SoK: Lessons Learned from SSL/TLS Attacks

被引：26

作者：

Meyer, Christopher ^{[1
]}

Schwenk, Joerg ^{[1
]}

机构：

[1] Ruhr Univ Bochum, Horst Gortz Inst IT Secur, Bochum, Germany

来源：

INFORMATION SECURITY APPLICATIONS, WISA 2013 | 2014年 / 8267卷

关键词：

D O I：

10.1007/978-3-319-05149-9_12

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Since its introduction in 1994 the Secure Socket Layer (SSL) protocol (later renamed to Transport Layer Security (TLS)) evolved to the de facto standard for securing the transport layer. SSL/TLS can be used for ensuring data confidentiality, integrity and authenticity during transport. A main feature of the protocol is flexibility: Modes of operation and security aims can easily be configured through different cipher suites. However, during the evolutionary development several flaws were found. This paper presents an overview on theoretical and practical attacks of the last 17 years, in chronological order and four categories: Attacks on the Handshake protocol, on the Record and Application Data Protocols, on the PKI infrastructure and various other attacks. We try to give a short "Lesson(s) Learned" at the end of each paragraph.

引用

页码：189 / 209

页数：21

共 50 条

[1] SSL/TLS Attacks: Analysis and Evaluation
Eldewahi, Abeer E. W.
Sharfi, Tasneem M. H.
Mansor, Abdelhamid A.
Mohamed, Nashwa A. F.
Alwahbani, Samah M. H.
[J]. 2015 INTERNATIONAL CONFERENCE ON COMPUTING, CONTROL, NETWORKING, ELECTRONICS AND EMBEDDED SYSTEMS ENGINEERING (ICCNEEE), 2015, : 203 - 208
[2] A comprehensive study on security attacks on SSL/TLS Protocol
Sirohi, Preeti
Agarwal, Amit
Tyagi, Sapna
[J]. PROCEEDINGS ON 2016 2ND INTERNATIONAL CONFERENCE ON NEXT GENERATION COMPUTING TECHNOLOGIES (NGCT), 2016, : 893 - 897
[3] Stealing secrets with SSL/TLS and SSH -: Kleptographic attacks
Golobiewski, Zbigniew
Kutylowski, Miroslaw
Zagorski, Filip
[J]. CRYPTOLOGY AND NETWORK SECURITY, PROCEEDINGS, 2006, 4301 : 191 - +
[4] Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks
Meyer, Christopher
Somorovsky, Juraj
Weiss, Eugen
Schwenk, Joerg
Schinzel, Sebastian
Tews, Erik
[J]. PROCEEDINGS OF THE 23RD USENIX SECURITY SYMPOSIUM, 2014, : 733 - 748
[5] SoK: Lessons Learned From Android Security Research For Appified Software Platforms
Acar, Yasemin
Backes, Michael
Bugiel, Sven
Fahl, Sascha
McDaniel, Patrick
Smith, Matthew
[J]. 2016 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP), 2016, : 433 - 451
[6] Surgical lessons learned from suicide bombing attacks
Almogy, G
Rivkind, AI
[J]. JOURNAL OF THE AMERICAN COLLEGE OF SURGEONS, 2006, 202 (02) : 313 - 319
[7] Data Mining Approach for Detection of DDoS Attacks Utilizing SSL/TLS Protocol
Zolotukhin, Mikhail
Hamalainen, Timo
Kokkonen, Tero
Niemela, Antti
Siltanen, Jarmo
[J]. INTERNET OF THINGS, SMART SPACES, AND NEXT GENERATION NETWORKS AND SYSTEMS, 2015, 9247 : 274 - 285
[8] Implementation Flaws in TLS Stacks: Lessons Learned and Study of TLS 1.3 Benefits
Levillain, Olivier
[J]. RISKS AND SECURITY OF INTERNET AND SYSTEMS (CRISIS 2020), 2021, 12528 : 87 - 104
[9] Achieving Resilience in Communities: Lessons Learned from Terrorist Attacks
Kolesnikova, Lina
[J]. BUILDING TERRORISM RESISTANT COMMUNITIES: TOGETHER AGAINST TERRORISM, 2009, 55 : 306 - 325
[10] Psychopathic teamwork: lessons learned from recent terrorist attacks
P. Habibzadeh
[J]. Irish Journal of Medical Science (1971 -), 2017, 186 : 189 - 189

← 1 2 3 4 5 →