On the security of TLS 1.3 and QUIC against weaknesses in PKCS#1 v1.5 encryption

Proceedings of the ACM Conference on Computer and Communications Security

Volumn 2015-October, Issue , 2015, Pages 1185-1196

  Jager, Tibor ^a   Schwenk, Jörg ^a   Somorovsky, Juraj ^a  

^a RUHR UNIVERSITY BOCHUM   (Germany)

Author keywords

Chosen ciphertext attack; Cross protocol attack; TLS

Indexed keywords

ACCESS CONTROL; CRYPTOGRAPHY; NETWORK SECURITY; SEEBECK EFFECT; THALLIUM;

CHOSEN CIPHERTEXT ATTACK; FORWARD SECRECY; KEY EXCHANGE; PROTOCOL ATTACKS; SECRET KEY; SESSION KEY; TRANSPORT LAYER SECURITY PROTOCOLS; TRANSPORT METHOD;

SIDE CHANNEL ATTACK;

EID: 84954113686     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2810103.2813657     Document Type: Conference Paper

References (36)

1. SSL Pulse. Survey of the SSL Implementation of the Most Popular Web Sites, April 2015. https://www.trustworthyinternet.org/ssl-pulse.
2. David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé;, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Bé;guelin, Paul Zimmermann. Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice. May 2015. https://WeakDH.org
3. Gail-Joon Ahn, Moti Yung, and Ninghui Li, editors. ACM CCS 14: 21st Conference on Computer and Communications Security. ACM Press, November 2014.
4. Romain Bardou, Riccardo Focardi, Yusuke Kawamoto, Lorenzo Simionato, Graham Steel, and Joe-Kai Tsay. Efficient padding oracle attacks on cryptographic hardware. In Reihaneh Safavi-Naini and Ran Canetti, editors, Advances in Cryptology-CRYPTO 2012, volume 7417 of Lecture Notes in Computer Science, pages 608-625. Springer, August 2012.
5. Florian Bergsma, Benjamin Dowling, Florian Kohlar, Jörg Schwenk, and Douglas Stebila. Multi-ciphersuite security of the secure shell (SSH) protocol. In Ahn et al. [3], pages 369-381.
6. S. Blake-Wilson, N. Bolyard, V. Gupta, C. Hawk, and B. Moeller. Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS). RFC 4492 (Informational), May 2006. Updated by RFC 5246.
7. Daniel Bleichenbacher. Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In Hugo Krawczyk, editor, Advances in Cryptology-CRYPTO'98, volume 1462 of Lecture Notes in Computer Science, pages 1-12. Springer, August 1998.
8. Wan-Teh Chang and Adam Langley. QUIC crypto, 2013. https://docs.google.com/document/d/1g5nIXAIkN-Y-7XJW5K45IblHd-L2f5LTaDUDwvZ5L6g/edit?pli=1.
9. Jean Paul Degabriele, Anja Lehmann, Kenneth G. Paterson, Nigel P. Smart, and Mario Strefler. On the joint security of encryption and signature in EMV. In Orr Dunkelman, editor, Topics in Cryptology-CT-RSA 2012, volume 7178 of Lecture Notes in Computer Science, pages 116-135. Springer, February / March 2012.
10. T. Dierks and C. Allen. The TLS Protocol Version 1.0. RFC 2246 (Proposed Standard), January 1999. Obsoleted by RFC 4346, updated by RFCs 3546, 5746.
11. T. Dierks and E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.1. RFC 4346 (Proposed Standard), April 2006. Obsoleted by RFC 5246, updated by RFCs 4366, 4680, 4681, 5746.
12. T. Dierks and E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard), August 2008. Updated by RFC 5746.
13. T. Dierks and E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.3. draft-ietf-tls-tls13-07, July 2015.
14. Marc Fischlin and Felix Günther Multi-stage key exchange and the case of google's QUIC protocol. In Gail-Joon Ahn, Moti Yung, and Ninghui Li, editors, Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3-7, 2014, pages 1193-1204. ACM, 2014.
15. Martin Georgiev, Subodh Iyengar, Suman Jana, Rishita Anubhai, Dan Boneh, and Vitaly Shmatikov. The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software. In ACM Conference on Computer and Communications Security, 2012.
16. Fedor Indutny. Rsa certificate sizes, April 2015. http://indutny.github.io/collect-certs.
