Filters








127 Hits in 4.8 sec

Practical Invalid Curve Attacks on TLS-ECDH [chapter]

Tibor Jager, Jörg Schwenk, Juraj Somorovsky
2015 Lecture Notes in Computer Science  
on TLS-ECDH Tibor Jager, Jörg Schwenk, Juraj Somorovsky Practical Invalid Elliptic Curve Attacks on TLS-ECDH Tibor Jager, Jörg Schwenk, Juraj Somorovsky Invalid Curve Attack • What if we compute with  ...  7 Practical Invalid Elliptic Curve Attacks on TLS-ECDH Tibor Jager, Jörg Schwenk, Juraj Somorovsky Elliptic Curve • Set of points over a finite field : 2 = 3 + + Practical Invalid Elliptic Curve Attacks  ... 
doi:10.1007/978-3-319-24174-6_21 fatcat:ady2noqzzje33dnwmgilpalvwa

A cross-protocol attack on the TLS protocol

Nikos Mavrogiannopoulos, Frederik Vercauteren, Vesselin Velichkov, Bart Preneel
2012 Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12  
This paper describes a cross-protocol attack on all versions of TLS; it can be seen as an extension of the Wagner and Schneier attack on SSL 3.0.  ...  While attacking a specific client is improbable due to the high number of signed keys required during the lifetime of one TLS handshake, it is not completely unrealistic for a setting where the server  ...  Moreover we would like to thank Koen Simoens and Elmar Tischhauser who contributed in the formulation of this attack.  ... 
doi:10.1145/2382196.2382206 dblp:conf/ccs/MavrogiannopoulosVVP12 fatcat:czu6gjan55c7fdbs4wey7kjbu4

Validation of Elliptic Curve Public Keys [chapter]

Adrian Antipa, Daniel Brown, Alfred Menezes, René Struik, Scott Vanstone
2002 Lecture Notes in Computer Science  
We present practical and realistic attacks on some standardized elliptic curve key establishment and public-key encryption protocols that are effective if the receiver of an elliptic curve point does not  ...  check that the point lies on the appropriate elliptic curve.  ...  Conclusions We have presented invalid-curve attacks on some elliptic curve key establishment and public-key encryption protocols.  ... 
doi:10.1007/3-540-36288-6_16 fatcat:p3blx7aedre3zg4kfz7g2vatoa

Practical Realisation and Elimination of an ECC-Related Software Bug Attack [chapter]

Billy B. Brumley, Manuel Barbosa, Dan Page, Frederik Vercauteren
2012 Lecture Notes in Computer Science  
We analyse and exploit implementation features in OpenSSL version 0.9.8g which permit an attack against ECDH-based functionality.  ...  The attack, although more general, can recover the entire (static) private key from an associated SSL server via 633 adaptive queries when the NIST curve P-256 is used.  ...  It is worth noting that we also considered exploiting the bug to mount invalid curve attacks [4] : while this allowed us to bypass OpenSSL point validation routines, it did not lead to a practical attack  ... 
doi:10.1007/978-3-642-27954-6_11 fatcat:bhsqozmxcjezxmhagfg7xsavh4

Elliptic Curve Cryptography in Practice [chapter]

Joppe W. Bos, J. Alex Halderman, Nadia Heninger, Jonathan Moore, Michael Naehrig, Eric Wustrow
2014 Lecture Notes in Computer Science  
In this paper, we perform a review of elliptic curve cryptography (ECC), as it is used in practice today, in order to reveal unique mistakes and vulnerabilities that arise in implementations of ECC.  ...  We are pleased to observe that about 1 in 10 systems support ECC across the TLS and SSH protocols.  ...  Bos for valuable discussions about the financial market, Andy Modell for support in TLS scanning, and Sarah Meiklejohn for sharing her knowledge about Bitcoin.  ... 
doi:10.1007/978-3-662-45472-5_11 fatcat:kiwf3klx5jbcbbenhjciigq5vy

An Experimental Study of TLS Forward Secrecy Deployments

Lin-Shung Huang, Shrikant Adhikarla, Dan Boneh, Collin Jackson
2014 IEEE Internet Computing  
Our results indicate that forward secrecy is no harder, and can even be faster using elliptic curve cryptography (ECC), than no forward secrecy.  ...  We compared the server throughput of various TLS setups, and measured real-world client-side latencies using an ad network.  ...  ACKNOWLEDGMENTS We thank Rick Andrews, Kaspar Brand and Ivan Ristic for providing feedback on drafts of the paper. This work was supported by NSF and a grant from Symantec.  ... 
doi:10.1109/mic.2014.86 fatcat:umtqhugf6zc7bfnzuo6as6a4ii

Fast Elliptic Curve Cryptography in OpenSSL [chapter]

Emilia Käsper
2012 Lecture Notes in Computer Science  
Our implementation is fully integrated into OpenSSL 1.0.1: full TLS handshakes using a 1024-bit RSA certificate and ephemeral Elliptic Curve Diffie-Hellman key exchange over P-224 now run at twice the  ...  In addition, our implementation is immune to timing attacks-most notably, we show how to do small table look-ups in a cache-timing resistant way, allowing us to use precomputation.  ...  Bernstein, Ian Goldberg, Adam Langley and Bodo Möller for their comments on the implementation.  ... 
doi:10.1007/978-3-642-29889-9_4 fatcat:2rui4auv65eobl4wsldewhpn2e

