Security Mechanisms in High-Level Network Protocols
ACM Computing Surveys (CSUR)
Problem areas for the IP security protocols
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
RBAC on the Web by smart certificates
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Inductive analysis of the Internet protocol TLS
ACM Transactions on Information and System Security (TISSEC)
Intercepting mobile communications: the insecurity of 802.11
Proceedings of the 7th annual international conference on Mobile computing and networking
Role-based access control on the web
ACM Transactions on Information and System Security (TISSEC)
Secure password-based cipher suite for TLS
ACM Transactions on Information and System Security (TISSEC)
Grammar based off line generation of disposable credit card numbers
Proceedings of the 2002 ACM symposium on Applied computing
A secure workflow system for dynamic collaboration
Sec '01 Proceedings of the 16th international conference on Information security: Trusted information: the new decade challenge
An environment for security protocol intrusion detection
Journal of Computer Security
IEEE Internet Computing
An End-to-End Authentication Protocol in Wireless Application Protocol
ACISP '01 Proceedings of the 6th Australasian Conference on Information Security and Privacy
Cryptographic Salt: A Countermeasure against Denial-of-Service Attacks
ACISP '01 Proceedings of the 6th Australasian Conference on Information Security and Privacy
Security Goals: Packet Trajectories and Strand Spaces
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Security Protocols and Specifications
FoSSaCS '99 Proceedings of the Second International Conference on Foundations of Software Science and Computation Structure, Held as Part of the European Joint Conferences on the Theory and Practice of Software, ETAPS'99
A Top-Down Look at a Secure Message
Proceedings of the 19th Conference on Foundations of Software Technology and Theoretical Computer Science
Verification of the SSL/TLS Protocol Using a Model Checkable Logic of Belief and Time
SAFECOMP '02 Proceedings of the 21st International Conference on Computer Safety, Reliability and Security
Privacy Engineering for Digital Rights Management Systems
DRM '01 Revised Papers from the ACM CCS-8 Workshop on Security and Privacy in Digital Rights Management
Designing a distributed access control processor for network services on the Web
Proceedings of the 2002 ACM workshop on XML security
Role-based access control on the web using LDAP
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
A composable cryptographic library with nested operations
Proceedings of the 10th ACM conference on Computer and communications security
Information Systems Frontiers
Running-mode analysis of the Security Socket Layer protocol
ACM SIGOPS Operating Systems Review
Metadata for Anomaly-Based Security Protocol Attack Deduction
IEEE Transactions on Knowledge and Data Engineering
A man-in-the-middle attack on UMTS
Proceedings of the 3rd ACM workshop on Wireless security
Stepwise development of security protocols: a speech act-oriented approach
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Attacking and repairing the winZip encryption scheme
Proceedings of the 11th ACM conference on Computer and communications security
ACM Transactions on Information and System Security (TISSEC)
ChipLock: support for secure microarchitectures
ACM SIGARCH Computer Architecture News - Special issue: Workshop on architectural support for security and anti-virus (WASSA)
Formal analysis of modern security protocols
Information Sciences—Informatics and Computer Science: An International Journal
Tailoring the Dolev-Yao abstraction to web services realities
Proceedings of the 2005 workshop on Secure web services
Performance analysis of TLS Web servers
ACM Transactions on Computer Systems (TOCS)
A taxonomy of Data Grids for distributed data sharing, management, and processing
ACM Computing Surveys (CSUR)
Modelling the relative strength of security protocols
Proceedings of the 2nd ACM workshop on Quality of protection
Protocol Composition Logic (PCL)
Electronic Notes in Theoretical Computer Science (ENTCS)
Just fast keying in the pi calculus
ACM Transactions on Information and System Security (TISSEC)
Finite-state analysis of SSL 3.0
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
A server-aided signature scheme for mobile commerce
IWCMC '07 Proceedings of the 2007 international conference on Wireless communications and mobile computing
Cryptographic strength of ssl/tls servers: current and recent practices
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Proceedings of the 2007 ACM workshop on Scalable trusted computing
A security structure in distributed systems
SEPADS'05 Proceedings of the 4th WSEAS International Conference on Software Engineering, Parallel & Distributed Systems
Performance Analysis of Real Traffic Carried with Encrypted Cover Flows
Proceedings of the 22nd Workshop on Principles of Advanced and Distributed Simulation
Analyzing websites for user-visible security design flaws
Proceedings of the 4th symposium on Usable privacy and security
Enforcing User-Aware Browser-Based Mutual Authentication with Strong Locked Same Origin Policy
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Proceedings of the 15th ACM conference on Computer and communications security
Cryptographically verified implementations for TLS
Proceedings of the 15th ACM conference on Computer and communications security
Privacy-preserving e-payments using one-time payment details
Computer Standards & Interfaces
Universally Composable Security Analysis of TLS
ProvSec '08 Proceedings of the 2nd International Conference on Provable Security
A Modular Security Analysis of the TLS Handshake Protocol
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
STORM: simple tool for resource management
LISA'08 Proceedings of the 22nd conference on Large installation system administration conference
An efficient proxy raffle protocol with anonymity-preserving
Computer Standards & Interfaces
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
A Non-repudiated Self-service Store System Based on Portable Trusted Device
Wireless Personal Communications: An International Journal
SSL/TLS session-aware user authentication - Or how to effectively thwart the man-in-the-middle
Computer Communications
Design of a fair proxy raffle protocol on the Internet
Computer Standards & Interfaces
KSSL: experiments in wireless internet security
KSSL: experiments in wireless internet security
Real-or-random Key Secrecy of the Otway-Rees Protocol via a Symbolic Security Proof
Electronic Notes in Theoretical Computer Science (ENTCS)
Security in practice - security-usability chasm
ICISS'07 Proceedings of the 3rd international conference on Information systems security
Enabling privacy-preserving e-payment processing
DASFAA'08 Proceedings of the 13th international conference on Database systems for advanced applications
Sensitive data requests: do sites ask correctly?
