What Is Perfect Forward Secrecy & Why Should You Care? | ExtraHop


Explain It Like I'm Five

Perfect Forward Secrecy (PFS) is an encryption method that enables short-term, completely private key exchanges between clients and servers: the cyber security Cone of Silence.

Normally, servers have special encryption keys they use to keep communication sessions private and secure. Whenever Cindy the Client wants to chat with Stan the Server, Cindy comes up with a secret (the "pre-master secret") and encrypts it using Stan's special key. They use this encrypted pre-master secret to continue encrypting the rest of their conversation.

The only people who can decrypt what Stan and Cindy talk about are the ones who know Stan's original key, like his trusty Network team. The Network team is responsible for tracking down the source of any bugs that muck up Stan's system, so it's important for them to know what Stan talks about and with whom.

Trouble is, Stan uses the same key to encrypt every pre-master secret with every client—which means if a hacker were to figure out that single encryption key, they could spy on all of Stan's conversations without anybody knowing.

Sara the Server, on the other hand, uses Perfect Forward Secrecy (PFS) to secure her conversations.

When Cindy the Client starts a conversation with Sara, Cindy and Sara huddle to come up with a unique encryption key—their pre-master secret—that is completely private and will only last for that particular conversation. This is where the Cone of Silence comes in: Without involving Sara's long-term key, Sara and Cindy decide their encryption key behind closed doors. No one, not even Sara's own Network team, can see or hear how they decide their unique key.

This way, if a hacker got their hands on Sara's long-term key, they still wouldn't be able to decrypt any secure conversations. Even if they stole a unique PFS encryption key, only Sara's communications with Cindy would be vulnerable.

Why Is Perfect Forward Secrecy Important Now?

Two big things happened in the last five years to throw PFS schemes (such as the ephemeral Diffie-Hellman public key exchange) into the cybersecurity ring:

First Edward Snowden showed us just how much network traffic has secretly been collected by the United States government—and if one group could run a mass surveillance program, so could others. For the first time in human history, global secret surveillance was not only a possibility but a reality.

That said, the IT community had lived with an inherent degree of risk for years: The longer you keep a secret, the more time you give bad guys to figure it out. Luckily, long-term SSL keys were secure enough that this danger seemed manageable.

Then the Heartbleed vulnerability proved how simple an OpenSSL attack could really be. After years of putting up with long-term SSL keys and still reeling from the Snowden revelations, the community rumbled louder for a more transient method of key exchange.

By creating a unique and temporary key for every session, Perfect Forward Secrecy encryption is one obvious solution. If only it were that easy.

Where's the Controversy?

The beauty of Perfect Forward Secrecy is also its biggest problem. Hackers can't decrypt your data … but neither can your own team.

For Security Operations, PFS is a no-brainer. It makes your data safer from the start and limits the amount of damage a private key leak could do.

For IT Operations, Perfect Forward Secrecy throws up a massive hurdle for visibility. If your own Network team can't decrypt traffic, then troubleshooting the root cause of performance slowdowns becomes significantly more difficult.

In a world where even the slightest digital delay can send customers running straight to the competition, many IT Operations teams see PFS as an unacceptable barrier to ensuring application and network performance. They see it as the IT equivalent of blindfolding your firefighters.

Before You Throw Down Over PFS …

The crypto-landscape is already changing. Last year, Apple decided all App Store apps must use PFS encryption—and though the order was delayed until January of this year, you can still see it causing heartburn in the Apple Developer Forums.

Luckily, there are ways to use Perfect Forward Secrecy without losing all internal visibility.

Some monitoring solutions set themselves up as false endpoints in a conversation, essentially putting on a server costume to stand between Sara the Server and Cindy the Client. By tricking the PFS encryption into treating them as one end of the conversation, they're inside the Cone of Silence when the key is determined.

Other methods of Good Guy Spying are in development, and you can learn more about them and PFS here.

What's the word on the street about making PFS mandatory? Stephen Checkoway has an interesting write-up about the In­ter­net Engi­neer­ing Task Force (IETF) Transport Layer Security Working Group's ongoing debate over removing security options that don't provide Perfect Forward Secrecy.

In the end, one thing is clear: Perfect Forward Secrecy is coming, and we'd all best be ready.

This is a companion discussion topic for the original entry at https://www.extrahop.com/company/blog/2017/what-is-perfect-forward-secrecy/