Vulnerability of SSL to Chosen-Plaintext Attack

نویسنده

  • Gregory V. Bard
چکیده

The Secure Sockets Layer (SSL) protocol is widely used for securing communication over the Internet. When utilizing block ciphers for encryption, the SSL standard mandates the use of the cipher block chaining (CBC) mode of encryption which requires an initialization vector (IV) in order to encrypt. Although the initial IV used by SSL is a (pseudo)random string which is generated and shared during the initial handshake phase, subsequent IVs used by SSL are chosen in a deterministic, predictable pattern; in particular, the IV of a message is taken to be the final ciphertext block of the immediately-preceding message. We show that this introduces a vulnerability in SSL which (potentially) enables easy recovery of low-entropy strings such as passwords or PINs that have been encrypted. Moreover, we argue that the open nature of web browsers provides a feasible “point of entry” for this attack via a corrupted plug-in; thus, implementing the attack is likely to be much easier than, say, installing a Trojan Horse for “keyboard sniffing”. Finally, we suggest a number of modifications to the SSL standard which will prevent this attack.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A Challenging but Feasible Blockwise-Adaptive Chosen-Plaintext Attack on SSL

This paper introduces a chosen-plaintext vulnerability in the Secure Sockets Layer (SSL) and Trasport Layer Security (TLS) protocols which enables recovery of low entropy strings such as can be guessed from a likely set of 2–1000 options. SSL and TLS are widely used for securing communication over the Internet. When utilizing block ciphers for encryption, the SSL and TLS standards mandate the u...

متن کامل

Vulnerability of SSL to Chosen - Plaintext Atta kGregory

متن کامل

Bar Mitzvah Attack

RC4 is the most popular stream cipher in the world. In fact, as of March 2015, RC4 is estimated to protect as much as 30% of SSL traffic, likely amounting to billions of TLS connections every day. Yet it suffers a critical – and long known – weakness known as the Invariance Weakness. In this paper we will revisit the Invariance Weakness – a 13-year old vulnerability of RC4 that is based on huge...

متن کامل

Here Come The ⊕ Ninjas

This paper introduces a fast blockwise chosen-plaintext attack against SSL 3.0 and TLS 1.0. We also describe one application of the attack that allows an attacker to efficiently decrypt and obtain authentication tokens embedded in HTTPS requests1 The resulting exploits work for major web browsers at the time of writing.

متن کامل

Attacking RSA-Based Sessions in SSL/TLS

In this paper we present a practically feasible attack on RSA-based sessions in SSL/TLS protocols. These protocols incorporate the PKCS#1 (v. 1.5) encoding method for the RSA encryption of a premaster-secret value. The premaster-secret is the only secret value that is used for deriving all the particular session keys. Therefore, an attacker who can recover the premastersecret can decrypt the wh...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2004