Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice
Identifieur interne : 002960 ( Hal/Curation ); précédent : 002959; suivant : 002961Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice
Auteurs : David Adrian [France] ; Karthikeyan Bhargavan [France] ; Zakir Durumeric [France] ; Pierrick Gaudry [France] ; Matthew Green [États-Unis] ; J. Alex Halderman [France] ; Nadia Heninger [États-Unis] ; Drew Springall [États-Unis] ; Emmanuel Thomé [France] ; Luke Valenta [États-Unis] ; Benjamin Vandersloot [France] ; Eric Wustrow [France] ; Santiago Zanella-Béguelin [Canada] ; Paul Zimmermann [France]Source :
Abstract
We investigate the security of Diffie-Hellman key exchange as used in popular Internet protocols and find it to be less secure than widely believed. First, we present Logjam, a novel flaw in TLS that lets a man-in-the-middle downgrade connections to " export-grade " Diffie-Hellman. To carry out this attack, we implement the number field sieve discrete log algorithm. After a week-long precomputation for a specified 512-bit group, we can compute arbitrary discrete logs in that group in about a minute. We find that 82% of vulnerable servers use a single 512-bit group, allowing us to compromise connections to 7% of Alexa Top Million HTTPS sites. In response, major browsers are being changed to reject short groups. We go on to consider Diffie-Hellman with 768-and 1024-bit groups. A small number of fixed or standardized groups are in use by millions of servers. Performing precomputations for just ten of these groups would allow a passive eavesdropper to decrypt traffic to up to 66% of IPsec VPN servers, 26% of SSH servers, 24% of popular HTTPS sites, or 16% of SMTP servers. In the 1024-bit case, we estimate that such computations are plausible given nation-state resources, and a close reading of published NSA leaks shows that the agency's attacks on VPNs are consistent with having achieved such a break. We conclude that moving to stronger key exchange methods should be a priority for the Internet community.
Url:
DOI: 10.1145/2810103.2813707
Links toward previous steps (curation, corpus...)
- to stream Hal, to step Corpus: Pour aller vers cette notice dans l'étape Curation :002960
Links to Exploration step
Hal:hal-01184171Le document en format XML
<record><TEI><teiHeader><fileDesc><titleStmt><title xml:lang="en">Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice</title><author><name sortKey="Adrian, David" sort="Adrian, David" uniqKey="Adrian D" first="David" last="Adrian">David Adrian</name><affiliation wicri:level="1"><hal:affiliation type="institution" xml:id="struct-302797" status="VALID"><orgName>University of Michigan (USA)</orgName><desc><address><country key="FR"></country></address></desc></hal:affiliation><country>France</country></affiliation></author><author><name sortKey="Bhargavan, Karthikeyan" sort="Bhargavan, Karthikeyan" uniqKey="Bhargavan K" first="Karthikeyan" last="Bhargavan">Karthikeyan Bhargavan</name><affiliation wicri:level="1"><hal:affiliation type="researchteam" xml:id="struct-192031" status="OLD"><idno type="RNSR">201221033P</idno><orgName>Programming securely with cryptography</orgName><orgName type="acronym">PROSECCO</orgName><date type="end">2015-12-31</date><desc><address><country key="FR"></country></address><ref type="url">http://www.inria.fr/equipes/prosecco</ref></desc><listRelation><relation active="#struct-86790" type="direct"></relation><relation active="#struct-300009" type="indirect"></relation></listRelation><tutelles><tutelle active="#struct-86790" type="direct"><org type="laboratory" xml:id="struct-86790" status="VALID"><idno type="RNSR">196718247G</idno><orgName>INRIA Paris-Rocquencourt</orgName><desc><address><addrLine>INRIA Rocquencourt : Domaine de Voluceau, Rocquencourt B.P. 105 78153 le Chesnay Cedex / INRIA Paris - 23 avenue d'Italie 75013 Paris</addrLine><country key="FR"></country></address><ref type="url">http://www.inria.fr/centre/paris-rocquencourt</ref></desc><listRelation><relation active="#struct-300009" type="direct"></relation></listRelation></org></tutelle><tutelle active="#struct-300009" type="indirect"><org type="institution" xml:id="struct-300009" status="VALID"><orgName>Institut National de Recherche en Informatique et en Automatique</orgName><orgName type="acronym">Inria</orgName><desc><address><addrLine>Domaine de VoluceauRocquencourt - BP 10578153 Le Chesnay Cedex</addrLine><country key="FR"></country></address><ref type="url">http://www.inria.fr/en/</ref></desc></org></tutelle></tutelles></hal:affiliation><country>France</country></affiliation></author><author><name sortKey="Durumeric, Zakir" sort="Durumeric, Zakir" uniqKey="Durumeric Z" first="Zakir" last="Durumeric">Zakir Durumeric</name><affiliation wicri:level="1"><hal:affiliation type="institution" xml:id="struct-302797" status="VALID"><orgName>University of Michigan (USA)</orgName><desc><address><country key="FR"></country></address></desc></hal:affiliation><country>France</country></affiliation></author><author><name sortKey="Gaudry, Pierrick" sort="Gaudry, Pierrick" uniqKey="Gaudry P" first="Pierrick" last="Gaudry">Pierrick Gaudry</name><affiliation wicri:level="1"><hal:affiliation type="researchteam" xml:id="struct-119560" status="VALID"><idno type="RNSR">201020971F</idno><orgName>Cryptology, Arithmetic: Hardware and Software</orgName><orgName type="acronym">CARAMEL</orgName><desc><address><country key="FR"></country></address><ref type="url">http://www.inria.fr/equipes/caramel</ref></desc><listRelation><relation active="#struct-129671" type="direct"></relation><relation active="#struct-300009" type="indirect"></relation><relation active="#struct-423083" type="direct"></relation><relation active="#struct-206040" type="indirect"></relation><relation active="#struct-413289" type="indirect"></relation><relation name="UMR7503" active="#struct-441569" type="indirect"></relation></listRelation><tutelles><tutelle active="#struct-129671" type="direct"><org type="laboratory" xml:id="struct-129671" status="VALID"><idno type="RNSR">198618246Y</idno><orgName>INRIA Nancy - Grand Est</orgName><desc><address><addrLine>615 rue du Jardin Botanique 54600 Villers-lès-Nancy</addrLine><country key="FR"></country></address><ref type="url">http://www.inria.fr/nancy</ref></desc><listRelation><relation active="#struct-300009" type="direct"></relation></listRelation></org></tutelle><tutelle active="#struct-300009" type="indirect"><org type="institution" xml:id="struct-300009" status="VALID"><orgName>Institut National de Recherche en Informatique et en Automatique</orgName><orgName type="acronym">Inria</orgName><desc><address><addrLine>Domaine de VoluceauRocquencourt - BP 10578153 Le Chesnay Cedex</addrLine><country key="FR"></country></address><ref type="url">http://www.inria.fr/en/</ref></desc></org></tutelle><tutelle active="#struct-423083" type="direct"><org type="department" xml:id="struct-423083" status="VALID"><orgName>Department of Algorithms, Computation, Image and Geometry</orgName><orgName type="acronym">LORIA - ALGO</orgName><desc><address><country key="FR"></country></address><ref type="url">http://www.loria.fr/la-recherche-en/departements/algorithmics</ref></desc><listRelation><relation active="#struct-206040" type="direct"></relation><relation