Paper 2019/821

Towards Forward Secure Internet Traffic

Eman Salem Alashwali, Pawel Szalachowski, and Andrew Martin

Abstract

Forward Secrecy (FS) is a security property in key-exchange algorithms which guarantees that a compromise in the secrecy of a long-term private-key does not compromise the secrecy of past session keys. With a growing awareness of long-term mass surveillance programs by governments and others, FS has become widely regarded as a highly desirable property. This is particularly true in the TLS protocol, which is used to secure Internet communication. In this paper, we investigate FS in pre-TLS 1.3 protocols, which do not mandate FS, but still widely used today. We conduct an empirical analysis of over 10 million TLS servers from three different datasets using a novel heuristic approach. Using a modern TLS client handshake algorithms, our results show 5.37% of top domains, 7.51% of random domains, and 26.16% of random IPs do not select FS key-exchange algorithms. Surprisingly, 39.20% of the top domains, 24.40% of the random domains, and 14.46% of the random IPs that do not select FS, do support FS. In light of this analysis, we discuss possible paths toward forward secure Internet traffic. As an improvement of the current state, we propose a new client-side mechanism that we call "Best Effort Forward Secrecy" (BEFS), and an extension of it that we call "Best Effort Forward Secrecy and Authenticated Encryption" (BESAFE), which aims to guide (force) misconfigured servers to FS using a best effort approach. Finally, within our analysis, we introduce a novel adversarial model that we call "discriminatory" adversary, which is applicable to the TLS protocol.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. 15th International Conference on Security and Privacy in Communication Networks (SecureComm)
Keywords
cryptographic protocolsapplied cryptographykey exchangeforward secrecynetworkinternetTLSSSLadversarial model
Contact author(s)
eman alashwali @ cs ox ac uk
History
2019-07-16: received
Short URL
https://ia.cr/2019/821
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/821,
      author = {Eman Salem Alashwali and Pawel Szalachowski and Andrew Martin},
      title = {Towards Forward Secure Internet Traffic},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/821},
      year = {2019},
      url = {https://eprint.iacr.org/2019/821}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.