Towards Forward Secure Internet Traffic

by   Eman Salem Alashwali, et al.

Forward Secrecy (FS) is a security property in key-exchange algorithms which guarantees that a compromise in the secrecy of a long-term private-key does not compromise the secrecy of past session keys. With a growing awareness of long-term mass surveillance programs by governments and others, FS has become widely regarded as a highly desirable property. This is particularly true in the TLS protocol, which is used to secure Internet communication. In this paper, we investigate FS in pre-TLS 1.3 protocols, which do not mandate FS, but still widely used today. We conduct an empirical analysis of over 10 million TLS servers from three different datasets using a novel heuristic approach. Using a modern TLS client handshake algorithms, our results show 5.37 domains, 7.51 key-exchange algorithms. Surprisingly, 39.20 random domains, and 14.46 FS. In light of this analysis, we discuss possible paths toward forward secure Internet traffic. As an improvement of the current state, we propose a new client-side mechanism that we call "Best Effort Forward Secrecy" (BEFS), and an extension of it that we call "Best Effort Forward Secrecy and Authenticated Encryption" (BESAFE), which aims to guide (force) misconfigured servers to FS using a best effort approach. Finally, within our analysis, we introduce a novel adversarial model that we call "discriminatory" adversary, which is applicable to the TLS protocol.


page 1

page 2

page 3

page 4


Comment on "Provably secure biometric-based client-server secure communication over unreliable networks"

In key agreement protocols, the user will send a request to the server a...

Deep Random based Key Exchange protocol resisting unlimited MITM

We present a protocol enabling two legitimate partners sharing an initia...

Secrecy by Witness-Functions on Increasing Protocols

In this paper, we present a new formal method to analyze cryptographic p...

DSTC: DNS-based Strict TLS Configurations

Most TLS clients such as modern web browsers enforce coarse-grained TLS ...

Secure Email Transmission Protocols – A New Architecture Design

During today's digital age, emails have become a crucial part of communi...

Research on a Hybrid System With Perfect Forward Secrecy

The rapid development of computer technology will be the whole world as ...

Inductive Analysis of the Internet Protocol TLS

Internet browsers use security protocols to protect sensitive messages. ...

Please sign up or login with your details

Forgot password? Click here to reset