active="#struct-300009" type="indirect"></relation><relation active="#struct-413289" type="indirect"></relation><relation name="UMR7503" active="#struct-441569" type="indirect"></relation></listRelation></org></tutelle><tutelle active="#struct-206040" type="indirect"><org type="laboratory" xml:id="struct-206040" status="VALID"><idno type="IdRef">067077927</idno><idno type="RNSR">198912571S</idno><idno type="IdUnivLorraine">[UL]RSI--</idno><orgName>Laboratoire Lorrain de Recherche en Informatique et ses Applications</orgName><orgName type="acronym">LORIA</orgName><date type="start">2012-01-01</date><desc><address><addrLine>Campus Scientifique BP 239 54506 Vandoeuvre-lès-Nancy Cedex</addrLine><country key="FR"></country></address><ref type="url">http://www.loria.fr</ref></desc><listRelation><relation active="#struct-300009" type="direct"></relation><relation active="#struct-413289" type="direct"></relation><relation name="UMR7503" active="#struct-441569" type="direct"></relation></listRelation></org></tutelle><tutelle active="#struct-413289" type="indirect"><org type="institution" xml:id="struct-413289" status="VALID"><idno type="IdRef">157040569</idno><idno type="IdUnivLorraine">[UL]100--</idno><orgName>Université de Lorraine</orgName><orgName type="acronym">UL</orgName><date type="start">2012-01-01</date><desc><address><addrLine>34 cours Léopold - CS 25233 - 54052 Nancy cedex</addrLine><country key="FR"></country></address><ref type="url">http://www.univ-lorraine.fr/</ref></desc></org></tutelle><tutelle name="UMR7503" active="#struct-441569" type="indirect"><org type="institution" xml:id="struct-441569" status="VALID"><idno type="ISNI">0000000122597504</idno><idno type="IdRef">02636817X</idno><orgName>Centre National de la Recherche Scientifique</orgName><orgName type="acronym">CNRS</orgName><date type="start">1939-10-19</date><desc><address><country key="FR"></country></address><ref type="url">http://www.cnrs.fr/</ref></desc></org></tutelle></tutelles></hal:affiliation><country>France</country><placeName><settlement type="city">Nancy</settlement><settlement type="city">Metz</settlement><region type="region" nuts="2">Grand Est</region><region type="old region" nuts="2">Lorraine (région)</region></placeName><orgName type="university">Université de Lorraine</orgName></affiliation></author><author><name sortKey="Green, Matthew" sort="Green, Matthew" uniqKey="Green M" first="Matthew" last="Green">Matthew Green</name><affiliation wicri:level="1"><hal:affiliation type="institution" xml:id="struct-7668" status="VALID"><orgName>Johns Hopkins University</orgName><orgName type="acronym">JHU</orgName><desc><address><addrLine>Baltimore, Maryland 410-516-8000</addrLine><country key="US"></country></address><ref type="url">http://www.jhu.edu/</ref></desc></hal:affiliation><country>États-Unis</country></affiliation></author><author><name sortKey="Halderman, J Alex" sort="Halderman, J Alex" uniqKey="Halderman J" first="J. Alex" last="Halderman">J. Alex Halderman</name><affiliation wicri:level="1"><hal:affiliation type="institution" xml:id="struct-302797" status="VALID"><orgName>University of Michigan (USA)</orgName><desc><address><country key="FR"></country></address></desc></hal:affiliation><country>France</country></affiliation></author><author><name sortKey="Heninger, Nadia" sort="Heninger, Nadia" uniqKey="Heninger N" first="Nadia" last="Heninger">Nadia Heninger</name><affiliation wicri:level="1"><hal:affiliation type="institution" xml:id="struct-115889" status="VALID"><orgName>University of Pennsylvania [Philadelphia]</orgName><desc><address><addrLine>3451 Walnut Street, Philadelphia, PA 19104 | 215-898-5000</addrLine><country key="US"></country></address><ref type="url">http://www.upenn.edu/</ref></desc></hal:affiliation><country>États-Unis</country></affiliation></author><author><name sortKey="Springall, Drew" sort="Springall, Drew" uniqKey="Springall D" first="Drew" last="Springall">Drew Springall</name><affiliation wicri:level="1"><hal:affiliation type="institution" xml:id="struct-7668" status="VALID"><orgName>Johns Hopkins University</orgName><orgName type="acronym">JHU</orgName><desc><address><addrLine>Baltimore, Maryland 410-516-8000</addrLine><country key="US"></country></address><ref type="url">http://www.jhu.edu/</ref></desc></hal:affiliation><country>États-Unis</country></affiliation></author><author><name sortKey="Thome, Emmanuel" sort="Thome, Emmanuel" uniqKey="Thome E" first="Emmanuel" last="Thomé">Emmanuel Thomé</name><affiliation wicri:level="1"><hal:affiliation type="researchteam" xml:id="struct-119560" status="VALID"><idno type="RNSR">201020971F</idno><orgName>Cryptology, Arithmetic: Hardware and Software</orgName><orgName type="acronym">CARAMEL</orgName><desc><address><country key="FR"></country></address><ref type="url">http://www.inria.fr/equipes/caramel</ref></desc><listRelation><relation active="#struct-129671" type="direct"></relation><relation active="#struct-300009" type="indirect"></relation><relation active="#struct-423083" type="direct"></relation><relation active="#struct-206040" type="indirect"></relation><relation active="#struct-413289" type="indirect"></relation><relation name="UMR7503" active="#struct-441569" type="indirect"></relation></listRelation><tutelles><tutelle active="#struct-129671" type="direct"><org type="laboratory" xml:id="struct-129671" status="VALID"><idno type="RNSR">198618246Y</idno><orgName>INRIA Nancy - Grand Est</orgName><desc><address><addrLine>615 rue du Jardin Botanique 54600 Villers-lès-Nancy</addrLine><country key="FR"></country></address><ref type="url">http://www.inria.fr/nancy</ref></desc><listRelation><relation active="#struct-300009" type="direct"></relation></listRelation></org></tutelle><tutelle active="#struct-300009" type="indirect"><org type="institution" xml:id="struct-300009" status="VALID"><orgName>Institut National de Recherche en Informatique et en Automatique</orgName><orgName type="acronym">Inria</orgName><desc><address><addrLine>Domaine de VoluceauRocquencourt - BP 10578153 Le Chesnay Cedex</addrLine><country key="FR"></country></address><ref type="url">http://www.inria.fr/en/</ref></desc></org></tutelle><tutelle active="#struct-423083" type="direct"><org type="department" xml:id="struct-423083" status="VALID"><orgName>Department of Algorithms, Computation, Image and Geometry</orgName><orgName type="acronym">LORIA - ALGO</orgName><desc><address><country key="FR"></country></address><ref type="url">http://www.loria.fr/la-recherche-en/departements/algorithmics</ref></desc><listRelation><relation active="#struct-206040" type="direct"></relation><relation active="#struct-300009" type="indirect"></relation><relation active="#struct-413289" type="indirect"></relation><relation name="UMR7503" active="#struct-441569" type="indirect"></relation></listRelation></org></tutelle><tutelle active="#struct-206040" type="indirect"><org type="laboratory" xml:id="struct-206040" status="VALID"><idno type="IdRef">067077927</idno><idno type="RNSR">198912571S</idno><idno type="IdUnivLorraine">[UL]RSI--</idno><orgName>Laboratoire Lorrain de Recherche en Informatique et ses Applications</orgName><orgName type="acronym">LORIA</orgName><date type="start">2012-01-01</date><desc><address><addrLine>Campus Scientifique BP 239 54506 