TWC: TTP Option: Small: Understanding the State of TLS Using Large-scale Passive Measurements

TWC：TTP 选项：小：使用大规模被动测量了解 TLS 的状态

• 批准号: 1528156
• 负责人: Johanna Amann
• 金额: $ 66.36万
• 依托单位: International Computer Science Institute
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-09-01 至 2021-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1528156&HistoricalAwards=false
• 关键词: TWC; TTP; Option; Small; Understanding

The Transport Layer Security (TLS) protocol constitutes the key building block for today's Internet security and is, for example, used for encrypted web connections using the HTTPS protocol. However, from its first version in 1994 until today, researchers and practitioners keep discovering TLS deficiencies undermining the protocol's security on a regular basis. While the academic community has applied intense scrutiny to the TLS/X.509 ecosystem, much of such work depends on access to difficult to acquire representative data on the protocol's deployment and usage. This project leverages an already operating large-scale passive TLS traffic measurement effort that has been continuously collecting TLS information from live Internet uplinks of 8 large research institutions with about 390,000 users total. The current data set contains more than 100 billion observed TLS connections with more than 100 million unique certificates. This project expands the collection effort and uses both historic and new data to perform studies of current TLS ecosystem trends as well as what-if analyses of future developments.The new measurements will address different parts of the TLS ecosystem, including studying the impact of certificate revocation, non-HTTPS deployments of TLS, and applications masquerading as TLS without actually speaking it. Furthermore, leveraging historic data, the project examines trends in TLS usage and deployment like the evolution of TLS software, session resumption, and virtual hosting. Finally, the project combines historic and new measurements to drive a series of what-if analyses predicting the impact of upcoming and proposed ecosystem changes like OCSP stapling for certificate revocation and Google's Certificate transparency. In addition to these measurement efforts, the project offers a community service that makes the data collection accessible to researchers and practitioners by allowing them to run their own analyses on the data set using a mediation process.

传输层安全（TLS）协议构成了当今互联网安全的关键构建块，例如，用于使用HTTPS协议的加密Web连接。然而，从1994年的第一个版本到今天，研究人员和实践者不断发现TLS的缺陷，定期破坏协议的安全性。虽然学术界对TLS/X.509生态系统进行了严格的审查，但这些工作的大部分取决于对难以获得的有关协议部署和使用的代表性数据的访问。该项目利用了已经运行的大规模被动TLS流量测量工作，该工作一直在从8个大型研究机构的实时互联网上行链路中持续收集TLS信息，这些研究机构共有约390，000名用户。目前的数据集包含超过1000亿个观察到的TLS连接，以及超过1亿个唯一证书。该项目扩展了收集工作，并使用历史数据和新数据来研究当前TLS生态系统的趋势，以及对未来发展的假设分析。新的测量将针对TLS生态系统的不同部分，包括研究证书撤销的影响，TLS的非HTTPS部署，以及伪装成TLS而实际上没有说出来的应用程序。此外，利用历史数据，该项目研究了TLS使用和部署的趋势，如TLS软件的发展，会话恢复和虚拟主机。最后，该项目结合了历史和新的测量结果，以推动一系列假设分析，预测即将到来的和拟议的生态系统变化的影响，如用于证书撤销的OCSP装订和Google的证书透明度。除了这些测量工作之外，该项目还提供了一项社区服务，使研究人员和从业人员能够使用中介程序对数据集进行自己的分析，从而使他们能够获得数据收集。