Using Large-Scale Empirical Methods to Understand Fragile Cryptographic Ecosystems
dc.contributor.author | Adrian, David | |
dc.date.accessioned | 2019-07-08T19:41:57Z | |
dc.date.available | NO_RESTRICTION | |
dc.date.available | 2019-07-08T19:41:57Z | |
dc.date.issued | 2018 | |
dc.date.submitted | ||
dc.identifier.uri | https://hdl.handle.net/2027.42/149809 | |
dc.description.abstract | Cryptography is a key component of the security of the Internet. Unfortunately, the process of using cryptography to secure the Internet is fraught with failure. Cryptography is often fragile, as a single mistake can have devastating consequences on security, and this fragility is further complicated by the diverse and distributed nature of the Internet. This dissertation shows how to use empirical methods in the form of Internet-wide scanning to study how cryptography is deployed on the Internet, and shows this methodology can discover vulnerabilities and gain insights into fragile cryptographic ecosystems that are not possible without an empirical approach. I introduce improvements to ZMap, the fast Internet-wide scanner, that allow it to fully utilize a 10 GigE connection, and then use Internet-wide scanning to measure cryptography on the Internet. First, I study how Diffie-Hellman is deployed, and show that implementations are fragile and not resilient to small subgroup attacks. Next, I measure the prevalence of ``export-grade'' cryptography. Although regulations limiting the strength of cryptography that could be exported from the United States were lifted in 1999, Internet-wide scanning shows that support for various forms of export cryptography remains widespread. I show how purposefully weakening TLS to comply with these export regulations led to the FREAK, Logjam, and DROWN vulnerabilities, each of which exploits obsolete export-grade cryptography to attack modern clients. I conclude by discussing how empirical cryptography improved protocol design, and I present further opportunities for empirical research in cryptography. | |
dc.language.iso | en_US | |
dc.subject | computer security | |
dc.subject | cryptography | |
dc.subject | network measurement | |
dc.title | Using Large-Scale Empirical Methods to Understand Fragile Cryptographic Ecosystems | |
dc.type | Thesis | |
dc.description.thesisdegreename | PhD | en_US |
dc.description.thesisdegreediscipline | Computer Science & Engineering | |
dc.description.thesisdegreegrantor | University of Michigan, Horace H. Rackham School of Graduate Studies | |
dc.contributor.committeemember | Halderman, J Alex | |
dc.contributor.committeemember | Schaub, Florian | |
dc.contributor.committeemember | Honeyman, Peter | |
dc.contributor.committeemember | Peikert, Christopher J | |
dc.subject.hlbsecondlevel | Computer Science | |
dc.subject.hlbtoplevel | Engineering | |
dc.description.bitstreamurl | https://deepblue.lib.umich.edu/bitstream/2027.42/149809/1/davadria_1.pdf | |
dc.identifier.orcid | 0000-0002-2187-2372 | |
dc.identifier.name-orcid | Adrian, David; 0000-0002-2187-2372 | en_US |
dc.owningcollname | Dissertations and Theses (Ph.D. and Master's) |
Files in this item
Remediation of Harmful Language
The University of Michigan Library aims to describe library materials in a way that respects the people and communities who create, use, and are represented in our collections. Report harmful or offensive language in catalog records, finding aids, or elsewhere in our collections anonymously through our metadata feedback form. More information at Remediation of Harmful Language.
Accessibility
If you are unable to use this file in its current format, please select the Contact Us link and we can modify it to make it more accessible to you.