the case for prefetching and prevalidating tls server ...€¦ · design prefetch certi cates...
TRANSCRIPT
![Page 1: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/1.jpg)
The Case for Prefetching andPrevalidating TLS Server
Certificates
Emily Stark, Lin-Shung Huang, Dinesh
Israni, Collin Jackson, Dan Boneh
February 8, 2012
![Page 2: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/2.jpg)
Transport Layer Security
• Want to secure traffic between web
browsers and servers
• One problem is latency from TLS
handshake
![Page 3: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/3.jpg)
The TLS handshake
![Page 4: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/4.jpg)
The TLS handshake
![Page 5: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/5.jpg)
The TLS handshake
![Page 6: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/6.jpg)
The TLS handshake
![Page 7: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/7.jpg)
The TLS handshake
![Page 8: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/8.jpg)
The TLS handshake
![Page 9: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/9.jpg)
Certificate validation: OCSP
• Online certificate status protocol
• Server certificate specifies OCSP
responder
• Clients asks responder whether cert is
valid
• Responder specifies how long response is
valid for
![Page 10: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/10.jpg)
Certificate validation: OCSP
• Online certificate status protocol
• Server certificate specifies OCSP
responder
• Clients asks responder whether cert is
valid
• Responder specifies how long response is
valid for
![Page 11: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/11.jpg)
Certificate validation: OCSP
• Online certificate status protocol
• Server certificate specifies OCSP
responder
• Clients asks responder whether cert is
valid
• Responder specifies how long response is
valid for
![Page 12: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/12.jpg)
Certificate validation: OCSP
• Online certificate status protocol
• Server certificate specifies OCSP
responder
• Clients asks responder whether cert is
valid
• Responder specifies how long response is
valid for
![Page 13: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/13.jpg)
The TLS handshake
![Page 14: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/14.jpg)
The TLS handshake
![Page 15: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/15.jpg)
Removing round trips
Previous proposal, TLS Snap Start
• Zero round trip handshake
![Page 16: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/16.jpg)
Removing round trips
![Page 17: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/17.jpg)
Removing round trips
![Page 18: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/18.jpg)
Snap Start challenges• Client must know server certificate
• Cached from previous visit
• Revocation checking is still slow
![Page 19: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/19.jpg)
Snap Start challenges• Client must know server certificate
• Cached from previous visit
• Revocation checking is still slow
![Page 20: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/20.jpg)
Snap Start challenges• Client must know server certificate
• Cached from previous visit
• Revocation checking is still slow
![Page 21: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/21.jpg)
Problem
• TLS imposes extra latency due toretrieving and validating servercertificate• How to obtain certificate to do Snap
Start handshake?• How to validate without extra latency?
![Page 22: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/22.jpg)
Contribution
• Real world study of OCSP response
times• Certificate prefetching and prevalidation
• Propose four prefetching strategies• Analysis of effectiveness• Prototype implementation
![Page 23: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/23.jpg)
How long does OCSP take in thereal world?
• Experimental setup• OCSP response times collected from
users running Perspectives browserextensions
• 242 clients, 4474 certificates, 24responders
![Page 24: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/24.jpg)
OCSP in the wild
CDF of OCSP response time:
Median: 291 ms, mean: 498 ms
![Page 25: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/25.jpg)
OCSP in the wild
CDF of OCSP response time:
Median: 291 ms, mean: 498 ms
![Page 26: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/26.jpg)
OCSP in the wild
CDF of OCSP response time:
Median: 291 ms, mean: 498 ms
![Page 27: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/27.jpg)
OCSP in the wild
CDF of OCSP response time:
Median: 291 ms, mean: 498 ms
![Page 28: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/28.jpg)
Design
• Prefetch certificates• Enables Snap Start handshakes more
frequently
• Prevalidate certificates• Removes OCSP lookup from critical path
![Page 29: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/29.jpg)
Design questions
• When to prefetch? When to prevalidate?
• How to obtain certificate?
![Page 30: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/30.jpg)
When to prefetch
Ideas borrowed from DNS prefetching:
• DNS prefetching triggers are effective
for certs
• Could be deployed with HTML hints for
effective prefetching
![Page 31: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/31.jpg)
When to prefetch
Ideas borrowed from DNS prefetching:
• DNS prefetching triggers are effective
for certs
• Could be deployed with HTML hints for
effective prefetching
![Page 32: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/32.jpg)
How to prefetch
• Goal: Obtain server certificate
• Challenge: Full TLS handshake is
expensive
• Four proposed methods that are more
efficient
![Page 33: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/33.jpg)
Prefetching methodsOption 1: Truncated handshake
![Page 34: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/34.jpg)
Prefetching methodsOption 1: Truncated handshake
![Page 35: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/35.jpg)
Prefetching methodsOption 1: Truncated handshake
• No public key crypto!
• Server admin does nothing
• But implementation requires new API in TLSlayer
![Page 36: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/36.jpg)
Prefetching methods
Option 2: HTTP GET requeste.g., to http://www.domain.com/cert
• Much less load than full TLS handshake, butstill impacts the server
![Page 37: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/37.jpg)
Prefetching methods
What if we want no additional load on
server?
Option 3: Retrieve from CDN
• HTTP GET request, avoid hitting web
server
![Page 38: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/38.jpg)
Prefetching methods
What if we want no additional load on
server?
Option 3: Retrieve from CDN
• HTTP GET request, avoid hitting web
server
![Page 39: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/39.jpg)
Prefetching methods
What if we want no additional load on
server?
Option 4: Retrieve from DNS
• DNS TXT record can store certificate
• No impact on web server
![Page 40: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/40.jpg)
Prevalidation
• After prefetching cert, prevalidate it• Normal OCSP lookup
![Page 41: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/41.jpg)
Prototype
• Prefetching and prevalidating in
Chromium
• Piggyback on DNS prefetching
architecture
• DNS and HTTP GET prefetching
![Page 42: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/42.jpg)
Analysis
• How much does prefetching and
prevalidating affect handshake latency?
![Page 43: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/43.jpg)
Handshake latency
• Normal TLS handshake: 122 ms↓ Remove round trips by prefetching cert and using Snap Start
• Snap Start, unvalidated cert: 83 ms↓ Remove OCSP validation by prevalidating cert
• Snap Start, prevalidated cert: 30 ms
Server: Ubuntu 10.04, 256MB, Apache 2.2.17, Client: Ubuntu 10.04, 1GB RAM
HTTP GET request: 16 ms
![Page 44: The Case for Prefetching and Prevalidating TLS Server ...€¦ · Design Prefetch certi cates Enables Snap Start handshakes more frequently ... Could be deployed with HTML hints for](https://reader035.vdocuments.site/reader035/viewer/2022081616/6001935e42ecf05f206d04c6/html5/thumbnails/44.jpg)
Conclusions
• OCSP latency matters, especially whenhandshakes have fewer RTTs
• Need prefetched certificate to enable SnapStart and for OCSP prevalidation
• 4 proposed strategies for prefetching certs
• Reduce TLS handshake by two RTTs andOCSP response time (factor of 4 in ourexperiments)