​Fizzing up the new TLS security protocol

Facebook open-sources its Fizz library for the next-generation Transport Layer Security protocol.

Facebook security boss: 'We run our network almost like college campus' Facebook chief security officer Alex Stamos has compared the security of his company's corporate network to a "college campus." *** A company like Facebook, Stamos said, should have the threat profile of a defense contractor. *** But that the company's "move fast" mantra has made that impossible. *** ZDNet obtained leaked audio of Stamos' comments. *** "The threats that we are facing have increased significantly and the quality of the adversaries that we are facing. Both technically and from a cultural perspective I don't think we have caught up with our responsibility." *** "The way that I explain to them, is that we have the threat profile of a Northrop Grumman or a Raytheon or another defense contractor but we run our corporate networks, for example, like a college campus, almost." *** Stamos isn't wrong: The company should be treating its customers' data like they're state secrets. *** Facebook may not be storing plans for spy planes and autonomous drones. *** But citizen data is a commodity and nation states are hungry for it. *** In fact, Facebook likely has more citizen data than the government. *** Which makes the social media giant as big a target today... *** As defense contractors were 10 years ago.

Video: Facebook security boss: "We run our network almost like a college campus'

You may have noticed that Google's Chrome web browser now marks all websites without Transport Layer Security (TLS) as insecure. So, it's past time to secure your sites with TLS. So long as you're doing this, give Facebook's newly open-sourced TLS 1.3 library, Fizz a try.

TLS 1.3 is the newest version of TLS. In turn, TLS is the replacement for Secure Socket-Layer (SSL). It's designed to be better than its ancestors at preventing attacks. TLS 1.3 does this by supporting stronger encryption and dropping support for many older, no longer secure encryption algorithms.

While TLS 1.3 is a step above TLS 1.2, it's not been widely deployed. A Cloudflare study, which enabled TLS 1.3 by default on the server side last year, found in December 2017 that only 0.6 percent of traffic was secured with TLS 1.3.

Also: Snooping on HTTPS is about to get harder

Now, with Facebook both supporting TLS 1.3 and releasing implementation as open-source, perhaps TLS 1.3 will finally become more popular.

According to Facebook, Fizz is a robust, highly performant TLS library written in C++ 14. Besides TLS 1.3's built-in security advantages, Fizz offers an improved solution for middlebox handshake failures, supports asynchronous I/O by default, and can handle scatter/gather I/O to eliminate the need for extra copies of data.

To make this happen, Facebook has worked with the Internet Engineering Task Force (IETF) to standardize TLS 1.3. Previously, Facebook improved TLS by deploying Zero protocol. This is a custom protocol that allowed us to experiment with establishing 0-RTT secure connections. Using 0-RTT data reduces the latency of requests using TLS, and the latency overhead needed to deploy TLS. With Fizz TLS 1.3's speed is on par with Zero protocol, so Facebook has replaced Zero protocol with TLS 1.3.

Facebook also claimed Fizz reduces memory and CPU uses. The net reduce is Facebook's load balancer synthetic benchmarks show approximately 10-percent higher throughput than our previous stack.

The Fizz TLS 1.3 implementation also significantly reduces latency when establishing secure connections, compared with TLS 1.2. This improves user experience, particularly on app startup when there are no existing connections to reuse.

Also: SSL & TLS Essentials: Securing the Web - reference book CNET

Fizz also managed to improvement performance for a large distributed server network such as Facebook's by offloading certificate operations and ticket decryption to remote services. Fizz does this by using futures to provide a simple async application programming interface (API). Thus, any Fizz callback from Fizz can return an asynchronous response without blocking the service from processing other handshakes.

The new Fizz also supports APIs that can send early data immediately after the TCP connection is established. Early data reduces requests latency of. This is especially important when mobile app first start up.

Of course, using early data potentially opens the door for attackers. Facebook's implementation of Fizz addresses this by using a replay cache alongside the load balancers. This detects and rejects replayed data. Fizz provides simple APIs to be able to determine when transports are replay safe and can be used to send non-replay safe data.

Another reason companies have avoided TLS 1.3 is network security appliance vendors made it impossible to update their firmware. While that makes them a bad choice for security, many businesses rely on them. That's a mistake. For example, Symantec's BlueCoat appliance simply hung up on Chromebook TLS 1.3 connections in February 2017.

Facebook addressed this in Fizz by making the first parts of the TLS 1.3 handshake look like the TLS 1.2 resumption handshake. With this approach, TLS 1.3 became reliably deployable with no fallback to TLS 1.2.

Also: A quick guide to SSL/TLS certificates TechRepublic

This is working. According to Facebook, "Today, more than 50 percent of our internet traffic is secured with TLS 1.3, and that will continue to grow as browsers and apps add support for TLS 1.3. RFC 8446 will be published soon, making TLS 1.3 an internet standard."

Now that Facebook has shown that that TLS 1.3 can be successfully deployed at scale and Google is making TLS a de facto business requirement, it's time to switch your sites, applications, and servers to TLS 1.3. And, with Fizz open source under the BSD license, you should consider using it for your business deployments. You'll be glad you did.

Related stories: