DocumentCode
3275269
Title
Countermeasures and Tactics for Transitioning against the SSL/TLS Renegotiation Vulnerability
Author
Suga, Yuji
Author_Institution
Internet Initiative Japan Inc., Tokyo, Japan
fYear
2012
fDate
4-6 July 2012
Firstpage
656
Lastpage
659
Abstract
In November 2009, Marsh Ray, Steve Dispensa and Martin Rex released details of a vulnerability in the SSL and TLS protocols that could allow Man-in-the-Middle attacks to be carried out. SSL and TLS operate between the IP and application layers and ensure application data encryption and data integrity, authenticating the target of communications using X.509 public key certificates. As they are used together with application layer communication protocols such as HTTP, SMTP, and POP, this vulnerability affects a large number of applications and systems. This vulnerability can be attributed to a problem in the SSL and TLS protocol specifications themselves. Fixes have been released for Open SSL and Apache immediately, however most of these involve simply disabling the renegotiation feature that is causing the problem. More thorough measures would require an update to the current specifications and migration to implementations that follow the new specifications. IETF published countermeasures with unprecedented speed as RFC5746, however server-side implementations are not settled. In this paper, we discuss about problems of a transitioning to new specifications including the SSL/TLS renegotiation vulnerability.
Keywords
data integrity; protocols; public key cryptography; Apache; HTTP; IP; POP; SMTP; SSL protocols; SSL/TLS renegotiation vulnerability; TLS protocols; X.509 public key certificates; application data encryption; application layer communication protocols; authentication; data integrity; man-in-the-middle attacks; Authentication; Encryption; Protocols; Servers; Twitter; RFC5746; SSL/TLS;
fLanguage
English
Publisher
ieee
Conference_Titel
Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), 2012 Sixth International Conference on
Conference_Location
Palermo
Print_ISBN
978-1-4673-1328-5
Type
conf
DOI
10.1109/IMIS.2012.138
Filename
6296932
Link To Document