Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

KEMTLS: Cloudflare trials new encryption mechanism in anticipation of post-quantum TLS shortcomings

With quantum computing looming on the horizon, Cloudflare says it has been trialing the KEMTLS protocol and plans to use post-quantum cryptography for most internal services by the end of this year.

The Transport Layer Security (TLS) protocol, which currently secures most internet connections, consists of a key exchange authenticated by digital signatures used to encrypt data at transport.

But, says Cloudflare, with the advent of quantum computing, TLS in its current form will be broken. While various new post-quantum cryptography algorithms have been proposed, their parameters are too large to be used for establishing efficient connections on the web.

The National Institute of Standards and Technology (NIST) is currently evaluating potential candidates, but the agency isn’t expected to make its choice until 2023.

What is KEMTLS?

KEMTLS is an alternative to the TLS 1.3 handshake that uses key-encapsulation mechanisms (KEMs) instead of signatures for server authentication.

The protocol was unveiled (PDF) in 2020 by Peter Schwabe of the Max Planck Institute for Security and Privacy, Germany; Douglas Stebila of the University of Waterloo, Canada; and Thom Wiggers of Radboud University, Netherlands.

“We have so far tested KEMTLS only in a lab setting,” Schwabe tells The Daily Swig.

“The next step before any large-scale deployment is to run KEMTLS in a small-scale experiment on confined real-world internet infrastructure to get a better understanding of the benefits and potential problems that come with deploying it on larger scale. Such an experiment is precisely what Cloudflare’s plans are about.”

Efficient authentication

“Alternative authentication techniques affect performance, and drop-in replacements are not always possible,” Sofía Celi, cryptography engineer with Cloudflare, tells The Daily Swig.

“However, KEMTLS is more efficient, as less data that needs to be transmitted as part of the connection.

“This does not mean that connections that use KEMTLS will be as efficient and fast as the ones we have today when using TLS 1.3, but it will mean that they will not be catastrophically slow.”

KEMTLS has been devised to replace the aging TLS protocol handshakeKEMTLS offers a post-quantum alternative to the TLS 1.3 handshake

Post-quantum vision

KEMTLS has a similar structure to TLS 1.3 and, like TLS, allows clients to send encrypted data on the third message of the handshake.

“It achieves full post-quantum security for the TLS 1.3 handshake, in the sense that it encrypts the connections and also authenticates them using post-quantum algorithms,” says Celi.

“It is worth noting that post-quantum authentication for the entire connection requires more invasive WebPKI changes.”

And, says Celi, it achieves full quantum security for the TLS 1.3 handshake as it not only encrypts and secures the connections, but also allows both client and server to be authenticated.

Advertisement. Scroll to continue reading.

“This means that when using KEMTLS in a world with quantum machines, the connection will be secure and the authenticity properties of it are no worse than vanilla TLS,” she says.

Positive exchange

Cloudflare says it’s currently working to see how efficiently KEMTLS works with regular connections and is prepared to use it once quantum computers arrive.

“The fact that post-quantum signatures [are] likely to be the major contributor to increasing the volume of data exchanged means it makes sense to look for authentication mechanisms that do not rely on signatures,” Professor Alan Woodward of the University of Sussex’s Surrey Centre for Cyber Security tells The Daily Swig.

“It’s already done in some secure messaging apps with end-to-end encryption in the initial key exchange, but they’re not suitable for TLS due to assumptions about who knows about which keys.

“Whether this proves to be the right solution is very much why it’s important that organisations like Cloudflare trial it at scale, and it will at least show the viability of using TLS without signatures using alternative authentication schemes based on key exchange mechanisms.”

Source: https://portswigger.net/daily-swig/kemtls-cloudflare-trials-new-encryption-mechanism-in-anticipation-of-post-quantum-tls-shortcomings

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Google has announced the first open-source quantum resilient FIDO2 security key implementation, which uses a unique ECC/Dilithium hybrid signature schema co-created with ETH Zurich....

Cyber Security

Security researchers have dissected a recently emerged ransomware strain named ‘Big Head’ that may be spreading through malvertising that promotes fake Windows updates and Microsoft Word...

Business News

FILE – A sign outside the National Security Administration campus in Fort Meade, Md., is seen June 6, 2013. The American public is broadly...

Cyber Security

Proposed legislation would require the Department of Homeland Security to “evaluate risks posed to national security and civilian privacy” by the online release of...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO