Top

Published in:

2017 | OriginalPaper | Chapter

Turning Active TLS Scanning to Eleven

Authors : Wilfried Mayer, Martin Schmiedecker

Published in: ICT Systems Security and Privacy Protection

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Transport Layer Security (TLS) is the fundament of today’s web security, but the majority of deployments are misconfigured and left vulnerable to a phletora of attacks. This negatively affects the overall healthiness of the TLS ecosystem, and as such all the protocols that build on top of it. Scanning a larger number of hosts or protocols such as the numerous IPv4-wide scans published recently for a list of known attacks in TLS is non-trivial. This is due to the design of the TLS handshake, where the server chooses the specific cipher suite to be used. Current scanning approaches have to establish an unnecessary large number of connections and amount of traffic. In this paper we present and implemented different optimized strategies for TLS cipher suite scanning that, compared to the current best practice, perform up to 3.2 times faster and with 94% less connections used while being able to do exhaustive scanning for many vulnerabilities at once. We thoroughly evaluated the algorithms using practical scans and an additional simulation for evaluating current cipher suite practices at scale. With this work full TLS cipher suite scans are brought to a new level, making them a practical tool for further empiric research.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

next chapter Slow TCAM Exhaustion DDoS Attack

The patterns, the mappings and the source code are available online at: https://github.com/WilfriedMayer/turning-active-tls-scanning-to-eleven.

551 cipher suites were tested with SSLyze version 0.11. Because the underlying TLS implementation changed, version 0.12 does not test two specific cipher suites for four TLS versions, thus only 543 connections. Existing results for these cipher suites are ignored in the algorithm.

https://scans.io/study/sba-email.

SSLyze - fast and full-featured SSL scanner. https://github.com/nabla-c0d3/sslyze

Applied crypto hardening (2015). https://bettercrypto.org

Alexa Internet Inc., Top 1,000,000 sites. http://s3.amazonaws.com/alexa-static/top-1m.csv.zip

Amann, B., Sommer, R., Vallentin, M., Hall, S.: No attack necessary: the surprising dynamics of SSL trust relationships. In: 29th Annual Computer Security Applications Conference, pp. 179–188. ACM (2013)

Amann, B., Vallentin, M., Hall, S., Sommer, R.: Revisiting SSL: a large-scale study of the internet’s most trusted protocol. Technical report TR-12-015, ICSI, December 2012

Aviram, N., Schinzel, S., Somorovsky, J., Heninger, N., Dankel, M., Steube, J., Valenta, L., Adrian, D., Halderman, J.A., Dukhovni, V., et al.: DROWN: breaking TLS using SSLv2. In: 25th USENIX Security Symposium (2016)

Dierks, T., Rescorla, E.: The transport layer security (TLS) protocol version 1.2. RFC 5246 (Proposed Standard), Updated by RFCs 5746, 5878, 6176, August 2008

Durumeric, Z., Adrian, D., Mirian, A., Bailey, M., Halderman, J.A.: A search engine backed by internet-wide scanning. In: 22nd Conference on Computer and Communications Security, pp. 542–553. ACM (2015)

Durumeric, Z., Kasten, J., Bailey, M., Halderman, J.A.: Analysis of the HTTPS certificate ecosystem. In: 13th ACM Internet Measurement Conference, pp. 291–304, October 2013

10.

Durumeric, Z., Li, F., Kasten, J., Amann, J., Beekman, J., Payer, M., Weaver, N., Adrian, D., Paxson, V., Bailey, M., Halderman, J.A.: The matter of heartbleed. In: 14th ACM Internet Measurement Conference, November 2014

11.

Durumeric, Z., Wustrow, E., Halderman, J.A.: ZMap: fast internet-wide scanning and its security applications. In: 22nd USENIX Security Symposium, August 2013

12.

Eckersley, P., Burns, J.: An observatory for the SSLiverse. DEF CON 18, July 2010. https://www.eff.org/files/defconssliverse.pdf

13.

Graham, R.: Masscan: the entire Internet in 3 minutes. https://github.com/robertdavidgraham/masscan/, http://blog.erratasec.com/2013/09/masscan-entire-internet-in-3-minutes.html

14.

Holz, R., Amann, J., Mehani, O., Wachs, M., Kaafar, M.A.: TLS in the wild: an internet-wide analysis of TLS-based protocols for electronic communication. In: Network and Distributed System Security Symposium (2016)

15.

Huang, L.-S., Adhikarla, S., Boneh, D., Jackson, C.: An experimental study of TLS forward secrecy deployments. IEEE Internet Comput. 18(6), 43–51 (2014)CrossRef

16.

Hubbard, D.: Cisco umbrella 1 million (2016). https://blog.opendns.com/2016/12/14/cisco-umbrella-1-million/

17.

IANA: Transport layer security (TLS) parameters. https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4

18.

Lee, H.K., Malkin, T., Nahum, E.: Cryptographic strength of SSL/TLS servers: current and recent practices. In: 7th ACM Internet Measurement Conference, pp. 83–92, October 2007

19.

Mayer, W., Zauner, A., Schmiedecker, M., Huber, M.: No need for black chambers: testing TLS in the e-mail ecosystem at large. In: International Conference on Availability, Reliability and Security (2016)

20.

Möller, B., Duong, T., Kotowicz, K.: This POODLE bites: exploiting the SSL 3.0 fallback. Security Advisory (2014)

21.

Mozilla: Mozilla SSL configuration generator. https://mozilla.github.io/server-side-tls/ssl-config-generator/

22.

Popov, A.: Prohibiting RC4 cipher suites, RFC 7465, February 2015

23.

Qualys SSL Labs: SSL server test. https://www.ssllabs.com/ssltest

24.

Rescorla, E.: The transport layer security (TLS) protocol version 1.3 draft-ietf-tls-tls13-18 (2016)

25.

Sheffer, Y., Holz, R., Saint-Andre, P.: Recommendations for secure use of transport layer security (TLS) and datagram transport layer security (DTLS) (2015)

26.

Van der Sloot, B., Amann, J., Bernhard, M., Durumeric, Z., Bailey, M., Halderman, J.A.: Towards a complete view of the certificate ecosystem. In: Internet Measurement Conference, pp. 543–549. ACM (2016)

Title: Turning Active TLS Scanning to Eleven
Authors: Wilfried Mayer
Martin Schmiedecker
Publisher: Springer International Publishing
Book: ICT Systems Security and Privacy Protection
Print ISBN: 978-3-319-58468-3

Electronic ISBN: 978-3-319-58469-0

Copyright Year: 2017
DOI: https://doi.org/10.1007/978-3-319-58469-0_1

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner