An Experimental Study of TLS Forward Secrecy Deployments

  title={An Experimental Study of TLS Forward Secrecy Deployments},
  author={Lin-Shung Huang and Shrikant Adhikarla and Dan Boneh and Collin Jackson},
  journal={IEEE Internet Computing},
Many Transport Layer Security (TLS) servers use the ephemeral Diffie-Hellman (DHE) key exchange to support forward secrecy. However, in a survey of 473,802 TLS servers, the authors found that 82.9 percent of the DHE-enabled servers use weak DH parameters, resulting in a false sense of security. They compared the server throughput of various TLS setups, and measured real-world client-side latencies using an advertisement network. Their results indicate that using forward secrecy is no harder… 

Towards Forward Secure Internet Traffic

This paper investigates FS in pre-TLS 1.3 protocols, which do not mandate FS, but still widely used today, and proposes a new client-side mechanism that is called "Best Effort Forward Secrecy" (BEFS), and an extension that aims to guide (force) misconfigured servers to FS using a best effort approach.

Last-Mile TLS Interception: Analysis and Observation of the Non-Public HTTPS Ecosystem

This study re-opens the neglected problem of privacy-invasive adware, by showing how adware evolves sometimes stronger than even advanced malware and poses significant detection and reverse-engineering challenges.

Turning Active TLS Scanning to Eleven

This paper presents and implemented different optimized strategies for TLS cipher suite scanning that, compared to the current best practice, perform up to 3.2 times faster and with 94% less connections used while being able to do exhaustive scanning for many vulnerabilities at once.

Speaking in tongues practical evaluation of TLS cipher suites compatibility

This work examines an existing white paper giving recommendations on how to securely configure SSL/TLS connections with regard to the practical feasibility and proposes an additional configuration set with the aim of increasing compatibility as well as security.

Exploiting TLS Client Authentication for Widespread User Tracking

Three novel active attacks against TLS Client Certificate Authentication that are successful despite the defenses are demonstrated, including in-path man-in-the-middle versions as well as a more powerful on-path attack that can be carried out without full network control.

Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice

Logjam, a novel flaw in TLS that lets a man-in-the-middle downgrade connections to "export-grade" Diffie-Hellman, is presented and a close reading of published NSA leaks shows that the agency's attacks on VPNs are consistent with having achieved a break.

No Need for Black Chambers: Testing TLS in the E-mail Ecosystem at Large

This work is the first to collect and analyze the complete state of today's e-mail-related TLS configuration, for the entire IPv4 address range, and draws a comprehensive picture of the current state of security mechanisms on the transport layer for e-mails by scanning cipher suite support which was previously considered impossible due to numerous constraints.

TLS in the Wild: An Internet-wide Analysis of TLS-based Protocols for Electronic Communication

This is the largest study to date that investigates the security of the email and chat infrastructures, using active Internet-wide scans to determine the amount of secure service deployments, and passive monitoring to investigate if user agents actually use this opportunity to secure their communications.

CPTIAS: a new fast PKI authentication scheme based on certificate path trust index

Analysis and experimental results show that users can give a trade off between security and efficiency, and the scheme has a higher efficiency and no bottleneck when authenticating with the higher level CAs.

Neither Snow Nor Rain Nor MITM...: An Empirical Analysis of Email Delivery Security

This work presents the first report on global adoption rates of SMTP security extensions, including: STARTTLS, SPF, DKIM, and DMARC, and presents evidence of such attacks in the wild, highlighting seven countries where more than 20% of inbound Gmail messages arrive in cleartext due to network attackers.



Lucky Thirteen: Breaking the TLS and DTLS Record Protocols

This paper presents distinguishing and plaintext recovery attacks against TLS and DTLS, based on a delicate timing analysis of decryption processing in the two protocols.

Transport Layer Security

  • S. Turner
  • Computer Science
    IEEE Internet Computing
  • 2014
The author looks at the collection of standards that make up TLS, including its history, protocol, and future, for securing client-server communications over the Internet.

Fast Elliptic Curve Cryptography in OpenSSL

  • E. Käsper
  • Computer Science, Mathematics
    Financial Cryptography Workshops
  • 2011
This work presents a 64-bit optimized implementation of the NIST and SECG-standardized elliptic curve P-224, and shows how to do small table look-ups in a cache-timing resistant way, allowing us to use precomputation.

Cryptographic strength of ssl/tls servers: current and recent practices

The cryptographic strength of public servers running SSL/TLS is characterized and encouraging behavior such as sensible default choices by servers when presented with multiple options, the quick adoption of AES, and the use of strong RSA key sizes of 1024 bits and above are observed.

The Transport Layer Security (TLS) Protocol Version 1.2

This document specifies Version 1.2 of the Transport Layer Security (TLS) protocol, which provides communications security over the Internet by allowing client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery.

Speeding up Secure Web Transactions Using Elliptic Curve Cryptography

The results show that an Apache web server can handle 11%-31% more HTTPS requests per second when using ECC rather than RSA at short-term security levels, and at security levels necessary to protect data beyond 2010, the use of ECC over RSA improves server performance by 110%-279% under realistic workloads.

The SSL landscape: a thorough analysis of the x.509 PKI using active and passive measurements

A comprehensive analysis of X.509 certificates in the wild reveals that the quality of certification lacks in stringency, due to a number of reasons among which incorrect certification chains or invalid certificate subjects give the most cause for concern.

Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)

This document describes new key exchange algorithms based on Elliptic Curve Cryptography (ECC) for the Transport Layer Security (TLS) protocol. In particular, it specifies the use of Elliptic Curve

Transport layer security: how much does it really cost?

  • G. ApostolopoulosV. PerisD. Saha
  • Computer Science
    IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320)
  • 1999
This paper benchmarks two of the more popular Web servers that are in use today and finds that they are a couple of orders of magnitude slower when it comes to serving secure Web pages, and suggests two modifications to the SSL protocol that reduce the latency as well as increase the throughput at the server.

Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices

The largest ever network survey of TLS and SSH servers is performed and evidence that vulnerable keys are surprisingly widespread is presented, including a boot-time entropy hole in the Linux random number generator.