Imperfect forward secrecy: How diffie-hellman fails in practice, Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015. ,
URL : https://hal.archives-ouvertes.fr/hal-01982426
,
Lucky thirteen: Breaking the TLS and DTLS record protocols, IEEE Symposium on Security and Privacy, SP, pp.526-540, 2013. ,
, DROWN: Breaking TLS with SSLv2, 2016.
Transcript collision attacks: Breaking authentication in tls, IKE and SSH, 23rd Annual Network and Distributed System Security Symposium, NDSS, 2016. ,
URL : https://hal.archives-ouvertes.fr/hal-01244855
On the practical (in-)security of 64-bit block ciphers: Collision attacks on HTTP over TLS and openvpn, Proceedings of the, 2016. ,
URL : https://hal.archives-ouvertes.fr/hal-01404208
, ACM SIGSAC Conference on Computer and Communications Security, 2016.
SHA-1 Certificates in Chrome ,
Apple, Google, Microsoft, and Mozilla come together to end TLS 1 ,
Book review: Experimentation in software engineering: An introduction. by claes wohlin, per runeson, martin höst, magnus c. ohlsson, björn regnell and anders wesslén, Softw. Test., Verif. Reliab, 1999. ,
, Carta di identitá elettronica
, Github: Androguard
Announcing CERT Tapioca 2.0 for Network Traffic Analysis ,
Boffins 'crack' HTTPS encryption in Lucky Thirteen attack ,
The SLOTH attacks: why laziness about cryptography puts security at risk ,
Why eve and mallory love android: An analysis of android ssl (in)security, Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp.50-61, 2012. ,
The most dangerous code in the world: validating ssl certificates in non-browser software, ACM Conference on Computer and Communications Security, pp.38-49, 2012. ,
, BREACH: reviving the CRIME attack
A diversion: BEAST Attack on TLS/SSL Encryption ,
Attack of the week: Logjam ,
The Internet is broken: could we please fix it? ,
Encryption export controls, 2001. ,
The TLS Protocol: Version 1 ,
The Transport Layer Security (TLS) Protocol: Version 1 ,
The Transport Layer Security (TLS) Protocol: Version 1.2 ,
Transport Layer Security Protocol Compression Methods ,
OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens ,
, IMPERVA: Attacking SSL when using RC4, IETF: Transport Layer Security (TLS) Renegotiation Indication Extension
ssl-enum-ciphers ,
, Nmap: the Network Mapper
, Triple Handshakes Considered Harmful: Breaking and Fixing Authentication over TLS
What is DROWN and how does it work?, This POODLE Bites: Exploiting The SSL 3.0 Fallback ,
,
, SSL Server Rating Guide
Stream ciphers, 1995. ,
, SecurityLearn: SSL Attacks
, Alexa Top Sites
Communication theory of secrecy systems*, Bell System Technical Journal, vol.28, 1949. ,
,
Truncating TLS connections to violate beliefs in web applications, 7th USENIX Workshop on Offensive Technologies, 2013. ,
URL : https://hal.archives-ouvertes.fr/hal-00863371
Systematic fuzzing and testing of tls libraries, Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, p.16, 2016. ,
, RC4 NOMORE (Numerous Occurrence MOnitoring & Recovery Exploit
Hash Function ,
, TLS Extended Master Secret Extension: Fixing a Hole in TLS