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
On the (in)security of IPsec in MAC-then-encrypt configurations
Proceedings of the 17th ACM conference on Computer and communications security
Proceedings of the 17th ACM conference on Computer and communications security
A mobile network operator-independent mobile signature service
Journal of Network and Computer Applications
Computational soundness of symbolic zero-knowledge proofs
Journal of Computer Security - 7th International Workshop on Issues in the Theory of Security (WITS'07)
DTRAB: combating against attacks on encrypted protocols through traffic-feature analysis
IEEE/ACM Transactions on Networking (TON)
Visual programming of location-based services
HI'11 Proceedings of the 2011 international conference on Human interface and the management of information - Volume Part I
Website fingerprinting in onion routing based anonymization networks
Proceedings of the 10th annual ACM workshop on Privacy in the electronic society
A model-based attack injection approach for security validation
Proceedings of the 4th international conference on Security of information and networks
Effective protection against phishing and web spoofing
CMS'05 Proceedings of the 9th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
Developing provable secure m-commerce applications
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
The dancing bear: a new way of composing ciphers
SP'04 Proceedings of the 12th international conference on Security Protocols
Verified Cryptographic Implementations for TLS
ACM Transactions on Information and System Security (TISSEC) - Special Issue on Computer and Communications Security
Justifying a dolev-yao model under active attacks
Foundations of Security Analysis and Design III
Trusted identity and session management using secure cookies
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Visual spoofing of SSL protected web sites and effective countermeasures
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
Browser model for security analysis of browser-based protocols
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Union and intersection types for secure protocol implementations
TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
G2C: cryptographic protocols from goal-driven specifications
TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
Journal of Real-Time Image Processing
Website detection using remote traffic analysis
PETS'12 Proceedings of the 12th international conference on Privacy Enhancing Technologies
On breaking SAML: be whoever you want to be
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Designing the API for a cryptographic library: a misuse-resistant application programming interface
Ada-Europe'12 Proceedings of the 17th Ada-Europe international conference on Reliable Software Technologies
A cross-protocol attack on the TLS protocol
Proceedings of the 2012 ACM conference on Computer and communications security
On the robustness of applications based on the SSL and TLS security protocols
EuroPKI'07 Proceedings of the 4th European conference on Public Key Infrastructure: theory and practice
How to dynamically protect data in mobile cloud computing?
ICPCA/SWS'12 Proceedings of the 2012 international conference on Pervasive Computing and the Networked World
A low overhead scaled equalized harmonic-based voice authentication system
Telematics and Informatics
Analysing TLS in the strand spaces model
Journal of Computer Security
From Qualitative to Quantitative Proofs of Security Properties Using First-Order Conditional Logic
LICS '13 Proceedings of the 2013 28th Annual ACM/IEEE Symposium on Logic in Computer Science
Journal of Computer Security - Foundational Aspects of Security
| Hi-index | 0.00 |
The SSL protocol is intended to provide a practical, application-layer, widely applicable connection-oriented mechanism for Internet client/server communications security. This note gives a detailed technical analysis of the cryptographic strength of the SSL 3.0 protocol. A number of minor flaws in the protocol and several new active attacks on SSL are presented; however, these can be easily corrected without overhauling the basic structure of the protocol. We conclude that, while there are still a few technical wrinkles to iron out, on the whole SSL 3.0 is a valuable contribution towards practical communications security.