论文信息 - Can We Securely Use CBC Mode in TLS1.0? - 字舞流文

Can We Securely Use CBC Mode in TLS1.0?

Currently, TLS1.0 is one of the most widely deployed protocol versions for SSL/TLS. In TLS1.0, there are only two choices for the bulk encryption, i.e., RC4 or block ciphers in the CBC mode, which have been criticized to be insecure.

Shiho Moriai | Ryo Nojima | Takashi Kurokawa | S. Moriai | R. Nojima | Takashi Kurokawa

[1] Bodo Möller,et al. This POODLE Bites: Exploiting The SSL 3.0 Fallback , 2014 .

[2] Masakatu Morii,et al. Full Plaintext Recovery Attack on Broadcast RC4 , 2013, FSE.

[3] Serge Vaudenay,et al. Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS , 2002, EUROCRYPT.

[4] Mihir Bellare,et al. The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs , 2006, EUROCRYPT.

[5] Serge Vaudenay,et al. Password Interception in a SSL/TLS Channel , 2003, CRYPTO.

[6] Donald Eastlake rd,et al. Transport Layer Security (TLS) Extensions: Extension Definitions , 2011 .

[7] Kenneth G. Paterson,et al. Lucky Thirteen: Breaking the TLS and DTLS Record Protocols , 2013, 2013 IEEE Symposium on Security and Privacy.

[8] Kenneth G. Paterson,et al. On the Security of RC4 in TLS , 2013, USENIX Security Symposium.