Daftar Isi:
- The concern, that the length of TLS payloads is not effectively concealed is not necessarily new. In September 2013, Alfredo Pironti of INRIA Paris-Rocquencourt released an Internet-Draft bearing the title Length Hiding Padding for TLS Protocol proposing some methods to avoid the disclosure of payload sizes, such as Range Splitting. But Vranken’s publication does raise some new practical concerns regarding attack vectors based on this behavior. One interesting approach is to use known sizes of requests and responses to fingerprint specific sequences of HTTP requests.
- This paper was written in 2016 as part of a research project at scip AG, Switzerland. It was initially published online at https://www.scip.ch/en/?labs.20160317 and is available in English and German. Providing our clients with innovative research for the information technology of the future is an essential part of our company culture.