Running head: CRYPTOGRAPHIC STRENGTH OF SSL/TLS SERVERS
Cryptographic Strength of SSL/TLS servers
Student name
Institution affiliation
1
CRYPTOGRAPHIC STRENGTH OF SSL/TLS SERVERS
2
Introduction
Cryptography is an important module of modern electronic commerce. Establishing data
security is critically significant with the conduction of the transaction explosion over the internet.
Ecommerce sites like Amazon, buy.com, either through online banking such as Citibank
.all these sites secured using SST/TLS which provide integrity, authentication, and confidentiality.
a Critical factor considers effective for the security of SSL/TLS, the strength of the cryptographic
algorithms that are used by the protocol. The discussion will highlight the strength and weaknesses
of Cryptography Strength of SSL/TLS Servers.
One key attribute of SST/TLS is that it authorizes the communication channel between two
peers. SSL enables two peers to decide a subset of typical cryptographic regimen subsets.
Therefore, this authorizes the extensibility as well as the interoperability of the protocol.
Consistency, this increase the interoperability and extensibility of the protocol.in addition allows
deploying several algorithms for the purpose of authentication, security, and integrity. Therefore,
leads to more flexibility allows us to use stronger algorithms and decrease the dependency on any
algorithm. For instance, server administrators address the maximum number of clients who can
acquire a site by supporting a large scope of protocols. However, they don’t take into consideration
the dangers and eliminate attributes that have compromises in security. To enchase performance
or power reasons. Dangers such as cracking client password, breaking a session. Most clients don’t
understand the importance of security and the damage could occur based on the wrong decision.
Therefore, the responsibility of security depends on the provider and the server-side. To ensuring
the security, Server must deploy best practices by using strong cryptography.
This paper highlights the strength and weakness of Cryptography Strength of SSL/TLS
Servers .in addition, provide a developed tool called probing SSL Security Tool (PSST). The
purpose of this tool to evaluate the practices of the sever in which protocols and encryption
decisions are applied as the default action. The evaluation process was over 19000 severs. The
result clarifies that a high percent of servers deploy weak cryptography and strong cryptography.
Which consider an improvement, 20-30 percent of the servers was used only weak cryptography
several years ago. Moreover, the result shows the most supported decision from several options.
The proposed tool (PSST) can be helpful for security testing among multiple servers owns by a
large organization.
SSL responsible for the communication channel between two peers and SSL/TLS runs
above TCP/IP. Also, support mechanisms for integrity, encryption, key exchange, and
authentication. SSL/TLS support interoperability and extensibility. SSL/TLS consists of two
layers are the record layer and the handshake layer. The record layer handles the data come from
a higher layer application. Also, it provides symmetric encryption. The handshake layer provides
session establishment and defines pre-session symmetric keys. See table1, represent the main
features about SSL version 3.0 and TLS version 1.0
CRYPTOGRAPHIC STRENGTH OF SSL/TLS SERVERS


SSL version 3.0
Was introduced in 1996 and its
improve the security and functionality
of SSL 2.0
It decreases the number of network
run-trip. Also, it supports the server to
choose the cipher algorithm and key
exchange.

3


TLS version 1.0
Was Introduced in 1996 by Internet
Engineering Task Force (IETF).
It is very similar to SSL 3.0, but the
difference is that TLS uses the hash
key to provide authentication. Called
Hashing For Message Code (HMAC)

Using the (PSST) tool to evaluate the performance of the webserver also, to measure how
much the open SSL library is useful. First, measure the distribution of the three versions of
SSL/TLS (SSL 2.0, SSL 3.0, TLS 1) .then the results show that most web servers deploy the three
versions only a few percents using jest SSL2.0.
SSL uses three known combinations for key exchange algorithm and authentication. As an
illustration, Table 2 represents the common options. For example, use (EDH) for key exchange
algorithm with (DSS) for authentication. The last option is the most popular (RSA). 99.86 % of
sample servers use it for both exchange and authentication. Moreover, 88.35 % of servers support
1024 bit for public key size.
Key exchange algorithm
Ephemeral Diffie Hellman (EDH)
Ephemeral Diffie Hellman (EDH)
Rivest Shamir Adlemn (RSA)
authentication
Digital signature standard (DSS)
Rivest Shamir Adlemn (RSA)
Rivest Shamir Adlemn (RSA)
The most used symmetric encryption algorithms are DES, RC2, RC4.the results of the
examination process among the sample servers appear that 99.03% use RC4. Also, the most
supported cipher RC4 with a 128-bit key. Triple DES algorithm, is DES apply three times with
three different keys. 3-DES with 168-bit key provide effective protection against brute force
attacks. On the other hand, 3-DES consider slower than other symmetric encryption algorithms.
The number refers, most servers that utilizing RC2 support 128 bit for the key. Also, most servers
that utilizing RC4 support 128 bit for the key.
Conclusion
In conclusion, cryptographic strength is that the SST/TLS treaty encodes all forms of
internet traffic, enhancing fixed internet communication possible. PSST is a security tool proposed
to evaluate and analyze web server security. Therefore, over 19.000 servers exanimated to discover
best practices. Moreover, to understand what are the security measures to guarantee an effective
utilizing of the SSL/TLS server. One weakness of the cryptographic is that a customer may desire
to utilize an algorithm for power or performance for expenditure reasons without acknowledging
the dangers.
CRYPTOGRAPHIC STRENGTH OF SSL/TLS SERVERS
References
Lee, H. K., Malkin, T., & Nahum, E. (2007, October). Cryptographic strength of ssl/tls servers:
current and recent practices. In Proceedings of the 7th ACM SIGCOMM conference on
Internet measurement (pp. 83-92).
4