As some of you may be aware, a major security breach was reported at a well-known multinational company - we'll refer to them as Company X - on November 24, 2014. In the breach, their servers’ private keys and SSH keys were stolen. Among others, using the stolen keys, the attacker(s) can attempt to decrypt confidential data they may have collected in the past. This thought and my professional instinct led me to take a close look at some of their secure websites.
All past data is vulnerable when your key is stolen
To my surprise, Company X’s websites use an RSA-based key exchange. In this operation mode, a bulk encryption key is transmitted on the wire. In other words, using the stolen private keys, the attacker can decrypt bulk encryption keys and then sensitive data from the past. This type of damage is basically irreversible even though the company reissues private keys and seals their security holes.
‘Agree’ instead of ‘Exchange’ for better security
Unlike the RSA-based key exchange protocol, the key agreement protocol never transmits a bulk encryption key on the wire and has a property called Perfect Forward Secrecy or PFS, which, I would say, any modern day websites should support. PFS prevents further collateral damages from the theft of private keys because the stolen keys cannot decrypt past data. At least, replacing the stolen keys quickly can contain the situation.
Road to implementing PFS
Perhaps, one question may be lingering in your mind: why don’t all websites support PFS? Because most commercial websites have load balancers that are not ready to drive PFS efficiently; for instance, enabling PFS can reduce the websites' SSL performance by more than 90%.
Avi Networks came out to the world with a different, exciting story based on its innovative approach to SSL performance challenges by taking advantage of the latest x86 CPU technologies, Elliptic Curve crypto and the Hyperscale Distributed Resources Architecture or HYDRATM. These innovations allowed Avi Networks to boost PFS performance by four times instantly and offer unlimited SSL performance scaling.