Skip to main content
Log in

Plaintext side channels in TLS Chiphertex

  • Original Paper
  • Published:
Journal of Computer Virology and Hacking Techniques Aims and scope Submit manuscript

Abstract

This paper describes several techniques that can exploit plaintext side-channels, namely the length of ciphertext along with human factors. Those side-channels are explored in this work to recover secret strings such as authentication cookies, and possibly passwords, from Hypertext Transfer Protocol (HTTP) traffic protected by Transport Layer Security (TLS). Other applications of those attacks allow for evading the SiteKey anti-fishing mechanism, recovering the answers to user-configured challenge questions, and tracking a user’s operations on the web applications of a web site. Previous research has demonstrated the danger of using data compression in conjunction with encryption. There are highly publicized attacks that exploit compression side-channels to recover authentication cookies from TLS protected HTTP traffic. Since then, data compression is disabled at web servers, and recent versions of web browsers have it disabled by default. TLS version 1.3 has entirely removed support for data compression. With all those countermeasures in place, the techniques that are described in this paper can cause a comparable level of compromise. The overall work was done as an ethical security assessment to analyze and validate the danger of plaintext side-channels without any particular connection to data compression.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Bar-Yosef, N., Wool, A.: Remote algorithmic complexity attacks against randomized hash tables. In: SECRYPT, Hernando, J., Fernandez-Medina, E., Malek, M. (eds.), pp. 117–124. INSTICC Press (2007) (Online). http://dblp.uni-trier.de/db/conf/secrypt/secrypt2007.html#Bar-YosefW07

  2. Crosby, S.A., Wallach, D.S.: Denial of service via algorithmic complexity attacks. In: Proceedings of the 12th Conference on USENIX Security Symposium, vol. 12, ser. SSYM’03, pp. 29–44. USENIX Association, Berkeley (2003) (Online). http://dl.acm.org/citation.cfm?id=1251353.1251356

  3. Bernstein, D.J.: Cache-Timing Attacks on AES (2005)

  4. Bonneau, J., Mironov, I.: Cache-collision timing attacks against AES. In: Proceedings of the Cryptographic Hardware and Embedded Systems (2006)

  5. Cai, X., Gui, Y., Johnson, R.: Exploiting unix file-system races via algorithmic complexity attacks. In: Proceedings of the 30th IEEE Symposium on Security and Privacy, Berkeley, California, pp. 27–41 (2009)

  6. Tsafrir, D., Hertz, T., Wagner, D., Silva, D.D.: Portably solving file races with hardness amplification. Trans. Storage 4(3), 9:1–9:30 (2008) (Online). doi:10.1145/1416944.1416948

  7. Tsyrklevich, E., Yee, B.: Dynamic detection and prevention of race conditions in file accesses. In: Proceedings of the 12th Conference on USENIX Security Symposium, vol. 12, ser. SSYM’03, p. 17. USENIX Association, Berkeley (2003) (Online). http://dl.acm.org/citation.cfm?id=1251353.1251370

  8. Yao, A.C.C.:Some complexity questions related to distributive computing (preliminary report). In: Proceedings of the 11th Annual ACM Symposium on Theory of Computing, ser. STOC ’79, pp. 209–213. ACM, New York (1979) (Online). doi:10.1145/800135.804414

  9. Dierks, T., Rescorla, E.: The transport layer security (TLS) protocol. In: IETF RFC 5246 (2008)

  10. Babai, L., Frankl, P., Simon, J.: Complexity classes in communication complexity theory. In: Proceedings of the 27th Annual Symposium on Foundations of Computer Science, ser. SFCS ’86, pp. 337–347. IEEE Computer Society, Washington, DC (1986) (Online). doi:10.1109/SFCS.1986.15

  11. Kelsey, J.: Compression and information leakage of plaintext. In: Fast Software Encryption, 9th International Workshop, FSE 2002, Leuven, Belgium, February 4–6, 2002, Revised Papers, ser. Lecture Notes in Computer Science, vol. 2365, pp. 263–276. Springer, New York (2002) (Online). http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091

  12. Rizzo, J., Duong, T.: The Crime Attack (2012) (online resource). Accessed 09 Mar 2015

  13. Alcorn, W., Frichot, C., Orru, M.: The Browser Hacker’s Handbook. Wiley, New York (2014)

    Google Scholar 

  14. Scarfone, K., Souppaya, M.: Guide to Enterprise Password Management (2009) (online resource). Accessed 04 May 2015

  15. Davies, M.: Word frequency data (2012) (online resource). Accessed 09 Mar 2015

  16. Kuo, C., Romanosky, S., Cranor, L.F.: Human selection of mnemonic phrase-based passwords. In: Proceedings of the 2nd Symposium on Usable Privacy and Security, pp. 67–78. ACM, New York (2006) (Online). doi:10.1145/1143120.1143129

  17. Kirdaa, E., Jovanovicb, N., Kruegel, C., Vigna, G.: Client-side cross-site scripting protection. Computers Secur 28, 592–604 (2009)

    Article  Google Scholar 

  18. Nagel, E., Newman, Ja: Godelś proof. NYU Press, New York (2008)

    Google Scholar 

  19. Gauss, C.F.: Disquisitiones Arithemeticae. Translated by Springer (1986)

  20. Pomerance, C.: Fast, rigorous factorization and discrete logarithm algorithms. In: Discrete Algorithms and Complexity, pp. 119–143. Academic Press (1987)

  21. Schechter, S.E., Dhamija, R., Ozment, A., Fischer, I.: The emperor’s new security indicators. In: IEEE Symposium on Security and Privacy, pp. 51–65. IEEE Computer Society (2007) (Online). http://dblp.uni-trier.de/db/conf/sp/sp2007.html#SchechterDOF07

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Julian L. Rrushi.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Rrushi, J.L. Plaintext side channels in TLS Chiphertex. J Comput Virol Hack Tech 13, 13–27 (2017). https://doi.org/10.1007/s11416-016-0264-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-016-0264-4

Keywords

Navigation