Safe Configuration of TLS Connections

Abstract

Transport Layer Security (TLS) and its precursor Secure Sockets Layer (SSL) are the most widely deployed protocol to establish secure communication over insecure Internet Protocol (IP) networks. Providing a secure session layer on top of TCP, TLS is frequently the first defense layer encountered by adversaries who try to cause loss of confidentiality by sniffing live traffic or loss of integrity using man-in-the-middle attacks. Despite its wide deployment and evolution over the last 18 years, TLS remains vulnerable to a number of threats at the protocol layer and therefore does not provide strong security out-of-the-box, requiring tweaks to its configuration in order to provide the expected security benefits. This paper provides a summary of the current TLS threat surface together with a validated approach for minimizing the risk of TLS-compromise. The main contributions of this paper include 1) identification of configuration options that together maximize security guarantees in the context of recent TLS exploits and 2) specification of expected flows and automated comparison with observed flows to flag inconsistencies.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Oct 16, 2013
Accession Number
ADA602429

Entities

People

  • Asher Sinclair
  • Joseph Loyall
  • Michael Atighetchi
  • Nathaniel Soule
  • Partha Pal
  • Robert Grant

Organizations

  • RTX

Tags

Communities of Interest

  • C4I
  • Cyber
  • Engineered Resilient Systems
  • Ground and Sea Platforms

DTIC Thesaurus Topics

  • Air Force Research Laboratories
  • Application Protocols
  • Authentication
  • Best Practices
  • Computing System Architectures
  • Cryptography
  • Deployment
  • Identification
  • Internet
  • Language
  • Networks
  • Operating Systems
  • Security
  • Software Development
  • Specifications
  • Standards
  • Verification

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Cybersecurity.
  • Educational Psychology