Coming of Age: A Longitudinal Study of TLS Deployment

Platon Kotzias, Abbas Razaghpanah, J. Amann, K. Paterson, N. Vallina-Rodriguez, Juan Caballero
{"title":"Coming of Age: A Longitudinal Study of TLS Deployment","authors":"Platon Kotzias, Abbas Razaghpanah, J. Amann, K. Paterson, N. Vallina-Rodriguez, Juan Caballero","doi":"10.1145/3278532.3278568","DOIUrl":null,"url":null,"abstract":"The Transport Layer Security (TLS) protocol is the de-facto standard for encrypted communication on the Internet. However, it has been plagued by a number of different attacks and security issues over the last years. Addressing these attacks requires changes to the protocol, to server- or client-software, or to all of them. In this paper we conduct the first large-scale longitudinal study examining the evolution of the TLS ecosystem over the last six years. We place a special focus on the ecosystem's evolution in response to high-profile attacks. For our analysis, we use a passive measurement dataset with more than 319.3B connections since February 2012, and an active dataset that contains TLS and SSL scans of the entire IPv4 address space since August 2015. To identify the evolution of specific clients we also create the---to our knowledge---largest TLS client fingerprint database to date, consisting of 1,684 fingerprints. We observe that the ecosystem has shifted significantly since 2012, with major changes in which cipher suites and TLS extensions are offered by clients and accepted by servers having taken place. Where possible, we correlate these with the timing of specific attacks on TLS. At the same time, our results show that while clients, especially browsers, are quick to adopt new algorithms, they are also slow to drop support for older ones. We also encounter significant amounts of client software that probably unwittingly offer unsafe ciphers. We discuss these findings in the context of long tail effects in the TLS ecosystem.","PeriodicalId":20640,"journal":{"name":"Proceedings of the Internet Measurement Conference 2018","volume":"151 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2018-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"63","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Internet Measurement Conference 2018","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3278532.3278568","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 63

Abstract

The Transport Layer Security (TLS) protocol is the de-facto standard for encrypted communication on the Internet. However, it has been plagued by a number of different attacks and security issues over the last years. Addressing these attacks requires changes to the protocol, to server- or client-software, or to all of them. In this paper we conduct the first large-scale longitudinal study examining the evolution of the TLS ecosystem over the last six years. We place a special focus on the ecosystem's evolution in response to high-profile attacks. For our analysis, we use a passive measurement dataset with more than 319.3B connections since February 2012, and an active dataset that contains TLS and SSL scans of the entire IPv4 address space since August 2015. To identify the evolution of specific clients we also create the---to our knowledge---largest TLS client fingerprint database to date, consisting of 1,684 fingerprints. We observe that the ecosystem has shifted significantly since 2012, with major changes in which cipher suites and TLS extensions are offered by clients and accepted by servers having taken place. Where possible, we correlate these with the timing of specific attacks on TLS. At the same time, our results show that while clients, especially browsers, are quick to adopt new algorithms, they are also slow to drop support for older ones. We also encounter significant amounts of client software that probably unwittingly offer unsafe ciphers. We discuss these findings in the context of long tail effects in the TLS ecosystem.
成年:TLS部署的纵向研究
传输层安全(TLS)协议是Internet上加密通信的事实上的标准。然而,在过去的几年里,它一直受到许多不同的攻击和安全问题的困扰。解决这些攻击需要对协议、服务器或客户端软件或所有这些进行更改。在本文中,我们进行了第一次大规模的纵向研究,研究了TLS生态系统在过去六年中的演变。我们特别关注生态系统的演变,以应对高调的攻击。在我们的分析中,我们使用了自2012年2月以来拥有超过319.3亿个连接的被动测量数据集,以及自2015年8月以来包含整个IPv4地址空间的TLS和SSL扫描的主动数据集。为了识别特定客户端的演变,我们还创建了——据我们所知——迄今为止最大的TLS客户端指纹数据库,包含1,684个指纹。我们观察到,自2012年以来,生态系统发生了重大变化,客户端提供密码套件和TLS扩展并被服务器接受的重大变化已经发生。在可能的情况下,我们将这些与针对TLS的特定攻击的时间关联起来。同时,我们的结果表明,虽然客户端,尤其是浏览器,采用新算法的速度很快,但它们放弃对旧算法的支持的速度也很慢。我们还会遇到大量可能无意中提供不安全密码的客户端软件。我们在TLS生态系统中的长尾效应背景下讨论这些发现。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信