17. Tibor Jager, Kenneth G. Paterson, and Juraj Somorovsky. One bad apple: Backwards compatibility attacks on state-of-the-art cryptography. In ISOC Network and Distributed System Security Symposium-NDSS 2013. The Internet Society, February 2013.
18. Tibor Jager, Sebastian Schinzel, and Juraj Somorovsky. Bleichenbacher's attack strikes again: Breaking PKCS#1 v1.5 in XML encryption. In Sara Foresti, Moti Yung, and Fabio Martinelli, editors, ESORICS 2012: 17th European Symposium on Research in Computer Security, volume 7459 of Lecture Notes in Computer Science, pages 752-769. Springer, September 2012.
19. J. Jonsson and B. Kaliski. Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1. RFC 3447 (Informational), February 2003.
20. B. Kaliski. PKCS #1: RSA Encryption Version 1.5. RFC 2313 (Informational), March 1998. Obsoleted by RFC 2437.
21. B. Kaliski and J. Staddon. PKCS #1: RSA Cryptography Specifications Version 2.0. RFC 2437 (Informational), October 1998. Obsoleted by RFC 3447.
22. Vlastimil Klí;ma, Ondrej Pokorný;, and Tomá;s Rosa. Attacking RSA-based sessions in SSL/TLS. In Colin D. Walter, Çetin Kaya Koç, and Christof Paar, editors, Cryptographic Hardware and Embedded Systems-CHES 2003, volume 2779 of Lecture Notes in Computer Science, pages 426-440. Springer, September 2003.
23. Robert Lychev, Samuel Jero, Alexandra Boldyreva, and Cristina Nita-Rotaru. How secure and quick is QUIC? Provable security and performance analyses. In 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17-21, 2015, pages 214-231. IEEE Computer Society, 2015.
24. M. Maher. ATM Signalling Support for IP over ATM-UNI Signalling 4.0 Update. RFC 2331 (Proposed Standard), April 1998.
25. James Manger. A chosen ciphertext attack on RSA optimal asymmetric encryption padding (OAEP) as standardized in PKCS #1 v2.0. In Joe Kilian, editor, Advances in Cryptology-CRYPTO 2001, volume 2139 of Lecture Notes in Computer Science, pages 230-238. Springer, August 2001.
26. Nikos Mavrogiannopoulos, Frederik Vercauteren, Vesselin Velichkov, and Bart Preneel. A cross-protocol attack on the TLS protocol. In Yu et al. [34], pages 62-72.
27. Christopher Meyer and Jörg Schwenk. SoK: Lessons Learned From SSL/TLS Attacks. In Proceedings of the 14th International Workshop on Information Security Applications, WISA 2013, Berlin, Heidelberg, August 2013. Springer-Verlag.
28. Christopher Meyer, Juraj Somorovsky, Eugen Weiss, Jörg Schwenk, Sebastian Schinzel, and Erik Tews. Revisiting SSL/TLS implementations: New bleichenbacher side channels and attacks. In Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014., pages 733-748, 2014.
29. Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In Ehab Al-Shaer, Somesh Jha, and Angelos D. Keromytis, editors, ACM CCS 09: 16th Conference on Computer and Communications Security, pages 199-212. ACM Press, November 2009.
30. Ivan Ristić;. Bulletproof SSL and TLS. Understanding and deploying SSL/TLS and PKI to secure servers and web applications. Feisty Duck, August 2014.
31. Jim Roskind. Experimenting with QUIC, 2013. http://blog.chromium.org/2013/06/experimenting-with-quic.html.
32. Jim Roskind. QUIC design document, 2013. https://docs.google.com/a/chromium.org/document/d/1RNHkx-VvKWyWg6Lr8SZ-saqsQx7rFV-ev2jRFUoVD34.
33. D. Wagner and B. Schneier. Analysis of the SSL 3.0 protocol. The Second USENIX Workshop on Electronic Commerce Proceedings, 1996.
34. Ting Yu, George Danezis, and Virgil D. Gligor, editors. ACM CCS 12: 19th Conference on Computer and Communications Security. ACM Press, October 2012.
35. Yinqian Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. Cross-VM side channels and their use to extract private keys. In Yu et al. [34], pages 305-316.
36. Yinqian Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. Cross-tenant side-channel attacks in PaaS clouds. In Ahn et al. [3], pages 990-1003.