Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Turning Active TLS Scanning to Eleven

452 vues

Publié le

Presentation of our talk at the IFIP Sec 2017 in Rome.
You can find the full paper here: https://www.sba-research.org/wp-content/uploads/publications/ifipSec2017_preprint.pdf

Publié dans : Internet
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

Turning Active TLS Scanning to Eleven

  1. 1. TURNING ACTIVE TLS SCANNING TO ELEVEN Wilfried Mayer, Martin Schmiedecker IFIP SEC 2017, Rome 29.5.2017 2016 - SBA Research gGmbH
  2. 2. Turning Active TLS Scanning to Eleven • Scans the full TLS Cipher Suite configuration • Evaluated new methods and approaches • Improvement: 3.2 times faster 6% connections
  3. 3. TLS Scanning Measure the state of the TLS ecosystem • Fundament of today‘s web security • Need to know the current state • Existing projects: scans.io / censys / SSLTest • Existing tools: zmap / masscan / SSLyze • Efficiently scan the state? • What is the state? 2016 - SBA Research gGmbH
  4. 4. TLS Scanning Tools and Cipher Suites • zmap / masscan Efficiently scan all hosts once • Sslyze Scan all cipher suites of hosts • SSLTest Scan one public host intense 2016 - SBA Research gGmbH
  5. 5. TLS Scanning TLS Handshake 2016 - SBA Research gGmbH
  6. 6. TLS Scanning Cipher Suites 2016 - SBA Research gGmbH
  7. 7. Approaches Defined Requirements • Time • Parallelization • Connections • Completeness 2016 - SBA Research gGmbH
  8. 8. Approaches Existing approach: „Naive“ • 1 cipher suite / request • All requests at the same time 2016 - SBA Research gGmbH
  9. 9. Approaches Connection optimal • Request include cipher suites with unknown result • Requests serialized 2016 - SBA Research gGmbH
  10. 10. Approaches Based on cryptographic primitives • Request groups cipher suites • Multiple requests at the same time • Multiple rounds necessary 2016 - SBA Research gGmbH
  11. 11. Approaches Based on existing results • Multiple parallel rounds of requests • Find configurations with highest probability
  12. 12. Existing Data Full TLS Cipher Suite Scan from 2015 • No Need for Black Chambers: Testing TLS in the E-mail Ecosystem at Large • Internet-wide scan of TLS cipher suite configurations • SSLyze (naive approach) used ~10 billion TLS handshakes ~20 million IP/port results 2016 - SBA Research gGmbH
  13. 13. Existing Data Patterns in Cipher Suite Usage Most-used cipher suite patterns for HTTPS, • Internet-wide scan in Aug. 2015 • Even higher percentage for other protocols (SMTP) 2016 - SBA Research gGmbH
  14. 14. Existing Data Coverage + Patterns Host coverage by number of patterns 2016 - SBA Research gGmbH
  15. 15. Tests • Simulated with existing results • Experimental testing with active scanning 2016 - SBA Research gGmbH
  16. 16. Results Simulation With the state of TLS scanned 2015 C … Average number of connections R … Average number of rounds 2016 - SBA Research gGmbH
  17. 17. Results Experimental 2016 - SBA Research gGmbH
  18. 18. Results Experimental 2016 - SBA Research gGmbH
  19. 19. Results Alexa Top10k • Scanned Alexa and Umbrella Top10k hosts • Compared Patterns • Mozilla SSL Configuration Generator 2016 - SBA Research gGmbH
  20. 20. Discussion ● Ethics „poor trade-off in terms of good Internet citizenship versus lessons that can be learned“ [Holz et al.] ● Other factors of optimization Bandwidth usage, TCP/IP settings, parallelization ● TLS 1.3. 2016 - SBA Research gGmbH
  21. 21. Conclusion ● New approaches to TLS Cipher Suite scanning ● Performance gain ● 3.2 times faster ● 6% of the connections ● Implemented & Evaluated 2016 - SBA Research gGmbH
  22. 22. Wilfried Mayer SBA Research gGmbH Favoritenstraße 16, 1040 Wien wmayer@sba-research.org

×