We apologize for a recent technical issue with our email system, which temporarily affected account activations. Accounts have now been activated. Authors may proceed with paper submissions. PhDFocusTM
CFP last date
20 December 2024
Call for Paper
January Edition
IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 20 December 2024

Submit your paper
Know more
The week's pick
Responsive image
Improved Shuffled Frog Leaping Algorithm with Self-Adaptive Shuffling for Fuzzy Logic PD+G Controller Optimization in Robotic Manipulators

Duc Hoang Nguyen
Random Articles
Reseach Article

A Comprehensive Survey on SSL/ TLS and their Vulnerabilities

by Ashutosh Satapathy, Jenila Livingston L. M.
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 153 - Number 5
Year of Publication: 2016
Authors: Ashutosh Satapathy, Jenila Livingston L. M.
10.5120/ijca2016912063

Ashutosh Satapathy, Jenila Livingston L. M. . A Comprehensive Survey on SSL/ TLS and their Vulnerabilities. International Journal of Computer Applications. 153, 5 ( Nov 2016), 31-38. DOI=10.5120/ijca2016912063

@article{ 10.5120/ijca2016912063,
author = { Ashutosh Satapathy, Jenila Livingston L. M. },
title = { A Comprehensive Survey on SSL/ TLS and their Vulnerabilities },
journal = { International Journal of Computer Applications },
issue_date = { Nov 2016 },
volume = { 153 },
number = { 5 },
month = { Nov },
year = { 2016 },
issn = { 0975-8887 },
pages = { 31-38 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume153/number5/26401-2016912063/ },
doi = { 10.5120/ijca2016912063 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T23:58:21.038645+05:30
%A Ashutosh Satapathy
%A Jenila Livingston L. M.
%T A Comprehensive Survey on SSL/ TLS and their Vulnerabilities
%J International Journal of Computer Applications
%@ 0975-8887
%V 153
%N 5
%P 31-38
%D 2016
%I Foundation of Computer Science (FCS), NY, USA
Abstract

The boom of internet, web technologies bring the whole world under a single roof. Transferring information through e-ways leads security to be an important aspect to deal with. In IP network, SSL/ TLS is the protocol works on the top of the transport layer to secure application traffic and provides end to end secure communication. A security hole in those protocols makes the communication channel vulnerable to be eavesdropped and modified information later. This paper discuses SSL and TLS architectures and presents survey on attacks against SSL/TLS. It also highlights the factors influence on those attacks.

References
  1. Stalling, W. (2011). Transport-Level Security. In Cryptography and Network Security (5th ed., pp. 485-520). Upper Saddle River, NJ: Pearson.
  2. Panday, K. K. SSL/ TLS Alert Protocol and the Alert Codes. Retrieved October 10, 2014, from https://blogs.msdn.microsoft. com/kaushal/2012/10/05/ssltls-alert-protocol-the-alert-codes/
  3. Sarkar, P. G., and Fitzgerald, S. (2013). Attack on SSL: A Comprehensive study of BEAST, CRIME, TIME, BREACH, LUCKY 13 and RC4 BIASES [PDF]. San Francisco, CA: ISECPartners.
  4. Newman, R. Taming the B.E.A.S.T. - owasp.org. Retrieved October 21, 2014, from https://www.owasp.org/images/1/10/ Taming _the_B.E.A.S.T..pdf
  5. Luedtke, D. (2012, April 18). BEAST attack on SSL/TLS explained-SlideShare [PPT]. Munich: University of German Federal Armed Forces.
  6. BEAST vs. CRIME Attack. (13, October 14). Retrieved November 01, 2014, from http://resources.infosecinstitute.com/ beast-vs-crime-attack/
  7. Beery, T. and Shulman, A. (2013, March). A Perfect Crime? Only Time Will Tell [PDF]. Amsterdam, Netherlands: Blackhat.
  8. Beery, T., and Shulman, A. (2013, October 10). Black Hat EU 2013 – A Perfect CRIME? Only TIME Will Tell. Retrieved November 15, 2014, from http://www.youtube.com/watch?v= rTlpFfTp3-w
  9. GLUCK, Y., HARRIS, N., and PRADO, A. (2013, July 12). BREACH: Reviving the CRIME Attack [PDF].
  10. Fardan, N. J., and Paterson, K. G. (May 2013). 2013 IEEE Symposium on Security and Privacy (pp. 526-540). IEEE.
  11. Franke, D. F. (2014, October 14). How POODLE Happened. Retrieved December 21, 2014, from https://www.dfranke.us /posts/2014-10-14-how-poodle-happened.html.
  12. Bar Mitzvah Attack. Retrieved December 25, 2014, from https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf
  13. Paterson, K. (2013, August 28). On the security of RC4 in TLS and WPA. Retrieved December 25, 2014, from http://www.isg. rhul.ac.uk/tls/
  14. Zoller, T. (2005). TLS/ SSLv3 renegotiation vulnerability explained – G-SEC. Retrieved December 28, 2014, from http://www.g-sec.lu/practicaltls.pdf.
  15. Bowes, R. (2013, January 2). Padding oracle attacks: In depth. Retrieved July 10, 2015, from https://blog.skullsecurity.org/2013/ padding-oracle-attacks-in-depth
  16. Vulnerability Notice: FREAK – Factoring attack on RSA-Export keys. (2015, March 20). Retrieved April 12, 2015, from http://learn .extremenetworks.com/rs/extreme/images/VN-2015-003_FREAK.pdf.
  17. Understanding Common Factor Attacks: An RSA-Cracking Puzzle. Retrieved April 30, 2015, from http://www.loyalty.org/ ~schoen/rsa/
  18. Kerner, S. M. (2015, May 20). Logjam SSL/TLS Vulnerability Exposes Cryptographic Weakness Retrieved August 10, 2015, from http://www.eweek.com/security/logjam-ssltls-vulnerability-exposes-cryptographic-weakness.html
  19. Roos, A. (1995, September 22). Weaks in RC4. Retrieved July 13, 2014, from https://netfuture.ch/1995/09/weak-keys-in-rc4/
  20. Smyth, B., and Pironti, A. (2013, July). Truncating TLS Connections to Violate Beliefs in Web Applications. Retrieved May 10, 2015, from https://media.blackhat.com/us-13/US-13-Smyth-Truncating-TLS-Connections-to-Violate-Beliefs-in-Web-Applications-WP.pdf.
Index Terms

Computer Science
Information Sciences

Keywords

Secure Socket Layer Transport Layer Security Compression Algorithms Message Authentication Code Cipher Block Chaining SSL/ TLS Attacks

Powered by PhDFocusTM