Vandoeuvre-lès-Nancy Cedex</addrLine><country key="FR"></country></address><ref type="url">http://www.loria.fr</ref></desc><listRelation><relation active="#struct-300009" type="direct"></relation><relation active="#struct-413289" type="direct"></relation><relation name="UMR7503" active="#struct-441569" type="direct"></relation></listRelation></org></tutelle><tutelle active="#struct-413289" type="indirect"><org type="institution" xml:id="struct-413289" status="VALID"><idno type="IdRef">157040569</idno><idno type="IdUnivLorraine">[UL]100--</idno><orgName>Université de Lorraine</orgName><orgName type="acronym">UL</orgName><date type="start">2012-01-01</date><desc><address><addrLine>34 cours Léopold - CS 25233 - 54052 Nancy cedex</addrLine><country key="FR"></country></address><ref type="url">http://www.univ-lorraine.fr/</ref></desc></org></tutelle><tutelle name="UMR7503" active="#struct-441569" type="indirect"><org type="institution" xml:id="struct-441569" status="VALID"><idno type="ISNI">0000000122597504</idno><idno type="IdRef">02636817X</idno><orgName>Centre National de la Recherche Scientifique</orgName><orgName type="acronym">CNRS</orgName><date type="start">1939-10-19</date><desc><address><country key="FR"></country></address><ref type="url">http://www.cnrs.fr/</ref></desc></org></tutelle></tutelles></hal:affiliation><country>France</country><placeName><settlement type="city">Nancy</settlement><settlement type="city">Metz</settlement><region type="region" nuts="2">Grand Est</region><region type="old region" nuts="2">Lorraine (région)</region></placeName><orgName type="university">Université de Lorraine</orgName></affiliation></author><author><name sortKey="Valenta, Luke" sort="Valenta, Luke" uniqKey="Valenta L" first="Luke" last="Valenta">Luke Valenta</name><affiliation wicri:level="1"><hal:affiliation type="institution" xml:id="struct-115889" status="VALID"><orgName>University of Pennsylvania [Philadelphia]</orgName><desc><address><addrLine>3451 Walnut Street, Philadelphia, PA 19104 | 215-898-5000</addrLine><country key="US"></country></address><ref type="url">http://www.upenn.edu/</ref></desc></hal:affiliation><country>États-Unis</country></affiliation></author><author><name sortKey="Vandersloot, Benjamin" sort="Vandersloot, Benjamin" uniqKey="Vandersloot B" first="Benjamin" last="Vandersloot">Benjamin Vandersloot</name><affiliation wicri:level="1"><hal:affiliation type="institution" xml:id="struct-302797" status="VALID"><orgName>University of Michigan (USA)</orgName><desc><address><country key="FR"></country></address></desc></hal:affiliation><country>France</country></affiliation></author><author><name sortKey="Wustrow, Eric" sort="Wustrow, Eric" uniqKey="Wustrow E" first="Eric" last="Wustrow">Eric Wustrow</name><affiliation wicri:level="1"><hal:affiliation type="institution" xml:id="struct-302797" status="VALID"><orgName>University of Michigan (USA)</orgName><desc><address><country key="FR"></country></address></desc></hal:affiliation><country>France</country></affiliation></author><author><name sortKey="Zanella Beguelin, Santiago" sort="Zanella Beguelin, Santiago" uniqKey="Zanella Beguelin S" first="Santiago" last="Zanella-Béguelin">Santiago Zanella-Béguelin</name><affiliation wicri:level="1"><hal:affiliation type="laboratory" xml:id="struct-229906" status="OLD"><orgName>Microsoft Research</orgName><desc><address><addrLine>Vancouver Development Center, British Columbia</addrLine><country key="CA"></country></address><ref type="url">http://www.microsoft.com/en-ca/corp/vdc/</ref></desc><listRelation><relation active="#struct-379481" type="direct"></relation></listRelation><tutelles><tutelle active="#struct-379481" type="direct"><org type="institution" xml:id="struct-379481" status="VALID"><orgName>Microsoft Corporation [Redmond, Wash.]</orgName><desc><address><country key="US"></country></address><ref type="url">https://www.microsoft.com/fr-fr/</ref></desc></org></tutelle></tutelles></hal:affiliation><country>Canada</country></affiliation></author><author><name sortKey="Zimmermann, Paul" sort="Zimmermann, Paul" uniqKey="Zimmermann P" first="Paul" last="Zimmermann">Paul Zimmermann</name><affiliation wicri:level="1"><hal:affiliation type="researchteam" xml:id="struct-119560" status="VALID"><idno type="RNSR">201020971F</idno><orgName>Cryptology, Arithmetic: Hardware and Software</orgName><orgName type="acronym">CARAMEL</orgName><desc><address><country key="FR"></country></address><ref type="url">http://www.inria.fr/equipes/caramel</ref></desc><listRelation><relation active="#struct-129671" type="direct"></relation><relation active="#struct-300009" type="indirect"></relation><relation active="#struct-423083" type="direct"></relation><relation active="#struct-206040" type="indirect"></relation><relation active="#struct-413289" type="indirect"></relation><relation name="UMR7503" active="#struct-441569" type="indirect"></relation></listRelation><tutelles><tutelle active="#struct-129671" type="direct"><org type="laboratory" xml:id="struct-129671" status="VALID"><idno type="RNSR">198618246Y</idno><orgName>INRIA Nancy - Grand Est</orgName><desc><address><addrLine>615 rue du Jardin Botanique 54600 Villers-lès-Nancy</addrLine><country key="FR"></country></address><ref type="url">http://www.inria.fr/nancy</ref></desc><listRelation><relation active="#struct-300009" type="direct"></relation></listRelation></org></tutelle><tutelle active="#struct-300009" type="indirect"><org type="institution" xml:id="struct-300009" status="VALID"><orgName>Institut National de Recherche en Informatique et en Automatique</orgName><orgName type="acronym">Inria</orgName><desc><address><addrLine>Domaine de VoluceauRocquencourt - BP 10578153 Le Chesnay Cedex</addrLine><country key="FR"></country></address><ref type="url">http://www.inria.fr/en/</ref></desc></org></tutelle><tutelle active="#struct-423083" type="direct"><org type="department" xml:id="struct-423083" status="VALID"><orgName>Department of Algorithms, Computation, Image and Geometry</orgName><orgName type="acronym">LORIA - ALGO</orgName><desc><address><country key="FR"></country></address><ref type="url">http://www.loria.fr/la-recherche-en/departements/algorithmics</ref></desc><listRelation><relation active="#struct-206040" type="direct"></relation><relation active="#struct-300009" type="indirect"></relation><relation active="#struct-413289" type="indirect"></relation><relation name="UMR7503" active="#struct-441569" type="indirect"></relation></listRelation></org></tutelle><tutelle active="#struct-206040" type="indirect"><org type="laboratory" xml:id="struct-206040" status="VALID"><idno type="IdRef">067077927</idno><idno type="RNSR">198912571S</idno><idno type="IdUnivLorraine">[UL]RSI--</idno><orgName>Laboratoire Lorrain de Recherche en Informatique et ses Applications</orgName><orgName type="acronym">LORIA</orgName><date type="start">2012-01-01</date><desc><address><addrLine>Campus Scientifique BP 239 54506 Vandoeuvre-lès-Nancy Cedex</addrLine><country key="FR"></country></address><ref type="url">http://www.loria.fr</ref></desc><listRelation><relation active="#struct-300009" type="direct"></relation><relation active="#struct-413289" type="direct"></relation><relation name="UMR7503" active="#struct-441569" type="direct"></relation></listRelation></org></tutelle><tutelle