Académique Documents
Professionnel Documents
Culture Documents
Cryptography II
Spring 2013
CRIME Attack
Compression Ratio Info-
leak Made Easy
What is CRIME?
Exploit for SSL/TSL
Takes Advantage of Compression in
SSL/TSL
Allows Attacker To Obtain Control
Who and When of CRIME?
security researchers
Juliano Rizzo
Thai Duong
Also created the BEAST exploit
Browser Exploit Against SSL/TLS
Introduced at the 2012 Ekoparty
Security Conference
Background Information
What is SSL/TSL
Security Protocols to assist in transferring
data securely via the Internet
Built-in Compression Option
Requires a Session Cookie Containing a
Key to Validate Messages
Used by Many Websites that Require
Security
How Does CRIME Work?
The attacker creates a special
JavaScript
Script will append data to attackee’s
transmissions
This data is very specific and created to
obtain patterns
The attacker introduces the JavaScript
into the attackee’s system
How Does CRIME Work? (con’t)