Show simple item record

dc.contributor.authorAlashwali, ES
dc.contributor.authorSzalachowski, P
dc.contributor.authorMartin, A
dc.date.accessioned2020-03-23T05:20:48Z
dc.date.available2020-03-23T05:20:48Z
dc.date.issued2019
dc.identifier.isbn9783030372279
dc.identifier.issn1867-8211
dc.identifier.doi10.1007/978-3-030-37228-6_17
dc.identifier.urihttp://hdl.handle.net/10072/392554
dc.description.abstractForward Secrecy (FS) is a security property in key-exchange algorithms which guarantees that a compromise in the secrecy of a long-term private-key does not compromise the secrecy of past session keys. With a growing awareness of long-term mass surveillance programs by governments and others, FS has become widely regarded as a highly desirable property. This is particularly true in the TLS protocol, which is used to secure Internet communication. In this paper, we investigate FS in pre-TLS 1.3 protocols, which do not mandate FS, but are still widely used today. We conduct an empirical analysis of over 10 million TLS servers from three different datasets using a novel heuristic approach. Using a modern TLS client handshake algorithms, our results show 5.37% of top domains, 7.51% of random domains, and 26.16% of random IPs do not select FS key-exchange algorithms. Surprisingly, 39.20% of the top domains, 24.40% of the random domains, and 14.46% of the random IPs that do not select FS, do support FS. In light of this analysis, we discuss possible paths toward forward secure Internet traffic. As an improvement of the current state, we propose a new client-side mechanism that we call “Best Effort Forward Secrecy” (BEFS), and an extension of it that we call “Best Effort Forward Secrecy and Authenticated Encryption” (BESAFE), which aims to guide (force) misconfigured servers to FS using a best effort approach. Finally, within our analysis, we introduce a novel adversarial model that we call “discriminatory” adversary, which is applicable to the TLS protocol.
dc.description.peerreviewedYes
dc.publisherSpringer
dc.relation.ispartofconferencename15th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2019)
dc.relation.ispartofconferencetitleSecurity and Privacy in Communication Networks
dc.relation.ispartofdatefrom2019-10-23
dc.relation.ispartofdateto2019-10-25
dc.relation.ispartoflocationOrlando, USA
dc.relation.ispartofpagefrom341
dc.relation.ispartofpageto364
dc.relation.ispartofseriesLecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
dc.relation.ispartofvolume304
dc.subject.fieldofresearchCybersecurity and privacy not elsewhere classified
dc.subject.fieldofresearchDistributed computing and systems software
dc.subject.fieldofresearchcode460499
dc.subject.fieldofresearchcode4606
dc.titleTowards forward secure internet traffic
dc.typeConference output
dc.type.descriptionE1 - Conferences
dcterms.bibliographicCitationAlashwali, ES; Szalachowski, P; Martin, A, Towards forward secure internet traffic, Lecture Notes of the Institute for Computer Sciences, Security and Privacy in Communication Networks, 2019, 304, pp. 341-364
dc.date.updated2020-03-23T05:15:56Z
gro.rights.copyright© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2019. This is the author-manuscript version of this paper. Reproduced in accordance with the copyright policy of the publisher.The original publication is available at www.springerlink.com
gro.hasfulltextFull Text
gro.griffith.authorMartin, Andrew


Files in this item

This item appears in the following Collection(s)

  • Conference outputs
    Contains papers delivered by Griffith authors at national and international conferences.

Show simple item record