Internet security is hard. TLS is almost impossible. Implementing TLS correctly in Java is »Nightmare!«. This paper will show how a badly designed security API introduced over 15 years ago, combined with misleading documentation and developers unaware of security challenges, causes modern smartphone applications to be left exposed to Man-in-the-Middle attacks.
This article appears in the special edition „In Depth Security – Proceedings of the DeepSec Conferences“. Edited by Stefan Schumacher and René Pfeiffer
%0 Journal Article
%1 mjs:Lukas:Java
%A Lukas, Georg
%D 2015
%K api ds15 java mjsarticle security ssl sslsocket
%N 1
%P 506-513
%T Java’s SSLSocket
%U http://www.sicherheitsforschung-magdeburg.de/uploads/journal/MJS_034_Lukas_Java.pdf
%V 9
%X Internet security is hard. TLS is almost impossible. Implementing TLS correctly in Java is »Nightmare!«. This paper will show how a badly designed security API introduced over 15 years ago, combined with misleading documentation and developers unaware of security challenges, causes modern smartphone applications to be left exposed to Man-in-the-Middle attacks.
This article appears in the special edition „In Depth Security – Proceedings of the DeepSec Conferences“. Edited by Stefan Schumacher and René Pfeiffer
@article{mjs:Lukas:Java,
abstract = {Internet security is hard. TLS is almost impossible. Implementing TLS correctly in Java is »Nightmare!«. This paper will show how a badly designed security API introduced over 15 years ago, combined with misleading documentation and developers unaware of security challenges, causes modern smartphone applications to be left exposed to Man-in-the-Middle attacks.
This article appears in the special edition „In Depth Security – Proceedings of the DeepSec Conferences“. Edited by Stefan Schumacher and René Pfeiffer},
added-at = {2021-09-19T18:42:17.000+0200},
author = {Lukas, Georg},
biburl = {https://www.bibsonomy.org/bibtex/28d8ecaab06557e922c9352bb24b1153e/steschum},
interhash = {286eded2605f5e9b7a706fa184ccc018},
intrahash = {8d8ecaab06557e922c9352bb24b1153e},
issn = {2192-4260},
journaltitle = {Magdeburger Journal zur Sicherheitsforschung},
keywords = {api ds15 java mjsarticle security ssl sslsocket},
number = 1,
pages = {506-513},
subtitle = {How Bad APIs Compromise Security},
timestamp = {2021-10-22T17:15:30.000+0200},
title = {Java’s SSLSocket},
url = {http://www.sicherheitsforschung-magdeburg.de/uploads/journal/MJS_034_Lukas_Java.pdf},
urldate = {2015-03-20},
volume = 9,
year = 2015
}