One startling and potentially useful document is RFC7457, "Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS)". It details a couple of dozen attacks on TLS, most having to do with protocol implementation issues such as failing to correctly verify all of the information you are given. Some of them leak information or allow a connection to be take over, others allow an attacker to downgrade the security negotiation so that a later attack on the cipher has a higher chance of success.
One attack this RFC points out is http://www.openssl./~bodo/tls-cbc.txt, which (among other things) describes a flaw in how TLS Record Protocol records are concatenated. Originally, TLS kept the ciphertext of the last block of a record to use as the initialization vector (IV) of the first block of a new record, but this allows an attacker who can adaptively choose plaintexts to more completely choose the text being encrypted. The fix is straightforward (toss in an extra block of nonsense data before starting the new record), and current versions of TLS aren't vulnerable.
No comments:
Post a Comment