Research Article
Towards a Complete View of the SSL/TLS Service Ports in the Wild
@INPROCEEDINGS{10.1007/978-3-030-41114-5_41, author={Peipei Fu and Mingxin Cui and Zhenzhen Li}, title={Towards a Complete View of the SSL/TLS Service Ports in the Wild}, proceedings={Communications and Networking. 14th EAI International Conference, ChinaCom 2019, Shanghai, China, November 29 -- December 1, 2019, Proceedings, Part I}, proceedings_a={CHINACOM}, year={2020}, month={2}, keywords={SSL/TLS Security Service port Certificate Measurement}, doi={10.1007/978-3-030-41114-5_41} }- Peipei Fu
Mingxin Cui
Zhenzhen Li
Year: 2020
Towards a Complete View of the SSL/TLS Service Ports in the Wild
CHINACOM
Springer
DOI: 10.1007/978-3-030-41114-5_41
Abstract
With the emergence of service port obfuscation and abuse, malicious services can hide their communication behaviors in large-scale normal SSL/TLS traffic easily. Therefore, it is of great significance to get the complete view of SSL/TLS service ports and understand the potential threat of SSL/TLS usage. In this paper, we conduct a comprehensive analysis of the SSL/TLS service port by carrying out a large-scale passive measurement based on two ISP-level networks with a total bandwidth of up to 100 Gbps for over one year. Specifically, we first investigate the overall SSL/TLS service port view and uncover that the actual usage of port is in a state of confusion. At the same time, through in-depth analysis of specific well-known ports which are used by SSL/TLS, it is revealed that the well-known ports could be exploited by malicious SSL/TLS services easily. Then, we dig into some specific certificates to explore their ports behavior and discover that the self-signed certificates and EV certificates are in sorry state. Meanwhile, we uncover practices that may be exploited by malicious services, and reveal the potential threats or vulnerabilities in SSL/TLS service ports. We believe that the work will be beneficial to both SSL/TLS and web security in the future.
