Schedule 31. Chaos Communication Congress

Version 1.7 a new dawn

lecture: Revisiting SSL/TLS Implementations

New Bleichenbacher Side Channels and Attacks

We present four new Bleichenbacher side channels, and three successful Bleichenbacher attacks against the Java Secure Socket Extension (JSSE) SSL/TLS implementation and against hardware security appliances using the Cavium NITROX SSL accelerator chip.

16 years ago, Daniel Bleichenbacher presented a protocol-level padding oracle attack against SSL/TLS. As a countermeasure, all TLS RFCs starting from RFC 2246 (TLS 1.0) propose "to treat incorrectly formatted messages in a manner indistinguishable from correctly formatted RSA blocks".

In our recent paper [1] we show that this objective has not been achieved yet: We present four new Bleichenbacher side channels, and three successful Bleichenbacher attacks against the Java Secure Socket Extension (JSSE) SSL/TLS implementation and against hardware security appliances using the Cavium NITROX SSL accelerator chip. Three of these side channels are timing-based, and two of them provide the first timing-based Bleichenbacher attacks on SSL/TLS described in the literature. Our measurements confirmed that all these side channels are observable over a switched network, with timing differences between 1 and 23 microseconds. We were able to successfully recover the PreMasterSecret using three of the four side channels in a realistic measurement setup.

Besides the academic relevance of breaking common SSL/TLS implementations, the timing attacks we performed are quite interesting for the hacking community. In our talk, we will thus focus on the challenges we had to solve during our attacks and on the challenges of fixing these issues.

The talk extends the topics that I presented at 28c3 [2] and 29c3 [3].

[1]: Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks.
Meyer, Somorovsky, Weiss, Schwenk, Schinzel, Tews.
Usenix Security Symposium 2014.
[2]: https://media.ccc.de/browse/congress/2011/28c3-4640-en-time_is_on_my_side.html
[3]: https://media.ccc.de/browse/congress/2012/29c3-5044-en-time_is_not_on_your_side_h264.html

Info

Day: 2014-12-27
Start time: 16:00
Duration: 01:00
Room: Saal 2
Track: Security & Hacking
Language: en

Feedback

Click here to let us know how you liked this event.

Concurrent events

Saal 6: How I Learned to Stop Reinventing and Love the Wheels
Saal 1: Practical EMV PIN interception and fraud detection
Saal G: osmo-gmr: What's up with sat-phones ?