|
|
|
| e-Pub |
Previous | 
Home
Section: New Results
Attacks and Proofs for Transport Layer Security
Participants : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cedric Fournet [Microsoft Research] , Markulf Kohlweiss [Microsoft Research] , Alfredo Pironti, Pierre-Yves Strub [IMDEA] , Jean Karim Zinzindohoue.
As a countermeasure to our earlier work on the triple handshake attack, we proposed a TLS extension called session hash which has now been published as an Internet standard (IETF RFC 7627). We also formally analyzed various protocols such as TLS, IKE, and SSH for key synchronization and triple handshake attacks, and proved that our session hash countermeasure prevents such attacks on TLS. This work appeared at NDSS 2015 [15] .
We discovered and reported an important class of state machine attacks on implementations of the Transport Layer Security (TLS) protocol. These attacks appear when TLS implementations incorrectly accept messages which are forbidden by the TLS state machine. We built a test framework for such attacks and analyzed a number of open source implementations. Our analysis uncovered critical vulnerabilities such as the SKIP attack on Java and the FREAK attack on almost all mainstream web browsers. The research results were published at IEEE S&P where our paper won a distinguished paper award [14] . Our work also led to security updates and CVEs for many web browsers, TLS libraries, and web servers.
Along with colleagues at several other institutions, we discovered the Logjam vulnerability on protocols that still support weak Diffie-Hellman groups in their key exchange. We showed that the attack could be used for online and offline attacks on real-world TLS clients and servers. We also showed how the vulnerability could weaken the security of IPsec and SSH connections. Our research led to widespread changes to the configurations of web servers, mail servers, web browsers, and TLS libraries. The research was published at ACM CCS 2015 [12] where it won a Best Paper award.
Antoine Delignat-Lavaud showed how the unsafe sharing of certificates across multiple HTTPS websites could be exploited to fully compromise the same origin policy for websites, using a vulnerability called virtual host confusion. A research paper on these attacks appeared at WWW 2015 [17] .