Cryptographic strength of ssl/tls servers

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Cryptographic strength of ssl/tls servers: current and recent practices

Full text

Pdf (188 KB)

Source

Internet Measurement Conference archive
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement table of contents

San Diego, California, USA

SESSION: Security and anomaly detection table of contents

Pages: 83 - 92

Year of Publication: 2007

ISBN:978-1-59593-908-1

Authors

Homin K. Lee	Columbia University, New York, NY
Tal Malkin	Columbia University, New York, NY
Erich Nahum	IBM T. J. Watson Research Ctr., Hawthorne, NY

Sponsors

SIGCOMM: ACM Special Interest Group on Data Communication
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 27, Downloads (12 Months): 247, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1298306.1298318 What is a DOI?

ABSTRACT

The Secure Socket Layer (SSL) and its variant, Transport Layer Security (TLS), are used toward ensuring server security. In this paper, we characterize the cryptographic strength of public servers running SSL/TLS. We present a tool developed for this purpose, the Probing SSL Security Tool (PSST), and evaluate over 19,000 servers. We expose the great diversity in the levels of cryptographic strength that is supported on the Internet. Some of our discouraging results show that most sites still support the insecure SSL 2.0, weak export-level grades of encryption ciphers, or weak RSA key strengths. We also observe encouraging behavior such as sensible default choices by servers when presented with multiple options, the quick adoption of AES (more than half the servers support strong key AES as their default choice), and the use of strong RSA key sizes of 1024 bits and above. Comparing results of running our tool over the last two years points to a positive trend that is moving in the right direction, though perhaps not as quickly as it should.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Alexa Web Search - Top 500. http://www.alexa.com/site/ds/top_500.
	2	IRCache. http://www.ircache.net.
	3	Nmap. http://www.insecure.org/nmap/.
	4	The OpenSSL project. http://www.openssl.org.
	5	Web100. http://www.web100.com.
	6	George Apostolopoulos, Vinod Peris, and Debanjan Saha. Transport layer security: How much does it really cost? In IEEE InfoCom, New York, NY, March 1999.
	7	Gregory V. Bard. The vulnerability of SSL to chosen plaintext attack. Cryptology ePrint Archive, Report 2004/111, 2004. http://eprint.iacr.org/.
	8	Mihir Bellare , Ran Canetti , Hugo Krawczyk, Keying Hash Functions for Message Authentication, Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology, p.1-15, August 18-22, 1996
	9	David Brumley , Dan Boneh, Remote timing attacks are practical, Proceedings of the 12th conference on USENIX Security Symposium, p.1-1, August 04-08, 2003, Washington, DC
	10	Cristian Coarfa , Peter Druschel , Dan S. Wallach, Performance analysis of TLS Web servers, ACM Transactions on Computer Systems (TOCS), v.24 n.1, p.39-69, February 2006 [doi>10.1145/1124153.1124155]
	11	NESSIE Consortium. Portfolio of recommended cryptographic primitives. Internet draft, February 2003. http://www.cryptonessie.org/.
	12	Nicolas Courtois , Josef Pieprzyk, Cryptanalysis of Block Ciphers with Overdefined Systems of Equations, Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, p.267-287, December 01-05, 2002
	13	Bert den Boer , Antoon Bosselaers, Collisions for the compression function of MD5, Workshop on the theory and application of cryptographic techniques on Advances in cryptology, p.293-304, January 1994, Lofthus, Norway
	14	T. Dierks , C. Allen, The TLS Protocol Version 1.0, RFC Editor, 1999
	15	T. Dierks , C. Allen, The TLS Protocol Version 1.0, RFC Editor, 1999
	16	Hans Dobbertin, Cryptanalysis of MD4, Proceedings of the Third International Workshop on Fast Software Encryption, p.53-69, February 21-23, 1996
	17	Hans Dobbertin. The status of MD5 after a recent attack. CryptoBytes, 2(2), 1996.
	18	Niels Ferguson , Bruce Schneier, Practical Cryptography, John Wiley & Sons, Inc., New York, NY, 2003
	19	Scott R. Fluhrer , Itsik Mantin , Adi Shamir, Weaknesses in the Key Scheduling Algorithm of RC4, Revised Papers from the 8th Annual International Workshop on Selected Areas in Cryptography, p.1-24, August 16-17, 2001
