TLS 1.3 Handshake Analyzer
Resumo
The Transport Layer Security (TLS) protocol is the de facto standard for global Internet security. Despite its performance and security improvements over previous versions, there are still challenges regarding user privacy and security against future quantum attackers. Although there are several initiatives to address these challenges, there is no specialized tool to analyze these new features. This paper presents the TLS 1.3 Handshake Analyzer, a tool for security and performance analysis of TLS connections. Users can obtain security information about their connections, and server administrators can use it to validate the effects of TLS in their network applications, such as handshake timings and the sizes of transferred cryptographic objects.
Palavras-chave:
TLS 1.3, Security, Performance Analysis
Referências
Bindel, N., Brendel, J., Fischlin, M., Goncalves, B., and Stebila, D. (2019). Hybrid key encapsulation mechanisms and authenticated key exchange. In Ding, J. and Steinwandt, R., editors, Post-Quantum Cryptography, pages 206–226, Cham. Springer.
Braithwaite, M. (2016). Experimenting with post-quantum cryptography. Available at: [link]. Accessed on 2021-02-25.
Castryck, W. and Decru, T. (2022). An efficient key recovery attack on sidh (preliminary version). Cryptology ePrint Archive, Paper 2022/975. https://eprint.iacr.org/2022/975.
Chan, C.-l., Fontugne, R., Cho, K., and Goto, S. (2018). Monitoring tls adoption using backbone and edge traffic. In IEEE INFOCOM 2018-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pages 208–213. IEEE.
Geekflare (2022). 10 online tools to test ssl. Available at: https://geekflare.com/ssl-test-certificate/. Accessed on 2022-08-27.
Giron, A. A., Schardong, F., and Custódio, R. (2022). Tls handshake analyzer github repository. Available at: [link]. Accessed on 2022-08-28.
Green, D. (2022). Pyshark. Available at: https://kiminewt.github.io/pyshark/. Accessed on 2022-07-13.
Grover, L. K. (1996). A fast quantum mechanical algorithm for database search. In Proceedings of the twenty-eighth annual ACM symposium on Theory of computing, pages 212–219, Philadelphia Pennsylvania USA. ACM.
Mosca, M. (2018). Cybersecurity in an era with quantum computers: Will we be ready? IEEE Security Privacy, 16(5):38–41.
Naylor, D., Finamore, A., Leontiadis, I., Grunenberger, Y., Mellia, M., Munafo, M., Papagiannaki, K., and Steenkiste, P. (2014). The cost of the ”s” in https. In 10th ACM International on Conference on emerging Networking Experiments and Technologies, pages 133–140.
NIST (2016). Post-quantum cryptography. Available at: [link]. Accessed on 2020-06-26.
Paracha, M. T., Dubois, D. J., Vallina-Rodriguez, N., and Choffnes, D. (2021). Iotls: Understanding tls usage in consumer iot devices. In 21st ACM Internet Measurement Conference, IMC ’21, New York, NY, USA. Association for Computing Machinery.
Patton, C. (2022). Good-bye esni, hello ech! Available at: https://blog.cloudflare.com/encrypted-client-hello/. Accessed on 2022-07-09.
Plotly (2022). Dash documentation and user guide. Available at: https://dash.plotly.com/. Accessed on 2022-07-13.
Rescorla, E. (2018). The transport layer security (TLS) protocol version 1.3. RFC 8446, RFC Editor. Available at: http://www.rfc-editor.org/rfc/rfc8446.txt. Accessed on 2021-05-02.
Rescorla, E., Oku, K., Sullivan, N., and Wood, C. A. (2022). Tls encrypted client hello. Internet-Draft draft-ietf-tls-esni-14, IETF Secretariat. https://www.ietf.org/archive/id/draft-ietf-tls-esni-14.txt.
Rudolph, H. C. and Grundmann, N. (2022). Ciphersuite info. Available at: https://ciphersuite.info/. Accessed on 2022-07-12.
Shor, P. W. (1994). Algorithms for quantum computation: discrete logarithms and factoring. In Proceedings 35th annual symposium on foundations of computer science, pages 124–134, Santa Fe, NM, USA. IEEE, IEEE.
