TLS/SSL MAC security flaw

0 likes•1,475 views

The document summarizes a security flaw in TLS/SSL that allows attackers to decrypt encrypted traffic by exploiting timing differences in error handling. Specifically, when padding is incorrect on encrypted records, servers may respond at different speeds depending on the stage the error is detected. This creates a timing side channel that can be used to gradually decrypt the last byte of records. The flaw was addressed in TLS 1.1 by standardizing error handling behavior. The document recommends not revealing too many error details and avoiding timing side channels to prevent similar attacks.

Technology Education

More Related Content

What's hot (20)

PDF

Web acceleration mechanicsAlexander Krizhanovsky

PPTX

Cryptography for Absolute Beginners (May 2019)Svetlin Nakov

PDF

Стек Linux HTTPS/TCP/IP для защиты от HTTP-DDoS-атакPositive Hack Days

PDF

Abusing Microsoft Kerberos - Sorry you guys don’t get itE Hacking

PDF

OpenSSL Basic Function Call FlowWilliam Lee

PPTX

SSL Checklist for Pentesters (BSides MCR 2014)Jerome Smith

PDF

Cryptography in PHP: use casesEnrico Zimuel

PDF

Cryptography For The Average Developer - Sunshine PHPAnthony Ferrara

PPTX

Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)Svetlin Nakov

PPTX

Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Svetlin Nakov

PDF

OpenSSL programming (still somewhat initial version)Shteryana Shopova

PPTX

Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Svetlin Nakov

PDF

Securing your MySQL serverMarian Marinov

KEY

第0回ワススタ!! #wasbookを読もうTatsuya Tobioka

PDF

Ntlm UnsafeGuang Ying Yuan

PDF

Gauntlt: Go Ahead, Be Mean to your CodeJames Wickett

PDF

Challenges Building Secure Mobile ApplicationsMasabi

PDF

Crypto With OpenSSLZhi Guan

PDF

hbaseconasia2019 Further GC optimization for HBase 2.x: Reading HFileBlock in...Michael Stack

PDF

Observability tips for HAProxyWilly Tarreau

Web acceleration mechanicsAlexander Krizhanovsky

Cryptography for Absolute Beginners (May 2019)Svetlin Nakov

Стек Linux HTTPS/TCP/IP для защиты от HTTP-DDoS-атакPositive Hack Days

Abusing Microsoft Kerberos - Sorry you guys don’t get itE Hacking

OpenSSL Basic Function Call FlowWilliam Lee

SSL Checklist for Pentesters (BSides MCR 2014)Jerome Smith

Cryptography in PHP: use casesEnrico Zimuel

Cryptography For The Average Developer - Sunshine PHPAnthony Ferrara

Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)Svetlin Nakov

Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Svetlin Nakov

OpenSSL programming (still somewhat initial version)Shteryana Shopova

Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Svetlin Nakov

Securing your MySQL serverMarian Marinov

第0回ワススタ!! #wasbookを読もうTatsuya Tobioka

Ntlm UnsafeGuang Ying Yuan

Gauntlt: Go Ahead, Be Mean to your CodeJames Wickett

Challenges Building Secure Mobile ApplicationsMasabi

Crypto With OpenSSLZhi Guan

hbaseconasia2019 Further GC optimization for HBase 2.x: Reading HFileBlock in...Michael Stack

Observability tips for HAProxyWilly Tarreau

Viewers also liked (20)