active="#struct-413289" type="indirect"><org type="institution" xml:id="struct-413289" status="VALID"><idno type="IdRef">157040569</idno><idno type="IdUnivLorraine">[UL]100--</idno><orgName>Université de Lorraine</orgName><orgName type="acronym">UL</orgName><date type="start">2012-01-01</date><desc><address><addrLine>34 cours Léopold - CS 25233 - 54052 Nancy cedex</addrLine><country key="FR"></country></address><ref type="url">http://www.univ-lorraine.fr/</ref></desc></org></tutelle><tutelle name="UMR7503" active="#struct-441569" type="indirect"><org type="institution" xml:id="struct-441569" status="VALID"><idno type="ISNI">0000000122597504</idno><idno type="IdRef">02636817X</idno><orgName>Centre National de la Recherche Scientifique</orgName><orgName type="acronym">CNRS</orgName><date type="start">1939-10-19</date><desc><address><country key="FR"></country></address><ref type="url">http://www.cnrs.fr/</ref></desc></org></tutelle></tutelles></hal:affiliation><country>France</country><placeName><settlement type="city">Nancy</settlement><settlement type="city">Metz</settlement><region type="region" nuts="2">Grand Est</region><region type="old region" nuts="2">Lorraine (région)</region></placeName><orgName type="university">Université de Lorraine</orgName></affiliation></author></titleStmt><publicationStmt><idno type="wicri:source">HAL</idno><idno type="RBID">Hal:hal-01184171</idno><idno type="halId">hal-01184171</idno><idno type="halUri">https://hal.inria.fr/hal-01184171</idno><idno type="url">https://hal.inria.fr/hal-01184171</idno><idno type="doi">10.1145/2810103.2813707</idno><date when="2015-10-12">2015-10-12</date><idno type="wicri:Area/Hal/Corpus">002960</idno><idno type="wicri:Area/Hal/Curation">002960</idno></publicationStmt><sourceDesc><biblStruct><analytic><title xml:lang="en">Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice</title><author><name sortKey="Adrian, David" sort="Adrian, David" uniqKey="Adrian D" first="David" last="Adrian">David Adrian</name><affiliation wicri:level="1"><hal:affiliation type="institution" xml:id="struct-302797" status="VALID"><orgName>University of Michigan (USA)</orgName><desc><address><country key="FR"></country></address></desc></hal:affiliation><country>France</country></affiliation></author><author><name sortKey="Bhargavan, Karthikeyan" sort="Bhargavan, Karthikeyan" uniqKey="Bhargavan K" first="Karthikeyan" last="Bhargavan">Karthikeyan Bhargavan</name><affiliation wicri:level="1"><hal:affiliation type="researchteam" xml:id="struct-192031" status="OLD"><idno type="RNSR">201221033P</idno><orgName>Programming securely with cryptography</orgName><orgName type="acronym">PROSECCO</orgName><date type="end">2015-12-31</date><desc><address><country key="FR"></country></address><ref type="url">http://www.inria.fr/equipes/prosecco</ref></desc><listRelation><relation active="#struct-86790" type="direct"></relation><relation active="#struct-300009" type="indirect"></relation></listRelation><tutelles><tutelle active="#struct-86790" type="direct"><org type="laboratory" xml:id="struct-86790" status="VALID"><idno type="RNSR">196718247G</idno><orgName>INRIA Paris-Rocquencourt</orgName><desc><address><addrLine>INRIA Rocquencourt : Domaine de Voluceau, Rocquencourt B.P. 105 78153 le Chesnay Cedex / INRIA Paris - 23 avenue d'Italie 75013 Paris</addrLine><country key="FR"></country></address><ref type="url">http://www.inria.fr/centre/paris-rocquencourt</ref></desc><listRelation><relation active="#struct-300009" type="direct"></relation></listRelation></org></tutelle><tutelle active="#struct-300009" type="indirect"><org type="institution" xml:id="struct-300009" status="VALID"><orgName>Institut National de Recherche en Informatique et en Automatique</orgName><orgName type="acronym">Inria</orgName><desc><address><addrLine>Domaine de VoluceauRocquencourt - BP 10578153 Le Chesnay Cedex</addrLine><country key="FR"></country></address><ref type="url">http://www.inria.fr/en/</ref></desc></org></tutelle></tutelles></hal:affiliation><country>France</country></affiliation></author><author><name sortKey="Durumeric, Zakir" sort="Durumeric, Zakir" uniqKey="Durumeric Z" first="Zakir" last="Durumeric">Zakir Durumeric</name><affiliation wicri:level="1"><hal:affiliation type="institution" xml:id="struct-302797" status="VALID"><orgName>University of Michigan (USA)</orgName><desc><address><country key="FR"></country></address></desc></hal:affiliation><country>France</country></affiliation></author><author><name sortKey="Gaudry, Pierrick" sort="Gaudry, Pierrick" uniqKey="Gaudry P" first="Pierrick" last="Gaudry">Pierrick Gaudry</name><affiliation wicri:level="1"><hal:affiliation type="researchteam" xml:id="struct-119560" status="VALID"><idno type="RNSR">201020971F</idno><orgName>Cryptology, Arithmetic: Hardware and Software</orgName><orgName type="acronym">CARAMEL</orgName><desc><address><country key="FR"></country></address><ref type="url">http://www.inria.fr/equipes/caramel</ref></desc><listRelation><relation active="#struct-129671" type="direct"></relation><relation active="#struct-300009" type="indirect"></relation><relation active="#struct-423083" type="direct"></relation><relation active="#struct-206040" type="indirect"></relation><relation active="#struct-413289" type="indirect"></relation><relation name="UMR7503" active="#struct-441569" type="indirect"></relation></listRelation><tutelles><tutelle active="#struct-129671" type="direct"><org type="laboratory" xml:id="struct-129671" status="VALID"><idno type="RNSR">198618246Y</idno><orgName>INRIA Nancy - Grand Est</orgName><desc><address><addrLine>615 rue du Jardin Botanique 54600 Villers-lès-Nancy</addrLine><country key="FR"></country></address><ref type="url">http://www.inria.fr/nancy</ref></desc><listRelation><relation active="#struct-300009" type="direct"></relation></listRelation></org></tutelle><tutelle active="#struct-300009" type="indirect"><org type="institution" xml:id="struct-300009" status="VALID"><orgName>Institut National de Recherche en Informatique et en Automatique</orgName><orgName type="acronym">Inria</orgName><desc><address><addrLine>Domaine de VoluceauRocquencourt - BP 10578153 Le Chesnay Cedex</addrLine><country key="FR"></country></address><ref type="url">http://www.inria.fr/en/</ref></desc></org></tutelle><tutelle active="#struct-423083" type="direct"><org type="department" xml:id="struct-423083" status="VALID"><orgName>Department of Algorithms, Computation, Image and Geometry</orgName><orgName type="acronym">LORIA - ALGO</orgName><desc><address><country key="FR"></country></address><ref type="url">http://www.loria.fr/la-recherche-en/departements/algorithmics</ref></desc><listRelation><relation active="#struct-206040" type="direct"></relation><relation active="#struct-300009" type="indirect"></relation><relation active="#struct-413289" type="indirect"></relation><relation name="UMR7503" active="#struct-441569" type="indirect"></relation></listRelation></org></tutelle><tutelle active="#struct-206040" type="indirect"><org type="laboratory" xml:id="struct-206040" status="VALID"><idno type="IdRef">067077927</idno><idno type="RNSR">198912571S</idno><idno type="IdUnivLorraine">[UL]RSI--</idno><orgName>Laboratoire Lorrain de Recherche en Informatique et ses