Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Turning Active TLS Scanning to Eleven

357 visualizaciones

Publicado el

Presentation of our talk at the IFIP Sec 2017 in Rome.
You can find the full paper here: https://www.sba-research.org/wp-content/uploads/publications/ifipSec2017_preprint.pdf

Publicado en: Internet
  • Sé el primero en comentar

  • Sé el primero en recomendar esto

Turning Active TLS Scanning to Eleven

  1. 1. TURNING ACTIVE TLS SCANNING TO ELEVEN Wilfried Mayer, Martin Schmiedecker IFIP SEC 2017, Rome 29.5.2017 2016 - SBA Research gGmbH
  2. 2. Turning Active TLS Scanning to Eleven • Scans the full TLS Cipher Suite configuration • Evaluated new methods and approaches • Improvement: 3.2 times faster 6% connections
  3. 3. TLS Scanning Measure the state of the TLS ecosystem • Fundament of today‘s web security • Need to know the current state • Existing projects: scans.io / censys / SSLTest • Existing tools: zmap / masscan / SSLyze • Efficiently scan the state? • What is the state? 2016 - SBA Research gGmbH
  4. 4. TLS Scanning Tools and Cipher Suites • zmap / masscan Efficiently scan all hosts once • Sslyze Scan all cipher suites of hosts • SSLTest Scan one public host intense 2016 - SBA Research gGmbH
  5. 5. TLS Scanning TLS Handshake 2016 - SBA Research gGmbH
  6. 6. TLS Scanning Cipher Suites 2016 - SBA Research gGmbH
  7. 7. Approaches Defined Requirements • Time • Parallelization • Connections • Completeness 2016 - SBA Research gGmbH
  8. 8. Approaches Existing approach: „Naive“ • 1 cipher suite / request • All requests at the same time 2016 - SBA Research gGmbH
  9. 9. Approaches Connection optimal • Request include cipher suites with unknown result • Requests serialized 2016 - SBA Research gGmbH
  10. 10. Approaches Based on cryptographic primitives • Request groups cipher suites • Multiple requests at the same time • Multiple rounds necessary 2016 - SBA Research gGmbH
  11. 11. Approaches Based on existing results • Multiple parallel rounds of requests • Find configurations with highest probability
  12. 12. Existing Data Full TLS Cipher Suite Scan from 2015 • No Need for Black Chambers: Testing TLS in the E-mail Ecosystem at Large • Internet-wide scan of TLS cipher suite configurations • SSLyze (naive approach) used ~10 billion TLS handshakes ~20 million IP/port results 2016 - SBA Research gGmbH
  13. 13. Existing Data Patterns in Cipher Suite Usage Most-used cipher suite patterns for HTTPS, • Internet-wide scan in Aug. 2015 • Even higher percentage for other protocols (SMTP) 2016 - SBA Research gGmbH
  14. 14. Existing Data Coverage + Patterns Host coverage by number of patterns 2016 - SBA Research gGmbH
  15. 15. Tests • Simulated with existing results • Experimental testing with active scanning 2016 - SBA Research gGmbH
  16. 16. Results Simulation With the state of TLS scanned 2015 C … Average number of connections R … Average number of rounds 2016 - SBA Research gGmbH
  17. 17. Results Experimental 2016 - SBA Research gGmbH
  18. 18. Results Experimental 2016 - SBA Research gGmbH
  19. 19. Results Alexa Top10k • Scanned Alexa and Umbrella Top10k hosts • Compared Patterns • Mozilla SSL Configuration Generator 2016 - SBA Research gGmbH
  20. 20. Discussion ● Ethics „poor trade-off in terms of good Internet citizenship versus lessons that can be learned“ [Holz et al.] ● Other factors of optimization Bandwidth usage, TCP/IP settings, parallelization ● TLS 1.3. 2016 - SBA Research gGmbH
  21. 21. Conclusion ● New approaches to TLS Cipher Suite scanning ● Performance gain ● 3.2 times faster ● 6% of the connections ● Implemented & Evaluated 2016 - SBA Research gGmbH
  22. 22. Wilfried Mayer SBA Research gGmbH Favoritenstraße 16, 1040 Wien wmayer@sba-research.org

×