Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as ''work in progress.'' To learn the current status of any Internet-Draft, please check the ''1id-abstracts.txt'' listing contained in the Internet-Drafts Shad...

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as ''work in progress.'' To learn the current status of any Internet-Draft, please check the ''1id-abstracts.txt'' listing contained in the Internet-Drafts Shad...

TLS uses X.509 certificates for server authentication. A X.509 certificate is a complex document and various innocent errors may occur while creating/ using it. Also, many certificates belong to malicious websites and should be rejected by the client and those web servers should not be visited. Usually, when a client finds a certificate that is doubtful using the traditional tests, it asks for ...

As mobile applications become more pervasive, they provide us with a variety of online services that range from social networking to banking and credit card management. Since many of these services involve communicating and handling of private user information – and also due to increasing security demands from users – the use of TLS connections has become a necessity for today’s mobile applicat...

T-Mobile has a service called “Wi-Fi Calling”, which lets users make and receive calls even when without cellular service. This service is pre-installed on millions of TMobile Android smartphones. We analyze the security aspects of this service from a network perspective, and demonstrate a man-in-the-middle attack caused by a lack of TLS certificate validation, allowing an attacker to eavesdrop...

We analyze the handshake protocol of TLS 1.3 draft-ietf-tls-tls13-10 (published October 2015). This continues and extends our previous analysis (CCS 2015, Cryptology ePrint Archive 2015) of former TLS 1.3 drafts (draft-ietf-tls-tls13-05 and draft-ietf-tls-tls13-dh-based). Here we show that the full (EC)DHE Diffie–Hellman-based handshake of draft-10 is also secure in the multi-stage key exchange...

The RC4 stream cipher is used to protect messages from eavesdroppers in many settings, including some of the Transport Layer Security (TLS) protocols used to secure much internet traffic. Nonuniformities in the output of a stream cipher are a weakness that an eavesdropper can exploit to gain information about the encrypted messages. In this report we verify the size of some nonuniformities of R...

Over the last few years, a worryingly number of attacks against SSL/TLS and other secure channels have been discovered. Fortunately, at least from a defenders perspective, these attacks require an adversary capable of observing or manipulating network traffic. This prevented a wide and easy exploitation of these vulnerabilities. In contrast, we introduce HEIST, a set of techniques that allows u...

Transport Layer Security (TLS) is becoming increasingly desirable and necessary in the modern Internet. Unfortunately it also induces heavy penalties on application CPU performance for both the client and server. In this paper we examine the server-side performance implications on CPU computational and data-movement overhead when enabling TLS on Netflix’s OpenConnect Appliance (OCA [1]) network...