Cryptographic strength of SSL/TLS servers: Current and recent practices

Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC

Volumn , Issue , 2007, Pages 83-92

  Lee, Homin K ^a   Malkin, Tal ^a   Nahum, Erich ^b  

^a Columbia University ^*  (United States)

^b IBM T J WATSON RESEARCH CENTER   (United States)

Author keywords

Network security; Servers; SSL

Indexed keywords

INTERNET MEASUREMENTS; KEY SIZES; SECURE SOCKET LAYER (SSL); SECURITY TOOLS; SERVER SECURITY; SSL/TLS; STRENGTH (IGC: D5/D6); TRANSPORT LAYER SECURITY (TLS);

CRYPTOGRAPHY; INTERNET; SEMICONDUCTING INTERMETALLICS; SERVERS; TOOLS;

PUBLIC KEY CRYPTOGRAPHY;

EID: 42149186965     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1298306.1298318     Document Type: Conference Paper

References (47)

1. Alexa Web Search - Top 500. http://www.alexa.com/site/ds/top_500.
2. IRCache. http://www.ircache.net.
3. Nmap. http://www.insecure.org/nmap/.
4. The OpenSSL project, http://www.openssl.org.
5. Web100. http://www.web100.com.
6. George Apostolopoulos, Vinod Peris, and Debanjan Saha,. Transport layer security: How much does it really cost? In IEEE InfoCom, New York, NY, March 1999.
7. Gregory V. Bard. The vulnerability of SSL to chosen plaintext attack. Cryptology ePrint Archive, Report 2004/111, 2004. http://eprint.iacr.org/.
8. Mihir Bellare, Ran Canetti, and Hugo Krawczyk. Keying hash functions for message authentication. In N. Koblitz, editor, Advances in Cryptology -CRYPTO 1996, volume 1109 of Lecture Notes in Computer Science, pages 534-545. Springer-Verlag, 1996.
9. Dan Boneh and David Brumley. Remote timing attacks are practical. In The 12th USENIX Security Symposium, August 2003.
10. Cristian Coarfa, Peter Druschel, and Dan S. Wallach. Performance analysis of TLS Web servers. ACM Transactions on Computer Systems, 24(1), February 2006.
11. NESSIE Consortium. Portfolio of recommended cryptographic primitives. Internet draft, February 2003. http ://www.cryptonessie.org/.
12. Nicolas Courtois and Josef Pieprzyk. Cryptanalysis of block ciphers with overdefined systems of equations. In Yuliang Zheng, editor, Advances in Cryptology -ASIACRYPT 2002, volume 2501 of Lecture Notes in Computer Science, pages 267-287. Springer-Verlag, 2002.
13. B. den Boer and A. Bosselaers. Collisions for the compression function of MD5. In Tor Helleseth, editor, Advances in Cryptology -EUROCRYPT 1993, volume 470 of Lecture Notes in Computer Science, pages 293-304. Springer-Verlag, 1994.
14. T. Dierks and C. Allen. The TLS protocol, version 1.0, January 1999. RFC-2246.
15. Tim Dierks and Eric Rescorla. The TLS protocol, version 1.1, June 2005. Internet Draft, http://www.ietf.org/internet-drafts/draft-ietf-tls-rfc2246-bis- 13.txt, expires December 2005.
16. Hans Dobbertin. Cryptanalysis of MD5 compress. In Fast Software Encryption, pages 53-69, 1996.
17. Hans Dobbertin. The status of MD5 after a recent attack. CryptoBytes, 2(2), 1996.
18. N. Ferguson and B. Schneier. Practical Cryptography. Wiley Publishing, Inc., 2003.
19. Scott Fluhrer, Itsik Mantin, and Adi Shamir. Weaknesses in the key scheduling algorithm of R.C4. In Selected Areas in Cryptography, volume 2259 of Lecture Notes in Computer Science, pages 1-24, 2001.
20. Alan O. Freier, Philip Karlton, and Paul C. Kocher.The SSL protocol version 3.0. Internet draft, Netscape Communications, November 1996. http://wp.netscape.com/eng/ss13/ssl-toe.html.
21. Eu-Jin Goh. SSL sniffer, http://crypto. Stanford. edu/~eujin/sslsniffer/ index.html.
22. Kipp E. B. Hickman. The SSL protocol. Internet draft, Netscape Communications, February 1995. http://wp.netscape.com/eng/security/SSL_2.html.
23. Burt Kaliski. TWIRL and RSA key size. Internet draft, RSA Laboratories, May 2003. http://www.rsasecurity.com/rsalabs/node.asp?id=2004.
24. Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa. Attacking RSA-based sessions in SSL/TLS. Cryptology ePrint Archive, Report 2003/052, 2003. http://eprint.iacr.org/.
25. Lars R. Knudsen, Vincent Rijmen, Ronald L. Rivest, and M. J. B. Robshaw. On the design and security of RC2. In FSE '98: Proceedings of the 5th International Workshop on Fast Software Encryption, pages 206-221. Springer-Verlag, 1998.
26. D. Mosberger and T. Jin. httperf - a tool for measuring Webserver performance. In Proceedings of the ACM SIGMETRICS Workshop on Internet Server Performance (WISP), pages 69-67, Madison, WI, June 1998.
27. Eric Murray. Changes in deployment of cryptography. Invited talk, USENIX Security Symposium 2001. http://www.usenix.org/events/sec01/murray/index.htm, July 2001.
28. Netcraft News. Vulnerable versions of OpenSSL apparently still widely deployed on commerce sites. http://news.netcraft.com/archives/2003/11/03/ vulnerable_versions_of_openssl_apparently_still_widely_deployed_on_commerce_sites.html.
29. NIST. Data encryption standard DES, December 1993. http://www.itl.nist. gov/fipspubs/fip46-2.htm.
30. NIST. Secure hash standard, federal information processing standards publication 180-1, April 1995. http://www.itl.nist.gov/fipspubs/fip180-1.htm.
31. NIST. Advanced encryption standard (AES), federal information processing standards publication 197, November 2001. http://www.csrc.nist.gov/publications/ fips/fipsl97/fips-197.pdf.
32. NIST. Special publication 800-57: Recommendation for key management, part 1: General guideline, January 2003. http://csrc.nist.gov/CryptoToolkit/kms/ guideline-1-Jan03.pdf.
33. NIST. Announcing proposed withdrawal of federal information processing standard (FIPS) for the data encryption standard (DES) and request for comments, July 2004. http://edocket.access.gpo.gov/2004/04-16894.htm.
34. Jitendra Padhye and Sally Floyd. On inferring TCP behavior. In ACM SIGCOMM Symposium on Communications Architectures and Protocols, San Diego, CA, August 2002.
35. Niels Provos and Peter Honeyman. ScanSSH: Scanning the Internet for SSH servers. In USENIX Large Installation System Administration Conference (LISA), pages 25-30, 2001.
36. Eric Rescorla. SSL and TLS. Addison Wesley, 2000.
37. Eric Rescorla. Security holes... who cares? In Proceedings of the 12th USENIX Security Symposium, pages 75-90, August 2003.
38. Ron Rivest. The MD5 message digest algorithm, April 1992. RFC-1321.
39. Ronald L. Rivest, Adi Shamir, and Leonard Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120-126, February 1978.
40. RSA Laboratories. How large a key should be used in the RSA cryptosystem? Internet draft, RSA Crypto FAQ. http://www.rsasecurity.com/rsalabs/node.asp?id= 2218.
41. RSA Laboratories. RSA crypto challenge sets new security benchmark - 512-bit public key factored by international team of researchers, August 1999.
42. Bruce Schneier. Applied Cryptography. John Wiley & Sons, 1994.
43. S. Vaudenay. Security flaws induced by CBC padding - applications to SSL, IPSEC, WTLS, ... In Advances in Cryptology -EUROCRYPT 2002, volume 2332 of Lecture Notes in Computer Science, pages 534-545. Springer-Verlag, 2002.
44. David Wagner and Bruce Schneier. Analysis of the SSL 3.0 protocol. In Proceedings of the 2nd USENIX Workshop on Electronic Commerce, pages 29-40, Oakland, CA, November 1996. http://www.cs.berkeley.edu/~daw/papers/ss13. 0.ps.
45. Xiaoyun Wang, Dengguo Feng, Xuejia Lai, and Hongbo Yu. Collisions for hash functions MD4, MD5, HAVAL-128 and RIPEMD, 2004. Manuscript. Available from eprint.iacr.org.
46. Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu. Finding collisions in the full SHA-1. In Advances in Cryptology -CRYPTO 2005, Lecture Notes in Computer Science. Springer-Verlag, 2005.
47. Michael J. Wiener. Performance comparison of public-key cryptosystems. CryptoBytes, 4(1), 1998. http://www.rsasecurity.com/rsalabs/node.asp?id= 2004.