The Internet encryption protocol TLS - short for Transport Layer Security - is being fundamentally modified. Involved in attacks, researchers headed by Prof Dr Jörg Schwenk from Ruhr-Universität Bochum have contributed to revealing security gaps in the protocol. The Bochum science magazine Rubin reports about the research conducted by the team at Horst Görtz Institute for IT Security.
Attack on key exchange
The IT experts have, for example, succeeded in stealing a key that two parties had negotiated via TLS version 1.2. Such a key is always required when communication partners wish to exchange secret information, for example if a customer transmits credit card details to an online shop.
The TLS protocol provides three approaches for negotiating keys. Most problems are caused by one of the so-called handshake protocols, called TLS-RSA. To put it in simple terms: the webshop server sends a letter box to the customer. The customer places a secret message into the letter box and sends it back to the server. The server, in turn, opens the letter box, thus accessing the secret message, i.e. the key.
Successful Bleichenbacher attack
Performing a Bleichenbacher attack, Schwenk's team gained access to the key: for this purpose, the IT security experts fed errors into the secret message, before putting it in the letter box and sending it to the server. The server expects that the incoming message has a specific form; if it doesn't, the error manager is launched.
Error management is more time-consuming than the server continuing key exchange as usual. This time lag gave clues regarding the contents of the message, i.e. the key that should remain secret. The new TLS version 1.3, which is currently being standardised by the Internet Engineering Task Force, is going to only deploy a different protocol for key negotiation.
Other security gaps detected
Schwenk's group was also involved in other attacks on TLS, for example the "Drown attack" that created a buzz in March 2016 (http://aktuell.ruhr-uni-bochum.de/pm2016/pm00024.html.de). The attackers bypassed the security mechanisms of the current TLS version 1.2 by gaining access via a previous version. Old versions of security protocols are often installed on servers in order to support as many different browsers as possible. In a similar fashion, another team at the Chair for Network and Data Security succeeded in creating fake digital signatures in the current TLS version 1.2.
Cite This Page: