DocumentCode
8732
Title
An Experimental Study of TLS Forward Secrecy Deployments
Author
Lin-Shung Huang ; Adhikarla, Shrikant ; Boneh, Dan ; Jackson, Charlie
Volume
18
Issue
6
fYear
2014
fDate
Nov.-Dec. 2014
Firstpage
43
Lastpage
51
Abstract
Many Transport Layer Security (TLS) servers use the ephemeral Diffie-Hellman (DHE) key exchange to support forward secrecy. However, in a survey of 473,802 TLS servers, the authors found that 82.9 percent of the DHE-enabled servers use weak DH parameters, resulting in a false sense of security. They compared the server throughput of various TLS setups, and measured real-world client-side latencies using an advertisement network. Their results indicate that using forward secrecy is no harder, and can even be faster using elliptic curve cryptography (ECC), than no forward secrecy.
Keywords
public key cryptography; DHE key exchange; DHE-enabled servers; ECC; TLS forward secrecy deployments; TLS servers; advertisement network; client-side latencies; elliptic curve cryptography; ephemeral Diffie-Hellman key exchange; server throughput; transport layer security servers; Browsers; Ciphers; Cryptography; DH-HEMTs; Elliptic curve cryptography; Internet; Network security; Servers; Throughput; Transport protocols; TLS; elliptic curve cryptography; forward secrecy;
fLanguage
English
Journal_Title
Internet Computing, IEEE
Publisher
ieee
ISSN
1089-7801
Type
jour
DOI
10.1109/MIC.2014.86
Filename
6870379
Link To Document