Machine Identities and Secrets

Why TLS 1.3 and Automated PKI Fall Short of Zero Trust Principles

Tom McNamara

September 26, 2024

TLS 1.3 and Automated PKI are not Zero Trust

Introduction

Transport Layer Security (TLS) is a widely implemented encryption protocol designed to safeguard data in transit over the internet. As the successor to Secure Socket Layer (SSL), TLS has evolved through several iterations—TLS 1.1, TLS 1.2, and the most recent TLS 1.3—to address security vulnerabilities present in earlier versions. However, despite the advancements in TLS 1.3, the protocol still does not fully align with the principles of Zero Trust Architecture (ZTA) outlined in the Office of Management and Budget (OMB) memorandum M-22-09. Moreover, TLS, even in its latest form, does not provide full end-to-end encryption across the Internet. This article explores why TLS 1.3 and automated Public Key Infrastructure (PKI) fall short of Zero Trust principles and why TLS is not synonymous with true end-to-end encryption.

TLS 1.3 and Its Vulnerabilities

TLS 1.3 has introduced several improvements over its predecessors, such as removing outdated cryptographic algorithms and reducing the handshake process to minimize latency. However, despite these enhancements, TLS 1.3 is not impervious to attacks. For example:

Side-Channel Attacks: Attackers can exploit side-channel information leaked during the cryptographic processes, such as timing attacks or power analysis, to derive sensitive data like encryption keys.

Downgrade Attacks: Although TLS 1.3 has mechanisms to prevent protocol downgrade attacks, sophisticated attackers can still manipulate network traffic to force connections to use earlier, less secure versions of TLS or SSL, which may still be supported for backward compatibility.

Man-in-the-Middle (MitM) Attacks: While TLS 1.3 is designed to resist MitM attacks, if an attacker can compromise the server or client certificate, they can intercept and decrypt traffic.

Session Hijacking: Session hijacking occurs when an attacker intercepts and takes control of a user's active session with a server. This can be done by stealing session cookies, tokens, or other credentials. Even with TLS 1.3 in place, if an attacker gains access to the session key through side-channel attacks or exploits a vulnerability in the session management process, they can decrypt the session's traffic and impersonate the legitimate user.

TLS Removal by 'Responsible' Parties: In some scenarios, legitimate entities, such as corporate security appliances, Content Delivery Networks (CDNs), or internet service providers (ISPs), may terminate TLS encryption to inspect, filter, or optimize the traffic. While this is often done with good intentions (e.g., for security monitoring or load balancing), it effectively removes the end-to-end encryption and exposes the data to potential misuse or compromise by anyone who has access to these intermediary systems.

These vulnerabilities illustrate that while TLS 1.3 is more secure than its predecessors, it is not foolproof. It relies heavily on the correct implementation and management of PKI, which has its own set of challenges. An it requires a key exchange between two endpoints (the importance in of this to cybersecurity cannot be overstated.)

The Role of PKI in TLS and Its Limitations

Public Key Infrastructure (PKI) is the backbone of TLS, providing the identity verification necessary to establish secure connections. PKI operates through a system of digital certificates, which are used to authenticate the identity of entities (such as servers and clients) and to encrypt communication between them. These certificates are issued by Certificate Authorities (CAs), which vouch for the authenticity of the certificate holder.

Weaknesses of PKI Outside Traditional Use Cases

As the demand for secure communications has grown beyond traditional browser-server interactions to include cloud environments and IoT devices, PKI has been adapted to accommodate these new contexts. However, this adaptation has exposed several weaknesses:

1. Lack of Vetting: Unlike the rigorous vetting process required for root certificates used by web servers, certificates for cloud machines and IoT devices are often self-signed or obtained through automated processes with minimal verification. This lack of vetting increases the risk of certificates being issued to malicious entities.

2. Certificate Expiration and Revocation: Certificates are designed to have expiration dates to limit the risk associated with long-term key exposure. However, automated PKI processes in cloud environments often allow certificates to be set with very long lifespans, or even to never expire. This practice can lead to outdated certificates that are still trusted, creating opportunities for attackers to exploit them. Furthermore, certificate revocation mechanisms (such as Certificate Revocation Lists (CRLs) and Online Certificate Status Protocol (OCSP)) are often inefficient or not fully implemented, leaving revoked certificates still in use.

3. Certificate Theft and Abuse: Certificates can be stolen or spoofed, allowing attackers to impersonate legitimate entities. For example, attackers can use stolen certificates to create MitM scenarios, intercepting and decrypting TLS traffic. Automated PKI systems, which may not enforce strict access controls or monitoring, are particularly vulnerable to such attacks.

