Search Results

During the TLS 1.3 handshake, an entity (e.g., a client application) commonly transmits a chain of certificates and certificates' digital signatures to the remote party to authenticate themselves. Towards a transition to post-quantum TLS, several ...

Popular Chinese Input Method Editor (IME) keyboards almost universally feature cloud-based features that improve character prediction when typing. Handling such sensitive data (i.e., keystrokes) in transit demands security in transit. In this work, we ...

BGP distributes prefixes advertised by Autonomous Systems (ASes) and computes the best paths between them. It is the only routing protocol used to exchange interdomain routes on the Internet. Since its original definition in the late 1980s, BGP uses TCP. ...

As 5G is currently being rolled out, security considerations for this critical infrastructure are getting more into focus. Hereby, the security investigation of the 5G core as the central element plays a pivotal role. The structure of the core is based ...

Secure communication protocols such as TLS 1.3 or QUIC are doing the heavy lifting in terms of security of today's Internet. These modern protocols provide modes that do not need an interactive handshake, but allow to send cryptographically protected ...

State actors around the world censor the HTTPS protocol to block access to certain websites. While many circumvention strategies utilize the TCP layer only little emphasis has been placed on the analysis of TLS-a complex protocol and integral building ...

We show how to embed a covert key exchange sub protocol within a regular TLS 1.3 execution, generating a stealth key in addition to the regular session keys. The idea, which has appeared in the literature before, is to use the exchanged nonces to ...

Residential IP Proxies (RESIPs) enable proxying out requests from a vast network of residential devices without inserting any information revealing it. While RESIPs can be used for legitimate purposes, previous studies also associate them with malicious ...

IoT devices are increasingly used in consumer homes. Despite recent works in characterizing IoT TLS usage for a limited number of in-lab devices, there exists a gap in quantitatively understanding TLS behaviors from devices in the wild and server-side ...

In the context of connecting to enterprise Wi-Fi, previous works show that relying on human users to manually configure or enforce server authentication often leads to insecure outcomes. Consequently, many user credentials can potentially be stolen by ...

Web scraping bots are now using so-called Residential ip Proxy (resip) services to defeat state-of-the-art commercial bot countermeasures. resip providers promise their customers to give them access to tens of millions of residential ip addresses, ...

This paper proposes using a logic programming language to disentangle X.509 certificate validation policy from mechanism. Expressing validation policies in a logic programming language provides multiple benefits. First, policy and mechanism can be more ...

TLS 1.3, the newest version of the Transport Layer Security (TLS) protocol, provides strong authentication and confidentiality guarantees that have been comprehensively analyzed in a variety of formal models. However, despite its controversial use of ...

TLS certificate pinning is a security mechanism used by applications (apps) to protect their network traffic against malicious certificate authorities (CAs), in-path monitoring, and other methods of TLS tampering. Pinning can provide enhanced security ...

The security of digital communication relies on few cryptographic protocols that are used to protect internet traffic, from web sessions to instant messaging. These protocols and the cryptographic primitives they rely on have been extensively studied ...

This document describes version 2.0 of the Certificate Transparency (CT) protocol for publicly logging the existence of Transport Layer Security (TLS) server certificates as they are issued or observed, in a manner that allows anyone to audit ...

The MD5 and SHA-1 hashing algorithms are increasingly vulnerable to attack, and this document deprecates their use in TLS 1.2 and DTLS 1.2 digital signatures. However, this document does not deprecate SHA-1 with Hashed Message Authentication Code (HMAC), ...

Currently most practical attacks on cryptographic protocols like TLS are based on side channels, such as padding oracles. Some well-known recent examples are DROWN, ROBOT and Raccoon (USENIX Security 2016, 2018, 2021). Such attacks are usually found by ...

A versatile non-repudiation service that can be used directly and without application-specific modifications is desirable in many realistic use-cases. Since TLS is one of the most popular current means of secure communication, several proposals have ...

Traffic classification is essential in network management for operations ranging from capacity planning, performance monitoring, volumetry, and resource provisioning, to anomaly detection and security. Recently, it has become increasingly challenging ...