Skip a heartbeat: OpenSSL Heartbleed Vulnerability & Prediction of Exploitation by Mehak Bashir - HTML preview

PLEASE NOTE: This is an HTML preview only and some elements such as links or page numbers may be incorrect.
Download the book in PDF, ePub, Kindle for a complete version.

ABSTRACT

 

The Open Secure Sockets Layer (OpenSSL) provides secure platform for transactions, such as online shopping, online banking and emails etc., that take place over/across the internet. It is widely used open source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS). Vulnerabilities have however been found in the OpenSSL which has resulted in a wide public outcry all over the world. A confounding computer bug called “Heartbleed” is causing major security worries across the internet. Heartbleed affects many things, including web servers, routers that connect office networks to the internet, mobile apps and VPNs (Virtual Private Network). It has been estimated that 60 percent of secure web sites that are using OpenSSL are affected. In addition, Heartbleed cannot be traced. The Heartbleed Bug has sent shockwaves all over the internet. Not only has all of this user data been directly compromised, but, what are worse, the private keys of the servers running the vulnerable versions of OpenSSL were also almost certainly compromised. Patching of affected applications or/and upgrade to versions that are not vulnerable, is recommended/suggested, in order to mitigate the risks identified.

The thesis/work describes OpenSSL Heartbleed vulnerability and also proposes a methodology that explains the severity of exploitation posed by some common types of vulnerabilities, based on Common Vulnerability Scoring System (CVSS), using Naive Bayes classification algorithm.