Please use this identifier to cite or link to this item:
Title: SSL-TLS security flaws : HEARTBLEED and 3SHAKE attacks
Authors: Lonardo, Jeko
Keywords: Engineering::Computer science and engineering
Issue Date: 2020
Publisher: Nanyang Technological University
Project: SCSE19-0148
Abstract: SSL-TLS Protocol was designed and developed to provide a secure channel for internet communications. It is a means to protect web applications against malicious third parties that may try to eavesdrop, tamper, or even interrupt the network connections between client and server. However, being a security protocol with encryption does not guarantee it is infallible. Several SSL-TLS vulnerabilities have been found and exploited since its introduction in 1994 [1]. Some examples of well-known attacks were BEAST, CRIME, POODLE, and SSL Stripping [2]. In this report, we will study two types of vulnerabilities that may affect SSL-TLS (implementation-based and protocol-based). The focus will be placed on TLS v1.2, as this protocol is the most widely supported on the Internet at the time of writing this report [3]. We will do a detailed study on HEARTBLEED as an implementation-based vulnerability, and 3SHAKE as a protocol-based vulnerability. For each of these vulnerabilities, we will study the root causes, how it was exploited into an attack, its impacts, as well as the countermeasures. Furthermore, we will also discuss and compare the two vulnerabilities.
Fulltext Permission: restricted
Fulltext Availability: With Fulltext
Appears in Collections:SCSE Student Reports (FYP/IA/PA/PI)

Files in This Item:
File Description SizeFormat 
U1620133D-Jeko Lonardo-FYP Report.pdf
  Restricted Access
2.28 MBAdobe PDFView/Open

Page view(s)

Updated on Jun 29, 2022

Download(s) 50

Updated on Jun 29, 2022

Google ScholarTM


Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.