On the practical (in-)security of 64-bit block ciphers: Collision attacks on HTTP over TLS and OpenVPN

Proceedings of the ACM Conference on Computer and Communications Security

Volumn 24-28-October-2016, Issue , 2016, Pages 456-467

  Bhargavan, Karthikeyan ^a   Leurent, Gaëtan ^a  

^a INRIA   (France)

Author keywords

[No Author keywords available]

Indexed keywords

HTTP; INTERNET PROTOCOLS; LYAPUNOV METHODS; NETWORK SECURITY; SECURITY OF DATA; SEEBECK EFFECT;

64-BIT BLOCK CIPHERS; BIRTHDAY BOUNDS; COLLISION ATTACK; INTERNET SECURITY; PRIOR KNOWLEDGE; PROOF OF CONCEPT; SECURITY PROTOCOLS; SOFTWARE VENDORS;

CRYPTOGRAPHY;

EID: 84995519387     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2976749.2978423     Document Type: Conference Paper

References (34)

1. M. Abdalla and M. Bellare. Increasing the lifetime of a key: a comparative analysis of the security of re-keying techniques. In T. Okamoto, editor, ASIACRYPT 2000, volume 1976 of LNCS, pages 546-559. Springer, Heidelberg, Dec. 2000.
2. D. Adrian, K. Bhargavan, Z. Durumeric, P. Gaudry, M. Green, J. A. Halderman, N. Heninger, D. Springall, E. Thomé, L. Valenta, B. VanderSloot, E. Wustrow, S. Z. Béguelin, and P. Zimmermann. Imperfect forward secrecy: How Diffie-Hellman fails in practice. In I. Ray, N. Li, and C. Kruegel:, editors, ACM CCS 15, pages 5-17. ACM Press, Oct. 2015.
3. N. J. AlFardan, D. J. Bernstein, K. G. Paterson, B. Poettering, and J. C. N. Schuldt. On the Security of RC4 in TLS. In S. T. King, editor, USENIX Security, pages 305-320. USENIX Association, 2013.
4. N. J. AlFardan and K. G. Paterson. Lucky thirteen: Breaking the TLS and DTLS record protocols. In 2013 IEEE Symposium on Security and Privacy, pages 526-540. IEEE Computer Society Press, May 2013.
5. N. Aviram, S. Schinzel, J. Somorovsky, N. Heninger, M. Dankel, J. Steube, L. Valenta, D. Adrian, J. A. Halderman, V. Dukhovni, E. Kasper, S. Cohney, S. Engels, C. Paar, and Y. Shavitt. DROWN: Breaking TLS using SSLv2, 2016. https://drownattack.com.
6. M. Bellare, A. Desai, E. Jokipii, and P. Rogaway. A concrete security treatment of symmetric encryption. In 38th FOCS, pages 394-403. IEEE Computer Society Press, Oct. 1997.
7. M. Bellare, J. Kilian, and P. Rogaway. The security of cipher block chaining. In Y. Desmedt, editor, CRYPTO'94, volume 839 of LNCS, pages 341-358. Springer, Heidelberg, Aug. 1994.
8. M. Bellare, T. Kohno, and C. Namprempre. The Secure Shell (SSH) Transport Layer Encryption Modes. IETF RFC 4344, 2006.
9. B. Beurdouche, K. Bhargavan, A. Delignat-Lavaud, C. Fournet, M. Kohlweiss, A. Pironti, P.-Y. Strub, and J. K. Zinzindohoue. A messy state of the union: Taming the composite state machines of TLS. In 2015 IEEE Symposium on Security and Privacy, pages 535-552. IEEE Computer Society Press, May 2015.
10. K. Bhargavan and G. Leurent. Transcript Collision Attacks: Breaking Authentication in TLS, IKE, and SSH. In ISOC Network and Distributed System Security Symposium (NDSS16), 2016.
11. K. K. Bodo Moller, Thai Duong. This POODLE Bites: Exploiting The SSL 3.0 Fallback, 2014. https://www.openssl.org/~bodo/ssl-poodle.pdf.
12. A. Bogdanov, L. R. Knudsen, G. Leander, C. Paar, A. Poschmann, M. J. B. Robshaw, Y. Seurin, and C. Vikkelsoe. PRESENT: An ultra-lightweight block cipher. In P. Paillier and I. Verbauwhede, editors, CHES 2007, volume 4727 of LNCS, pages 450-466. Springer, Heidelberg, Sept. 2007.
