Home Explore Help
Sign In
maker
/
bachelor
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Adding some sources to section 2.4: remarks among ssl/tls versions.

Michele Orrù 10 years ago
parent
17f53e2267
commit
68e735ac9a
2 changed files with 31 additions and 8 deletions
Split View Show Diff Stats
  1. 17 1
      book/library.bib
  2. 14 7
      book/ssl_prequisites.tex

+ 17 - 1
book/library.bib
View File 

@@ -28,7 +28,7 @@
 
 }
 
 
 @misc{rfc6176,
 
-  title = {Prohibiting Secure Sockets Layer (SSL)
 
+  title = {RFC6176: Prohibiting Secure Sockets Layer (SSL)
 
            Version 2.0},
 
   author = {S. Turner and T. Polk},
 
   publisher = {RFC Editor},
 
@@ -42,6 +42,13 @@
 
   url = {http://tools.ietf.org/html/rfc4158}
 
 }
 
 
+@misc{rfc2246,
 
+  title = {RFC 2246: The TLS protocol version 1.0},
 
+  author = {T. Dierks and C. Allen},
 
+  publisher = {RFC Editor},
 
+  url = {https://www.ietf.org/rfc/rfc2246.txt}
 
+}
 
+
 
 @book{bombelli:algebra,
 
   title = {L'Algebra},
 
   author = {Rafael Bombelli},
 
@@ -107,6 +114,15 @@
 
  url = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.92.5261}
 
 }
 
 
+@article{sslpadding,
 
+  author = {Serge Vaudenay},
 
+  title = {Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS},
 
+  booktitle = {Proceedings of In Advances in Cryptology - EUROCRYPT'02},
 
+  year = {2002},
 
+  pages = {534--546},
 
+  publisher = {Springer-Verlag},
 
+  url = {http://www.iacr.org/archive/eurocrypt2002/23320530/cbc02_e02d.pdf}
 
+}
 
 
 @article{pollard1974,
 
  author = {J. M. Pollard},

+ 14 - 7
book/ssl_prequisites.tex
View File 

@@ -198,22 +198,29 @@ difficult to write good, reliable software parsing a X.509 certificate.
 
 
 The first, important difference to point out here is that SSLv2 is no more
 
 considered secure. There are known attacks on the ciphers adopted (md5, for
 
-example) as well as protocol flaws.
 
+example \cite{rfc6176}) as well as protocol flaws.
 
 SSLv2 would allow a connection to be closed via a not-authenticated TCP segment
 
-with the \texttt{FIN} flag set. Padding informations are sent in clear, and the
 
-payload is not compressed before encrypting, allowing a malicious attacker
 
-traffic analysis capabilities. The ciphersuite is negotiated using
 
+with the \texttt{FIN} flag set (\cite{rfc6176} \S 2). Padding informations are sent in
 
+clear, and the payload is not compressed before encrypting, allowing a malicious
 
+attacker traffic analysis capabilities \cite{sslpadding}. The ciphersuite is negotiated using
 
 non-authenticated informations, allowing an attacker to influence the choice of
 
-the \texttt{Cipher Spec} and weaken the security of the communication.
 
+the \texttt{Cipher Spec} and weaken the security of the communication
 
+\cite{rfc6176} \S 2.
 
 Most of these vulnerabilities have been addressed by the later SSLv3, which
 
 introduced compression and protection against truncation attacks.
 
 Its standardized twin, TLS 1.0, only differs on the cipher suite and key
 
 calculation requirements, strengthen in order to increase the security of the
 
-channel.
 
+channel \cite{rfc2246}.
 
 Both SSLv3 and TLS 1.0 have been threatened in 2011 by an attack that could break
 
 the same origin policy, known as BEAST. It is not dramatic, and almost any
 
 browser now mitigates its spectrum of action.
 
-TLS 1.1, and TLS 1.2 are considered safe as of today.
 
+
 
+Even if TLS 1.1, and TLS 1.2 are considered safe as of today, attacks such as
 
+CRIME, and lately BREACH constitute a new and valid instance of threat for HTTP
 
+compressions mechanisms. However, as their premises go beyond the scope of this
 
+document, those attacks have not been analyzed. For forther informations, see
 
+\url{http://breachattack.com/}.
 
+
 
 %%% Local Variables:
 
 %%% mode: latex
 
 %%% TeX-master: "question_authority.tex"