Password Interception in a SSL/TLS Channel
Brice Canvel,Hiltgen Alain P,Serge Vaudenay,Martin Vuagnoux +3 more
- Vol. 2729, pp 583-599
Reads0
Chats0
TLDR
In this article, simple password authentication is often used e.g. from an email software application to a remote IMAP server, frequently done in a protected peer-to-peer tunnel.Abstract:
Simple password authentication is often used e.g. from an email software application to a remote IMAP server. This is frequently done in a protected peer-to-peer tunnel, e.g. by SSL/TLS.read more
Citations
More filters
Book
Guide to Elliptic Curve Cryptography
TL;DR: This guide explains the basic mathematics, describes state-of-the-art implementation methods, and presents standardized protocols for public-key encryption, digital signatures, and key establishment, as well as side-channel attacks and countermeasures.
Proceedings ArticleDOI
Lucky Thirteen: Breaking the TLS and DTLS Record Protocols
TL;DR: This paper presents distinguishing and plaintext recovery attacks against TLS and DTLS, based on a delicate timing analysis of decryption processing in the two protocols.
Proceedings ArticleDOI
SoK: SSL and HTTPS: Revisiting Past Challenges and Evaluating Certificate Trust Model Enhancements
Jeremy Clark,P. C. van Oorschot +1 more
TL;DR: This work survey and categorize prominent security issues with HTTPS and provides a systematic treatment of the history and on-going challenges, intending to provide context for future directions.
Posted Content
Side-Channel Attacks: Ten Years After Its Publication and the Impacts on Cryptographic Module Security Testing.
Yongbin Zhou,Dengguo Feng +1 more
TL;DR: The methods and techniques employed in side-channel attacks are surveyed, the destructive effects of such attacks, the countermeasures against such attacks and evaluation of their feasibility and applicability, and the necessity and feasibility of adopting this kind of physical security testing and evaluation in the development of FIPS 140-3 standard are explored.
Proceedings Article
Verifying constant-time implementations
TL;DR: The first two authors were funded by Project “TEC4Growth - Pervasive Intelligence, Enhancers and Proofs of Concept with Industrial Impact/NORTE-01-0145-FEDER-000020”, which is supported by the North Portugal Regional Operational Programme (NORTE 2020), under the PORTUGAL 2020 Partnership Agreement, and through the European Regional Development Fund (ERDF).
References
More filters
Book ChapterDOI
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
TL;DR: By carefully measuring the amount of time required to perform private key operalions, attackers may be able to find fixed Diffie-Hellman exponents, factor RSA keys, and break other cryptosystems.
The TLS Protocol Version 1.0
T. Dierks,C. Allen +1 more
TL;DR: This document specifies Version 1.0 of the Transport Layer Security (TLS) protocol, which provides communications privacy over the Internet by allowing client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery.
Journal Article
Data encryption standard
TL;DR: Presentation de la norme americaine de codage des donnees informatisees (DES: Data Encryption Standard) permet de proteger lesDonnees selon des criteres qui sont developpes dans ce texte.
Book
Sequential Analysis: Tests and Confidence Intervals
TL;DR: In this paper, the authors introduce the sequential probability ratio test (SPRT), a test for estimating the probability of a given event to be true, and a series of other tests with curved stopping boundary crossing problems.
HTTP Authentication: Basic and Digest Access Authentication
John Franks,Phillip Hallam-Baker,J. Hostetler,Scott Lawrence,P. Leach,A. Luotonen,L. Stewart +6 more
TL;DR: "HTTP/1.0", includes the specification for a Basic Access Authentication scheme, which is not considered to be a secure method of user authentication (unless used in conjunction with some external secure system such as SSL [5]), as the user name and password are passed over the network as cleartext.