13. T. Dierks and E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.2. IETF RFC 5246, 2008.
14. W. Diffie and M. E. Hellman. Privacy and authentication: An introduction to cryptography. Proceedings of the IEEE, 67(3):397-427, 1979.
15. T. Duong and J. Rizzo. Here come the ninjas. Unpublished manuscript, 2011.
16. M. Dworkin. Recommendation for Block Cipher Modes of Operation. NIST Special Publication 800-38{A, B, C, D}, National Institute for Standards and Technology, 2001-2011.
17. P. Erdos and A. Renyi. On the evolution of random graphs. Bull. Inst. Internat. Statist, 38(4):343-347, 1961.
18. S. Frankel and S. Krishnan. IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap. IETF RFC 6071, 2011.
19. C. Garman, K. G. Paterson, and T. V. der Merwe. Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS. In J. Jung and T. Holz, editors, USENIX Security, pages 113-128. USENIX Association, 2015.
20. D. Hong, J. Sung, S. Hong, J. Lim, S. Lee, B.-S. Koo, C. Lee, D. Chang, J. Lee, K. Jeong, H. Kim, J. Kim, and S. Chee. HIGHT: A new block cipher suitable for low-resource device. In L. Goubin and M. Matsui, editors, CHES 2006, volume 4249 of LNCS, pages 46-59. Springer, Heidelberg, Oct. 2006.
21. On the Assessment of Cryptographic Techniques and Key Lengths, 4th edition. ISO/IEC JTC 1/SC 27 Standing Document 12, May 2014. Available online: http://www.din.de/blob/78392/6f4bbd95d0cf11d1b32784948039600b/sc27-sd12-data.pdf.
22. T. Iwata. New blockcipher modes of operation with beyond the birthday bound security. In M. J. B. Robshaw, editor, FSE 2006, volume 4047 of LNCS, pages 310-327. Springer, Heidelberg, Mar. 2006.
23. A. Langley, N. Modadugu, and B. Moeller. Transport Layer Security (TLS) False Start. Internet Draft, Nov. 2015. https://tools.ietf.org/html/draft-ietf-tls-falsestart-01.
24. A. Luykx and K. G. Paterson. Limits on authenticated encryption use in TLS, march 2016. http://www.isg.rhul.ac.uk/~kp/TLS-AEbounds.pdf.
25. D. McGrew. Impossible plaintext cryptanalysis and probable-plaintext collision attacks of 64-bit block cipher modes. In Fast Software Encryption Workshop (FSE), 2013. https://eprint.iacr.org/2012/623.
26. D. McGrew and P. Hoffman. Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH). IETF RFC 7321, 2014.
27. E. Petrank and C. Rackoff. CBC MAC for real-time data sources. Journal of Cryptology, 13(3):315-338, 2000.
28. J. Rizzo and T. Duong. The crime attack. In EKOparty Security Conference, volume 2012, 2012.
29. P. Rogaway. Problems with Proposed IP Cryptography. Unpublished draft, 1995. http://web.cs.ucdavis.edu/~rogaway/papers/draftrogaway-ipsec-comments-00.txt.
30. P. Rogaway. Evaluation of Some Blockcipher Modes of Operation. Technical report, CRYPREC, Feb. 2011.
31. P. C. van Oorschot and M. J. Wiener. Parallel collision search with cryptanalytic applications. Journal of Cryptology, 12(1):1-28, 1999.
32. M. Vanhoef and F. Piessens. All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS. In J. Jung and T. Holz, editors, USENIX Security, pages 97-112. USENIX Association, 2015.
33. K. Yasuda. A new variant of PMAC: Beyond the birthday bound. In P. Rogaway, editor, CRYPTO 2011, volume 6841 of LNCS, pages 596-609. Springer, Heidelberg, Aug. 2011.
34. T. Ylonen and C. Lonvick. The Secure Shell (SSH) Transport Layer Protocol. IETF RFC 4253, 2006.