Turning Active TLS Scanning to Eleven - ICT Systems Security and Privacy Protection (SEC 2017)
Conference Papers Year : 2017

Turning Active TLS Scanning to Eleven

Wilfried Mayer
  • Function : Author
  • PersonId : 1023828
Martin Schmiedecker
  • Function : Author
  • PersonId : 1022683

Abstract

Transport Layer Security (TLS) is the fundament of today’s web security, but the majority of deployments are misconfigured and left vulnerable to a phletora of attacks. This negatively affects the overall healthiness of the TLS ecosystem, and as such all the protocols that build on top of it. Scanning a larger number of hosts or protocols such as the numerous IPv4-wide scans published recently for a list of known attacks in TLS is non-trivial. This is due to the design of the TLS handshake, where the server chooses the specific cipher suite to be used. Current scanning approaches have to establish an unnecessary large number of connections and amount of traffic. In this paper we present and implemented different optimized strategies for TLS cipher suite scanning that, compared to the current best practice, perform up to 3.2 times faster and with 94% less connections used while being able to do exhaustive scanning for many vulnerabilities at once. We thoroughly evaluated the algorithms using practical scans and an additional simulation for evaluating current cipher suite practices at scale. With this work full TLS cipher suite scans are brought to a new level, making them a practical tool for further empiric research.
Fichier principal
Vignette du fichier
449885_1_En_1_Chapter.pdf (558.8 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01649020 , version 1 (27-11-2017)

Licence

Identifiers

Cite

Wilfried Mayer, Martin Schmiedecker. Turning Active TLS Scanning to Eleven. 32th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), May 2017, Rome, Italy. pp.3-16, ⟨10.1007/978-3-319-58469-0_1⟩. ⟨hal-01649020⟩
324 View
138 Download

Altmetric

Share

More