Abstract
This paper describes several techniques that can exploit plaintext side-channels, namely the length of ciphertext along with human factors. Those side-channels are explored in this work to recover secret strings such as authentication cookies, and possibly passwords, from Hypertext Transfer Protocol (HTTP) traffic protected by Transport Layer Security (TLS). Other applications of those attacks allow for evading the SiteKey anti-fishing mechanism, recovering the answers to user-configured challenge questions, and tracking a user’s operations on the web applications of a web site. Previous research has demonstrated the danger of using data compression in conjunction with encryption. There are highly publicized attacks that exploit compression side-channels to recover authentication cookies from TLS protected HTTP traffic. Since then, data compression is disabled at web servers, and recent versions of web browsers have it disabled by default. TLS version 1.3 has entirely removed support for data compression. With all those countermeasures in place, the techniques that are described in this paper can cause a comparable level of compromise. The overall work was done as an ethical security assessment to analyze and validate the danger of plaintext side-channels without any particular connection to data compression.
Similar content being viewed by others
References
Bar-Yosef, N., Wool, A.: Remote algorithmic complexity attacks against randomized hash tables. In: SECRYPT, Hernando, J., Fernandez-Medina, E., Malek, M. (eds.), pp. 117–124. INSTICC Press (2007) (Online). http://dblp.uni-trier.de/db/conf/secrypt/secrypt2007.html#Bar-YosefW07
Crosby, S.A., Wallach, D.S.: Denial of service via algorithmic complexity attacks. In: Proceedings of the 12th Conference on USENIX Security Symposium, vol. 12, ser. SSYM’03, pp. 29–44. USENIX Association, Berkeley (2003) (Online). http://dl.acm.org/citation.cfm?id=1251353.1251356
Bernstein, D.J.: Cache-Timing Attacks on AES (2005)
Bonneau, J., Mironov, I.: Cache-collision timing attacks against AES. In: Proceedings of the Cryptographic Hardware and Embedded Systems (2006)
Cai, X., Gui, Y., Johnson, R.: Exploiting unix file-system races via algorithmic complexity attacks. In: Proceedings of the 30th IEEE Symposium on Security and Privacy, Berkeley, California, pp. 27–41 (2009)
Tsafrir, D., Hertz, T., Wagner, D., Silva, D.D.: Portably solving file races with hardness amplification. Trans. Storage 4(3), 9:1–9:30 (2008) (Online). doi:10.1145/1416944.1416948
Tsyrklevich, E., Yee, B.: Dynamic detection and prevention of race conditions in file accesses. In: Proceedings of the 12th Conference on USENIX Security Symposium, vol. 12, ser. SSYM’03, p. 17. USENIX Association, Berkeley (2003) (Online). http://dl.acm.org/citation.cfm?id=1251353.1251370
Yao, A.C.C.:Some complexity questions related to distributive computing (preliminary report). In: Proceedings of the 11th Annual ACM Symposium on Theory of Computing, ser. STOC ’79, pp. 209–213. ACM, New York (1979) (Online). doi:10.1145/800135.804414
Dierks, T., Rescorla, E.: The transport layer security (TLS) protocol. In: IETF RFC 5246 (2008)
Babai, L., Frankl, P., Simon, J.: Complexity classes in communication complexity theory. In: Proceedings of the 27th Annual Symposium on Foundations of Computer Science, ser. SFCS ’86, pp. 337–347. IEEE Computer Society, Washington, DC (1986) (Online). doi:10.1109/SFCS.1986.15
Kelsey, J.: Compression and information leakage of plaintext. In: Fast Software Encryption, 9th International Workshop, FSE 2002, Leuven, Belgium, February 4–6, 2002, Revised Papers, ser. Lecture Notes in Computer Science, vol. 2365, pp. 263–276. Springer, New York (2002) (Online). http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091
Rizzo, J., Duong, T.: The Crime Attack (2012) (online resource). Accessed 09 Mar 2015
Alcorn, W., Frichot, C., Orru, M.: The Browser Hacker’s Handbook. Wiley, New York (2014)
Scarfone, K., Souppaya, M.: Guide to Enterprise Password Management (2009) (online resource). Accessed 04 May 2015
Davies, M.: Word frequency data (2012) (online resource). Accessed 09 Mar 2015
Kuo, C., Romanosky, S., Cranor, L.F.: Human selection of mnemonic phrase-based passwords. In: Proceedings of the 2nd Symposium on Usable Privacy and Security, pp. 67–78. ACM, New York (2006) (Online). doi:10.1145/1143120.1143129
Kirdaa, E., Jovanovicb, N., Kruegel, C., Vigna, G.: Client-side cross-site scripting protection. Computers Secur 28, 592–604 (2009)
Nagel, E., Newman, Ja: Godelś proof. NYU Press, New York (2008)
Gauss, C.F.: Disquisitiones Arithemeticae. Translated by Springer (1986)
Pomerance, C.: Fast, rigorous factorization and discrete logarithm algorithms. In: Discrete Algorithms and Complexity, pp. 119–143. Academic Press (1987)
Schechter, S.E., Dhamija, R., Ozment, A., Fischer, I.: The emperor’s new security indicators. In: IEEE Symposium on Security and Privacy, pp. 51–65. IEEE Computer Society (2007) (Online). http://dblp.uni-trier.de/db/conf/sp/sp2007.html#SchechterDOF07
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Rrushi, J.L. Plaintext side channels in TLS Chiphertex. J Comput Virol Hack Tech 13, 13–27 (2017). https://doi.org/10.1007/s11416-016-0264-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11416-016-0264-4