SSL-TLS security flaws : the CRIME compression attack security flaws
This study examines the underlying technology enforcing secure web communications - (SSL/TLS). SSL/TLS technology has been known to deliver assurance to end users by ensuring sensitive information are not sieved out by malicious attackers. This is done by applying a set of cryptographic algorithms t...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2020
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/142105 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | This study examines the underlying technology enforcing secure web communications - (SSL/TLS). SSL/TLS technology has been known to deliver assurance to end users by ensuring sensitive information are not sieved out by malicious attackers. This is done by applying a set of cryptographic algorithms to ensure the secrecy and integrity of end users’ information. Over the years, web applications have incorporated SSL/TLS technology into their web applications to provide communications security.
However, as much as SSL/TLS technology have provided us with the assurance that end users’ personal and sensitive information are safe from malicious users, there are incorporated flaws present in the implementation itself. Hence, various SSL/TLS vulnerabilities have surfaced over the years as attackers managed to find ways to circumvent SSL/TLS controls, regardless intentionally or unintentionally.
In the following study, we investigate the cases where SSL/TLS technology have been compromised and seek to understand the underlying threat model behind it. Notably, we focus on an attack named CRIME (Compression Ration Info-leak Made Easy) which is an attack targeted towards the compression feature of SSL/TLS technology. |
|---|