ATTENTION/WARNING - NE PAS DÉPOSER ICI/DO NOT SUBMIT HERE

Ceci est la version de TEST de DIAL.mem. Veuillez ne pas soumettre votre mémoire sur ce site mais bien à l'URL suivante: 'https://thesis.dial.uclouvain.be'.
This is the TEST version of DIAL.mem. Please use the following URL to submit your master thesis: 'https://thesis.dial.uclouvain.be'.
 

A modular implementation of TLS

Rime, Antoine
(2020)

Files

Rime_36241300_2020.pdf
  • Open access
  • Adobe PDF
  • 796.28 KB
Download

Details

Supervisors
Bonaventure, Olivier
Faculty
Ecole polytechnique de Louvain
Degree label
Master [120] : ingénieur civil en informatique
Abstract
TLS is a widely used protocol to secure a connection between two peers. Protocols such as HTTP or DNS over TLS use it to ensure privacy, authenticity and integrity of the connection. As security is a quickly evolving world, new attacks and defenses appear regularly and extending TLS to add new defenses can take a lot of time. As for any other protocols, new features must be accepted by the IETF before being standardized, which can take many years. This can leave the protocol with security issues for a long time. Therefore, in this thesis, we explore a new way to extend TLS by adding a virtual machine to the implementation. This virtual machine gives the ability to develop plugins that change the behavior of the protocol. Hence, giving the ability to resolve security issues in a much faster way. To illustrate the ability to develop new defense, we propose a plugin that adds padding and shapes a connection to counter fingerprinting attacks. Fingerprinting is a type of traffic analysis attack in which a passive adversary is able to retrieve the encrypted traffic of a user (e.g. ISP, Government...) and infer the visited website. We confront our defense against a state of the art attack that focus on DNS over TLS and show that it gives significant results compare to a classic implementation of TLS.