Security Researchers Discover New Bleichenbacher TLS 1.3 Encryption Threat Vector
Is your data secure? Researchers recently discovered a new variation of the Bleichenbacher oracle attack that could threaten TLS 1.3 encryption. Seven researchers discovered that OpenSSL, Amazon s2n, MbedTLS, Apple CoreTLS, Mozilla NSS, WolfSSL, and GnuTLS utilized TLS protocols vulnerable to attacks. Google's new QUIC encryption protocol proved to be in danger as well. Their findings were published this past November in an article entitled, “The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations”.
Transport Layer Security (TLS) is a cryptographic protocol that provides end-to-end security over a computer network. It is commonly used in email, instant messaging, and web browsing applications. Before a client and server can begin safely exchanging information through a TLS, they must decide on an encryption key.
The Rivest, Shamir, and Adelman (RSA) algorithm is one way to encrypt and decrypt messages. RSA is an asymmetric algorithm, which means that it uses two different public and private keys or pieces of information that can encrypt and decrypt data.
In 1998 Swiss cryptographer Dr. Daniel Bleichenbacher was able to decrypt a RSA encrypted message with the help of the Public-Key Cryptography Standards (PKCS) #1 function. The Bleichenbacher attack or “million message attack” essentially sent millions of ciphertexts to the decryption device.
Here is where TLS 1.3 can run into issues. TLS encryption authors have merely made it more difficult to guess the RSA decryption keys instead of choosing a different method. Furthermore, these countermeasures are often very complex and therefore not always perfectly, or legally, implemented. These mistakes have opened up TLS connections to variations of the Bleichenbacher attack. The researchers noted that their attack used a “side-channel leak via cache access timings of these implementations in order to break the RSA key exchanges of TLS implementations.”
At least ten variations of the Bleichenbacher attack have been developed over the past twenty years. About a year ago, researchers discovered a vulnerability that put websites such as Facebook and PayPal at risk. Developers are slowly moving away from the RSA algorithm, but is still remains a popular way to encrypt and decrypt messages.
Transport Layer Security (TLS) is a cryptographic protocol that provides end-to-end security over a computer network. It is commonly used in email, instant messaging, and web browsing applications. Before a client and server can begin safely exchanging information through a TLS, they must decide on an encryption key.
The Rivest, Shamir, and Adelman (RSA) algorithm is one way to encrypt and decrypt messages. RSA is an asymmetric algorithm, which means that it uses two different public and private keys or pieces of information that can encrypt and decrypt data.
In 1998 Swiss cryptographer Dr. Daniel Bleichenbacher was able to decrypt a RSA encrypted message with the help of the Public-Key Cryptography Standards (PKCS) #1 function. The Bleichenbacher attack or “million message attack” essentially sent millions of ciphertexts to the decryption device.
Here is where TLS 1.3 can run into issues. TLS encryption authors have merely made it more difficult to guess the RSA decryption keys instead of choosing a different method. Furthermore, these countermeasures are often very complex and therefore not always perfectly, or legally, implemented. These mistakes have opened up TLS connections to variations of the Bleichenbacher attack. The researchers noted that their attack used a “side-channel leak via cache access timings of these implementations in order to break the RSA key exchanges of TLS implementations.”
At least ten variations of the Bleichenbacher attack have been developed over the past twenty years. About a year ago, researchers discovered a vulnerability that put websites such as Facebook and PayPal at risk. Developers are slowly moving away from the RSA algorithm, but is still remains a popular way to encrypt and decrypt messages.
