SSL-TLS security flaws : the BREACH and Logjam attacks

SSL, and its successor TLS, are protocols essential to the security of the modern web. They provide assurances that communications made using them are confidential (private), and that data integrity is maintained. Unfortunately, no protocol is without its flaws, and this is equally true for SSL/TLS....

Full description

Saved in:
Bibliographic Details
Main Author: Ng, Christopher Bin Rui
Other Authors: Tay Kian Boon
Format: Final Year Project
Language:English
Published: Nanyang Technological University 2021
Subjects:
Online Access:https://hdl.handle.net/10356/148201
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
Description
Summary:SSL, and its successor TLS, are protocols essential to the security of the modern web. They provide assurances that communications made using them are confidential (private), and that data integrity is maintained. Unfortunately, no protocol is without its flaws, and this is equally true for SSL/TLS. This report aims to examine the BREACH attack, which takes advantage of side-channel leakage as a result of HTTP compression, similar to how CRIME exploited TLS compression. In addition, this report also takes a quick look at other kinds of attacks targeting TLS, namely Logjam, a downgrade attack which exploits legacy export-grade Diffie-Hellman key parameters, similar to how FREAK exploited export-grade RSA cipher suites.