantec’s Algorithm Agility–What we’ve announced–Why we’re doing this–The benefits–Performance in our labs

• Our partners• Q&A

Symantec's Algorithm Agility

Algorithm Agility: what we’ve announced

• First CA to offer 3 crypto algorithms

• Available now in Managed PKI SSL Certificates

More Choices | Improved Performance | Increased Security

• No additional charge for ECC and DSA

Symantec's Algorithm Agility

Algorithm Agility: why we’re doing this?

NISTRecommendations Compliance

Requirements

IncreasedAttacks & Outages

Mobile & CloudProliferation

ECCDSARSA

Symantec's Algorithm Agility

The Big NumbersSource: Symantec's ISTR

5.5Bn Attacks blocked by Symantec ↑ +81%403M Unique variants of malware ↑ +41%4,597 Web attacks per day ↑ +36%4,989 New vulnerabilities discovered ↓ -20%

315 New mobile vulnerabilities ↑ +93%75% Spam rate ↓ -34%

Symantec's Algorithm Agility

Cyber Attacks On The RiseEveryone Has a Part to Play To Help Combat These

Symantec's Algorithm Agility

Frequency of cyber attacks experienced by enterprises*

Viruses, worms, trojans

Malware

Botnets

Web-based attacks

Stolen devices

Malicious code

Malicious insiders

Phishing & social engineering

Denial of service

100%

96%

82%

64%

44%

42%

30%

30%

4%

* Source: Ponemon Institute 2012

Algorithm Agility: the benefits

ECC

• Shorter key than RSA

• 256-bit ECC = 3072-bit RSA

• 10k times harder to crack than RSA 2048

• Meets NIST recommendations

Stronger Encryption

1

Efficient Performance

2

• Efficiency increases with higher server loads• Utilises less server

CPU• PC’s: Faster page load

time

• Ideal for mobile devices

Highly Scalable

3

• Large SSL deployments w/out additional hardware• Securing the

enterprise:• Use fewer

resources

• Lower costs

Future of Crypto Tech

4

• Viable for many years

• Built for Internet of things to come

• Supports billions of new devices coming online

• Ideal for Open Networks

• Truly ‘future proof” trust infrastructure in place.

Symantec's Algorithm Agility

ECC: 10,000 times harder to break than RSA keys

Symantec's Algorithm Agility 8

1.00E+12 1.00E+24 1.00E+28 1.00E+47 1.00E+660

2000

4000

6000

8000

10000

12000

14000

16000

18000

ECCRSA

Key Size (bits)

MIPS Years to break

Current acceptable security

Level [10^24 MIPS years]The longer the RSA key, the

less applicable it becomes in the real-world

ECC maintains very complex cryptography with key

lengths that meet real-world demands

Source: Symantec Internal Research and Testing. Computations http://www.nsa.gov/business/programs/elliptic_curve.shtml Symantec ECC-256 certificates offer the security equivalent of a 3072-bit RSA certificate.

NIST as of1-1-20142048 bits

SymantecECC today256 bits

Improved Server Performance

• ECC 256 has better performance than RSA at 0, 90k, and 200k connections

• ECC performance numbers are expected to significantly improve over time as the industry optimises for ECC as it did for RSA

• With better performance – customers will need to purchase fewer servers to handle SSL connections – a big cost saving

• Performance efficiencies- Uses less server power- Handles more requests- Is more scalable

Source: Symantec Internal Research and Testing

Web pages encrypted w/ECC load faster than those with RSA

Symantec's Algorithm Agility

Improved Desktop Performance and User Experience

As a server gets hit with more traffic,

ECC…without affecting

load…

in less time…

processes more requests…

…than RSASource: Symantec Internal Research and Testing

Symantec's Algorithm Agility

Industry-leading Companies Partner with Symantec to Accelerate ECC Adoption

Symantec's Algorithm Agility

“We believe in constantly furthering web security, which is why Chrome supports Elliptic Curve Digital Signature Algorithm (ECDSA) on all modern operating systems,” Adam Langley, Software Engineer Google.

Availability Today• For Symantec Managed PKI for SSL Customers:– DSA is available with any SSL Certificate. – ECC is available with any Premium SSL certificate

• Symantec is the only company that offers these three different algorithms.

Browsers compatible with ECC (as of 11 March 2013)• Firefox 18 • Internet Explorer relies on the OS Root Store and Windows Root Update

Mechanism, so any version of Internet Explorer on Windows Vista, Windows 7 and Windows 8 will work after you visit a site that chains up to the root.

• Chrome on Windows relies on the OS Root Store and Windows Root Update Mechanism, so any version of Chrome on Windows Vista, Windows 7 and Windows 8 will work after you visit a site that chains up to the root.

Symantec's Algorithm Agility

Recap: ECC is faster and stronger• Greater security Symantec ECC will be 10,000 times harder to

break than an RSA 2048-bit key based on industry computation methods. Symantec 256-bit ECC certificates offer the equivalent security of a 3072-bit RSA certificate.

• Improved server performance - during peak loads with the ability to process more requests per second with lower CPU utilisation. This is becoming more and more important as mobile and tablet adoption place demands on web infrastructure.

• Improved server-to-desktop performance and response time. Our internal testing showed a server with an RSA certificate handled 450 requests per second with an average response time of 150 milliseconds to desktop clients. The server with an ECC certificate under the same conditions netted an average response of just 75 milliseconds.

Symantec's Algorithm Agility

More Information• Algorithm Agility ECC & DSA Blog => http://bit.ly/XGUzTU• Why Symantec and SSL Overview Video => http://bit.ly/VbGU8E• FAQ: ECC and DSA Certificates = > http://bit.ly/VT7a4O • SlideShare: Symantec WSS => http://slidesha.re/XwaUfX• https://www.symantec.com/en/uk/ssl-certificates • http://www.nsa.gov/business/programs/elliptic_curve.shtml

Symantec's Algorithm Agility

Thank you!Andrew Horburyandy_horbury@symantec.com

Symantec's Algorithm Agility