SSL-TLS security flaws : the CRIME compression attack security flaws
This study examines the underlying technology enforcing secure web communications - (SSL/TLS). SSL/TLS technology has been known to deliver assurance to end users by ensuring sensitive information are not sieved out by malicious attackers. This is done by applying a set of cryptographic algorithms t...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2020
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/142105 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-142105 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1421052020-06-16T02:10:22Z SSL-TLS security flaws : the CRIME compression attack security flaws Peh, Kenneth Hong Wei Tay Kian Boon School of Computer Science and Engineering kianboon.tay@ntu.edu.sg Engineering::Computer science and engineering This study examines the underlying technology enforcing secure web communications - (SSL/TLS). SSL/TLS technology has been known to deliver assurance to end users by ensuring sensitive information are not sieved out by malicious attackers. This is done by applying a set of cryptographic algorithms to ensure the secrecy and integrity of end users’ information. Over the years, web applications have incorporated SSL/TLS technology into their web applications to provide communications security. However, as much as SSL/TLS technology have provided us with the assurance that end users’ personal and sensitive information are safe from malicious users, there are incorporated flaws present in the implementation itself. Hence, various SSL/TLS vulnerabilities have surfaced over the years as attackers managed to find ways to circumvent SSL/TLS controls, regardless intentionally or unintentionally. In the following study, we investigate the cases where SSL/TLS technology have been compromised and seek to understand the underlying threat model behind it. Notably, we focus on an attack named CRIME (Compression Ration Info-leak Made Easy) which is an attack targeted towards the compression feature of SSL/TLS technology. Bachelor of Engineering (Computer Science) 2020-06-16T02:10:22Z 2020-06-16T02:10:22Z 2019 Final Year Project (FYP) https://hdl.handle.net/10356/142105 en application/pdf Nanyang Technological University |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| country |
Singapore |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering |
| spellingShingle |
Engineering::Computer science and engineering Peh, Kenneth Hong Wei SSL-TLS security flaws : the CRIME compression attack security flaws |
| description |
This study examines the underlying technology enforcing secure web communications - (SSL/TLS). SSL/TLS technology has been known to deliver assurance to end users by ensuring sensitive information are not sieved out by malicious attackers. This is done by applying a set of cryptographic algorithms to ensure the secrecy and integrity of end users’ information. Over the years, web applications have incorporated SSL/TLS technology into their web applications to provide communications security.
However, as much as SSL/TLS technology have provided us with the assurance that end users’ personal and sensitive information are safe from malicious users, there are incorporated flaws present in the implementation itself. Hence, various SSL/TLS vulnerabilities have surfaced over the years as attackers managed to find ways to circumvent SSL/TLS controls, regardless intentionally or unintentionally.
In the following study, we investigate the cases where SSL/TLS technology have been compromised and seek to understand the underlying threat model behind it. Notably, we focus on an attack named CRIME (Compression Ration Info-leak Made Easy) which is an attack targeted towards the compression feature of SSL/TLS technology. |
| author2 |
Tay Kian Boon |
| author_facet |
Tay Kian Boon Peh, Kenneth Hong Wei |
| format |
Final Year Project |
| author |
Peh, Kenneth Hong Wei |
| author_sort |
Peh, Kenneth Hong Wei |
| title |
SSL-TLS security flaws : the CRIME compression attack security flaws |
| title_short |
SSL-TLS security flaws : the CRIME compression attack security flaws |
| title_full |
SSL-TLS security flaws : the CRIME compression attack security flaws |
| title_fullStr |
SSL-TLS security flaws : the CRIME compression attack security flaws |
| title_full_unstemmed |
SSL-TLS security flaws : the CRIME compression attack security flaws |
| title_sort |
ssl-tls security flaws : the crime compression attack security flaws |
| publisher |
Nanyang Technological University |
| publishDate |
2020 |
| url |
https://hdl.handle.net/10356/142105 |
| _version_ |
1681058617971703808 |