Combinatorial Coverage Analysis of Subsets of the TLS Cipher Suite Registry
نویسندگان
چکیده
We present a combinatorial coverage measurement analysis for (subsets) of the TLS cipher suite registries by analyzing the specified ciphers of IANA, ENISA, BSI, Mozilla and NSA Suite B. The method introduced here may contribute towards the design of quality measures of cipher suites, and may also be applied more broadly to the analysis of configurable systems. Keywords—Combinatorial testing, coverage, measurement, TLS, subsets, cipher suites.
منابع مشابه
Turning Active TLS Scanning to Eleven
Transport Layer Security (TLS) is the fundament of today’s web security, but the majority of deployments are misconfigured and left vulnerable to a phletora of attacks. This negatively affects the overall healthiness of the TLS ecosystem, and as such all the protocols that build on top of it. Scanning a larger number of hosts or protocols such as the numerous IPv4-wide scans published recently ...
متن کاملA Standard-Model Security Analysis of TLS-DHE
TLS is the most important cryptographic protocol in use today. However, up to now there is no complete cryptographic security proof in the standard model, nor in any other model. We give the first such proof for the TLS ciphersuites based on ephemeral Diffie-Hellman key exchange (TLS-DHE), which include the cipher suite TLS DHE DSS WITH 3DES EDE CBC SHA mandatory in TLS 1.0 and TLS 1.1. Due to ...
متن کاملHTTPS traffic analysis and client identification using passive SSL/TLS fingerprinting
The encryption of network traffic complicates legitimate network monitoring, traffic analysis, and network forensics. In this paper, we present real-time lightweight identification of HTTPS clients based on network monitoring and SSL/TLS fingerprinting. Our experiment shows that it is possible to estimate the User-Agent of a client in HTTPS communication via the analysis of the SSL/TLS handshak...
متن کاملOn the Security of TLS-DHE in the Standard Model
TLS is the most important cryptographic protocol in use today. However, up to now there is no complete cryptographic security proof in the standard model, nor in any other model. We give the first such proof for the core cryptographic protocol of TLS ciphersuites based on ephemeral Diffie-Hellman key exchange (TLS-DHE), which include the cipher suite TLS DHE DSS WITH 3DES EDE CBC SHA mandatory ...
متن کاملRandomness of Spritz via DieHarder testing
RC4 is a stream cipher included in the TLS protocol, and widely used for encrypting network traffic during the last decades. Spritz is a possible candidate for replacing RC4. Spritz is based on a sponge construction and preserves the byte-oriented behaviour existing in RC4, but introduces an interface that provides encryption, hashing or MAC-generation functionalities. We present here the resul...
متن کامل