Firesheep and the SSL everywhere route - Solaris and SPARC may be of help

Quicksearch

Disclaimer

The individual owning this blog works for Oracle in Germany. The opinions expressed here are his own, are not necessarily reviewed in advance by anyone but the individual author, and neither Oracle nor any other party necessarily agrees with them.

Navigation

< Gooooood Mooorning, Stuttgart ... again .. damned .... | Uncontained >

Firesheep and the SSL everywhere route - Solaris and SPARC may be of help

Friday, October 29. 2010

Sometimes i can observe trends in reader interest in the webserver logs: In the last time there were a lot of accesses to an article dating back to September 2007 when i talked about SSL acceleration and made the case for T2.

In the first few seconds i asked my self, why there is that new interest in this article. However then i just thought "Damned, Firesheep".

Just in case you didn't heard about it: With firesheep you can highjack user sessions by sniffing on unencrypted data flow in your network. This can work, as often the authentication form itself is encrypted, but afterwards they use unencrypted communication. The authorization to access those pages with your login credentials is carried forward by cookies. When you are able to gather this cookie, you can take over the session of a user. This isn't really a new attack vector, but firesheep is makes this really easy ... script-kiddies easy. It's integrated into Firefox as a plugin and hijacking other peoples session is as easy as changing tabs.When you want an explanation for that, please look at Eric Butlers preso "Hey Web 2.0:Start protecting user privacy instead of pretending to". The attack vector bases on the fact that someone can sniff your data. You may think at first "Well, we have switches, no sniffing", however think about unencrypted (and i consider WEP as unencrypted) WLANs.

There is just one solution: Encrypt everything. HTTPS to the help. However while this isn't a problem on client side, it creates a lot of problems on the server side. Like the problem, that virtual hosts are in need of their own IP addresses (there is an Hen-Egg-Problem in SSL). Or that you have to provide the other end of the cryptographic connection, thus you have to do all the calculation on the server side.

I'm still pretty sure, that SPARC T-class and Solaris can really help you here. The T-Series because of it's cryptographic unit. It isn't just an rather small extension like the additional commands in Nehalem to accelerate AES, it's a full-fledged crypto co processor. In the case of the SPARC T3 you have 16 of them and they got some significant update to accelerate mor ciphers and to handle many small packets much better. There is an interesting presentation availble about this piece of silicon in T3. It's already the 3rd generation of crypto acceleration in T3.

However hardware is nothing without software and thus i want to point you view to kssl. kssl is an in-kernel proxy for SSL. This in-kernel proxy uses the hardware acceleration in the T3 via the Solaris Cryptographic Framework (SCF), another nice thing that does the abstraction between the hardware (or non-existing hardware, when you do cryptography on your normal CPU) and the services using cryptography. Why is the in-kernel proxy that useful? At first it's easy to configure, but more important you don't have to hop between user- and kernelspace, as when a usermode library like openssl uses the kernel driver of your hardware. This gives you additional performance.

This kssl and SCF thing is however nothing that's limited to T-class. It's available on x86-solaris as well and in the case you purchase a supported crypto acceleration card, kssl uses this via SCF as well. However a PCI based card can never be as fast as crypto accelerators directly on die and on core like the ones in T-class.

Posted by Joerg Moellenkamp in English, Solaris, Sun/Oracle, Technology at 09:08 | Comments (19) | Trackbacks (0)

View as PDF: This entry | This month | Full blog

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

Don't you think these are nice considerations?

http://ianskerrett.wordpress.com/2010/10/22/dear-oracle-get-a-clue/

#1 Gabriele Bulfon on 2010-10-29 09:34 (Reply)

Has this something to do with the article?

#1.1 Joerg+M. (Homepage) on 2010-10-29 09:37 (Reply)

No sorry, I posted on the wrong section, it was meant on the last Links post...but, you did not answer my question anyway

#1.1.1 Gabriele Bulfon on 2010-10-29 14:06 (Reply)

Help is on its way … . Interesting to you German readers: .

#2 A. Pache on 2010-10-29 10:50 (Reply)

#2.1 Joerg+M. (Homepage) on 2010-10-29 10:52 (Reply)

I apologize for the missing URLs. This form stole the links when I included them into "".

See

http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

and

http://www.heise.de/kiosk/archiv/ct/2009/23/174_Apache-und-SSL-Mehrere-Zertifikate-pro-IP

#2.1.1 A. Pache on 2010-10-30 23:07 (Reply)

Yes, i'm aware of this ... however even this small blog with a more technical audience see a steady amount of traffic from system that doesn't have browsers with support for that RFC or using browsers without that capability on platforms that have browsers with such an support. I don't know how this look on sites with a non-technical audience ... however this is a blocking point for widespread usage of SNI.

