SSL-TLS security flaws : the BREACH and Logjam attacks
SSL, and its successor TLS, are protocols essential to the security of the modern web. They provide assurances that communications made using them are confidential (private), and that data integrity is maintained. Unfortunately, no protocol is without its flaws, and this is equally true for SSL/TLS....
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project (FYP) |
| Language: | English |
| Published: |
Nanyang Technological University
2021
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/148201 |
| _version_ | 1826126998817210368 |
|---|---|
| author | Ng, Christopher Bin Rui |
| author2 | Tay Kian Boon |
| author_facet | Tay Kian Boon Ng, Christopher Bin Rui |
| author_sort | Ng, Christopher Bin Rui |
| collection | NTU |
| description | SSL, and its successor TLS, are protocols essential to the security of the modern web. They provide assurances that communications made using them are confidential (private), and that data integrity is maintained. Unfortunately, no protocol is without its flaws, and this is equally true for SSL/TLS.
This report aims to examine the BREACH attack, which takes advantage of side-channel leakage as a result of HTTP compression, similar to how CRIME exploited TLS compression.
In addition, this report also takes a quick look at other kinds of attacks targeting TLS, namely Logjam, a downgrade attack which exploits legacy export-grade Diffie-Hellman key parameters, similar to how FREAK exploited export-grade RSA cipher suites. |
| first_indexed | 2024-10-01T07:01:35Z |
| format | Final Year Project (FYP) |
| id | ntu-10356/148201 |
| institution | Nanyang Technological University |
| language | English |
| last_indexed | 2024-10-01T07:01:35Z |
| publishDate | 2021 |
| publisher | Nanyang Technological University |
| record_format | dspace |
| spelling | ntu-10356/1482012021-04-27T07:00:34Z SSL-TLS security flaws : the BREACH and Logjam attacks Ng, Christopher Bin Rui Tay Kian Boon School of Computer Science and Engineering kianboon.tay@ntu.edu.sg Engineering::Computer science and engineering SSL, and its successor TLS, are protocols essential to the security of the modern web. They provide assurances that communications made using them are confidential (private), and that data integrity is maintained. Unfortunately, no protocol is without its flaws, and this is equally true for SSL/TLS. This report aims to examine the BREACH attack, which takes advantage of side-channel leakage as a result of HTTP compression, similar to how CRIME exploited TLS compression. In addition, this report also takes a quick look at other kinds of attacks targeting TLS, namely Logjam, a downgrade attack which exploits legacy export-grade Diffie-Hellman key parameters, similar to how FREAK exploited export-grade RSA cipher suites. Bachelor of Engineering (Computer Science) 2021-04-27T07:00:33Z 2021-04-27T07:00:33Z 2021 Final Year Project (FYP) Ng, C. B. R. (2021). SSL-TLS security flaws : the BREACH and Logjam attacks. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/148201 https://hdl.handle.net/10356/148201 en application/pdf Nanyang Technological University |
| spellingShingle | Engineering::Computer science and engineering Ng, Christopher Bin Rui SSL-TLS security flaws : the BREACH and Logjam attacks |
| title | SSL-TLS security flaws : the BREACH and Logjam attacks |
| title_full | SSL-TLS security flaws : the BREACH and Logjam attacks |
| title_fullStr | SSL-TLS security flaws : the BREACH and Logjam attacks |
| title_full_unstemmed | SSL-TLS security flaws : the BREACH and Logjam attacks |
| title_short | SSL-TLS security flaws : the BREACH and Logjam attacks |
| title_sort | ssl tls security flaws the breach and logjam attacks |
| topic | Engineering::Computer science and engineering |
| url | https://hdl.handle.net/10356/148201 |
| work_keys_str_mv | AT ngchristopherbinrui ssltlssecurityflawsthebreachandlogjamattacks |