|
|
|
| e-Pub |
Previous | 
Home
Section: New Results
Authentication Attacks against Transport Layer Security
Participants : Karthikeyan Bhargavan [correspondant] , Antoine Delignat-Lavaud, Cedric Fournet [Microsoft Research] , Markulf Kohlweiss [Microsoft Research] , Alfredo Pironti, Pierre-Yves Strub [IMDEA] .
We discovered an important client impersonation attack on the Transport Layer Security protocol called the triple handshake attack. The attack is on the standard protocol and hence all compliant implementations were potentially at risk. Hence, we systematically followed responsible disclosure by notifying all major web browsers and TLS implementors, and then working with the TLS working group to design a countermeasure. The research results of this work were published at IEEE S&P [53] .
To TLS implementors, we proposed short-term countermeasures that mitigated our attack, leading to security updates to all major web browsers: Google Chrome (CVE-2013-6628), Mozilla Firefox (CVE-2014-1491), Internet Explorer (CVE-2014-1771), Apple Safari (CVE-2014-1295), as well as to non-browser TLS libraries such as Oracle JSSE (CVE-2014-6457) and RSA BSAFE (CVE-2014-4630). For more details, see http://secure-resumption.com
To the TLS working group, we proposed a new cryptographic construction called the session hash that fundamentally alters the cryptographic core of TLS. This construction has now been adopted as a protocol extension to TLS 1.2 and has been integrated into the upcoming TLS 1.3. We expect an IETF standard for this construction to be published in early 2015.
While the triple handshake attacks primarily affect client-authentication, server authentication in HTTPS (HTTP over TLS) primarily relies on X.509 public key certificates. Antoine Delignat-Lavaud along with co-authors at Microsoft research published a paper at NDSS 2015 on a large-scale study of the Web PKI: how certificates are issued and used on the web [56] . Our work uncovered many unsafe practices and suggested best practices and new security policies.
Antoine Delignat-Lavaud also showed how the unsafe sharing of certificates across multiple websites could be exploited to fully compromise the same origin policty for websites, using an vulnerability called virtual host confusion. These results were discussed in a talk at BlackHat USA: for details see http://bh.ht.vc . A research paper on these attacks is forthcoming at WWW'2015.