Royal Holloway, University of London researchers are analyzing the Transport Layer Security (TLS) system to identify weaknesses.
The TLS system is designed to ensure the security and safety of online personal information, but vulnerabilities were found in version 1.0 of the system. The researchers say that TLS version 1.2 offers improved security.
"Our analysis of TLS version 1.2 gives us higher confidence that the data we share online will be kept safe, secure, and private," says Royal Holloway professor Kenny Paterson.
TLS encrypts messages as they are transmitted across the Internet, keeping personal data insulated against attack. The researchers have found only one vulnerability in the latest version of TLS. "There is still scope for a 'distinguishing attack' against TLS 1.2, where an attacker could tell whether a user has sent a 'yes' or a 'no' during a transaction, for example," Paterson says.
However, he notes that this kind of attack is considered theoretical, and it is very unlikely that it would actually arise in practice. TLS uses a Message Authentication Code (MAC) tag to help provide security, and for the Royal Holloway attack to work, the MAC tag would need to be small.
From Royal Holloway, University of London
View Full Article
No entries found