A Cross-Protocol Attack on the TLS Protocol

Download Now
Provided by: Association for Computing Machinery
Topic: Security
Format: PDF
This paper describes a cross-protocol attack on all versions of TLS; it can be seen as an extension of the Wagner and Schneier attack on SSL 3.0. The attack presents valid explicit elliptic curve Diffie-Hellman parameters signed by a server to a client that incorrectly interprets these parameters as valid plain Diffie-Hellman parameters. The authors' attack enables an adversary to successfully impersonate a server to a random client after obtaining 240 signed elliptic curve keys from the original server.
Download Now

Find By Topic