Design and implementation of a TLS attack toolkit for security testing purposes

OData support
Supervisor:
Dr. Buttyán Levente
Department of Networked Systems and Services

TLS is a cryptographic protocol that provides security for network communication. Numerous versions are widely used in IT networks such as web pages, browsers, email communications, internet based faxing or voice over IP. The protocol provides the confidentiality and integrity for the data. Although it is currently considered one of the safest transfer security protocols, it has vulnerabilities. Like all commonly used technologies, TLS has been tried to hack by many malicious people to gain sensitive information.

The purpose of my thesis is to describe the TLS and its predecessor, the SSL protocol’s operation. I also show the operation of the software that I have created, which implements chosen chipertext attacks against TLS in real email communication environment. I look at the results, feasibility and defense capabilities of the attacks, thus analyzing the effectiveness of the attacks and the vulnerability of the protocol.

In my thesis I also provide an overview of the chosen-plaintext attacks against TLS.

Summing up, my aim is to provide a full overview of the TLS protocol by describe it and implementing attacks, resulting in a combination of all relevant information about TLS with credible results in a transparent and understandable document.

Downloads

Please sign in to download the files of this thesis.