	20	Alan O. Freier, Philip Karlton, and Paul C. Kocher. The SSL protocol version 3.0. Internet draft, Netscape Communications, November 1996. http://wp.netscape.com/eng/ssl3/ssl-toc.html.
	21	Eu-Jin Goh. SSL sniffer. http://crypto.stanford.edu/~eujin/sslsniffer/index.html.
	22	Kipp E. B. Hickman. The SSL protocol. Internet draft, Netscape Communications, February 1995. http://wp.netscape.com/eng/security/SSL_2.html.
	23	Burt Kaliski. TWIRL and RSA key size. Internet draft, RSA Laboratories, May 2003. http://www.rsasecurity.com/rsalabs/node.asp?id=2004.
	24	Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa. Attacking RSA-based sessions in SSL/TLS. Cryptology ePrint Archive, Report 2003/052, 2003. http://eprint.iacr.org/.
	25	Lars R. Knudsen , Vincent Rijmen , Ronald L. Rivest , M. J. B. Robshaw, On the Design and Security of RC2, Proceedings of the 5th International Workshop on Fast Software Encryption, p.206-221, March 23-25, 1998
	26	D. Mosberger and T. Jin. httperf -- a tool for measuring Webserver performance. In Proceedings of the ACM SIGMETRICS Workshop on Internet Server Performance (WISP), pages 69--67, Madison, WI, June 1998.
	27	Eric Murray. Changes in deployment of cryptography. Invited talk, USENIX Security Symposium 2001. http://www.usenix.org/events/sec01/murray/index.htm,July 2001.
	28	Netcraft News. Vulnerable versions of OpenSSL apparently still widely deployed on commerce sites. http://news.netcraft.com/archives/2003/11/03/vulnerable_versions_of_openssl_apparently_still_widely_deployed_on_commerce_sites.html.
	29	NIST. Data encryption standard DES, December 1993. http://www.itl.nist.gov/fipspubs/fip46-2.htm.
	30	NIST. Secure hash standard, federal information processing standards publication 180-1, April 1995. http://www.itl.nist.gov/fipspubs/fip180-1.htm.
	31	NIST. Advanced encryption standard (AES), federal information processing standards publication 197, November 2001. http://www.csrc.nist.gov/publications/fips/fips197/fips-197.pdf.
	32	NIST. Special publication 800-57: Recommendation for key management. part 1: General guideline, January 2003. http://csrc.nist.gov/CryptoToolkit/kms/guideline-1-Jan03.pdf.
	33	NIST. Announcing proposed withdrawal of federal information processing standard (FIPS) for the data encryption standard (DES) and request for comments, July 2004. http://edocket.access.gpo.gov/2004/04-16894.htm.
	34	Jitendra Pahdye , Sally Floyd, On inferring TCP behavior, Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications, p.287-298, August 2001, San Diego, California, United States
	35	Niels Provos and Peter Honeyman. ScanSSH: Scanning the Internet for SSH servers. In USENIX Large Installation System Administration Conference(LISA), pages 25--30, 2001.
	36	Eric Rescorla. SSL and TLS. Addison Wesley, 2000.
	37	Eric Rescorla, Security holes... who cares?, Proceedings of the 12th conference on USENIX Security Symposium, p.6-6, August 04-08, 2003, Washington, DC
	38	R. Rivest, The MD5 Message-Digest Algorithm, RFC Editor, 1992
	39	R. L. Rivest , A. Shamir , L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, v.21 n.2, p.120-126, Feb. 1978 [doi>10.1145/359340.359342]
	40	RSA Laboratories. How large a key should be used inthe RSA cryptosystem? Internet draft, RSA Crypto FAQ. http://www.rsasecurity.com/rsalabs/node.asp?id=2218.
	41	RSA Laboratories. RSA crypto challenge sets new security benchmark - 512-bit public key factored by international team of researchers, August 1999.
	42	Bruce Schneier. Applied Cryptography. John Wiley & Sons, 1994.
	43	Serge Vaudenay, Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS ..., Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology, p.534-546, May 02, 2002
	44	David Wagner , Bruce Schneier, Analysis of the SSL 3.0 protocol, Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce, p.4-4, November 18-21, 1996, Oakland, California
	45	Xiaoyun Wang, Dengguo Feng, Xuejia Lai, and Hongbo Yu. Collisions for hash functions MD4, MD5, HAVAL-128 and RIPEMD, 2004. Manuscript. Available from eprint.iacr.org.
	46	Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu. Finding collisions in the full SHA-1. In Advances in Cryptology -- CRYPTO 2005, Lecture Notes in Computer Science. Springer-Verlag, 2005.
	47	Michael J. Wiener. Performance comparison of public-key cryptosystems. CryptoBytes, 4(1), 1998. http://www.rsasecurity.com/rsalabs/node.asp?id=2004.