4. Shortening Certificate Lifetimes: In response to these vulnerabilities, there is a growing trend, led by organizations like Google, to reduce the lifespan of certificates to minimize the window of exposure in case of compromise. While this is a step in the right direction, it increases the operational burden on organizations to manage and renew certificates more frequently, which can lead to errors and lapses in security.

To satisfy the need for speed and scale of TLS encryption, automated certificates sacrifice an important tenet of PKI - identity trust.

The Misalignment of TLS and Automated PKI with Zero Trust Principles

Zero Trust Architecture (ZTA) is based on the principle of "never trust, always verify," meaning that no entity—whether inside or outside the network—should be trusted by default. This approach contrasts with traditional security models, which are built on the assumption of strong perimeter security which means that entities within the network are trustworthy.

OMB M-22-09 outlines specific guidelines for federal agencies to implement ZTA, emphasizing continuous verification of identities, devices, and network traffic. However, TLS 1.3 and automated PKI, as they are commonly implemented, fall short of these Zero Trust principles:

1. Implicit Trust in Certificates: TLS relies on the assumption that any entity presenting a valid certificate can be trusted. However, as discussed earlier, certificates can be compromised, and PKI systems may issue certificates with insufficient vetting. This implicit trust in certificates is contrary to the Zero Trust principle of continuous verification.

2. TLS Termination Points: TLS encryption is typically terminated at specific boundaries, such as load balancers, Kubernetes clusters, or cloud environments. These termination points can create gaps in the encryption, leaving data vulnerable as it moves between different segments of the network. In a Zero Trust model, data should be encrypted and verified continuously, not just at certain points.

3. Lack of End-to-End Encryption: Although TLS provides encryption between the client and server, this is not true end-to-end encryption. In practice, TLS encryption is often terminated at intermediary points, such as Content Delivery Networks (CDNs), proxy servers, or firewalls, where the data is decrypted and re-encrypted. This process exposes data to potential interception and manipulation at each termination point. In contrast, true end-to-end encryption ensures that data remains encrypted throughout its entire journey, from the sender to the recipient, with no intermediary able to decrypt it.

Why TLS Is Not True End-to-End Encryption

End-to-end encryption (E2EE) is a security measure where data is encrypted on the sender's device and only decrypted on the recipient's device, with no intermediaries having access to the plaintext data. TLS, despite its widespread use, does not fulfill this criterion.

1. Intermediary Access: In most internet communications, TLS encryption is terminated at various points along the data path. For example, when data passes through a CDN, the TLS connection is terminated at the CDN's edge servers, where the data is decrypted before being forwarded to its destination. This means that any entity managing these intermediary servers has access to the unencrypted data, which violates the principles of E2EE.

2. Session Key Management: TLS relies on session keys that are negotiated between the client and server during the handshake process. These session keys are used to encrypt the data for the duration of the session. However, if an attacker can gain access to these keys, they can decrypt the data. In contrast, E2EE typically uses a system where the encryption keys are only known to the sender and recipient, making it much harder for attackers to access the keys.

3. Potential for Replay and Downgrade Attacks: Even with TLS 1.3's improvements, there remains the possibility of downgrade attacks, where an attacker forces a connection to use an older, less secure version of the protocol. Additionally, replay attacks, where an attacker intercepts and retransmits legitimate data packets, can be a concern. These types of attacks are less of a concern in E2EE implementations, where the encryption and decryption processes are tightly controlled by the endpoints.

The Gaps in Internet Communication Security

The inherent design of the internet means that data often passes through multiple networks, servers, and devices before reaching its destination. Each of these points represents a potential vulnerability where data could be intercepted, manipulated, or stolen. While TLS 1.3 and PKI provide a level of security, they are not sufficient to protect data throughout its entire journey.

1. Organizational Domains: When data moves between different organizational domains (e.g., from one company's network to another), TLS encryption is often terminated and re-established, creating points of vulnerability. In a Zero Trust model, these transitions should not be trusted by default, and additional layers of security should be implemented to protect data.

2. Cloud Environments: In cloud environments, where resources are dynamically allocated and shared among multiple tenants, managing and securing PKI certificates becomes even more challenging. The automated issuance of certificates, while convenient, can lead to scenarios where compromised certificates go undetected, allowing attackers to impersonate legitimate services.

3.  IoT Devices: The explosion of IoT devices, each requiring a PKI certificate to communicate securely, has further complicated the security landscape. Many IoT devices have limited processing power and storage, making it difficult to implement robust security measures. As a result, these devices often rely on simplified PKI implementations, which can be more easily compromised.