Applications</orgName><orgName type="acronym">LORIA</orgName><date type="start">2012-01-01</date><desc><address><addrLine>Campus Scientifique BP 239 54506 Vandoeuvre-lès-Nancy Cedex</addrLine><country key="FR"></country></address><ref type="url">http://www.loria.fr</ref></desc><listRelation><relation active="#struct-300009" type="direct"></relation><relation active="#struct-413289" type="direct"></relation><relation name="UMR7503" active="#struct-441569" type="direct"></relation></listRelation></org></tutelle><tutelle active="#struct-413289" type="indirect"><org type="institution" xml:id="struct-413289" status="VALID"><idno type="IdRef">157040569</idno><idno type="IdUnivLorraine">[UL]100--</idno><orgName>Université de Lorraine</orgName><orgName type="acronym">UL</orgName><date type="start">2012-01-01</date><desc><address><addrLine>34 cours Léopold - CS 25233 - 54052 Nancy cedex</addrLine><country key="FR"></country></address><ref type="url">http://www.univ-lorraine.fr/</ref></desc></org></tutelle><tutelle name="UMR7503" active="#struct-441569" type="indirect"><org type="institution" xml:id="struct-441569" status="VALID"><idno type="ISNI">0000000122597504</idno><idno type="IdRef">02636817X</idno><orgName>Centre National de la Recherche Scientifique</orgName><orgName type="acronym">CNRS</orgName><date type="start">1939-10-19</date><desc><address><country key="FR"></country></address><ref type="url">http://www.cnrs.fr/</ref></desc></org></tutelle></tutelles></hal:affiliation><country>France</country><placeName><settlement type="city">Nancy</settlement><settlement type="city">Metz</settlement><region type="region" nuts="2">Grand Est</region><region type="old region" nuts="2">Lorraine (région)</region></placeName><orgName type="university">Université de Lorraine</orgName></affiliation></author><author><name sortKey="Green, Matthew" sort="Green, Matthew" uniqKey="Green M" first="Matthew" last="Green">Matthew Green</name><affiliation wicri:level="1"><hal:affiliation type="institution" xml:id="struct-7668" status="VALID"><orgName>Johns Hopkins University</orgName><orgName type="acronym">JHU</orgName><desc><address><addrLine>Baltimore, Maryland 410-516-8000</addrLine><country key="US"></country></address><ref type="url">http://www.jhu.edu/</ref></desc></hal:affiliation><country>États-Unis</country></affiliation></author><author><name sortKey="Halderman, J Alex" sort="Halderman, J Alex" uniqKey="Halderman J" first="J. Alex" last="Halderman">J. Alex Halderman</name><affiliation wicri:level="1"><hal:affiliation type="institution" xml:id="struct-302797" status="VALID"><orgName>University of Michigan (USA)</orgName><desc><address><country key="FR"></country></address></desc></hal:affiliation><country>France</country></affiliation></author><author><name sortKey="Heninger, Nadia" sort="Heninger, Nadia" uniqKey="Heninger N" first="Nadia" last="Heninger">Nadia Heninger</name><affiliation wicri:level="1"><hal:affiliation type="institution" xml:id="struct-115889" status="VALID"><orgName>University of Pennsylvania [Philadelphia]</orgName><desc><address><addrLine>3451 Walnut Street, Philadelphia, PA 19104 | 215-898-5000</addrLine><country key="US"></country></address><ref type="url">http://www.upenn.edu/</ref></desc></hal:affiliation><country>États-Unis</country></affiliation></author><author><name sortKey="Springall, Drew" sort="Springall, Drew" uniqKey="Springall D" first="Drew" last="Springall">Drew Springall</name><affiliation wicri:level="1"><hal:affiliation type="institution" xml:id="struct-7668" status="VALID"><orgName>Johns Hopkins University</orgName><orgName type="acronym">JHU</orgName><desc><address><addrLine>Baltimore, Maryland 410-516-8000</addrLine><country key="US"></country></address><ref type="url">http://www.jhu.edu/</ref></desc></hal:affiliation><country>États-Unis</country></affiliation></author><author><name sortKey="Thome, Emmanuel" sort="Thome, Emmanuel" uniqKey="Thome E" first="Emmanuel" last="Thomé">Emmanuel Thomé</name><affiliation wicri:level="1"><hal:affiliation type="researchteam" xml:id="struct-119560" status="VALID"><idno type="RNSR">201020971F</idno><orgName>Cryptology, Arithmetic: Hardware and Software</orgName><orgName type="acronym">CARAMEL</orgName><desc><address><country key="FR"></country></address><ref type="url">http://www.inria.fr/equipes/caramel</ref></desc><listRelation><relation active="#struct-129671" type="direct"></relation><relation active="#struct-300009" type="indirect"></relation><relation active="#struct-423083" type="direct"></relation><relation active="#struct-206040" type="indirect"></relation><relation active="#struct-413289" type="indirect"></relation><relation name="UMR7503" active="#struct-441569" type="indirect"></relation></listRelation><tutelles><tutelle active="#struct-129671" type="direct"><org type="laboratory" xml:id="struct-129671" status="VALID"><idno type="RNSR">198618246Y</idno><orgName>INRIA Nancy - Grand Est</orgName><desc><address><addrLine>615 rue du Jardin Botanique 54600 Villers-lès-Nancy</addrLine><country key="FR"></country></address><ref type="url">http://www.inria.fr/nancy</ref></desc><listRelation><relation active="#struct-300009" type="direct"></relation></listRelation></org></tutelle><tutelle active="#struct-300009" type="indirect"><org type="institution" xml:id="struct-300009" status="VALID"><orgName>Institut National de Recherche en Informatique et en Automatique</orgName><orgName type="acronym">Inria</orgName><desc><address><addrLine>Domaine de VoluceauRocquencourt - BP 10578153 Le Chesnay Cedex</addrLine><country key="FR"></country></address><ref type="url">http://www.inria.fr/en/</ref></desc></org></tutelle><tutelle active="#struct-423083" type="direct"><org type="department" xml:id="struct-423083" status="VALID"><orgName>Department of Algorithms, Computation, Image and Geometry</orgName><orgName type="acronym">LORIA - ALGO</orgName><desc><address><country key="FR"></country></address><ref type="url">http://www.loria.fr/la-recherche-en/departements/algorithmics</ref></desc><listRelation><relation active="#struct-206040" type="direct"></relation><relation active="#struct-300009" type="indirect"></relation><relation active="#struct-413289" type="indirect"></relation><relation name="UMR7503" active="#struct-441569" type="indirect"></relation></listRelation></org></tutelle><tutelle active="#struct-206040" type="indirect"><org type="laboratory" xml:id="struct-206040" status="VALID"><idno type="IdRef">067077927</idno><idno type="RNSR">198912571S</idno><idno type="IdUnivLorraine">[UL]RSI--</idno><orgName>Laboratoire Lorrain de Recherche en Informatique et ses Applications</orgName><orgName type="acronym">LORIA</orgName><date type="start">2012-01-01</date><desc><address><addrLine>Campus Scientifique BP 239 54506 Vandoeuvre-lès-Nancy Cedex</addrLine><country key="FR"></country></address><ref type="url">http://www.loria.fr</ref></desc><listRelation><relation active="#struct-300009" type="direct"></relation><relation active="#struct-413289" type="direct"></relation><relation name="UMR7503" active="#struct-441569" type="direct"></relation></listRelation></org></tutelle><tutelle active="#struct-413289" type="indirect"><org type="institution" xml:id="struct-413289" status="VALID"><idno type="IdRef">157040569</idno><idno