IMDEA Networks Institute Publications Repository

Coming of Age: A Longitudinal Study of TLS Deployment

Kotzias, Platon and Razaghpanah, Abbas and Amann, Johanna and Paterson, Kenneth G. and Vallina-Rodriguez, Narseo and Caballero, Juan (2018) Coming of Age: A Longitudinal Study of TLS Deployment. In: The 18th ACM Internet Measurement Conference (IMC 2018), 31 October - 2 November 2018, Boston, MA, USA.

[img] PDF (Coming of Age: A Longitudinal Study of TLS Deployment) - Published Version
Download (559Kb)


The Transport Layer Security (TLS) protocol is the de-facto standard for encrypted communication on the Internet. However, it has been plagued by a number of different attacks and security issues over the last years. Addressing these attacks requires changes to the protocol, to server- or client-software, or to all of them. In this paper we conduct the first large-scale longitudinal study examining the evolution of the TLS ecosystem over the last six years. We place a special focus on the ecosystem’s evolution in response to high-profile attacks. For our analysis, we use a passive measurement dataset with more than 319.3B connections since February 2012, and an active dataset that contains TLS and SSL scans of the entire IPv4 address space since August 2015. To identify the evolution of specific clients we also create the—to our knowledge—largest TLS client fingerprint database to date, consisting of 1,684 fingerprints. We observe that the ecosystem has shifted significantly since 2012, with major changes in which cipher suites and TLS extensions are offered by clients and accepted by servers having taken place. Where possible, we correlate these with the timing of specific attacks on TLS. At the same time, our results show that while clients, especially browsers, are quick to adopt new algorithms, they are also slow to drop support for older ones. We also encounter significant amounts of client software that probably unwittingly offer unsafe ciphers. We discuss these findings in the context of long tail effects in the TLS ecosystem.

Item Type: Conference or Workshop Papers (Paper)
Additional Information:
Depositing User: Narseo Vallina
Date Deposited: 14 Oct 2018 13:32
Last Modified: 14 Oct 2018 13:32

Actions (login required)

View Item View Item