SSL-TLS security flaw : a study of the RSA "freak" attack
RSA, a cryptography algorithm that was developed in 1977, still remains as one of the world’s most powerful cryptography algorithm till date. Applications such as e-commerce platform, government websites, and bank websites use RSA cryptography algorithm to secure sensitive data over the Internet via...
Saved in:
Main Author: | |
---|---|
Other Authors: | |
Format: | Final Year Project |
Language: | English |
Published: |
Nanyang Technological University
2020
|
Subjects: | |
Online Access: | https://hdl.handle.net/10356/137918 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Nanyang Technological University |
Language: | English |
Summary: | RSA, a cryptography algorithm that was developed in 1977, still remains as one of the world’s most powerful cryptography algorithm till date. Applications such as e-commerce platform, government websites, and bank websites use RSA cryptography algorithm to secure sensitive data over the Internet via the SSL/TLS protocol. With a heavy increase in network traffic over the years, this cryptographic protocol became even more important as it helps to provide a safe and secure environment for network communications.
However, no cryptographic protocols in practical use remain impenetrable forever. The clients (e.g. OpenSSL and SecureTransport) who use the SSL/TLS 1.2 handshake protocol contained a loophole that led to the discovery of Factoring Attack on RSA-EXPORT Keys (FREAK) vulnerability in March 2015. The FREAK attack happened due to the weak implementation of RSA protocol over Hypertext Transfer Protocol Secure (HTTPS). Today, FREAK attack still happens because some servers and browsers are still using export-grade cryptographic suites that allows the attackers to perform a Man-In-The-Middle (MITM) attack, downgrading the RSA cipher suites to 512-bit or lower. As a result, the attackers may factor the lower grade encryption, and steal sensitive personal information. |
---|