Login | Register

Another Look at TLS Ecosystems in Networked Devices vs. Web Servers


Another Look at TLS Ecosystems in Networked Devices vs. Web Servers

Samarasinghe, Nayanamana and Mohammad, Mannan (2018) Another Look at TLS Ecosystems in Networked Devices vs. Web Servers. Computers & Security, 80 . pp. 1-13. ISSN 0167-4048 (In Press)

[thumbnail of Pre-print]
Text (Pre-print) (application/pdf)
ssl-devices-cose.pdf - Submitted Version
Available under License Spectrum Terms of Access.

Official URL: https://doi.org/10.1016/j.cose.2018.09.001


High-speed IPv4 scanners, such as ZMap, now enable rapid and timely collection of TLS certificates and other security-sensitive parameters. Such large datasets led to the development of the Censys search interface, facilitating comprehensive analysis of TLS deployments in the wild. Several recent studies analyzed TLS certificates as deployed in web servers. Beyond public web servers, TLS is deployed in many other Internet-connected devices, at home and enterprise environments, cyber physical systems, and at network backbones. In Apr. 2017, we reported the results of a preliminary analysis based on measurement data of TLS deployments in such devices (e.g., routers, modems, NAS, printers, SCADA, and IoT devices in general) collected in Oct. 2016 using Censys. We also compared certificates and TLS connection parameters from a security perspective, as found in common devices against top Alexa sites. Censys has evolved since then and its data volume has increased with the addition of several new device types. In this paper, we perform a similar but more comprehensive measurement study to assess TLS vulnerabilities in devices, and compare our current results with our 2016 findings, showing how such systems have evolved in the last one and half year. Indeed, there are noticeable improvements in the TLS ecosystem for devices, especially in terms of adoption of TLS itself (from 29.4% in 2016 to 73.7% in 2018) and stronger cryptographic primitives. However, we also note the continuity of significant weaknesses in devices for which immediate remediation is warranted (e.g., the use of known private keys, SSLv3, MD5-RSA, and RC4). We have also contacted the top manufacturers of vulnerable devices to convey our findings. Most of them blamed users for not updating their devices with latest firmware images that apparently would mitigate the reported findings.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Article
Authors:Samarasinghe, Nayanamana and Mohammad, Mannan
Journal or Publication:Computers & Security
Digital Object Identifier (DOI):10.1016/j.cose.2018.09.001
ID Code:984552
Deposited By: Mohammad Mannan
Deposited On:04 Oct 2018 16:03
Last Modified:25 Sep 2020 00:00
Related URLs:
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top