Article | REF: H5230 V1

SSL/TLS protocols

Author: Cyril TESSEREAU

Publication date: April 10, 2005

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!

Français

7. A few attacks

While a security protocol aims to counter certain threats to user data (these are known as first-order threats), its mechanisms themselves open the door to new attack possibilities, known as second-order threats. As a result, a protocol can only be considered valid with regard to these two types of attack. Having seen how TLS counters first-order attacks on transactions, the completeness of the analysis now requires us to look at second-order attacks aimed directly at TLS.

Attacks on TLS, as on all protocols in general, fall into three categories. Firstly, there are implementation flaws due to misinterpretation by the developer, defects in the design of an application or poor consideration of security as a whole. Vulnerabilities of this type are linked to a particular application: they appear regularly as implementation flaws are discovered, and are usually promptly...

You do not have access to this resource.

Exclusive to subscribers. 97% yet to be discovered!

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!

The Ultimate Scientific and Technical Reference

A Comprehensive Knowledge Base, with over 1,200 authors and 100 scientific advisors

+ More than 10,000 articles and 1,000 how-to sheets, over 800 new or updated articles every year

From design to prototyping, right through to industrialization, the reference for securing the development of your industrial projects

This article is included in

Security of information systems

This offer includes:

Knowledge Base

Updated and enriched with articles validated by our scientific committees

Services

A set of exclusive tools to complement the resources

Practical Path

Operational and didactic, to guarantee the acquisition of transversal skills

Doc & Quiz

Interactive articles with quizzes, for constructive reading

Subscribe now!

Ongoing reading
A few attacks

Previous
page Applications

Conclusion

Bibliography

References

(1) - KERCKHOFFS (A.) - La cryptographie militaire. - Journal des sciences militaires. Vol. IX, p. 5-38, janv. 1883 ; p. 161-191, fév. 1883.
(2) - DIFFIE (W.), HELLMAN (M.E.) - New directions in cryptography. - IEEE Transactions...

Standardization

Information technology – Open Systems Interconnection – The Directory: Overview of concepts, models and services - ITU-T Rec. X.500 - 02-01
Information technology – Open Systems Interconnection – The Directory: Public-key and attribute certificate frameworks - ITU-T Rec. X.509 - 03-00
Information Technology – Open Systems Interconnection (OSI) – The directory: an overview of concepts, models and services -...

Organizations

Internet Engineering Task Force (IETF) http://www.ietf.org

International Telecommunication Union – Telecom Standardization (ITU-T) http://www.itu.int/ITU-T

National Institute of Standards and Technology (NIST)

Software

OpenSSL http://www.openssl.org

You do not have access to this resource.

Exclusive to subscribers. 97% yet to be discovered!

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!

The Ultimate Scientific and Technical Reference

A Comprehensive Knowledge Base, with over 1,200 authors and 100 scientific advisors

+ More than 10,000 articles and 1,000 how-to sheets, over 800 new or updated articles every year

From design to prototyping, right through to industrialization, the reference for securing the development of your industrial projects

Outline
Full outline