How perfect forward secrecy bolsters data security online
Perfect forward secrecy is a security technique for fortifying encryption systems used to scramble data. It performs automatic rotation of keys applied for encryption and decryption of information. For example, during conversations via a messaging app, the keys will frequently change to preserve the communication. If the keys leak or end up compromised by some accident, only a minimal amount of information gets exposed. Therefore, perfect forward secrecy aims to protect the data exchanges in the past, present, and future. Let’s see how exactly this system works and its successful implementations.
What is perfect forward secrecy?
Perfect forward secrecy (PFS) or forward secrecy (FS) means that encryption and decryption keys repeatedly change throughout a specific activity. For instance, the keys can alternate every time you reload a page. The result: compromised keys will decrypt less information, not the entire exchange.
Encryption, in general, is the process we believe in to safeguard our data online. It turns plaintext data into gibberish that only the intended recipients can decipher. However, encryption is dependable and foolproof when keys equipped remain a secret. Thus, the keys must remain undisclosed for the cipher to work as intended. If perpetrators retrieve the keys, the following scenarios might occur:
- The attackers can read the entire communication.
- They can modify the exchanged information in transit.
Perfect forward secrecy resolves this encryption problem. If the keys frequently change, they cipher minimal information. Thus, brief defects in encryption due to a malware attack or another technique expose only the keys used in that particular moment. While the threat of intercepting and altering data still exists, it is less severe.
How perfect forward secrecy achieves security
Perfect forward secrecy is only possible when the client and the server support a cipher suite using the Diffie-Hellman key exchange. Furthermore, the key needs to be ephemeral. In simpler terms, it means that the client and the server will create new parameters for each session.
A bunch of apps and services implement this routine, including webpages and messaging apps. It allows the server and the client to exchange information privately, thanks to the short-term key generation. For instance, both Telegram and Wickr Me integrate this technology into their services. However, in Telegram, you need to open Secret Chats to take advantage of this privacy boost.
Let’s inspect how Telegram implements perfect forward secrecy:
- The app issues new keys after the same one has encrypted and decrypted more than 100 messages.
- In other cases, a key changes after being in use for longer than one week. However, the criterion here is that it had to encrypt at least one message.
- Telegram securely disposes of older keys after their scheduled time.
- There is no way to access the older keys, even if you have the ones currently applied.
- Clients involved in a Secret Chat can commence the key change if they see the necessity for doing so.
If a web server implements perfect forward secrecy, all past communications remain secure. For instance, let’s say that an attacker steals a copy of a website’s private SSL key. If it supports PFS, all past traffic remains safe.
Pros and cons of implementing perfect forward secrecy
The security rewards after integrating perfect forward secrecy are as follows:
- PFS minimizes the risks of data leaks and interception.
- It ensures that encryption keys change frequently and automatically.
- Thus, it means that a single key won’t relate to any future and past exchanges.
- If the encryption process gets compromised, only minimal data associated with breached keys can be decrypted.
Therefore, perfect forward secrecy is an excellent way of protecting sessions with temporary keys.
However, despite its significant benefits, not everyone was ready to implement it for quite some time. For the most part, its integration was much more widespread in terms of apps, such as messaging or calling applications.
When it comes to HTTPS sites, webmasters were less eager to blend this technique into their systems. Here are few reasons why some might dismiss PFS even now:
- Complex implementation. All modern browsers support perfect forward secrecy with a compatible HTTPS-encrypted site. However, not all web servers and infrastructures can support the ephemeral Diffie-Hellman cipher suite.
- It can hurt SSL performance. According to experts, perfect forward secrecy could reduce SSL performance by approximately 90%.
- Computationally expensive. The automatic generation of new keys for each new session requires a lot of resources. Thus, webmasters might not treat perfect forward secrecy as a worthwhile investment.
Perfect forward secrecy now
Many online entities you visit daily already offer PFS:
- In 2011, Google started integrating PFS with TLS into its services like Gmail, Google Docs, and encrypted search.
- In 2013, Twitter implemented forward secrecy with TLS for its users.
- Mailbox.org uses PFS to protect correspondence in transit.
- Signal implements perfect forward secrecy in its protocol.
Currently, many websites have PFS as well. According to a monthly SSL Labs scan, only 0.9% of websites do not support perfect forward secrecy at all. Furthermore, 20.04% of surveyed sites support PFS with all modern browsers, and 67.8% with most browsers.
Besides all the examples above, perfect forward secrecy can also contribute to the security of VPNs. Atlas VPN implements it to fortify its connections further. Thus, our encryption keys rotate automatically to reassure that no data would be decryptable by perpetrators. Therefore, PFS reassures that even if hackers or other entities try to log encrypted data, there is theoretically no chance to decipher that information.
Former chef and the head of Atlas VPN blog team. He's an experienced cybersecurity expert with a background of technical content writing.