SSL-TLS security flaws : the BREACH and Logjam attacks
SSL, and its successor TLS, are protocols essential to the security of the modern web. They provide assurances that communications made using them are confidential (private), and that data integrity is maintained. Unfortunately, no protocol is without its flaws, and this is equally true for SSL/TLS....
Saved in:
Main Author: | |
---|---|
Other Authors: | |
Format: | Final Year Project |
Language: | English |
Published: |
Nanyang Technological University
2021
|
Subjects: | |
Online Access: | https://hdl.handle.net/10356/148201 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Nanyang Technological University |
Language: | English |
Summary: | SSL, and its successor TLS, are protocols essential to the security of the modern web. They provide assurances that communications made using them are confidential (private), and that data integrity is maintained. Unfortunately, no protocol is without its flaws, and this is equally true for SSL/TLS.
This report aims to examine the BREACH attack, which takes advantage of side-channel leakage as a result of HTTP compression, similar to how CRIME exploited TLS compression.
In addition, this report also takes a quick look at other kinds of attacks targeting TLS, namely Logjam, a downgrade attack which exploits legacy export-grade Diffie-Hellman key parameters, similar to how FREAK exploited export-grade RSA cipher suites. |
---|