Taxonomy of SSL/TLS Attacks

Keerthi Vasan K., Arun Raj Kumar P.
2016 International Journal of Computer Network and Information Security  
Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols use cryptographic algorithms to secure data and ensure security goals such as Data Confidentiality and Integrity in networking. They are used along with other protocols such as HTTP, SMTP, etc. in applications such as web browsing, electronic mail, and VoIP. The existing versions of the protocols as well as the cryptographic algorithms they use have vulnerabilities and is not resistant towards Man-In-The-Middle (MITM)
more » ... . Exploiting these vulnerabilities, several attacks have been launched on SSL/TLS such as session hijacking, version degradation, heart bleed, Berserk etc. This paper is a comprehensive analysis of the vulnerabilities in the protocol, attacks launched by exploiting the vulnerabilities and techniques to mitigate the flaws in protocols. A novel taxonomy of the attacks against SSL/TLS has been proposed in this paper. Index Terms-SSL/TLS, vulnerabilities, Man-In-The-Middle (MITM) attack, mitigations, taxonomy of attacks. 10. Change cipher specification: Both server and client agree to work using the decided parameters such as Taxonomy of SSL/TLS Attacks
doi:10.5815/ijcnis.2016.02.02 fatcat:uwdcva2fq5c5xcgqpuqhocanyy