Questions On Attacks And Mitigations

1485 Words6 Pages
5. Attacks and Mitigations Since SSL was introduced in 1990s, security professionals and malicious attackers have exploited a lot of security flaws resides in the SSL and TLS protocols. And because that users could choose different cryptosystems, different cipher algorithms, and other variances for their SSL or TLS implementation, there are so many types of attacks toward SSL and TLS targeted at different algorithms. In this paper, I will focus on introducing several attacks through flaws in RC4, RSA, and Diffie-Hellman. RC4 attacks Remember that in a TLS session, the symmetric encryption is responsible for providing the confidentiality of any data transport between client and server, and remember that the use of RC4 in SSL and TLS has been terminated in 2015. However, RC4 is still largely used in TLS, actually, right now, half of our TLS traffic is still using RC4. Even though RC4 is already considered as “broken”, tons of sites, especially large sites like Google are still using it for two reasons: 1) Using RC4 doesn’t require IVs or paddings, which made TLS immune to TLS attacks like BESAT or LUCKY13, 2) RC4 operates fast, meaning less computation, meaning less hardware requirements, meaning, less cost!!! The mechanism behind RC4 is that, RC4 uses relative short keys and convert the key into a long string of pseudo-random byte, those bytes then are XOR with the data, and the encryption of this seems not related to its original data at all. The security flaw in RC4 is
Open Document