SSL-TLS security flaw : a study of the RSA "freak" attack
RSA, a cryptography algorithm that was developed in 1977, still remains as one of the world’s most powerful cryptography algorithm till date. Applications such as e-commerce platform, government websites, and bank websites use RSA cryptography algorithm to secure sensitive data over the Internet via...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2020
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/137918 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-137918 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1379182020-04-18T04:53:31Z SSL-TLS security flaw : a study of the RSA "freak" attack Low, John Kah Yong Tay Kian Boon School of Computer Science and Engineering kianboon.tay@ntu.edu.sg Engineering::Computer science and engineering RSA, a cryptography algorithm that was developed in 1977, still remains as one of the world’s most powerful cryptography algorithm till date. Applications such as e-commerce platform, government websites, and bank websites use RSA cryptography algorithm to secure sensitive data over the Internet via the SSL/TLS protocol. With a heavy increase in network traffic over the years, this cryptographic protocol became even more important as it helps to provide a safe and secure environment for network communications. However, no cryptographic protocols in practical use remain impenetrable forever. The clients (e.g. OpenSSL and SecureTransport) who use the SSL/TLS 1.2 handshake protocol contained a loophole that led to the discovery of Factoring Attack on RSA-EXPORT Keys (FREAK) vulnerability in March 2015. The FREAK attack happened due to the weak implementation of RSA protocol over Hypertext Transfer Protocol Secure (HTTPS). Today, FREAK attack still happens because some servers and browsers are still using export-grade cryptographic suites that allows the attackers to perform a Man-In-The-Middle (MITM) attack, downgrading the RSA cipher suites to 512-bit or lower. As a result, the attackers may factor the lower grade encryption, and steal sensitive personal information. Bachelor of Engineering (Computer Science) 2020-04-18T04:53:31Z 2020-04-18T04:53:31Z 2020 Final Year Project (FYP) https://hdl.handle.net/10356/137918 en SCSE19-0147 application/pdf Nanyang Technological University |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| country |
Singapore |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering |
| spellingShingle |
Engineering::Computer science and engineering Low, John Kah Yong SSL-TLS security flaw : a study of the RSA "freak" attack |
| description |
RSA, a cryptography algorithm that was developed in 1977, still remains as one of the world’s most powerful cryptography algorithm till date. Applications such as e-commerce platform, government websites, and bank websites use RSA cryptography algorithm to secure sensitive data over the Internet via the SSL/TLS protocol. With a heavy increase in network traffic over the years, this cryptographic protocol became even more important as it helps to provide a safe and secure environment for network communications.
However, no cryptographic protocols in practical use remain impenetrable forever. The clients (e.g. OpenSSL and SecureTransport) who use the SSL/TLS 1.2 handshake protocol contained a loophole that led to the discovery of Factoring Attack on RSA-EXPORT Keys (FREAK) vulnerability in March 2015. The FREAK attack happened due to the weak implementation of RSA protocol over Hypertext Transfer Protocol Secure (HTTPS). Today, FREAK attack still happens because some servers and browsers are still using export-grade cryptographic suites that allows the attackers to perform a Man-In-The-Middle (MITM) attack, downgrading the RSA cipher suites to 512-bit or lower. As a result, the attackers may factor the lower grade encryption, and steal sensitive personal information. |
| author2 |
Tay Kian Boon |
| author_facet |
Tay Kian Boon Low, John Kah Yong |
| format |
Final Year Project |
| author |
Low, John Kah Yong |
| author_sort |
Low, John Kah Yong |
| title |
SSL-TLS security flaw : a study of the RSA "freak" attack |
| title_short |
SSL-TLS security flaw : a study of the RSA "freak" attack |
| title_full |
SSL-TLS security flaw : a study of the RSA "freak" attack |
| title_fullStr |
SSL-TLS security flaw : a study of the RSA "freak" attack |
| title_full_unstemmed |
SSL-TLS security flaw : a study of the RSA "freak" attack |
| title_sort |
ssl-tls security flaw : a study of the rsa "freak" attack |
| publisher |
Nanyang Technological University |
| publishDate |
2020 |
| url |
https://hdl.handle.net/10356/137918 |
| _version_ |
1681059298649571328 |