Coming of Age: A Longitudinal Study of TLS Deployment

26 Oct

Platon Kotzias, Ph.D Student, IMDEA Software Institute & Universidad Politécnica de Madrid (UPM), Madrid, Spain

External Presentation (External Speaker)

The Transport Layer Security (TLS) protocol is the de-facto standard for encrypted communication on the Internet. However, it has been plagued by a number of different attacks and security issues over the last years. Addressing these attacks requires changes to the protocol, to server- or client-software, or to all of them. In this paper we conduct the first large-scale longitudinal study examining the evolution of the TLS ecosystem over the last six years. We place a special focus on the ecosystem’s evolution in response to high-profile attacks. For our analysis, we use a passive measurement dataset with more than 319.3B connections since February 2012, and an active dataset that contains TLS and SSL scans of the entire IPv4 address space since August 2015. To identify the evolution of specific clients we also create the-to our knowledge-largest TLS client fingerprint database to date, consisting of 1,684 fingerprints. We observe that the ecosystem has shifted significantly since 2012, with major changes in which cipher suites and TLS extensions are offered by clients and accepted by servers having taken place. Where possible, we correlate these with the timing of specific attacks on TLS. At the same time, our results show that while clients, especially browsers, are quick to adopt new algorithms, they are also slow to drop support for older ones. We also encounter significant amounts of client software that probably unwittingly offer unsafe ciphers. We discuss these findings in the context of long taileffects in the TLS ecosystem.

About Platon Kotzias

Platon Kotzias is a Ph.D student at the IMDEA Software Institute and Universidad Politecnica de Madrid (UPM) under the supervision of Dr. Juan Caballero. His research interests lie in malware (detection, analysis, classification) and intrusion detection. Before joining IMDEA he worked at the European Central Bank (ECB) as Systems and Security Engineer. He performed his BS and MSc in Digital Systems and Digital Systems Security at the University of Piraeus, Greece.

This event will be conducted in English


  • Location: MR-1S1 [Torres] & MR-1S3 [Quevedo], IMDEA Networks Institute, Avda. del Mar Mediterráneo 22, 28918 Leganés (Madrid)

  • Organization: NETCOM Research Group (Telematics Engineering Department, UC3M); IMDEA Networks Institute
  • Time: 13:00 pm
  • Add to Calendar: iCalendar Outlook Google