Understanding the State of TLS Using Large-scale Passive Measurements

Principal Investigator(s): 
Johanna Amann

This project leverages and extends the data collection of the ICSI SSL Notary for an extensive study of the real-world TLS/X.509 ecosystem through measurement-centric research. The SSL/TLS protocol suite constitutes the key building block of today’s Internet security, providing encryption and authentication for end-to-end communication with the help of an associated global X.509 public key infrastructure. However, from its first version in 1994 until today, researchers and practioners keep discovering TLS deficiencies undermining the protocol’s security on a regular basis. The Heartbleed bug serves as a prime example. Research on the TLS/X.509 ecosystem depends on access to representative data on the protocol’s deployment and usage. Since 2012, the ICSI SSL Notary has been continously collecting TLS features from live Internet traffic at uplinks of 8 large research institutions with about 390,000 users total.

The project looks at current and upcoming trends including operation and impact of certificate revocation; non-HTTPS deployment of TLS; Datagram TLS; and applications masquerading as TLS without actually speaking it. They are also examining historic trends in TLS usage and deployment, including the evolution of TLS software; effectiveness and traction of TLS session resumption; prevalence and impact of virtual hosting; use of domain-specific certificates by Grid and Tor; and the proliferation of TLS outside of the Web. Third, they are combining historic and new measurements to drive a series of what-if analyses predicting the impact of upcoming and proposed ecosystem changes, including OCSP Stapling; Google’s Certificate Transparency; and a recently established Certificate Authority. Finally, they are offering a community service that makes the data collection accessible to researchers and practitioners for their studies without publishing raw data directly.

Funding provided by NSF.