TLS in the wild - An Internet-wide analysis of TLS-based protocols for electronic communication

Select |




Print


Holz, Ralph; Amann, Johanna; Mehani, Olivier; Wachs, Matthias; Kaafar, Dali


2016-02-21


Conference Material


Network and Distributed System Security Symposium


San Diego, CA


-


The majority of electronic communication today happens either via email or chat. If we disregard centralised, proprietary solutions, the email protocols (IMAP, POP3, SMTP) as well as XMPP and IRC are the most important protocols that carry our electronic communication. All can be used with TLS, directly or via the STARTTLS extension, and make use of X.509 PKIs. In addition, several different login methods are available. However, these can be deployed insecure ways. We present the largest study to date that investigates the security of email and chat deployments. We used both active Internet-wide scans to determine the installed server base as well as passive monitoring to investigate if user agents actually connect in secure or insecure ways. We furthermore evaluated the login methods for SMTP, IMAP, and POP3. We addressed both the server-to-server forwarding as well as the client-server interactions that these protocols offer. Our findings shed light on an insofar unexplored area of the Internet. The truly frightening result is that most of our communication is poorly secured in transit.


https://www.internetsociety.org/events/ndss-symposium-2016


nicta:8943


Holz, Ralph; Amann, Johanna; Mehani, Olivier; Wachs, Matthias; Kaafar, Dali. TLS in the wild - An Internet-wide analysis of TLS-based protocols for electronic communication.[Conference Material]. 2016-02-21. <a href="http://hdl.handle.net/102.100.100/90833?index=1" target="_blank">http://hdl.handle.net/102.100.100/90833?index=1</a>



Loading citation data...

Citation counts
(Requires subscription to view)