type="IdUnivLorraine">[UL]100--</idno><orgName>Université de Lorraine</orgName><orgName type="acronym">UL</orgName><date type="start">2012-01-01</date><desc><address><addrLine>34 cours Léopold - CS 25233 - 54052 Nancy cedex</addrLine><country key="FR"></country></address><ref type="url">http://www.univ-lorraine.fr/</ref></desc></org></tutelle><tutelle name="UMR7503" active="#struct-441569" type="indirect"><org type="institution" xml:id="struct-441569" status="VALID"><idno type="ISNI">0000000122597504</idno><idno type="IdRef">02636817X</idno><orgName>Centre National de la Recherche Scientifique</orgName><orgName type="acronym">CNRS</orgName><date type="start">1939-10-19</date><desc><address><country key="FR"></country></address><ref type="url">http://www.cnrs.fr/</ref></desc></org></tutelle></tutelles></hal:affiliation><country>France</country><placeName><settlement type="city">Nancy</settlement><settlement type="city">Metz</settlement><region type="region" nuts="2">Grand Est</region><region type="old region" nuts="2">Lorraine (région)</region></placeName><orgName type="university">Université de Lorraine</orgName></affiliation></author><author><name sortKey="Valenta, Luke" sort="Valenta, Luke" uniqKey="Valenta L" first="Luke" last="Valenta">Luke Valenta</name><affiliation wicri:level="1"><hal:affiliation type="institution" xml:id="struct-115889" status="VALID"><orgName>University of Pennsylvania [Philadelphia]</orgName><desc><address><addrLine>3451 Walnut Street, Philadelphia, PA 19104 | 215-898-5000</addrLine><country key="US"></country></address><ref type="url">http://www.upenn.edu/</ref></desc></hal:affiliation><country>États-Unis</country></affiliation></author><author><name sortKey="Vandersloot, Benjamin" sort="Vandersloot, Benjamin" uniqKey="Vandersloot B" first="Benjamin" last="Vandersloot">Benjamin Vandersloot</name><affiliation wicri:level="1"><hal:affiliation type="institution" xml:id="struct-302797" status="VALID"><orgName>University of Michigan (USA)</orgName><desc><address><country key="FR"></country></address></desc></hal:affiliation><country>France</country></affiliation></author><author><name sortKey="Wustrow, Eric" sort="Wustrow, Eric" uniqKey="Wustrow E" first="Eric" last="Wustrow">Eric Wustrow</name><affiliation wicri:level="1"><hal:affiliation type="institution" xml:id="struct-302797" status="VALID"><orgName>University of Michigan (USA)</orgName><desc><address><country key="FR"></country></address></desc></hal:affiliation><country>France</country></affiliation></author><author><name sortKey="Zanella Beguelin, Santiago" sort="Zanella Beguelin, Santiago" uniqKey="Zanella Beguelin S" first="Santiago" last="Zanella-Béguelin">Santiago Zanella-Béguelin</name><affiliation wicri:level="1"><hal:affiliation type="laboratory" xml:id="struct-229906" status="OLD"><orgName>Microsoft Research</orgName><desc><address><addrLine>Vancouver Development Center, British Columbia</addrLine><country key="CA"></country></address><ref type="url">http://www.microsoft.com/en-ca/corp/vdc/</ref></desc><listRelation><relation active="#struct-379481" type="direct"></relation></listRelation><tutelles><tutelle active="#struct-379481" type="direct"><org type="institution" xml:id="struct-379481" status="VALID"><orgName>Microsoft Corporation [Redmond, Wash.]</orgName><desc><address><country key="US"></country></address><ref type="url">https://www.microsoft.com/fr-fr/</ref></desc></org></tutelle></tutelles></hal:affiliation><country>Canada</country></affiliation></author><author><name sortKey="Zimmermann, Paul" sort="Zimmermann, Paul" uniqKey="Zimmermann P" first="Paul" last="Zimmermann">Paul Zimmermann</name><affiliation wicri:level="1"><hal:affiliation type="researchteam" xml:id="struct-119560" status="VALID"><idno type="RNSR">201020971F</idno><orgName>Cryptology, Arithmetic: Hardware and Software</orgName><orgName type="acronym">CARAMEL</orgName><desc><address><country key="FR"></country></address><ref type="url">http://www.inria.fr/equipes/caramel</ref></desc><listRelation><relation active="#struct-129671" type="direct"></relation><relation active="#struct-300009" type="indirect"></relation><relation active="#struct-423083" type="direct"></relation><relation active="#struct-206040" type="indirect"></relation><relation active="#struct-413289" type="indirect"></relation><relation name="UMR7503" active="#struct-441569" type="indirect"></relation></listRelation><tutelles><tutelle active="#struct-129671" type="direct"><org type="laboratory" xml:id="struct-129671" status="VALID"><idno type="RNSR">198618246Y</idno><orgName>INRIA Nancy - Grand Est</orgName><desc><address><addrLine>615 rue du Jardin Botanique 54600 Villers-lès-Nancy</addrLine><country key="FR"></country></address><ref type="url">http://www.inria.fr/nancy</ref></desc><listRelation><relation active="#struct-300009" type="direct"></relation></listRelation></org></tutelle><tutelle active="#struct-300009" type="indirect"><org type="institution" xml:id="struct-300009" status="VALID"><orgName>Institut National de Recherche en Informatique et en Automatique</orgName><orgName type="acronym">Inria</orgName><desc><address><addrLine>Domaine de VoluceauRocquencourt - BP 10578153 Le Chesnay Cedex</addrLine><country key="FR"></country></address><ref type="url">http://www.inria.fr/en/</ref></desc></org></tutelle><tutelle active="#struct-423083" type="direct"><org type="department" xml:id="struct-423083" status="VALID"><orgName>Department of Algorithms, Computation, Image and Geometry</orgName><orgName type="acronym">LORIA - ALGO</orgName><desc><address><country key="FR"></country></address><ref type="url">http://www.loria.fr/la-recherche-en/departements/algorithmics</ref></desc><listRelation><relation active="#struct-206040" type="direct"></relation><relation active="#struct-300009" type="indirect"></relation><relation active="#struct-413289" type="indirect"></relation><relation name="UMR7503" active="#struct-441569" type="indirect"></relation></listRelation></org></tutelle><tutelle active="#struct-206040" type="indirect"><org type="laboratory" xml:id="struct-206040" status="VALID"><idno type="IdRef">067077927</idno><idno type="RNSR">198912571S</idno><idno type="IdUnivLorraine">[UL]RSI--</idno><orgName>Laboratoire Lorrain de Recherche en Informatique et ses Applications</orgName><orgName type="acronym">LORIA</orgName><date type="start">2012-01-01</date><desc><address><addrLine>Campus Scientifique BP 239 54506 Vandoeuvre-lès-Nancy Cedex</addrLine><country key="FR"></country></address><ref type="url">http://www.loria.fr</ref></desc><listRelation><relation active="#struct-300009" type="direct"></relation><relation active="#struct-413289" type="direct"></relation><relation name="UMR7503" active="#struct-441569" type="direct"></relation></listRelation></org></tutelle><tutelle active="#struct-413289" type="indirect"><org type="institution" xml:id="struct-413289" status="VALID"><idno type="IdRef">157040569</idno><idno type="IdUnivLorraine">[UL]100--</idno><orgName>Université de Lorraine</orgName><orgName type="acronym">UL</orgName><date type="start">2012-01-01</date><desc><address><addrLine>34 cours Léopold - CS 25233 - 54052 Nancy cedex</addrLine><country key="FR"></country></address><ref type="url">http://www.univ-lorraine.fr/</ref></desc></org></tutelle><tutelle