DROWN: Breaking TLS Using SSLv2

Nimrod Aviram

[0]

Sebastian Schinzel

[0]

Juraj Somorovsky

[0]

Nadia Heninger

[0]

Maik Dankel

Jens Steube

Luke Valenta

David Adrian

[0]

J. Alex Halderman

[0]

Viktor Dukhovni

Emilia Käsper

[0]

Shaanan Cohney

USENIX Security Symposium, pp. 689-706, 2016.

Cited by: 152|Bibtex|Views69

Other Links: dblp.uni-trier.de|academic.microsoft.com

Abstract:

We present DROWN, a novel cross-protocol attack on TLS that uses a server supporting SSLv2 as an oracle to decrypt modern TLS connections. We introduce two versions of the attack. The more general form exploits multiple unnoticed protocol flaws in SSLv2 to develop a new and stronger variant of the Bleichenbacher RSA padding-oracle attack....More

Code:

Data:

Full Text (Upload PDF)

PPT (Upload PPT)

Similar

Reference

Cited

Your rating :