Conclusion

While TLS 1.3 and automated PKI represent significant advancements in securing internet communications, they do not fully align with the principles of Zero Trust outlined in OMB M-22-09. The reliance on certificates as a form of identity, the termination of encryption at various points in the network, and the lack of true end-to-end encryption all contribute to potential security gaps that can be exploited by attackers. To achieve a true Zero Trust architecture, organizations must look beyond TLS and PKI, implementing additional layers of security that continuously verify identities and encrypt data from end to end. This approach is essential to protecting sensitive information in an increasingly complex and interconnected digital landscape.

But let's leave this article on a positive note. The solution to these concerns, vulnerabilities, and gaps is readily available from a set of cloud native innovations. And the innovation is simple to implement and maintain.

‍

Keep Reading

Machine Identity - Avoid the Crisis

Machines operating across the Internet outnumber humans by a ratio of three-to-one. This will rise dramatically as more Internet of Things (IOT) devices arrive. Existing approaches for managing identity and trust for a massive number of machines rely on centralized and legacy solutions that won't work for the machine era. A decentralized solution capable of speed, trust, and agility is needed to avoid a crisis and enable a graceful transition to high trust machine identities.

Author Avatar
Tom McNamara

August 31, 2024

IAM in a Box

Containers are an important part of modern cloud engineering. They evoke the idea of portability and relocation. But in the cloud this is often inhibited because they become anchored to external services within a particular cloud environment, and it becomes difficult to relocate them to a different environment. This article describes how containers can be freed and portability restored.

Author Avatar
Tom McNamara

August 31, 2024

An Unintentional Secret - Automated TLS and its Zero Trust Fallacy

Transport Layer Security (TLS) and its companion, mutual TLS (mTLS) are stalwart security protocols known for encrypting communications over the Internet. When they are applied to root domains (such as is the case for Web domains and browsers) they represent identity trust. However when they are implemented with automated PKI certificates, they lose an important security quality: identity trust. Due to the speed and scale of cloud automation, the intermediate certificate authorities that issue PKI certificates eliminate vetting of the receiving identity (a containerized workload).

Author Avatar
Tom McNamara

September 26, 2024

Machine Identity - Who’s Who in the Cloud?

Identities for machines operating in the cloud, like humans in the natural world, are an important quality that is essential to trust, authorization, and authentication. Machines are identified by cryptographic material that takes the form of a certificate. But in the cloud, it is challenging to find, track, and manage the many certificates that are dynamically assigned and used. New approaches to managing machine identities in a zero trust cloud environment are needed to realize secure business operations in the cloud.

Author Avatar
Tom McNamara

August 31, 2024

Keeping Secrets Is Hard

Keeping secrets is hard because they have to stay secret to deliver security. And for machines and workloads in the cloud the consequences to lost secrecy can ripple through the entire business and bring down many digital operations in an instant. Leakage of digital secrets occurs almost naturally over time; disclosure eventually happens and secrecy is lost. But the risk of lost secrecy and the impact to cloud operations is minimized with the right tools.

Author Avatar
Tom McNamara

August 31, 2024

When Zero is a Good Thing

As businesses migrate more of their critical processes and data to the cloud and procure SaaS solutions, their attack surface grows significantly. This makes it harder to achieve a zero trust posture, and more risk occurs for employees with the Secret Zero to everything. While tools such as Machine Identity Managers and Secrets Managers (vaults) are improvements for today, they do not solve the growing problem of competition between zero trust and ever-scaling attack surfaces. A strategic solution that responds to the challenges in new ways is needed. (click to read more)

Author Avatar
Tom McNamara

August 31, 2024

Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Use CasesHow It WorksUnique FeaturesHopr ConnectHopr Connect GatewayPricingContact usSecurityWeb Retriever OSSAboutPrivacy policiesTerms of service
Hopr enables on-demand, verified-trust, ultra-secure application networking across clouds, organizations, and ecosystems.

Our Zero Trust and quantum-proof solutions form a future ready Cloud Native Automated Moving Target Defense (AMTD) around workloads, APIs, and data in transit.

Hopr easily and securely networks applications located in any environment, proactively disrupts cyber attacks, and strengthens cyber resilience.
copyright 2021-2024 | Hopr Corporation
CHIPS™, MAID™, and SEE™ are trademarks of Hopr Corporation
CHIPS™ technology, and the MAID™ and SEE™ protocols
are protected by US Patents and patents pending.