SSL-TLS security flaw : a study of the RSA "freak" attack

RSA, a cryptography algorithm that was developed in 1977, still remains as one of the world’s most powerful cryptography algorithm till date. Applications such as e-commerce platform, government websites, and bank websites use RSA cryptography algorithm to secure sensitive data over the Internet via...

Full description

Saved in:
Bibliographic Details
Main Author: Low, John Kah Yong
Other Authors: Tay Kian Boon
Format: Final Year Project
Language:English
Published: Nanyang Technological University 2020
Subjects:
Online Access:https://hdl.handle.net/10356/137918
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
Description
Summary:RSA, a cryptography algorithm that was developed in 1977, still remains as one of the world’s most powerful cryptography algorithm till date. Applications such as e-commerce platform, government websites, and bank websites use RSA cryptography algorithm to secure sensitive data over the Internet via the SSL/TLS protocol. With a heavy increase in network traffic over the years, this cryptographic protocol became even more important as it helps to provide a safe and secure environment for network communications. However, no cryptographic protocols in practical use remain impenetrable forever. The clients (e.g. OpenSSL and SecureTransport) who use the SSL/TLS 1.2 handshake protocol contained a loophole that led to the discovery of Factoring Attack on RSA-EXPORT Keys (FREAK) vulnerability in March 2015. The FREAK attack happened due to the weak implementation of RSA protocol over Hypertext Transfer Protocol Secure (HTTPS). Today, FREAK attack still happens because some servers and browsers are still using export-grade cryptographic suites that allows the attackers to perform a Man-In-The-Middle (MITM) attack, downgrading the RSA cipher suites to 512-bit or lower. As a result, the attackers may factor the lower grade encryption, and steal sensitive personal information.