Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks

Presented at DeepSec 2014 „Do you want to know more?“, Unknown date/time (Unknown duration).

As a countermeasure against the famous Bleichenbacher attack on RSA based ciphersuites, all TLS RFCs starting from RFC 2246 (TLS 1.0) propose "to treat incorrectly formatted messages in a manner indistinguishable from correctly formatted RSA blocks". In this talk we show that this objective has not been achieved yet (cf. Table 1): We present four new Bleichenbacher side channels, and three successful Bleichenbacher attacks against the Java Secure Socket Extension (JSSE) SSL/TLS implementation and against hardware security appliances using the Cavium NITROX SSL accelerator chip. Three of these side channels are timing-based, and two of them provide the first timing-based Bleichenbacher attacks on SSL/TLS described in the literature. Our measurements confirmed that all these side channels are observable over a switched network, with timing differences between 1 and 23 microseconds. We were able to successfully recover the PreMasterSecret using three of the four side channels in a realistic measurement setup.

Presenters:

  • Juraj Somorovsky - 3curity / Ruhr University Bochum
    Dr.-Ing. Juraj Somorovsky finished his PhD in the area of XML Security in 2013. In his thesis „On the Insecurity of XML Security" he analyzes various attacks on Web Services and presents practical countermeasures against these attacks, which were applied in XML Security specifications and in countless frameworks and applications. He presented his work at many scientific and industry conferences, including Usenix Security or OWASP Germany. Currently, he works as a Postdoc at the Chair for Network and Data Security, where he focuses his research on Web Security analysis and attacks, and teaches different security relevant subjects. In parallel, he works as a security specialist for his co-founded company 3curity GmbH.

Links:

Similar Presentations: