Revisiting SSL: A Large Scale Study of the Internet's Most Trusted Protocol
Title | Revisiting SSL: A Large Scale Study of the Internet's Most Trusted Protocol |
Publication Type | Technical Report |
Year of Publication | 2012 |
Authors | Amann, J., Vallentin M., Hall S., & Sommer R. |
Other Numbers | 3378 |
Abstract | Much of the Internet's end-to-end security relies on the SSL protocolalong with its underlying certificate infrastructure. We offer anin-depth study of real-world SSL and X.509 deployment characteristicsfrom an unprecedented vantage point, based on a data set of more than1.4 billion SSL sessions collected at the border of five operationalsites. Our contributions are two-fold: First, we revisit results frompast work with a recent data set that allows us to reassess previousfindings and identify recent trends. Second, we provide a detailedstudy on a range of further SSL/X.509 deployment properties that havenot yet seen the attention they deserve, including the intricate webof intermediate certificate authority (CA) relationships, characteristics ofSSL session reuse, usageof vendor-specific protocol extensions, and non-standard CA roothierarchies. While in general we find that today's SSL deploymentfunctions well, we also identify new support for the inherentweaknesses of the system. Along the way, we gain deep insight intospecifics and oddities of SSL/X.509 usage, including a surprisingdifficulty of aligning certificate validation with what typicalbrowsers do. |
Acknowledgment | This work was partially funded by the Deutscher Akademischer Austausch Dienst (DAAD) through a postdoctoral fellowship. |
URL | http://www.icsi.berkeley.edu/pubs/techreports/ICSI_TR-12-015.pdf |
Bibliographic Notes | ICSI Technical Report TR-12-015 |
Abbreviated Authors | J. Amann, M. Vallentin, S. Hall, and R. Sommer |
ICSI Research Group | Networking and Security |
ICSI Publication Type | Technical Report |