Stebila, D. and Mosca, M. (2016). Post-quantum key exchange for the internet and theopen quantum safe project. In International Conference on Selected Areas in Cryptography, pages 14–37. Springer.
Wormly, I. (2022). Free ssl web server tester. Available at: https://www.wormly.com/test_ssl. Accessed on 2022-08-27.
Braithwaite, M. (2016). Experimenting with post-quantum cryptography. Available at: [link]. Accessed on 2021-02-25.
Castryck, W. and Decru, T. (2022). An efficient key recovery attack on sidh (preliminary version). Cryptology ePrint Archive, Paper 2022/975. https://eprint.iacr.org/2022/975.
Chan, C.-l., Fontugne, R., Cho, K., and Goto, S. (2018). Monitoring tls adoption using backbone and edge traffic. In IEEE INFOCOM 2018-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pages 208–213. IEEE.
Geekflare (2022). 10 online tools to test ssl. Available at: https://geekflare.com/ssl-test-certificate/. Accessed on 2022-08-27.
Giron, A. A., Schardong, F., and Custódio, R. (2022). Tls handshake analyzer github repository. Available at: [link]. Accessed on 2022-08-28.
Green, D. (2022). Pyshark. Available at: https://kiminewt.github.io/pyshark/. Accessed on 2022-07-13.
Grover, L. K. (1996). A fast quantum mechanical algorithm for database search. In Proceedings of the twenty-eighth annual ACM symposium on Theory of computing, pages 212–219, Philadelphia Pennsylvania USA. ACM.
Mosca, M. (2018). Cybersecurity in an era with quantum computers: Will we be ready? IEEE Security Privacy, 16(5):38–41.
Naylor, D., Finamore, A., Leontiadis, I., Grunenberger, Y., Mellia, M., Munafo, M., Papagiannaki, K., and Steenkiste, P. (2014). The cost of the ”s” in https. In 10th ACM International on Conference on emerging Networking Experiments and Technologies, pages 133–140.
NIST (2016). Post-quantum cryptography. Available at: [link]. Accessed on 2020-06-26.
Paracha, M. T., Dubois, D. J., Vallina-Rodriguez, N., and Choffnes, D. (2021). Iotls: Understanding tls usage in consumer iot devices. In 21st ACM Internet Measurement Conference, IMC ’21, New York, NY, USA. Association for Computing Machinery.
Patton, C. (2022). Good-bye esni, hello ech! Available at: https://blog.cloudflare.com/encrypted-client-hello/. Accessed on 2022-07-09.
Plotly (2022). Dash documentation and user guide. Available at: https://dash.plotly.com/. Accessed on 2022-07-13.
Rescorla, E. (2018). The transport layer security (TLS) protocol version 1.3. RFC 8446, RFC Editor. Available at: http://www.rfc-editor.org/rfc/rfc8446.txt. Accessed on 2021-05-02.
Rescorla, E., Oku, K., Sullivan, N., and Wood, C. A. (2022). Tls encrypted client hello. Internet-Draft draft-ietf-tls-esni-14, IETF Secretariat. https://www.ietf.org/archive/id/draft-ietf-tls-esni-14.txt.
Rudolph, H. C. and Grundmann, N. (2022). Ciphersuite info. Available at: https://ciphersuite.info/. Accessed on 2022-07-12.
Shor, P. W. (1994). Algorithms for quantum computation: discrete logarithms and factoring. In Proceedings 35th annual symposium on foundations of computer science, pages 124–134, Santa Fe, NM, USA. IEEE, IEEE.
Stebila, D. and Mosca, M. (2016). Post-quantum key exchange for the internet and theopen quantum safe project. In International Conference on Selected Areas in Cryptography, pages 14–37. Springer.
Wormly, I. (2022). Free ssl web server tester. Available at: https://www.wormly.com/test_ssl. Accessed on 2022-08-27.
Publicado
12/09/2022
Como Citar
GIRON, Alexandre Augusto; SCHARDONG, Frederico; CUSTÓDIO, Ricardo.
TLS 1.3 Handshake Analyzer. In: SALÃO DE FERRAMENTAS - SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 22. , 2022, Santa Maria.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2022
.
p. 63-70.
DOI: https://doi.org/10.5753/sbseg_estendido.2022.226725.
