FIESTA: an HTTPS side-channel party - Jose Selvi

u-drLKiyCSo/default.jpg

OWASP AppSec EU 2018 Hacker Track - Day 2, talk 3

In the past few years, several attacks exploiting side-channel issues in TLS traffic have been launched with the aim of extracting information protected by HTTPS. CRIME, BREACH,, and TIME are all good examples of such attacks. But they are known, and most Internet sites have introduced countermeasures to protect against them. Unfortunately, this is not enough to protect sensitive online information. HTTPS traffic has other side-channels that could be exploited in a similar way, exposing private information. It this paper, we present a new tool, called FIESTA, that will help us test this kind of issues. In addition, we release a new side-channel not used before, affecting the most important technology companies in the Internet.

Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP...

u-drLKiyCSo/default.jpg
FIESTA: an HTTPS side-channel party - Jose Selvi FIESTA: an HTTPS side-channel party - Jose Selvi Reviewed by Dump3R H3id3gg3R on October 01, 2018 Rating: 5