An Experimental Study of TLS Forward Secrecy Deployments
作者: Lin-Shung Huang , Shrikant Adhikarla , Dan Boneh , Collin Jackson
DOI: 10.1109/MIC.2014.86
关键词:
摘要: Many Transport Layer Security (TLS) servers use the ephemeral Diffie-Hellman (DHE) key exchange to support forward secrecy. However, in a survey of 473,802 TLS servers, authors found that 82.9 percent DHE-enabled weak DH parameters, resulting false sense security. They compared server throughput various setups, and measured real-world client-side latencies using an advertisement network. Their results indicate secrecy is no harder, can even be faster elliptic curve cryptography (ECC), than
ieee-security.org
computer.org 参考文章(19)
Sheueling Chang Shantz, Douglas Stebila, Vipul Gupta, Nils Gura, Hans Eberle, Stephen Fung, Speeding up Secure Web Transactions Using Elliptic Curve Cryptography. network and distributed system security symposium. ,(2004)
Emilia Käsper, Fast Elliptic Curve Cryptography in OpenSSL Financial Cryptography and Data Security. pp. 27- 39 ,(2012) , 10.1007/978-3-642-29889-9_4
Phong Q. Nguyen, Igor E. Shparlinski, The Insecurity of the Elliptic Curve Digital Signature Algorithm with Partially Known Nonces Designs, Codes and Cryptography. ,vol. 30, pp. 201- 217 ,(2003) , 10.1023/A:1025436905711
Dan Boneh, Digital Signature Standard. Encyclopedia of Cryptography and Security (2nd Ed.). pp. 347- ,(2005)
Vipul Gupta, Simon Blake-Wilson, Chris Hawk, Bodo Moeller, Nelson Bolyard, Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) RFC. ,vol. 4492, pp. 1- 35 ,(2006)
Sean Turner, Transport Layer Security IEEE Internet Computing. ,vol. 18, pp. 60- 63 ,(2014) , 10.1109/MIC.2014.126
Scott Yilek, Eric Rescorla, Hovav Shacham, Brandon Enright, Stefan Savage, When private keys are public Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference - IMC '09. pp. 15- 27 ,(2009) , 10.1145/1644893.1644896
G. Apostolopoulos, V. Peris, D. Saha, Transport layer security: how much does it really cost? international conference on computer communications. ,vol. 2, pp. 717- 725 ,(1999) , 10.1109/INFCOM.1999.751458
Zakir Durumeric, James Kasten, Michael Bailey, J Alex Halderman, None, Analysis of the HTTPS certificate ecosystem internet measurement conference. pp. 291- 304 ,(2013) , 10.1145/2504730.2504755
Eric Rescorla, Security holes... who cares usenix security symposium. pp. 6- 6 ,(2003)