#2.1.1.1 Joerg M. (Homepage) on 2010-10-31 07:44 (Reply)

No worries mate! I fully understand your point. However, there is hope that old-fashioned browsers finally die out

I was dealing with the SSL problem myself for a long time. I am glad that SNI is available. At least in a closed organization one can enforce the usage of modern browsers

#2.1.1.1.1 A. Pache on 2010-10-31 12:20 (Reply)

Moving to Solaris for the sake of security is possibly the worse possible reason, specially now with Oracle patch release cycle.
Great, you've got kssl for crypto acceleration, on the other hand it took over a year to release a fix for CVE-2010-3509

If you need crypto acceleration, most modern hardware include RNG onboard e.g the VIA C3 & C7 processors, the AMD Geode processors, the intel chipsets & CPU's, certainly OpenBSD & FreeBSD have support for most of these devices out of the box & I know for certain that OpenSSL on OpenBSD supports hardware offloading to one of these devices if it's detected by the kernel & security wise OpenBSD has had a much better track record then Solaris or Oracle has ever had.
It's also fully open & free.
There is also support for sun hardware, though sadly not the T3
http://www.openbsd.org/sparc64.html

#3 Sevan (Homepage) on 2010-10-29 13:10 (Reply)

You are surely aware of the fact, that a Random Number Generator is just a really, really small piece in cryptography, whereas you can fully offload crypto operations to crypto unit on the T2/T3-cores.

Furthermore: The critical patch update cycle doesn't mean that patches to fix CVE are not available before.

#3.1 Joerg+M. (Homepage) on 2010-10-29 14:01 (Reply)

You can build on that framework however eg with Hi/fn crypto accelerators
€66 for the lowest entry level option.
http://soekris.eu/shop/vpn_boards/vpn_1401_for_std_pci_sockets_en.html

What's the cost of the entry level T3 based oracle hardware + support contract?

The significance of that particular CVE # was that it was discovered November 3, 2009 & it's taken a year for the release of a patch.

#3.1.1 Sevan (Homepage) on 2010-10-29 14:50 (Reply)

You are surely aware of the fact, that the T3 accelerator plays in a completely different class. You can't compare el-cheapo acceleration at 250 MBps with acceleration capable to acclerate at a rate of two 10 GbE interfaces and more? What latency this adds, due to the fact, that you have go to the pci bus and back and then to the networking card? Sorry ... you compare apples with pears ...

#3.1.1.1 Joerg+M. (Homepage) on 2010-10-29 14:58 (Reply)

The point I was trying to make was the entry level barrier was much lower & there is a solid foundation to build on, not "use a €66 card instead of a t3 based system"

#3.1.1.1.1 Sevan (Homepage) on 2010-10-29 16:23 (Reply)

> You are surely aware of the fact, that a Random Number Generator is just a really, really small piece in cryptography

AFAIK last generation of intel desktop cpus have crypto acceleration as well. They support AES encrypt/decrypt and key generation in hardware.

#3.1.2 John on 2010-10-31 00:01 (Reply)

Joerg> a Random Number Generator is just a really, really small piece in cryptography

John> AFAIK last generation of intel desktop cpus have crypto acceleration as well.

Joerg already covered this in his blog:
"It isn't just an rather small extension like the additional commands in Nehalem to accelerate AES, it's a full-fledged crypto co processor. In the case of the SPARC T3 you have 16 of them and they got some significant update to accelerate more ciphers and to handle many small packets much better."

#3.1.2.1 David (Homepage) on 2010-11-01 15:24 (Reply)

There is significant performance difference between using OpenSSL engines and KSSL for SSL protocol processing speedup, having to go through multiple layers and also because of context switches. Also, KSSL leverages network performance work done in the networking stack.

#3.2 Vladimir Kotal on 2010-10-29 18:33 (Reply)

As nice as it may be that the T2 and T3 offer on-chip crypto acceleration, what use is it if there's no easy way to use it?
I've been searching for painless ways to get T2 crypto to work with OpenSSH and/or Apache, and failed.
Not to mention that even the Solaris-included ssh, digest and apache don't seem to support the SSL devices...

#4 Woo (Homepage) on 2010-10-29 18:12 (Reply)

At first, the method to use T2/T3 crypto acceleration and T1 Modular Arithmetic Unit (the crypto acceleration of T1) is clearly documented. I had no problems so far to use it just by following the docs.

SunSSH is using the Crypto Accelator since 05/09 and digest or encrypt use it as well, as both are userland programs of the SCF.

#4.1 Joerg+M. (Homepage) on 2010-10-29 21:12 (Reply)

I have found lots of docs how to use the crypto cores in my own developments, but that doesn't really help me much.

Maybe SunSSH uses the crypto core, but who actually uses SunSSH in a production environment, with their nice delay in security fixes...? The Solaris-bundled openssl packages don't seem to use the crypto core, and even with digest I can't get the kernel crypto packet counters to show any signs of work.
If you'd point me in the right direction or lose a few words in a separate post about that, I'd be really grateful.

#4.1.1 Woo (Homepage) on 2010-11-05 17:25 (Reply)

Add Comment

Name
Email
Homepage
In reply to
Comment	E-Mail addresses will not be displayed and will only be used for E-Mail notifications. To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above: Standard emoticons like :-) and ;-) are converted to images. Enclosing asterisks marks text as bold (word), underscore are made via _word_.
	Remember Information? Subscribe to this entry