Professional Documents
Culture Documents
Introduction
Currently, security needed in transport layer, viz. encryption, authentication, and data integrity, is provided by two protocols: SSL and TLS
2.1
SSL
2.2
TLS
4
4.1
Various attacks attempt to remove the use of (SSL/TLS) altogether by modifying unencrypted protocols that request the use of TLS, specifically modifying HTTP traffic and HTML pages as they pass through the media.
4.2
4.3
BEAST attack
The BEAST attack [BEAST] uses issues with the TLS 1.0 implementation of
Cipher Block Chaining (CBC) to decrypt parts of a packet, and specifically
to decrypt HTTP cookies when HTTP is run over TLS.
4.4
4.5
Attacks on RC4
The RC4 algorithm has been used with TLS. Recent cryptanalysis results
exploit biases in the RC4 keystream to recover repeatedly encrypted plaintexts.
4.6
4.7
4.8
4.9
Renegotiation
The attacker forms a TLS connection with the target server, injects content
of his choice, and then splices in a new TLS connection from a client.
4.10
Triple Handshake
The triple handshake attack enables the attacker to cause two TLS connections to share keying material.
4.11
SSLv3 fallback and improper handling of session caches on the server side
can be abused by an attacker to establish a malicious connection to a virtual
host other than the one originally intended and approved by the server.
4.12
Denial of Service
4.13
Implementation Issues
Even when the protocol is properly specified, this does not guarantee the
security of implementations. In fact, there are very common issues that often
plague TLS implementations. Some widespread implementation issues are:
4.13.1
Heartbleed
This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. The vulnerability arises from buffer over-read, a situation where more data can be
read than should be allowed.
4.13.2
Early CCS
OprahSSL
An attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use valid leaf certificate to
act as a CA and issue an invalid certificate.
References
1. Insufficient Transport Layer Protection. Veracode.
2. RFC 7457 - Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS). Internet Engineering Task
Force (IETF)