Award Abstract # 1528156
TWC: TTP Option: Small: Understanding the State of TLS Using Large-scale Passive Measurements

NSF Org: CNS
Division Of Computer and Network Systems
Recipient: INTERNATIONAL COMPUTER SCIENCE INSTITUTE
Initial Amendment Date: August 12, 2015
Latest Amendment Date: August 13, 2020
Award Number: 1528156
Award Instrument: Standard Grant
Program Manager: Phillip Regalia
pregalia@nsf.gov  (703)292-2981
CNS  Division Of Computer and Network Systems
CSE  Directorate for Computer and Information Science and Engineering
Start Date: September 1, 2015
End Date: August 31, 2021 (Estimated)
Total Intended Award Amount: $663,635.00
Total Awarded Amount to Date: $663,635.00
Funds Obligated to Date: FY 2015 = $663,635.00
History of Investigator:
  • Johanna Amann (Principal Investigator)
     johanna@icir.org
  • Robin Sommer (Former Co-Principal Investigator)
Recipient Sponsored Research Office: International Computer Science Institute
 2150 SHATTUCK AVE
 BERKELEY
 CA  US  94704-1345
(510)666-2900
Sponsor Congressional District: 12
Primary Place of Performance: International Computer Science Institute
 1947 Center Street, Suite 600
 Berkeley
 CA  US  94704-1159
Primary Place of Performance
Congressional District:		 12
Unique Entity Identifier (UEI): GSRMP1QCXU74
Parent UEI:
NSF Program(s): Secure &Trustworthy Cyberspace
Primary Program Source: 01001516DB NSF RESEARCH & RELATED ACTIVIT
Program Reference Code(s): 7434, 7923
Program Element Code(s): 806000
Award Agency Code: 4900
Fund Agency Code: 4900
Assistance Listing Number(s): 47.070

ABSTRACT

The Transport Layer Security (TLS) protocol constitutes the key building block for today's Internet security and is, for example, used for encrypted web connections using the HTTPS protocol. However, from its first version in 1994 until today, researchers and practitioners keep discovering TLS deficiencies undermining the protocol's security on a regular basis. While the academic community has applied intense scrutiny to the TLS/X.509 ecosystem, much of such work depends on access to difficult to acquire representative data on the protocol's deployment and usage. This project leverages an already operating large-scale passive TLS traffic measurement effort that has been continuously collecting TLS information from live Internet uplinks of 8 large research institutions with about 390,000 users total. The current data set contains more than 100 billion observed TLS connections with more than 100 million unique certificates. This project expands the collection effort and uses both historic and new data to perform studies of current TLS ecosystem trends as well as what-if analyses of future developments.

The new measurements will address different parts of the TLS ecosystem, including studying the impact of certificate revocation, non-HTTPS deployments of TLS, and applications masquerading as TLS without actually speaking it. Furthermore, leveraging historic data, the project examines trends in TLS usage and deployment like the evolution of TLS software, session resumption, and virtual hosting. Finally, the project combines historic and new measurements to drive a series of what-if analyses predicting the impact of upcoming and proposed ecosystem changes like OCSP stapling for certificate revocation and Google's Certificate transparency. In addition to these measurement efforts, the project offers a community service that makes the data collection accessible to researchers and practitioners by allowing them to run their own analyses on the data set using a mediation process.

PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH

Note:  When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

(Showing: 1 - 10 of 11)
Abbas Razaghpanah, Arian Akhavan Niaki, Narseo Vallina-Rodriguez, Srikanth Sundaresan, Johanna Amann, Phillipa Gill "Studying TLS Usage in Android Apps" ACM International Conference on emerging Networking EXperiments and Technologies (CoNEXT) 2017 , 2017 10.1145/3143361.3143400
Benjamin VanderSloot, Johanna Amann, Matthew Bernhard, Zakir Durumeric, Michael Bailey, J. Alex Halderman "Towards a Complete View of the Certificate Ecosystem" Proceedings of the Internet Measurement Conference 2016 , 2016
Jens Hiller, Johanna Amann, Oliver Hohlfeld "The Boon and Bane of Cross-Signing: Shedding Light on a Common Practice in Public Key Infrastructures" Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications (CCS'20) , 2020 https://doi.org/10.1145/3372297.3423345
Johanna Amann, Oliver Gasser, Quirin Scheitle, Lexi Brent, Georg Carle, Ralph Holz "Mission Accomplished? HTTPS Security after DigiNotar" Proc. ACM Internet Measurement Conference 2017 , 2017 10.1145/3131365.3131401
Johanna Amann, Robin Sommer "Exploring Tor's Activity Through Long-term Passive TLS Traffic Measurement" Passive and Active Measurement Conference , 2016 10.1007/978-3-319-15509-8
Liang Zhu, Johanna Amann, John Heidemann "Measuring the Latency and Pervasiveness ofTLS Certificate Revocation" Passive and Active Measurement Conference , 2016 10.1007/978-3-319-15509-8
Platon Kotzias, Abbas Razaghpanah, Johanna Amann, Kenneth G. Paterson, Narseo Vallina-Rodriguez, Juan Caballero "Coming of Age: A Longitudinal Study of TLS Deployment" 18th Internet Measurement Conference (IMC'18) , 2018 10.1145/3278532.3278568
Quirin Scheitle, Oliver Gasser, Theodor Nolte, Johanna Amann, Lexi Brent, Georg Carle, Ralph Holz, Thomas C. Schmidt, Matthias Wa?hlisch "The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem" 18th Internet Measurement Conference (IMC'18) , 2018 10.1145/3278532.3278562
Ralph Holz, Diego Perino, Matteo Varvello, Johanna Amann, Andrea Continella, Nate Evans, Ilias Leontiadis, Christopher Natoli, and Quirin Scheitle "A Retrospective Analysis of User Exposure to (Illicit) Cryptocurrency Mining on the Web" Network Traffic Measurement and Analysis Conference (TMA) , 2020 978-3-903176-27-0
Ralph Holz, Jens Hiller, Johanna Amann, Abbas Razaghpanah, Thomas Jost, Narseo Vallina-Rodriguez, and Oliver Hohlfeld "Tracking the deployment of TLS 1.3 on the Web: A story of experimentation and centralization" ACM SIGCOMM Computer Communication Review , v.50 , 2020 10.1145/3411740.3411742
Ralph Holz, Johanna Amann, Olivier Mehani, Matthias Wachs, Mohamed Ali Kaafar "TLS in the wild: An Internet-wide analysis of TLS-based protocols for electronic communication" Network and Distributed System Security Symposium , 2016
(Showing: 1 - 10 of 11)

PROJECT OUTCOMES REPORT

Disclaimer

This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.

The goal of this project was to examine the state and the evolution of the SSL/TLS protocol (hereafter referred to as TLS), which is one of the major pillars of security on the Internet. TLS is used to secure the majority of today?s Internet traffic and is also used by the new QUIC protocol.

During the duration of this project, there was a tremendous amount of change in the TLS ecosystem. For example, when this project started in 2015, Google reported that less than 50% of connections that were made by its Chrome browser were encrypted. Today, this number is easily above 90% of traffic worldwide.

This project achieved a lot of accomplishments during its 6 years of existence. During this time, we published 11 papers which won several awards. The topics that we explored in these papers included:

  • Exploring the use of TLS in communication protocols (like email and some chat protocols)
  • Measuring the challenges and impact of distributing certificate revocation information
  • Several measurements of the Certificate Transparency landscape, which aims to make the TLS certificate landscape more transparent
  • Several longitudinal studies that explore the changes of the TLS ecosystem over time
  • Analyzing the TLS activity of the Tor network
  •  Tracking the deployment of TLS 1.3, which is one of the major changes since the introduction of SSL 3.0 in 1996
  • Examining the use of cross-signing in the TLS PKI
  • Estimating web-based crypto-currency mining through the observation of TLS connections


The measurement effort that was financed by this project, and was used for many of these papers, has observed more than 300 billion TLS connections during its lifetime. Our longitudinal studies highlight how the TLS ecosystem has changed radically during the time of this grant. Today, the security of the ecosystem is much improved with the large majority of connections using modern versions of TLS with modern, forward-secure cryptographic ciphers. Our work also highlights the impact that security research has had on the evolution of TLS, and shows that, especially in high-profile cases, change can happen very quickly.

Furthermore, this project made several major contributions to Zeek. Zeek (previously known as Bro) is a Network Security Monitoring system that is widely used by both educational institutions and industry to secure their networks.

This project performed most of the TLS related maintenance in Zeek, which included:

  • Adding support for TLS 1.3, including for early TLS 1.3 drafts
  • Adding support for OCSP, which enabled Zeek to log certificate revocation information
  • Support for newer OpenSSL releases
  • Support for more protocol features


All these features are part of current Zeek releases and are in use by everyone who uses Zeek on any Internet link that observes TLS connections.



Last Modified: 11/29/2021
Modified by: Johanna Amann

Please report errors in award information by writing to: awardsearch@nsf.gov.

Print this page

Back to Top of page

Top