Speaking in Tongues - Practical Evaluation of TLS Cipher Suites Compatibility

Manuel Koschuch, Taro Fruhwirth, Alexander Glaser, Silvie Schmidt, Matthias Hudler

2015

Abstract

The Transport Layer Security (TLS) protocol is still the de-facto standard for secure network connections over an insecure medium like the internet. But its flexibility concerning the algorithms used for securing a channel between two parties can also be a weakness, due to the possible agreement on insecure ciphers. In this work we examine an existing white paper (Applied Crypto Hardening) giving recommendations on how to securely configure SSL/TLS connections with regard to the practical feasibility of these recommendations. In addition we propose an additional configuration set with the aim of increasing compatibility as well as security. We also developed a small Cipher Negotiation Crawler (CiNeg) to test TLS-handshakes using given cipher configurations with a supplied list of websites and show its practical usability.

References

  1. Beurdouche, B., Bhargavan, K., Delignat-Lavaud, A., Fournet, C., Kohlweiss, M., Pironti, A., Strub, P.-Y., and Zinzindohoue, J. K. (2015). A Messy State of the Union: Taming the Composite State Machines of TLS. In IEEE Security & Privacy 2015, preprint.
  2. Breyha, W., Durvaux, D., Dussa, T., Kaplan, L. A., Mendel, F., Mock, C., Koschuch, M., Kriegisch, A., Pschl, U., Sabet, R., San, B., Schlatterbeck, R., Schreck, T., Wrstlein, A., Zauner, A., and Zawodsky, P. (2015). Applied Crypto Hardening. Technical report.
  3. Chown, P. (2002). RFC3268 - Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS). Technical report, Network Working Group.
  4. Dierks, T. and Allen, C. (1999). RFC2246 - The TLS Protocol Version 1.0. Technical report, Network Working Group.
  5. Dierks, T. and Rescorla, E. (2006). RFC4346 - The Transport Layer Security (TLS) Protocol Version 1.1. Technical report, Network Working Group.
  6. Dierks, T. and Rescorla, E. (2008). RFC5246 - The Transport Layer Security (TLS) Protocol Version 1.2. Technical report, Network Working Group.
  7. Diffie, W. and Hellman, M. (2006). New directions in cryptography. IEEE Trans. Inf. Theor., 22(6):644-654.
  8. Eronen, P. and Tschofenig, H. (2005). RFC4279 - PreShared Key Ciphersuites for Transport Layer Security (TLS). Technical report, Network Working Group.
  9. Freier, A., Karlton, P., and P.Kocher (2011). RFC6101 - The Secure Sockets Layer (SSL) Protocol Version 3.0. Technical report, Internet Engineering Task Force (IETF).
  10. Huang, L., Adhikarla, S., Boneh, D., and Jackson, C. (2014). An experimental study of TLS forward secrecy deployments. In IEEE CS Security and Privacy Workshops.
  11. Lee, H., Yoon, J., and Lee, J. (2005). RFC4162 - Addition of SEED Cipher Suites to Transport Layer Security (TLS). Technical report, Network Working Group.
  12. Medvinsky, A. and Hur, M. (1999). RFC2712 - Addition of Kerberos Cipher Suites to Transport Layer Security (TLS). Technical report, Network Working Group.
  13. Moriai, S., Kato, A., and Kanda, M. (2005). RFC4132 - Addition of Camellia Cipher Suites to Transport Layer Security (TLS). Technical report, Network Working Group.
  14. Rivest, R. L., Shamir, A., and Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM, 21(2):120-126.
  15. Stallings, W. (2008). Cryptography and Network Security, page 539. Pearson, 4th edition.
Download


Paper Citation


in Harvard Style

Koschuch M., Fruhwirth T., Glaser A., Schmidt S. and Hudler M. (2015). Speaking in Tongues - Practical Evaluation of TLS Cipher Suites Compatibility . In Proceedings of the 6th International Conference on Data Communication Networking - Volume 1: DCNET, (ICETE 2015) ISBN 978-989-758-112-0, pages 13-23. DOI: 10.5220/0005507900130023


in Bibtex Style

@conference{dcnet15,
author={Manuel Koschuch and Taro Fruhwirth and Alexander Glaser and Silvie Schmidt and Matthias Hudler},
title={Speaking in Tongues - Practical Evaluation of TLS Cipher Suites Compatibility},
booktitle={Proceedings of the 6th International Conference on Data Communication Networking - Volume 1: DCNET, (ICETE 2015)},
year={2015},
pages={13-23},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005507900130023},
isbn={978-989-758-112-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 6th International Conference on Data Communication Networking - Volume 1: DCNET, (ICETE 2015)
TI - Speaking in Tongues - Practical Evaluation of TLS Cipher Suites Compatibility
SN - 978-989-758-112-0
AU - Koschuch M.
AU - Fruhwirth T.
AU - Glaser A.
AU - Schmidt S.
AU - Hudler M.
PY - 2015
SP - 13
EP - 23
DO - 10.5220/0005507900130023