• DocumentCode
    3275269
  • Title

    Countermeasures and Tactics for Transitioning against the SSL/TLS Renegotiation Vulnerability

  • Author

    Suga, Yuji

  • Author_Institution
    Internet Initiative Japan Inc., Tokyo, Japan
  • fYear
    2012
  • fDate
    4-6 July 2012
  • Firstpage
    656
  • Lastpage
    659
  • Abstract
    In November 2009, Marsh Ray, Steve Dispensa and Martin Rex released details of a vulnerability in the SSL and TLS protocols that could allow Man-in-the-Middle attacks to be carried out. SSL and TLS operate between the IP and application layers and ensure application data encryption and data integrity, authenticating the target of communications using X.509 public key certificates. As they are used together with application layer communication protocols such as HTTP, SMTP, and POP, this vulnerability affects a large number of applications and systems. This vulnerability can be attributed to a problem in the SSL and TLS protocol specifications themselves. Fixes have been released for Open SSL and Apache immediately, however most of these involve simply disabling the renegotiation feature that is causing the problem. More thorough measures would require an update to the current specifications and migration to implementations that follow the new specifications. IETF published countermeasures with unprecedented speed as RFC5746, however server-side implementations are not settled. In this paper, we discuss about problems of a transitioning to new specifications including the SSL/TLS renegotiation vulnerability.
  • Keywords
    data integrity; protocols; public key cryptography; Apache; HTTP; IP; POP; SMTP; SSL protocols; SSL/TLS renegotiation vulnerability; TLS protocols; X.509 public key certificates; application data encryption; application layer communication protocols; authentication; data integrity; man-in-the-middle attacks; Authentication; Encryption; Protocols; Servers; Twitter; RFC5746; SSL/TLS;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), 2012 Sixth International Conference on
  • Conference_Location
    Palermo
  • Print_ISBN
    978-1-4673-1328-5
  • Type

    conf

  • DOI
    10.1109/IMIS.2012.138
  • Filename
    6296932