Author(s): Kenneth Paterson and Nadhem Alfardan

Download: Paper (PDF)

Date: 6 Feb 2012

Document Type: Presentations

Additional Documents: Slides

Associated Event: NDSS Symposium 2012


We describe an efficient and full plaintext recovery attack against the OpenSSL implementation of DTLS, and an efficient, partial plaintext recovery attack against the GnuTLS implementation of DTLS. We discuss the reasons why these implementations are insecure, drawing lessons for secure protocol design and implementation in general.