Side-Channel Attacks Of SSL/TLS

Posted on:2016-06-19

Degree:Master

Type:Thesis

Country:China

Candidate:J Wang

Full Text:PDF

GTID:2308330461992690

Subject:Control engineering

Abstract/Summary:

PDF Full Text Request

SSL(Secure Sockets Layer) is the most popular and widely used applica-tion of practical cryptography in the world. TLS (Transport Layer Security) is an Internet Engineering Task Force (IETF) standards track protocol, based on the earlier SSL specifications for adding the HTTPS protocol to their Naviga-tor web browser. SSL and TLS are cryptographic protocols designed to provide communications security over a computer network. They aim to provide confi-dentiality and integrity of data in transit across untrusted networks. SSL/TLS combine symmetric cryptography technology and public encryption technology to achieve three communication goals, privacy, integrity and authenticity.While SSL provides better security, they are still worthy of discussion and improvement. So the analysis of SSL/TLS is very important in practical com-munication security of internet applications. They can guarantee the security of payment transactions, such as paypal, online banking and email, etc. SSL VPN can solve the problem of remote protection for sensitive data, so they can ensure the security of confidential information of companys. As SSL/TLS ap-plications will continue to grow dramatically, the analysis of SSL/TLS security will have more significances.Over last few years, a number of vulnerabilities have been discovered in the SSL/TLS protocol, such as padding oracle attacks, BEAST, CRIME, BREACH, Lucky 13, RC4 BIASES and so on. This paper focuses on the cryptographic operation of SSL/TLS record protocol in CBC-mode. Our result is based on the idea of padding oracle attack and Lucky 13 attack, and uses a more rational approach, timing attack and statistical methods to reduce the computational complexity.The paper is organized as follows. In section 1 we point out the main significance of SSL/TLS analysis, and the research background. In section 2 we introduce the SSL/TLS Protocol including handshake protocol, record protocol and warning protocol. In section 3 we presents the padding oracle attack, Timing attack, Lucky 13 attack and poodle attack. In section 4 we implement the attacks presented in section 3 and describe the details of our improvement:timing attack based on lucky 13. we use the idea of timing attack and statistical methods to reduce the computational complexity. In section 5 we give the summary and outlook.

Keywords/Search Tags:

SSL/TLS, padding oracle attack, lucky 13 attack, timing, poodle attack

PDF Full Text Request

Related items

1	Research Of Cache Attack On AES Encryption Algorithm
2	The SSL Security Research And Implementation
3	The Performance Analysis Of Attack Methods About The Advanced Encryption Standard
4	Study On Typical Attack Defense Mechanisms Against Routing And Transmission In Wireless Sensor Networks
5	New Techniques For Symmetric-key Cryptanalysis
6	Research On DPA Attack Of Smart Care Based O DES With Back-Forth Random Round
7	Research On Defensive Technology Against Timing Attack In Anonymous Communication
8	The Research On The Assessment Of The Attack Resistances Based On The Attack Cost And Attack Effect
9	Study Of Information Security Chip Defensive Attack
10	Research On Analysis And Detection Of Low Rate Denial Of Service Attack Based On HTTP Protocol