TY - GEN
T1 - One year of SSL internet measurement
AU - Levillain, Olivier
AU - Ébalard, Arnaud
AU - Morin, Benjamin
AU - Debar, Hervé
PY - 2012/12/1
Y1 - 2012/12/1
N2 - Over the years, SSL/TLS has become an essential part of internet security. As such, it should offer robust and state-of-the-art security, in particular for HTTPS, its first application. Theoretically, the protocol allows for a trade-off between secure algorithms and decent performance. Yet in practice, servers do not always support the latest version of the protocol, nor do they all enforce strong cryptographic algorithms. To assess the quality of HTTPS servers in the wild, we enumerated HTTPS servers on the internet in July 2010 and July 2011. We sent several stimuli to the servers to gather detailed information. We then analysed some parameters of the collected data and looked at how they evolved. We also focused on two subsets of TLS hosts within our measure: the trusted hosts (possessing a valid certificate at the time of the probing) and the EV hosts (presenting a trusted, socalled Extended Validation certificate). Our contributions rely on this methodology: the stimuli we sent, the criteria we studied and the subsets we focused on. Moreover, even if EV servers present a somewhat improved certificate quality over the TLS hosts, we show they do not offer overall high quality sessions, which could and should be improved.
AB - Over the years, SSL/TLS has become an essential part of internet security. As such, it should offer robust and state-of-the-art security, in particular for HTTPS, its first application. Theoretically, the protocol allows for a trade-off between secure algorithms and decent performance. Yet in practice, servers do not always support the latest version of the protocol, nor do they all enforce strong cryptographic algorithms. To assess the quality of HTTPS servers in the wild, we enumerated HTTPS servers on the internet in July 2010 and July 2011. We sent several stimuli to the servers to gather detailed information. We then analysed some parameters of the collected data and looked at how they evolved. We also focused on two subsets of TLS hosts within our measure: the trusted hosts (possessing a valid certificate at the time of the probing) and the EV hosts (presenting a trusted, socalled Extended Validation certificate). Our contributions rely on this methodology: the stimuli we sent, the criteria we studied and the subsets we focused on. Moreover, even if EV servers present a somewhat improved certificate quality over the TLS hosts, we show they do not offer overall high quality sessions, which could and should be improved.
KW - Certificates
KW - HTTPS
KW - Internet measure
KW - SSL/TLS
KW - X.509
UR - https://www.scopus.com/pages/publications/84872099386
U2 - 10.1145/2420950.2420953
DO - 10.1145/2420950.2420953
M3 - Conference contribution
AN - SCOPUS:84872099386
SN - 9781450313124
T3 - ACM International Conference Proceeding Series
SP - 11
EP - 20
BT - Proceedings - 28th Annual Computer Security Applications Conference, ACSAC 2012
T2 - 28th Annual Computer Security Applications Conference, ACSAC 2012
Y2 - 3 December 2012 through 7 December 2012
ER -