Sammanställning av attacker mot SSL/TLS
Christopher Meyer och Jörg Schwenk har genomfört en sammanställning på samtliga allvarligare attacker mot SSL och TLS från de senaste 15 åren i en uppsats:
SSL/TLS allowed efficient fixes in order to counter the issues. This paper presents an overview on theoretical and practical attacks of the last 15 years, in chronological order and four categories: Attacks on the TLS Handshake protocol, on the TLS Record and Application Data Protocols, on the PKI infrastructure of TLS, and on various other attacks. We try to give a short ”Lessons Learned” at the end of each paragraph.
Några av de attacker som presenteras är:
- Bleichenbacher Attack on PKCS#1
- Cipher suite rollback
- ECC based timing attacks
- Chosen-Plain-text Attacks on SSL reloaded
- Attacks on non-browser based certificate validation
- Renegotiation flaw
Här kan du ladda hem dokumentet som PDF: