Implementacija napadov na protokol TLS/SSL

thesis work

Tadej Črnko (Author), Marko Hölbl (Mentor)

Abstract

V diplomskem delu smo preučili delovanje protokola TLS/SSL in pet napadov nanj. Preučili smo napade SSL Strip, BREACH, POODLE, Heartbleed in Pasivno opazovanje. Predstavili smo delovanje napadov in pogoje, pod katerimi jih lahko izvedemo, zato smo za vsak napad vzpostavili primerno okolje. Napade smo izvedli in z vsemi razkrili del šifrirane vsebine. Poiskali smo tudi možnosti zaščite za lastnike strežnikov. Za SSL Strip, ki je viden uporabnikom, smo tudi prikazali, na kaj so lahko ti pozorni.

Keywords

protokol TLS/SSL;napad;SSL Strip;POODLE;Heartbleed;diplomske naloge;

Data

Language:	Slovenian
Year of publishing:	2019
Typology:	2.11 - Undergraduate Thesis
Organization:	UM FERI - Faculty of Electrical Engineering and Computer Science
Publisher:	[T. Črnko]
UDC:	004.7.057.4(043.2)
COBISS:	22882326
Views:	502
Downloads:	48
Average score:	0 (0 votes)
Metadata:

Other data

Secondary language:	English
Secondary title:	Implementation of attacks on the TLS/SSL protocol
Secondary abstract:	In the thesis, we examined the operation of the TLS/SSL protocol and five attacks against it. We examined SSL Strip, BREACH, POODLE, Heartbleed, and Passive Monitoring attacks. We presented the operation of the attacks and the conditions under which they can be carried out. Therefore, we set up an appropriate environment for each attack. The attacks were executed and parts of the encrypted content were revealed. We also found mitigations for server owners. For SSL Strip, which is visible to users, we have shown what they can pay attention to.
Secondary keywords:	TLS/SSL protocol;attack;SSL Strip;Poodle;Heartbleed;
Type (COBISS):	Bachelor thesis/paper
Thesis comment:	Univ. v Mariboru, Fak. za elektrotehniko, računalništvo in informatiko, Informatika in tehnologije komuniciranja
Pages:	VIII, 38 str.
ID:	11231407