Demonstration of attacks on SSL-TLS protocols

Secure Sockets Layer (SSL) which was superseded by Transport Layer Security (TLS) is the most extensively used application of cryptography in the day-to-day life of humanity. It is used to secure communication between two parties across the internet ensuring the principles of identification, authent...

Full description

Saved in:
Bibliographic Details
Main Author: Iyer Rajagopal Mahadevan
Other Authors: Tay Kian Boon
Format: Final Year Project
Language:English
Published: Nanyang Technological University 2022
Subjects:
Online Access:https://hdl.handle.net/10356/156548
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
Description
Summary:Secure Sockets Layer (SSL) which was superseded by Transport Layer Security (TLS) is the most extensively used application of cryptography in the day-to-day life of humanity. It is used to secure communication between two parties across the internet ensuring the principles of identification, authentication, confidentiality, and integrity. Over the last decade there have been multiple attacks on SSL-TLS in order to break the encryption and obtain the sensitive information that was encrypted. Some of these attacks focus on implementation errors, or some inherent feature of SSL-TLS. This report shall focus on two such attacks, POODLE and CRIME and we will dive deep into following aspects: 1. Feature of SSL-TLS that is exploited. 2. How is it exploited (Theory)? 3. How is it exploited (Proof-of-Concept)? 4. What is the impact of this attack? 5. What are some strategies to mitigate this attack?