Abstract / Description of output
This paper describes a cross-protocol attack on all versions of TLS; it can be seen as an extension of the Wagner and Schneier attack on SSL 3.0. The attack presents valid explicit elliptic curve Diffie-Hellman parameters signed by a server to a client that incorrectly interprets these parameters as valid plain Diffie-Hellman parameters. Our attack enables an adversary to successfully impersonate a server to a random client after obtaining 240 signed elliptic curve keys from the original server. While attacking a specific client is improbable due to the high number of signed keys required during the lifetime of one TLS handshake, it is not completely unrealistic for a setting where the server has high computational power and the attacker contents itself with recovering one out of many session keys. We remark that popular open-source server implementations are not susceptible to this attack, since they typically do not support the explicit curve option. Finally we propose a fix that renders the protocol immune to this family of cross-protocol attacks.
Original language | English |
---|---|
Title of host publication | Proceedings of the 2012 ACM Conference on Computer and Communications Security |
Place of Publication | New York, NY, USA |
Publisher | ACM |
Pages | 62-72 |
Number of pages | 11 |
ISBN (Print) | 978-1-4503-1651-4 |
DOIs | |
Publication status | Published - 2012 |
Event | 19th ACM Conference on Computer and Communications Security - Raleigh, United States Duration: 16 Oct 2012 → 18 Oct 2012 https://www.sigsac.org/ccs/CCS2012/ |
Publication series
Name | CCS '12 |
---|---|
Publisher | ACM |
Conference
Conference | 19th ACM Conference on Computer and Communications Security |
---|---|
Abbreviated title | CCS 2012 |
Country/Territory | United States |
City | Raleigh |
Period | 16/10/12 → 18/10/12 |
Internet address |
Keywords / Materials (for Non-textual outputs)
- cross-protocol attack, man-in-the-middle, server impersonation attack, ssl, tls