Open AccessJournal Article
Password interception in a SSL/TLS channel
Reads0
Chats0
TLDR
Simple password authentication is often used e.g. from an email software application to a remote IMAP server, frequently done in a protected peer-to-peer tunnel, e.G. by SSL/TLS.Abstract:
Simple password authentication is often used e.g. from an email software application to a remote IMAP server. This is frequently done in a protected peer-to-peer tunnel, e.g. by SSL/TLS. At Eurocrypt'02, Vaudenay presented vulnerabilities in padding schemes used for block ciphers in CBC mode. He used a side channel, namely error information in the padding verification. This attack was not possible against SSL/TLS due to both unavailability of the side channel (errors are encrypted) and premature abortion of the session in case of errors. In this paper we extend the attack and optimize it. We show it is actually applicable against latest and most popular implementations of SSL/TLS (at the time this paper was written) for password interception. We demonstrate that a password for an IMAP account can be intercepted when the attacker is not too far from the server in less than an hour in a typical setting. We conclude that these versions of the SSL/TLS implementations are not secure when used with block ciphers in CBC mode and propose ways to strengthen them. We also propose to update the standard protocol.read more
Citations
More filters
Book
Guide to Elliptic Curve Cryptography
TL;DR: This guide explains the basic mathematics, describes state-of-the-art implementation methods, and presents standardized protocols for public-key encryption, digital signatures, and key establishment, as well as side-channel attacks and countermeasures.
ReportDOI
The Transport Layer Security (TLS) Protocol Version 1.3
TL;DR: This document specifies version 1.3 of the Transport Layer Security (TLS) protocol, which allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.
The Transport Layer Security (TLS) Protocol Version 1.1
TL;DR: This document specifies Version 1.1 of the Transport Layer Security (TLS) protocol, which provides communications security over the Internet by allowing client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery.
Book
Modern Cryptography: Theory and Practice
TL;DR: This book explains why "textbook crypto" is only good in an ideal world where data are random and bad guys behave nicely, and reveals the general unfitness of "textbooks crypto" for the real world by demonstrating numerous attacks on such schemes, protocols and systems under various real-world application scenarios.
Proceedings ArticleDOI
Lucky Thirteen: Breaking the TLS and DTLS Record Protocols
TL;DR: This paper presents distinguishing and plaintext recovery attacks against TLS and DTLS, based on a delicate timing analysis of decryption processing in the two protocols.
References
More filters
The TLS Protocol Version 1.0
T. Dierks,C. Allen +1 more
TL;DR: This document specifies Version 1.0 of the Transport Layer Security (TLS) protocol, which provides communications privacy over the Internet by allowing client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery.
Journal Article
Data encryption standard
TL;DR: Presentation de la norme americaine de codage des donnees informatisees (DES: Data Encryption Standard) permet de proteger lesDonnees selon des criteres qui sont developpes dans ce texte.
Book
Sequential Analysis: Tests and Confidence Intervals
TL;DR: In this paper, the authors introduce the sequential probability ratio test (SPRT), a test for estimating the probability of a given event to be true, and a series of other tests with curved stopping boundary crossing problems.
Journal ArticleDOI
Remote timing attacks are practical
David Brumley,Dan Boneh +1 more
TL;DR: In this paper, the authors present a timing attack against OpenSSL and demonstrate that timing attacks against network servers are practical and therefore security systems should defend against them, and they show that timing attack applies to general software systems.