SSL-TLS security flaws : HEARTBLEED and 3SHAKE attacks
SSL-TLS Protocol was designed and developed to provide a secure channel for internet communications. It is a means to protect web applications against malicious third parties that may try to eavesdrop, tamper, or even interrupt the network connections between client and server. However, being a secu...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2020
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/141768 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-141768 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1417682020-06-10T08:47:37Z SSL-TLS security flaws : HEARTBLEED and 3SHAKE attacks Lonardo, Jeko Tay Kian Boon School of Computer Science and Engineering kianboon.tay@ntu.edu.sg Engineering::Computer science and engineering SSL-TLS Protocol was designed and developed to provide a secure channel for internet communications. It is a means to protect web applications against malicious third parties that may try to eavesdrop, tamper, or even interrupt the network connections between client and server. However, being a security protocol with encryption does not guarantee it is infallible. Several SSL-TLS vulnerabilities have been found and exploited since its introduction in 1994 [1]. Some examples of well-known attacks were BEAST, CRIME, POODLE, and SSL Stripping [2]. In this report, we will study two types of vulnerabilities that may affect SSL-TLS (implementation-based and protocol-based). The focus will be placed on TLS v1.2, as this protocol is the most widely supported on the Internet at the time of writing this report [3]. We will do a detailed study on HEARTBLEED as an implementation-based vulnerability, and 3SHAKE as a protocol-based vulnerability. For each of these vulnerabilities, we will study the root causes, how it was exploited into an attack, its impacts, as well as the countermeasures. Furthermore, we will also discuss and compare the two vulnerabilities. Bachelor of Engineering (Computer Science) 2020-06-10T08:47:37Z 2020-06-10T08:47:37Z 2020 Final Year Project (FYP) https://hdl.handle.net/10356/141768 en SCSE19-0148 application/pdf Nanyang Technological University |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| country |
Singapore |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering |
| spellingShingle |
Engineering::Computer science and engineering Lonardo, Jeko SSL-TLS security flaws : HEARTBLEED and 3SHAKE attacks |
| description |
SSL-TLS Protocol was designed and developed to provide a secure channel for internet communications. It is a means to protect web applications against malicious third parties that may try to eavesdrop, tamper, or even interrupt the network connections between client and server. However, being a security protocol with encryption does not guarantee it is infallible. Several SSL-TLS vulnerabilities have been found and exploited since its introduction in 1994 [1]. Some examples of well-known attacks were BEAST, CRIME, POODLE, and SSL Stripping [2].
In this report, we will study two types of vulnerabilities that may affect SSL-TLS
(implementation-based and protocol-based). The focus will be placed on TLS v1.2, as this protocol is the most widely supported on the Internet at the time of writing this report [3]. We will do a detailed study on HEARTBLEED as an
implementation-based vulnerability, and 3SHAKE as a protocol-based vulnerability.
For each of these vulnerabilities, we will study the root causes, how it was exploited into an attack, its impacts, as well as the countermeasures. Furthermore, we will also discuss and compare the two vulnerabilities. |
| author2 |
Tay Kian Boon |
| author_facet |
Tay Kian Boon Lonardo, Jeko |
| format |
Final Year Project |
| author |
Lonardo, Jeko |
| author_sort |
Lonardo, Jeko |
| title |
SSL-TLS security flaws : HEARTBLEED and 3SHAKE attacks |
| title_short |
SSL-TLS security flaws : HEARTBLEED and 3SHAKE attacks |
| title_full |
SSL-TLS security flaws : HEARTBLEED and 3SHAKE attacks |
| title_fullStr |
SSL-TLS security flaws : HEARTBLEED and 3SHAKE attacks |
| title_full_unstemmed |
SSL-TLS security flaws : HEARTBLEED and 3SHAKE attacks |
| title_sort |
ssl-tls security flaws : heartbleed and 3shake attacks |
| publisher |
Nanyang Technological University |
| publishDate |
2020 |
| url |
https://hdl.handle.net/10356/141768 |
| _version_ |
1681057293556252672 |