The Rupture API: Productizing TLS attacks Aggelos Kiayias Eva - - PowerPoint PPT Presentation

the rupture api productizing tls attacks
SMART_READER_LITE
LIVE PREVIEW

The Rupture API: Productizing TLS attacks Aggelos Kiayias Eva - - PowerPoint PPT Presentation

Jan 26, 2024 250 likes •492 views

The Rupture API: Productizing TLS attacks Aggelos Kiayias Eva Sarafianou Dionysis Zindros Real World Crypto 2017 Attack Anatomy Attacker guesses part of secret Uses it in reflection Compressed/encrypted response is shorter if

slide-1
SLIDE 1

The Rupture API: Productizing TLS attacks

Aggelos Kiayias Eva Sarafianou Dionysis Zindros

Real World Crypto 2017

slide-2
SLIDE 2

Attack Anatomy

slide-3
SLIDE 3

Reflection

Secret

  • Attacker guesses part of secret
  • Uses it in reflection
  • Compressed/encrypted response is shorter if right!
slide-4
SLIDE 4

Adaptively choosing reflections strings can lead to full recovery. But there are challenges: 1. Noise 2. Antagonistic compression methods (Huffman coding) 3. Unrelated static content on page matching candidates

slide-5
SLIDE 5
slide-6
SLIDE 6
slide-7
SLIDE 7

Our Contributions

  • Usable open-source tool
  • Demonstrate attack is easy and practical via web UI
  • Reusable RESTful API
slide-8
SLIDE 8

Demo

slide-9
SLIDE 9
slide-10
SLIDE 10
slide-11
SLIDE 11
slide-12
SLIDE 12
slide-13
SLIDE 13
slide-14
SLIDE 14
slide-15
SLIDE 15
slide-16
SLIDE 16
slide-17
SLIDE 17
slide-18
SLIDE 18
slide-19
SLIDE 19
slide-20
SLIDE 20
slide-21
SLIDE 21
slide-22
SLIDE 22

https://github.com/dionyziz/rupture https://ruptureit.com/

slide-23
SLIDE 23

Thank you! Questions?

http://www.kiayias.com

E5F2 7045 437B 168B 39AD 1BFA C876 8019 6DBB 04E0

https://esarafianou.github.io

2FA9 7528 9554 F1EB F5F8 675B E371 5849 8CD0 92EE

https://dionyziz.com

45DC 00AE FDDF 5D5C B988 EC86 2DA4 50F3 AFB0 46C7

https://github.com/dionyziz/rupture