Protecting Encrypted Cookies from Compression Side-Channel Attacks

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8975)

Abstract

Compression is desirable for network applications as it saves bandwidth; however, when data is compressed before being encrypted, the amount of compression leaks information about the amount of redundancy in the plaintext. This side channel has led to successful CRIME and BREACH attacks on web traffic protected by the Transport Layer Security (TLS) protocol. The general guidance in light of these attacks has been to disable compression, preserving confidentiality but sacrificing bandwidth. In this paper, we examine two techniques—heuristic separation of secrets and fixed-dictionary compression—for enabling compression while protecting high-value secrets, such as cookies, from attack. We model the security offered by these techniques and report on the amount of compressibility that they can achieve.

References

  1. 1.
    Fielding, R., Reschke, J.: Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing. RFC 7230 (Proposed Standard) (2014)Google Scholar
  2. 2.
    Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard) (2008). Updated by RFCs 5746, 5878, 6176Google Scholar
  3. 3.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996) Google Scholar
  4. 4.
    Kelsey, J., Schneier, B., Wagner, D., Hall, C.: Side channel cryptanalysis of product ciphers. In: Quisquater, J.-J., Deswarte, Y., Meadows, C., Gollmann, D. (eds.) ESORICS 1998. LNCS, vol. 1485, pp. 97–110. Springer, Heidelberg (1998) Google Scholar
  5. 5.
    Hutter, M., Mangard, S., Feldhofer, M.: Power and EM attacks on passive 13.56 mhz RFID devices. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 320–333. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  6. 6.
    Kelsey, J.: Compression and information leakage of plaintext. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 263–276. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  7. 7.
    Rizzo, J., Duong, T.: The CRIME attack. Presented at ekoparty 2012 (2012). http://goo.gl/mlw1X1
  8. 8.
    The Chromium Projects: (SPDY). http://dev.chromium.org/spdy
  9. 9.
    Trustworthy Internet Movement: SSL Pulse (2014). https://www.trustworthyinternet.org/ssl-pulse/
  10. 10.
    Gluck, Y., Harris, N., Prado, A.: SSL, gone in 30 s: A BREACH beyond CRIME. In: Black Hat USA 2013 (2013)Google Scholar
  11. 11.
    Belshe, M., Peon, R., Thomson, M.: Hypertext Transfer Protocol version 2. Internet-Draft (2014). http://tools.ietf.org/html/draft-ietf-httpbis-http2-16
  12. 12.
    Kelley, J., Tamassia, R.: Secure compression: theory & practice. Cryptology ePrint Archive, Report 2014/113 (2014). http://eprint.iacr.org/2014/113
  13. 13.
    Akavia, A., Goldwasser, S., Vaikuntanathan, V.: Simultaneous hardcore bits and cryptography against memory attacks. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 474–495. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  14. 14.
    Naor, M., Segev, G.: Public-key cryptosystems resilient to key leakage. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 18–35. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  15. 15.
    Alawatugoda, J., Stebila, D., Boyd, C.: Protecting encrypted cookies from compression side-channel attacks (full version). Cryptology ePrint Archive, Report 2014/724 (2014). http://eprint.iacr.org/2014/724
  16. 16.
    Pike, J.: Text compression using a 4 bit coding scheme. Comput. J. 24, 324–330 (1980)CrossRefGoogle Scholar
  17. 17.
    Sanfilippo, S.: Smaz: small strings compression library (2009). https://github.com/antirez/smaz
  18. 18.
    Klinc, D., Hazay, C., Jagmohan, A., Krawczyk, H., Rabin, T.: On Compression of Data Encrypted with Block Ciphers Cryptology ePrint Archive, Report 2010/477. http://eprint.iacr.org/2010/477
  19. 19.
    Peon, R., Ruellan, H.: HPACK-Header Compression for HTTP/2. http://http2.github.io/http2-spec/compression.html

Copyright information

© Springer-Verlag Berlin Heidelberg 2015

Authors and Affiliations

  • Janaka Alawatugoda
    • 1
  • Douglas Stebila
    • 1
    • 2
  • Colin Boyd
    • 3
  1. 1.School of Electrical Engineering and Computer ScienceQueensland University of TechnologyBrisbaneAustralia
  2. 2.School of Mathematical SciencesQueensland University of TechnologyBrisbaneAustralia
  3. 3.Department of TelematicsNorwegian University of Science and TechnologyTrondheimNorway

Personalised recommendations