name="UMR7503" active="#struct-441569" type="indirect"><org type="institution" xml:id="struct-441569" status="VALID"><idno type="ISNI">0000000122597504</idno><idno type="IdRef">02636817X</idno><orgName>Centre National de la Recherche Scientifique</orgName><orgName type="acronym">CNRS</orgName><date type="start">1939-10-19</date><desc><address><country key="FR"></country></address><ref type="url">http://www.cnrs.fr/</ref></desc></org></tutelle></tutelles></hal:affiliation><country>France</country><placeName><settlement type="city">Nancy</settlement><settlement type="city">Metz</settlement><region type="region" nuts="2">Grand Est</region><region type="old region" nuts="2">Lorraine (région)</region></placeName><orgName type="university">Université de Lorraine</orgName></affiliation></author></analytic><idno type="DOI">10.1145/2810103.2813707</idno></biblStruct></sourceDesc></fileDesc><profileDesc><textClass></textClass></profileDesc></teiHeader><front><div type="abstract" xml:lang="en">We investigate the security of Diffie-Hellman key exchange as used in popular Internet protocols and find it to be less secure than widely believed. First, we present Logjam, a novel flaw in TLS that lets a man-in-the-middle downgrade connections to " export-grade " Diffie-Hellman. To carry out this attack, we implement the number field sieve discrete log algorithm. After a week-long precomputation for a specified 512-bit group, we can compute arbitrary discrete logs in that group in about a minute. We find that 82% of vulnerable servers use a single 512-bit group, allowing us to compromise connections to 7% of Alexa Top Million HTTPS sites. In response, major browsers are being changed to reject short groups. We go on to consider Diffie-Hellman with 768-and 1024-bit groups. A small number of fixed or standardized groups are in use by millions of servers. Performing precomputations for just ten of these groups would allow a passive eavesdropper to decrypt traffic to up to 66% of IPsec VPN servers, 26% of SSH servers, 24% of popular HTTPS sites, or 16% of SMTP servers. In the 1024-bit case, we estimate that such computations are plausible given nation-state resources, and a close reading of published NSA leaks shows that the agency's attacks on VPNs are consistent with having achieved such a break. We conclude that moving to stronger key exchange methods should be a priority for the Internet community.</div></front></TEI><hal api="V3"><titleStmt><title xml:lang="en">Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice</title><author role="aut"><persName><forename type="first">David</forename><surname>Adrian</surname></persName><email></email><idno type="halauthor">1196459</idno><affiliation ref="#struct-302797"></affiliation></author><author role="aut"><persName><forename type="first">Karthikeyan</forename><surname>Bhargavan</surname></persName><email></email><idno type="idhal">karthik</idno><idno type="halauthor">457759</idno><affiliation ref="#struct-192031"></affiliation></author><author role="aut"><persName><forename type="first">Zakir</forename><surname>Durumeric</surname></persName><email></email><idno type="halauthor">1196460</idno><affiliation ref="#struct-302797"></affiliation></author><author role="aut"><persName><forename type="first">Pierrick</forename><surname>Gaudry</surname></persName><email></email><idno type="idhal">pierrickgaudry</idno><idno type="halauthor">457720</idno><affiliation ref="#struct-119560"></affiliation></author><author role="aut"><persName><forename type="first">Matthew</forename><surname>Green</surname></persName><email></email><idno type="halauthor">1196461</idno><affiliation ref="#struct-7668"></affiliation></author><author role="aut"><persName><forename type="first">J. Alex</forename><surname>Halderman</surname></persName><email></email><idno type="halauthor">1196555</idno><affiliation ref="#struct-302797"></affiliation></author><author role="aut"><persName><forename type="first">Nadia</forename><surname>Heninger</surname></persName><email></email><idno type="halauthor">1196462</idno><affiliation ref="#struct-115889"></affiliation></author><author role="aut"><persName><forename type="first">Drew</forename><surname>Springall</surname></persName><email></email><idno type="halauthor">1196463</idno><affiliation ref="#struct-7668"></affiliation></author><author role="aut"><persName><forename type="first">Emmanuel</forename><surname>Thomé</surname></persName><email></email><idno type="halauthor">69691</idno><affiliation ref="#struct-119560"></affiliation></author><author role="aut"><persName><forename type="first">Luke</forename><surname>Valenta</surname></persName><email></email><idno type="halauthor">1196464</idno><affiliation ref="#struct-115889"></affiliation></author><author role="aut"><persName><forename type="first">Benjamin</forename><surname>Vandersloot</surname></persName><email></email><idno type="halauthor">1196465</idno><affiliation ref="#struct-302797"></affiliation></author><author role="aut"><persName><forename type="first">Eric</forename><surname>Wustrow</surname></persName><email></email><idno type="halauthor">1196466</idno><affiliation ref="#struct-302797"></affiliation></author><author role="aut"><persName><forename type="first">Santiago</forename><surname>Zanella-Béguelin</surname></persName><email></email><idno type="halauthor">1115008</idno><affiliation ref="#struct-229906"></affiliation></author><author role="aut"><persName><forename type="first">Paul</forename><surname>Zimmermann</surname></persName><email></email><idno type="idhal">paul-zimmermann</idno><idno type="halauthor">60829</idno><affiliation ref="#struct-119560"></affiliation></author><editor role="depositor"><persName><forename>Pierrick</forename><surname>Gaudry</surname></persName><email>pierrick.gaudry@loria.fr</email></editor></titleStmt><editionStmt><edition n="v1"><date type="whenSubmitted">2015-08-13 16:23:15</date></edition><edition n="v2" type="current"><date type="whenSubmitted">2015-08-22 17:03:31</date><date type="whenModified">2016-03-14 08:48:51</date><date type="whenReleased">2015-08-26 16:36:08</date><date type="whenProduced">2015-10-12</date><date type="whenEndEmbargoed">2015-08-22</date><ref type="file" target="https://hal.inria.fr/hal-01184171v2/document"><date notBefore="2015-08-22"></date></ref><ref type="file" subtype="publisherPaid" n="1" target="https://hal.inria.fr/hal-01184171/file/logjam.pdf"><date notBefore="2015-08-22"></date></ref></edition><respStmt><resp>contributor</resp><name key="103933"><persName><forename>Pierrick</forename><surname>Gaudry</surname></persName><email>pierrick.gaudry@loria.fr</email></name></respStmt></editionStmt><publicationStmt><distributor>CCSD</distributor><idno type="halId">hal-01184171</idno><idno type="halUri">https://hal.inria.fr/hal-01184171</idno><idno type="halBibtex">adrian:hal-01184171</idno><idno type="halRefHtml">ACM CCS 2015, Oct 2015, Denver, Colorado, United States. Proceedings of the 2015 ACM SIGSAC Conference on Computer and Communications Security, pp.14, 2015 ACM SIGSAC Conference on Computer and Communications Security. <10.1145/2810103.2813707></idno><idno type="halRef">ACM CCS 2015, Oct 2015, Denver, Colorado, United States. Proceedings of the 2015 ACM SIGSAC Conference on Computer and Communications Security, pp.14, 2015 ACM SIGSAC Conference on Computer and Communications Security. <10.1145/2810103.2813707></idno></publicationStmt><seriesStmt><idno type="stamp" n="CNRS">CNRS - Centre national de la recherche scientifique</idno><idno type="stamp" n="INRIA-LORRAINE">INRIA Nancy - Grand Est</idno><idno type="stamp" n="INRIA-NANCY-GRAND-EST">INRIA Nancy - Grand Est</idno><idno type="stamp" n="LORIA-ACGI" p="LORIA">Algorithmique, calcul, image et géométrie</idno><idno type="stamp" n="LORIA2">Publications du LORIA</idno><idno type="stamp" n="INRIA">INRIA - Institut National de Recherche en Informatique et en Automatique</idno><idno type="stamp" n="LORIA">LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications</idno><idno type="stamp" n="INRIA_TEST">INRIA - Institut National de Recherche en Informatique et en Automatique</idno><idno type="stamp" n="UNIV-LORRAINE">Université de Lorraine</idno><idno type="stamp" n="LORIA-ALGO-TEST5">LORIA-ALGO-TEST5 </idno><idno type="stamp" n="INRIA2">INRIA 2</idno><idno type="stamp" n="GRID5000">Grid'5000</idno></seriesStmt><notesStmt><note type="audience" n="2">International</note><note type="invited" n="0">No</note><note type="popular" n="0">No</note><note type="peer" n="1">Yes</note><note type="proceedings" n="1">Yes</note></notesStmt><sourceDesc><biblStruct><analytic><title xml:lang="en">Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice</title><author role="aut"><persName><forename type="first">David</forename><surname>Adrian</surname></persName><idno type="halAuthorId">1196459</idno><affiliation ref="#struct-302797"></affiliation></author><author role="aut"><persName><forename type="first">Karthikeyan</forename><surname>Bhargavan</surname></persName><idno type="idHal">karthik</idno><idno type="halAuthorId">457759</idno><affiliation ref="#struct-192031"></affiliation></author><author role="aut"><persName><forename type="first">Zakir</forename><surname>Durumeric</surname></persName><idno type="halAuthorId">1196460</idno><affiliation ref="#struct-302797"></affiliation></author><author role="aut"><persName><forename type="first">Pierrick</forename><surname>Gaudry</surname></persName><idno type="idHal">pierrickgaudry</idno><idno type="halAuthorId">457720</idno><affiliation ref="#struct-119560"></affiliation></author><author role="aut"><persName><forename type="first">Matthew</forename><surname>Green</surname></persName><idno type="halAuthorId">1196461</idno><affiliation ref="#struct-7668"></affiliation></author><author role="aut"><persName><forename type="first">J. Alex</forename><surname>Halderman</surname></persName><idno type="halAuthorId">1196555</idno><affiliation ref="#struct-302797"></affiliation></author><author role="aut"><persName><forename type="first">Nadia</forename><surname>Heninger</surname></persName><idno type="halAuthorId">1196462</idno><affiliation ref="#struct-115889"></affiliation></author><author role="aut"><persName><forename type="first">Drew</forename><surname>Springall</surname></persName><idno type="halAuthorId">1196463</idno><affiliation ref="#struct-7668"></affiliation></author><author role="aut"><persName><forename type="first">Emmanuel</forename><surname>Thomé</surname></persName><idno type="halAuthorId">69691</idno><affiliation ref="#struct-119560"></affiliation></author><author role="aut"><persName><forename type="first">Luke</forename><surname>Valenta</surname></persName><idno type="halAuthorId">1196464</idno><affiliation ref="#struct-115889"></affiliation></author><author role="aut"><persName><forename type="first">Benjamin</forename><surname>Vandersloot</surname></persName><idno type="halAuthorId">1196465</idno><affiliation ref="#struct-302797"></affiliation></author><author role="aut"><persName><forename type="first">Eric</forename><surname>Wustrow</surname></persName><idno type="halAuthorId">1196466</idno><affiliation ref="#struct-302797"></affiliation></author><author role="aut"><persName><forename type="first">Santiago</forename><surname>Zanella-Béguelin</surname></persName><idno type="halAuthorId">1115008</idno><affiliation ref="#struct-229906"></affiliation></author><author role="aut"><persName><forename type="first">Paul</forename><surname>Zimmermann</surname></persName><idno type="idHal">paul-zimmermann</idno><idno type="halAuthorId">60829</idno><affiliation ref="#struct-119560"></affiliation></author></analytic><monogr><title level="m">Proceedings of the 2015 ACM SIGSAC Conference on Computer and Communications Security</title><meeting><title>ACM CCS 2015</title><date type="start">2015-10-12</date><date type="end">2015-10-16</date><settlement>Denver, Colorado</settlement><country key="US">United States</country></meeting><imprint><biblScope unit="serie">2015 ACM SIGSAC Conference on Computer and Communications Security</biblScope><biblScope unit="pp">14</biblScope></imprint></monogr><idno type="doi">10.1145/2810103.2813707</idno></biblStruct></sourceDesc><profileDesc><langUsage><language ident="en">English</language></langUsage><textClass><classCode scheme="halDomain" n="info.info-cr">Computer Science [cs]/Cryptography and Security [cs.CR]</classCode><classCode scheme="halTypology" n="COMM">Conference papers</classCode></textClass><abstract xml:lang="en">We investigate the security of Diffie-Hellman key exchange as used in popular Internet protocols and find it to be less secure than widely believed. First, we present Logjam, a novel flaw in TLS that lets a man-in-the-middle downgrade connections to " export-grade " Diffie-Hellman. To carry out this attack, we implement the number field sieve discrete log algorithm. After a week-long precomputation for a specified 512-bit group, we can compute arbitrary discrete logs in that group in about a minute. We find that 82% of vulnerable servers use a single 512-bit group, allowing us to compromise connections to 7% of Alexa Top Million HTTPS sites. In response, major browsers are being changed to reject short groups. We go on to consider Diffie-Hellman with 768-and 1024-bit groups. A small number of fixed or standardized groups are in use by millions of servers. Performing precomputations for just ten of these groups would allow a passive eavesdropper to decrypt traffic to up to 66% of IPsec VPN servers, 26% of SSH servers, 24% of popular HTTPS sites, or 16% of SMTP servers. In the 1024-bit case, we estimate that such computations are plausible given nation-state resources, and a close reading of published NSA leaks shows that the agency's attacks on VPNs are consistent with having achieved such a break. We conclude that moving to stronger key exchange methods should be a priority for the Internet community.</abstract></profileDesc></hal></record>Pour manipuler ce document sous Unix (Dilib)
EXPLOR_STEP=$WICRI_ROOT/Wicri/Lorraine/explor/InforLorV4/Data/Hal/Curation
HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 002960 | SxmlIndent | more
Ou
HfdSelect -h $EXPLOR_AREA/Data/Hal/Curation/biblio.hfd -nk 002960 | SxmlIndent | more
Pour mettre un lien sur cette page dans le réseau Wicri
{{Explor lien
|wiki= Wicri/Lorraine
|area= InforLorV4
|flux= Hal
|étape= Curation
|type= RBID
|clé= Hal:hal-01184171
|texte= Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice
}}
| This area was generated with Dilib version V0.6.33. |  |