SSL-TLS security flaws : HEARTBLEED and 3SHAKE attacks
SSL-TLS Protocol was designed and developed to provide a secure channel for internet communications. It is a means to protect web applications against malicious third parties that may try to eavesdrop, tamper, or even interrupt the network connections between client and server. However, being a secu...
محفوظ في:
| المؤلف الرئيسي: | |
|---|---|
| مؤلفون آخرون: | |
| التنسيق: | Final Year Project |
| اللغة: | English |
| منشور في: |
Nanyang Technological University
2020
|
| الموضوعات: | |
| الوصول للمادة أونلاين: | https://hdl.handle.net/10356/141768 |
| الوسوم: |
إضافة وسم
لا توجد وسوم, كن أول من يضع وسما على هذه التسجيلة!
|
| الملخص: | SSL-TLS Protocol was designed and developed to provide a secure channel for internet communications. It is a means to protect web applications against malicious third parties that may try to eavesdrop, tamper, or even interrupt the network connections between client and server. However, being a security protocol with encryption does not guarantee it is infallible. Several SSL-TLS vulnerabilities have been found and exploited since its introduction in 1994 [1]. Some examples of well-known attacks were BEAST, CRIME, POODLE, and SSL Stripping [2].
In this report, we will study two types of vulnerabilities that may affect SSL-TLS
(implementation-based and protocol-based). The focus will be placed on TLS v1.2, as this protocol is the most widely supported on the Internet at the time of writing this report [3]. We will do a detailed study on HEARTBLEED as an
implementation-based vulnerability, and 3SHAKE as a protocol-based vulnerability.
For each of these vulnerabilities, we will study the root causes, how it was exploited into an attack, its impacts, as well as the countermeasures. Furthermore, we will also discuss and compare the two vulnerabilities. |
|---|