Measuring the Security Harm of TLS Crypto Shortcuts

Drew Springall, Zakir Durumeric, J. Alex Halderman
2016 Proceedings of the 2016 ACM on Internet Measurement Conference - IMC '16  
We find widespread deployment of DHE and ECDHE private value reuse, TLS session resumption, and TLS session tickets.  ...  TLS has the potential to provide strong protection against network-based attackers and mass surveillance, but many implementations take security shortcuts in order to reduce the costs of cryptographic  ...  However, a successful attack on the authentication would require compromising the private key before the TLS handshake completes.  ... 
doi:10.1145/2987443.2987480 fatcat:jkb4mnlduje2pabgcifk5soqjq

RSA, DH, and DSA in the Wild [article]

Nadia Heninger
2022 IACR Cryptology ePrint Archive  
[VAS + 17] scanned TLS, SSH and IKE addresses in 2016 using a point of small order on an invalid curve and estimated 0.8% of HTTPS hosts and 10% of IKEv2 hosts did not validate ECDH key-exchange messages  ...  The one dark spot is the relatively expensive validation checks required to protect against the invalid curve and twist attacks that have plagued some implementations of the NIST curves.  ... 
dblp:journals/iacr/Heninger22 fatcat:g24spdzscbdn7ojc3fvx7it7cy

A Messy State of the Union: Taming the Composite State Machines of TLS

Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cedric Fournet, Markulf Kohlweiss, Alfredo Pironti, Pierre-Yves Strub, Jean Karim Zinzindohoue
2015 2015 IEEE Symposium on Security and Privacy  
Several of these vulnerabilities, including the recently publicized FREAK flaw, enable a network attacker to break into TLS connections between authenticated clients and servers.  ...  TLS implementations.  ...  TLS libraries also implement a number of ciphersuites that are not often used on the web, like static Diffie-Hellman (DH) and Elliptic Curve Diffie-Hellman (ECDH), anonymous key exchanges (DH anon, ECDH  ... 
doi:10.1109/sp.2015.39 dblp:conf/sp/BeurdoucheBDFKP15 fatcat:fwc4pnr2kvf2pd6g6w7ds3k4m4

A messy state of the union

Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cédric Fournet, Markulf Kohlweiss, Alfredo Pironti, Pierre-Yves Strub, Jean Karim Zinzindohoue
2017 Communications of the ACM  
Several of these vulnerabilities, including the recently publicized FREAK flaw, enable a network attacker to break into TLS connections between authenticated clients and servers.  ...  TLS implementations.  ...  TLS libraries also implement a number of ciphersuites that are not often used on the web, like static Diffie-Hellman (DH) and Elliptic Curve Diffie-Hellman (ECDH), anonymous key exchanges (DH anon, ECDH  ... 
doi:10.1145/3023357 fatcat:626sx5odgzhm5cr7ocyito6zfe

Revisiting and Evaluating Software Side-channel Vulnerabilities and Countermeasures in Cryptographic Applications [article]

Tianwei Zhang and Jun Jiang and Yinqian Zhang
2019 arXiv   pre-print
We systematize software side-channel attacks with a focus on vulnerabilities and countermeasures in the cryptographic implementations.  ...  Based on these characterizations and evaluations, we offer some insights for side-channel researchers, cryptographic software developers and users.  ...  Scalar multiplication is to calculate yx where y is a scalar and x is a point on the elliptic curve.  ... 
arXiv:1911.09312v2 fatcat:o4am4aurlfajjkj7nuz3kbso6y

TapDance: End-to-Middle Anticensorship without Flow Blocking

Eric Wustrow, Colleen Swanson, J. Alex Halderman
2014 USENIX Security Symposium  
We also apply a novel steganographic encoding to embed control messages in TLS ciphertext, allowing us to operate on HTTPS connections even under asymmetric routing.  ...  We implement and evaluate a TapDance prototype that demonstrates how the system could function with minimal impact on an ISP's network operations.  ...  This work was supported in part by TerraSwarm, one of six centers of STARnet, a Semiconductor Research Corporation program sponsored by MARCO and DARPA.  ... 
dblp:conf/uss/WustrowSH14 fatcat:mhdptjxtg5f4xhucihrqxfswta

Man in The Middle Attacks Against SSL/TLS: Mitigation and Defeat

Muneer Alwazzeh, Sameer Karaman, Mohammad Nur Shamma
2020 Journal of Cyber Security and Mobility  
To mitigate and defeat Man-in-the-middle-attacks, we have proposed a new model which consists of sender and receiver systems and utilizes a combination of blowfish (BF) and Advanced Encryption Standard  ...  Both SHA-256 hashing and Elliptic Curve Digital Signature Algorithm (ECDSA) have been applied for integrity, and authentication, respectively.  ...  Figure 4 showsFigure 4 44 Elliptic Curve CryptosystemElliptic Curve Diffie-Hellman (ECDH): it is an algorithm used to establish a shared secret between two parties.  ... 
doi:10.13052/jcsm2245-1439.933 fatcat:avcb6cv3dbd27l4rryjiqfk4ua

Systematic Fuzzing and Testing of TLS Libraries

Juraj Somorovsky
2016 Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16  
Based on TLS-Attacker, we present a two-stage fuzzing approach to evaluate TLS server behavior. Our approach automatically searches for cryptographic failures and boundary violation vulnerabilities.  ...  We present TLS-Attacker, an open source framework for evaluating the security of TLS libraries.  ...  Currently, TLS-Attacker implements checks for Bleichenbacher's attack [23] , padding oracle attacks [55] , invalid curve attacks [37] , and POODLE [45] . Fuzzing for Buffer Boundary Violations.  ... 
doi:10.1145/2976749.2978411 dblp:conf/ccs/Somorovsky16 fatcat:xhpgfybnwjg4rjyvpznssqyqfy
« Previous Showing results 1 — 15 out of 127 results