TLS in the wild: an Internet-wide analysis of TLS-based protocols for electronic communication

TL;DR

This study provides an extensive Internet-wide analysis of TLS deployment in email and chat protocols, revealing widespread insecurity in communication channels due to poor TLS adoption and usage.

Contribution

It is the largest investigation to date into TLS security for email and chat protocols, combining active scans and passive monitoring to assess deployment and usage.

Findings

Most communication is poorly secured in transit.

Significant gaps in TLS deployment across protocols.

User agents often do not utilize available security features.

Abstract

The majority of electronic communication today happens either via email or chat. Thanks to the use of standardised protocols electronic mail (SMTP, IMAP, POP3) and instant chat (XMPP, IRC) servers can be deployed in a decentralised but interoperable fashion. These protocols can be secured by providing encryption with the use of TLS---directly or via the STARTTLS extension---and leverage X.509 PKIs or ad hoc methods to authenticate communication peers. However, many combination of these mechanisms lead to insecure deployments. We present the largest study to date that investigates the security of the email and chat infrastructures. We used active Internet-wide scans to determine the amount of secure service deployments, and passive monitoring to investigate if user agents actually use this opportunity to secure their communications. We addressed both the client-to-server interactions as well as server-to-server forwarding mechanisms that these protocols offer, and the use of encryption and authentication methods in the process. Our findings shed light on an insofar unexplored area of the Internet. The truly frightening result is that most of our communication is poorly secured in transit.