As cloud computing and mobile computing continue to become more widely adopted, there is an ever increasing demand for efficient transmission and storage of data. Compression is widely used in Internet-based information systems to satisfy these demands. At the same time, as our daily lives become ever more reliant upon this digital infrastructure, protecting the security and privacy of data becomes a pervasive necessity. Even when a system is built from secure cryptographic algorithms, the protection provided by these algorithms can be compromised at the system level when pre- or post-processing operations, such as compression, are used in conjunction with encryption and authentication. The two recent attacks CRIME and BREACH demonstrated that conventional techniques for combining compression and encryption are susceptible to "compression side-channel" attacks. The only effective remedy is to disable compression for Secure Sockets Layer (SSL)/Transport Layer Security (TLS) and HTTPS communication, which almost 90 percent of web sites have done.

Most common topics