PPTX

SSL TLS ProtocolDevang Badrakiya

PPTX

SSL/TLSSirish Kumar

DOCX

SSL-imageRajat Toshniwal

PDF

An analysis of TLS handshake proxyingNick Sullivan

PDF

ACPI and FreeBSD (Part 1)Nate Lawson

PDF

Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)Nate Lawson

PDF

Foundations of Platform SecurityNate Lawson

PDF

ACPI and FreeBSD (Part 2)Nate Lawson

PDF

Using FreeBSD to Design a Secure Digital Cinema Server (Usenix 2004)Nate Lawson

PDF

Crypto Strikes Back! (Google 2009)Nate Lawson

PDF

An introduction to MQTT - Pub / Sub for the massesDominik Obermaier

PDF

Highway to Hell: Hacking Toll Systems (Blackhat 2008)Nate Lawson

PDF

Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)Nate Lawson

PDF

Designing and Attacking DRM (RSA 2008)Nate Lawson

PPT

SSLtheekuchi

PDF

TLS OptimizationNate Lawson

PDF

TLS/SSL Protocol Design 201006Nate Lawson

PPT

Wiresharkashiesh0007

PDF

TLS/SSL Protocol DesignNate Lawson

PDF

Protocoles SSL/TLSThomas Moegli

SSL TLS ProtocolDevang Badrakiya

SSL/TLSSirish Kumar

SSL-imageRajat Toshniwal

An analysis of TLS handshake proxyingNick Sullivan

ACPI and FreeBSD (Part 1)Nate Lawson

Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)Nate Lawson

Foundations of Platform SecurityNate Lawson

ACPI and FreeBSD (Part 2)Nate Lawson

Using FreeBSD to Design a Secure Digital Cinema Server (Usenix 2004)Nate Lawson

Crypto Strikes Back! (Google 2009)Nate Lawson

An introduction to MQTT - Pub / Sub for the massesDominik Obermaier

Highway to Hell: Hacking Toll Systems (Blackhat 2008)Nate Lawson

Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)Nate Lawson

Designing and Attacking DRM (RSA 2008)Nate Lawson

SSLtheekuchi

TLS OptimizationNate Lawson

TLS/SSL Protocol Design 201006Nate Lawson

Wiresharkashiesh0007

TLS/SSL Protocol DesignNate Lawson

Protocoles SSL/TLSThomas Moegli

Similar to TLS/SSL MAC security flaw (20)

PDF

Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...Cybersecurity Education and Research Centre

PPTX

PoodleSamit Anwer

PDF

New flaws in WPA-TKIPvanhoefm

PDF

What every Java developer should know about network?aragozin

PDF

Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...idsecconf

PDF

Computer network (3)NYversity

PDF

Fundamentals of network hackingPranshu Pareek

PPTX

Cours4.pptxBellaj Badr

PPT

Jaimin chp-3 - data-link layer- 2011 batchJaimin Jani

PDF

Technical Overview of QUICshigeki_ohtsu

PDF

[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...Aaron Zauner

PDF

CN-unit-ii.its help you for computer networkmansvi202401

PPSX

MQTC V2.0.1.3 - WMQ & TCP Buffers – Size DOES Matter! (pps)Art Schanz

PDF

[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...CODE BLUE

PPTX

TLS - 2016 Velocity TrainingPatrick Meenan

PPTX

Introduction to data link layerShashank HP

PPTX

UNIT-2 PPT Data link layer.pptxdiptijilhare

PDF

Recover A RSA Private key from a TLS session with perfect forward secrecyPriyanka Aash

PPTX

WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)Ericom Software

PDF

How to bypass an IDS with netcat and linuxKirill Shipulin

Novel Instruction Set Architecture Based Side Channels in popular SSL/TLS Imp...Cybersecurity Education and Research Centre

PoodleSamit Anwer

New flaws in WPA-TKIPvanhoefm

What every Java developer should know about network?aragozin

Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...idsecconf

Computer network (3)NYversity

Fundamentals of network hackingPranshu Pareek

Cours4.pptxBellaj Badr

Jaimin chp-3 - data-link layer- 2011 batchJaimin Jani

Technical Overview of QUICshigeki_ohtsu

[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...Aaron Zauner

CN-unit-ii.its help you for computer networkmansvi202401

MQTC V2.0.1.3 - WMQ & TCP Buffers – Size DOES Matter! (pps)Art Schanz

[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...CODE BLUE

TLS - 2016 Velocity TrainingPatrick Meenan

Introduction to data link layerShashank HP

UNIT-2 PPT Data link layer.pptxdiptijilhare

Recover A RSA Private key from a TLS session with perfect forward secrecyPriyanka Aash

WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)Ericom Software

How to bypass an IDS with netcat and linuxKirill Shipulin

Recently uploaded (20)

PDF

Generative AI vs Predictive AI-The Ultimate Comparison GuideLily Clark

PDF

The Past, Present & Future of Kenya's Digital Transformation Moses Kemibaro

PPTX

AVL ( audio, visuals or led ), technology.Rajeshwri Panchal

PPTX

Applied-Statistics-Mastering-Data-Driven-Decisions.pptxparmaryashparmaryash

PDF

Make GenAI investments go further with the Dell AI FactoryPrincipled Technologies

PPTX

Agile Chennai 18-19 July 2025 Ideathon | AI Powered Microfinance Literacy Gui...AgileNetwork

PDF

Research-Fundamentals-and-Topic-Development.pdfayesha butalia

PDF

State-Dependent Conformal Perception Bounds for Neuro-Symbolic VerificationIvan Ruchkin

PPTX

The Yotta x CloudStack Advantage: Scalable, India-First CloudShapeBlue

PPTX

Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...AndreeaTom

PDF

How ETL Control Logic Keeps Your Pipelines Safe and Reliable.pdfStryv Solutions Pvt. Ltd.

PDF

OpenInfra ID 2025 - Are Containers Dying? Rethinking Isolation with MicroVMs.pdfMuhammad Yuga Nugraha

PDF

The Future of Artificial Intelligence (AI)Mukul

PDF

Alpha Altcoin Setup : TIA - 19th July 2025CIFDAQ

PDF

Lecture A - AI Workflows for Banking.pdfDr. LAM Yat-fai (林日辉)

PDF

MASTERDECK GRAPHSUMMIT SYDNEY (Public).pdfNeo4j

PPTX

python advanced data structure dictionary with examples python advanced data ...sprasanna11

PDF

Market Insight : ETH Dominance ReturnsCIFDAQ

PPTX

Machine Learning Benefits Across IndustriesSynapseIndia

PPTX

Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...AgileNetwork