Author :
Lin-Shung Huang ; Adhikarla, Shrikant ; Boneh, Dan ; Jackson, Charlie
Abstract :
Many Transport Layer Security (TLS) servers use the ephemeral Diffie-Hellman (DHE) key exchange to support forward secrecy. However, in a survey of 473,802 TLS servers, the authors found that 82.9 percent of the DHE-enabled servers use weak DH parameters, resulting in a false sense of security. They compared the server throughput of various TLS setups, and measured real-world client-side latencies using an advertisement network. Their results indicate that using forward secrecy is no harder, and can even be faster using elliptic curve cryptography (ECC), than no forward secrecy.
Keywords :
public key cryptography; DHE key exchange; DHE-enabled servers; ECC; TLS forward secrecy deployments; TLS servers; advertisement network; client-side latencies; elliptic curve cryptography; ephemeral Diffie-Hellman key exchange; server throughput; transport layer security servers; Browsers; Ciphers; Cryptography; DH-HEMTs; Elliptic curve cryptography; Internet; Network security; Servers; Throughput; Transport protocols; TLS; elliptic curve cryptography; forward secrecy;
