CFP last date
22 April 2024
Reseach Article

A Comprehensive Survey on SSL/ TLS and their Vulnerabilities

by Ashutosh Satapathy, Jenila Livingston L. M.
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 153 - Number 5
Year of Publication: 2016
Authors: Ashutosh Satapathy, Jenila Livingston L. M.
10.5120/ijca2016912063

Ashutosh Satapathy, Jenila Livingston L. M. . A Comprehensive Survey on SSL/ TLS and their Vulnerabilities. International Journal of Computer Applications. 153, 5 ( Nov 2016), 31-38. DOI=10.5120/ijca2016912063

@article{ 10.5120/ijca2016912063,
author = { Ashutosh Satapathy, Jenila Livingston L. M. },
title = { A Comprehensive Survey on SSL/ TLS and their Vulnerabilities },
journal = { International Journal of Computer Applications },
issue_date = { Nov 2016 },
volume = { 153 },
number = { 5 },
month = { Nov },
year = { 2016 },
issn = { 0975-8887 },
pages = { 31-38 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume153/number5/26401-2016912063/ },
doi = { 10.5120/ijca2016912063 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T23:58:21.038645+05:30
%A Ashutosh Satapathy
%A Jenila Livingston L. M.
%T A Comprehensive Survey on SSL/ TLS and their Vulnerabilities
%J International Journal of Computer Applications
%@ 0975-8887
%V 153
%N 5
%P 31-38
%D 2016
%I Foundation of Computer Science (FCS), NY, USA
Abstract

The boom of internet, web technologies bring the whole world under a single roof. Transferring information through e-ways leads security to be an important aspect to deal with. In IP network, SSL/ TLS is the protocol works on the top of the transport layer to secure application traffic and provides end to end secure communication. A security hole in those protocols makes the communication channel vulnerable to be eavesdropped and modified information later. This paper discuses SSL and TLS architectures and presents survey on attacks against SSL/TLS. It also highlights the factors influence on those attacks.

References
  1. Stalling, W. (2011). Transport-Level Security. In Cryptography and Network Security (5th ed., pp. 485-520). Upper Saddle River, NJ: Pearson.
  2. Panday, K. K. SSL/ TLS Alert Protocol and the Alert Codes. Retrieved October 10, 2014, from https://blogs.msdn.microsoft. com/kaushal/2012/10/05/ssltls-alert-protocol-the-alert-codes/
  3. Sarkar, P. G., and Fitzgerald, S. (2013). Attack on SSL: A Comprehensive study of BEAST, CRIME, TIME, BREACH, LUCKY 13 and RC4 BIASES [PDF]. San Francisco, CA: ISECPartners.
  4. Newman, R. Taming the B.E.A.S.T. - owasp.org. Retrieved October 21, 2014, from https://www.owasp.org/images/1/10/ Taming _the_B.E.A.S.T..pdf
  5. Luedtke, D. (2012, April 18). BEAST attack on SSL/TLS explained-SlideShare [PPT]. Munich: University of German Federal Armed Forces.
  6. BEAST vs. CRIME Attack. (13, October 14). Retrieved November 01, 2014, from http://resources.infosecinstitute.com/ beast-vs-crime-attack/
  7. Beery, T. and Shulman, A. (2013, March). A Perfect Crime? Only Time Will Tell [PDF]. Amsterdam, Netherlands: Blackhat.
  8. Beery, T., and Shulman, A. (2013, October 10). Black Hat EU 2013 – A Perfect CRIME? Only TIME Will Tell. Retrieved November 15, 2014, from http://www.youtube.com/watch?v= rTlpFfTp3-w
  9. GLUCK, Y., HARRIS, N., and PRADO, A. (2013, July 12). BREACH: Reviving the CRIME Attack [PDF].
  10. Fardan, N. J., and Paterson, K. G. (May 2013). 2013 IEEE Symposium on Security and Privacy (pp. 526-540). IEEE.
  11. Franke, D. F. (2014, October 14). How POODLE Happened. Retrieved December 21, 2014, from https://www.dfranke.us /posts/2014-10-14-how-poodle-happened.html.
  12. Bar Mitzvah Attack. Retrieved December 25, 2014, from https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf
  13. Paterson, K. (2013, August 28). On the security of RC4 in TLS and WPA. Retrieved December 25, 2014, from http://www.isg. rhul.ac.uk/tls/
  14. Zoller, T. (2005). TLS/ SSLv3 renegotiation vulnerability explained – G-SEC. Retrieved December 28, 2014, from http://www.g-sec.lu/practicaltls.pdf.
  15. Bowes, R. (2013, January 2). Padding oracle attacks: In depth. Retrieved July 10, 2015, from https://blog.skullsecurity.org/2013/ padding-oracle-attacks-in-depth
  16. Vulnerability Notice: FREAK – Factoring attack on RSA-Export keys. (2015, March 20). Retrieved April 12, 2015, from http://learn .extremenetworks.com/rs/extreme/images/VN-2015-003_FREAK.pdf.
  17. Understanding Common Factor Attacks: An RSA-Cracking Puzzle. Retrieved April 30, 2015, from http://www.loyalty.org/ ~schoen/rsa/
  18. Kerner, S. M. (2015, May 20). Logjam SSL/TLS Vulnerability Exposes Cryptographic Weakness Retrieved August 10, 2015, from http://www.eweek.com/security/logjam-ssltls-vulnerability-exposes-cryptographic-weakness.html
  19. Roos, A. (1995, September 22). Weaks in RC4. Retrieved July 13, 2014, from https://netfuture.ch/1995/09/weak-keys-in-rc4/
  20. Smyth, B., and Pironti, A. (2013, July). Truncating TLS Connections to Violate Beliefs in Web Applications. Retrieved May 10, 2015, from https://media.blackhat.com/us-13/US-13-Smyth-Truncating-TLS-Connections-to-Violate-Beliefs-in-Web-Applications-WP.pdf.
Index Terms

Computer Science
Information Sciences

Keywords

Secure Socket Layer Transport Layer Security Compression Algorithms Message Authentication Code Cipher Block Chaining SSL/ TLS Attacks