A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Filters
SoK: Lessons Learned from SSL/TLS Attacks
[chapter]
2014
Lecture Notes in Computer Science
Preserved Fulltext
We try to give a short "Lesson(s) Learned" at the end of each paragraph. ...
SSL/TLS can be used for ensuring data confidentiality, integrity and authenticity during transport. ...
Intercepting SSL/TLS Protected Traffic In [22] Canvel, Hiltgen, Vaudenay and Vuagnoux extended Vaudenay's attack (cf. 3.2) to decrypt a password from an SSL/TLS secured IMAP session. ...
doi:10.1007/978-3-319-05149-9_12
fatcat:u2hn3qqjzzbobmsm4h3tiibdl4
SoK: An Analysis of Protocol Design: Avoiding Traps for Implementation and Deployment
[article]
2016
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Other protocols in this class include: LDAP-ACL, NFSv4, AFS, Postgresq, FTPs, RADIUS/WPA2Enterprise, s/MIME encryption, SSL/TLS, PGP, and seLinux, as an example from system security. ...
We find that large enterprises develop protocols very similar to those of the era of emerging threats while ignoring lessons learned often for the sake of performance. ...
arXiv:1610.05531v1
fatcat:vaybjuis7rcnrnhlaetdhql6au
SoK: "Plug & Pray" Today – Understanding USB Insecurity in Versions 1 Through C
2018
2018 IEEE Symposium on Security and Privacy (SP)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
USB-based attacks have increased in complexity in recent years. Modern attacks now incorporate a wide range of attack vectors, from social engineering to signal injection. ...
In this work, we survey and categorize USB attacks and defenses, unifying observations from both peer-reviewed research and industry. ...
TCA Description 1) USB Certificate Authorities: The TCA protocol is built over a certificate authority (CA) hierarchy, mimicking the current CA model used by SSL/TLS. ...
doi:10.1109/sp.2018.00037
dblp:conf/sp/TianSKBBB18
fatcat:szwfhcvsvvhxrclx5ataygmj6i
SoK: Science, Security and the Elusive Goal of Security as a Scientific Pursuit
2017
2017 IEEE Symposium on Security and Privacy (SP)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
[84] explain other practical side-channel attacks despite provable security proofs on MAC-then-encrypt constructions, including an SSL/TLS mechanism exploiting observable timing differences caused by ...
A first meta-observation is that the Security community is not learning from history lessons well-known in other sciences. ...
doi:10.1109/sp.2017.38
dblp:conf/sp/HerleyO17
fatcat:tb34aq22vvh6ddpazd3g3azgzu
Evaluating the Security of Open Radio Access Networks
[article]
2022
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
The significance of this work is providing an updated attack surface to cellular network operators. ...
Based on the attack surface, cellular network operators can carefully deploy the appropriate countermeasure for increasing the security of O-RAN. ...
Smith,
“Sok: Lessons learned from android security research for appi-
view that means dependency on millions of decisions ...
arXiv:2201.06080v1
fatcat:tqroywb3qvfp5mbgqbg6clmava
A Survey on TLS-Encrypted Malware Network Traffic Analysis Applicable to Security Operations Centers
2021
Applied Sciences
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
In addition, we have discussed the state-of-the-art methods in TLS-encrypted NTA for each component of a machine learning pipeline, typically used in the state-of-the-art methods. ...
Security experts in SOCs and researchers in academia can obtain useful information from our survey, as the main focus of our survey is NTA methods applicable to malware detection and family classification ...
Open Sourcing JA3: SSL/TLS Client Fingerprinting for Malware Detection. 2017. ...
doi:10.3390/app12010155
fatcat:kdkvmdkbareb7cxgy7er7ncday
An empirical evaluation of misconfiguration in Internet services
[article]
2017
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
The literature is full of sophisticated attacks to obtain confidential information from computer systems, compromise them, or prevent them from being used at all. ...
Simultaneously, mitigations to these attacks are as well studied. Technically, current attacks could be mitigated by deploying these techniques. ...
Other protocols in this class include: LDAP-ACL, NFSv4, AFS, Postgresq, FTPs, RADIUS/WPA2Enterprise, s/MIME encryption, SSL/TLS, PGP, and seLinux, as an example from system security. ...
doi:10.14279/depositonce-6140
fatcat:lvw4geuxrrgfhi3ms3t7m6pkl4
TLS on Android – Evolution over the last decade
[article]
2022
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Mobile Apps arbeiten dazu mehr und mehr mit persönlichen sensiblen Daten, sodass ihr Datenverkehr ein attraktives Angriffsziel für Man-in-the-Middle-attacks (MitMAs) ist. ...
Other areas of research from which lessons can be learned or transferred are tailored software stacks. ...
We formulate lessons learned during our evaluation to share them with the research community. ...
doi:10.22028/d291-36083
fatcat:2yc4gy2ya5gwzm7ear52xxd32m
Challenges in using cryptography - End-user and developer perspectives
2022
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Visualizing and highlighting whether or not webpages are SSL/TLS-encrypted was historically a major focus of usable security research [134, 140] . ...
We report on our experiences and lessons learned from two controlled programming experiments (n>200) conducted using Developer Observatory. ...
Lessons Learned from Using an Online Platform " codemirror_mode " : { " name " : " ipython " , " v e r s i o n " : 2 } , " f i l e _ e x t e n s i o n " : " . py " , " mimetype " : " t e x t /x−python ...
doi:10.15488/12107
fatcat:t44vormnhbg2ld6qfljtvu4cmm
Developer factor in software privacy
[article]
2021
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Other places developers learn about privacy include universities, though they may not learn how to include privacy in software. ...
Haney for sharing materials from their study on cybersecurity advocates and helping with the recruitment, Mary Ellen Zurko for helping with the recruitment, and Adam Jenkins for his feedback on earlier ...
A common example of invisible security effects is SSL/TLS. ...
doi:10.7488/era/1485
fatcat:cuv6itafdrdz3dif2s7mdox6ty