On the robustness of applications based on the SSL and TLS security protocols

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4582 LNCS, Issue , 2007, Pages 248-264

  Berbecaru, Diana ^a   Lioy, Antonio ^a  

^a POLITECNICO DI TORINO   (Italy)

Author keywords

MITM attack; Security; SSL TLS; Truncation attack

Indexed keywords

DATA STRUCTURES; DATA TRANSFER; INFORMATION MANAGEMENT; MESSAGE PASSING; NETWORK PROTOCOLS;

SECURITY PROTOCOLS; TRUNCATION ATTACK;

SECURITY OF DATA;

EID: 37849035280     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-73408-6_18     Document Type: Conference Paper

References (13)

1. OpenSSL library, available at http://www.openssl.org
2. SSL 3.0 Specification, available at http://wp.netscape.com/eng/ssl3/
3. Dierks, T., Allen, C.: The TLS Protocol Version 1.0. RFC 2246, IETF (January 1999)
4. Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.1. RFC 4346, IETF (April 2006)
5. Vaudenay, S.: Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 534-545. Springer, Heidelberg (2002)
6. Oppliger, R.: Security Technologies for the World Wide Web, 2nd edn. Artech House Publishers, Norwood, MA (2003)
7. Wagner, D., Schneier, B.: Analysis of the SSL 3.0 Protocol. In: Proc. of The Second USENIX Workshop on Electronic Commerce Proceedings, November 1996, pp. 29-40. USENIX Press (1996)
8. Brumley, D., Boneh, D.: Remote Timing Attacks are Practical. In: Proc. of 12th Usenix Security Symposium, pp. 1-14 (2003)
9. Canvel, B., Hiltgen, A., Vaudenay, S., Vuagnoux, M.: Password Interception in a SSL/TLS Channel. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 583-599. Springer, Heidelberg (2003)
10. Thomas, S.: SSL and TLS Essentials - Securing the Web. John Wiley & Sons Inc, West Sussex (2000)
11. Shirey, R.: Internet Security Glossary, RFC 2828 (May 2000)
12. Oppliger, R., Hauser, R., Basin, D.: SSL/TLS Session-Aware User Authentication - Or How to Effectively Thwart the Man-in-the-Middle. Computer Communications 29(12), 2238-2246 (2006)
13. Modadugu, N., Rescorla, E.: The Design and Implementation of Datagram TLS. In: Proceedings of ISOC NDSS 2004, February 2004, San Diego, California (2004)