Abstract
Simple password authentication is often used e.g. from an email software application to a remote IMAP server. This is frequently done in a protected peer-to-peer tunnel, e.g. by SSL/TLS.
At Eurocrypt’02, Vaudenay presented vulnerabilities in padding schemes used for block ciphers in CBC mode. He used a side channel, namely error information in the padding verification. This attack was not possible against SSL/TLS due to both unavailability of the side channel (errors are encrypted) and premature abortion of the session in case of errors. In this paper we extend the attack and optimize it. We show it is actually applicable against latest and most popular implementations of SSL/TLS (at the time this paper was written) for password interception.
We demonstrate that a password for an IMAP account can be intercepted when the attacker is not too far from the server in less than an hour in a typical setting.
We conclude that these versions of the SSL/TLS implementations are not secure when used with block ciphers in CBC mode and propose ways to strengthen them. We also propose to update the standard protocol.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
ISO/IEC 10116, Information Processing — Modes of Operation for an n-bit Block Cipher Algorithm. International Organization for Standardization, Geneva, Switzerland (1991)
Wireless Transport Layer Security. Wireless Application Protocol WAP-261-WTLS-20010406-a. Wireless Application Protocol Forum (2001), http://www.wapforum.org/
FIPS 46-3, Data Encryption Standard (DES). U.S. Department of Commerce — National Institute of Standards and Technology. Federal Information Processing Standard Publication 46-3 (1999)
FIPS 81, DES Modes of Operation. U.S. Department of Commerce — National Bureau of Standards, National Technical Information Service, Springfield, Virginia. Federal Information Processing Standards 81 (1980)
English Word List Elcomsoft Co. Ltd, http://www.elcomsoft.com
Black, J., Urtubia, H.: Side-Channel Attacks on Symmetric Encryption Schemes: The Case for Authenticated Encryption. In: Proceedings of the 11th Usenix UNIX Security Symposium, San Francisco, California, USA, USENIX (2002)
Brumley, D., Boneh, D.: Remote Timing Attacks are Practical. To appear in Proceedings of the 12th Usenix UNIX Security Symposium, USENIX (2003)
Crispin, M.: Internet Message Access Protocol - Version 4. RFC 1730, standard tracks, University of Washington (1994)
Dierks, T., Allen, C.: The TLS Protocol Version 1.0. RFC 2246, standard tracks, the Internet Society (1999)
Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., Leach, P., Luotonen, A., Stewart, L.: HTTP Authentication: Basic and Digest Access Authentication. Internet standard. RFC 2617, the Internet Society (1999)
Junod, P.: On the Optimality of Linear, Differential and Sequential Distinguishers. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 17–32. Springer, Heidelberg (2003)
Kocher, P.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
Möller, B.: Security of CBC Ciphersuites in SSL/TLS: Problems and Countermeasures (2002), http://www.openssl.org/~bodo/tls-cbc.txt
Newman, C.: Using TLS with IMAP, POP3 and ACAP. RFC 2595, standard tracks, the Internet Society (1999)
Siegmund, D.: Sequential Analysis — Tests and Confidence Intervals. Springer, Heidelberg (1985)
Ricca, M.: The Denver Projet - A Combination of ARP and DNS Spoofing. Ecole Polytechnique Fédérale de Lausanne, LASEC, Semester Project (2002), http://lasecwww.epfl.ch
Vaudenay, S.: Security Flaws Induced by CBC Padding — Applications to SSL, IPSEC, WTLS.. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 534–545. Springer, Heidelberg (2002)
Vuagnoux, M.: CBC PAD Attack against IMAP over TLS. omen. Ecole Polytechnique Fédérale de Lausanne, LASEC, Semester Project (2003), http://omen.vuagnoux.com
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Canvel, B., Hiltgen, A., Vaudenay, S., Vuagnoux, M. (2003). Password Interception in a SSL/TLS Channel. In: Boneh, D. (eds) Advances in Cryptology - CRYPTO 2003. CRYPTO 2003. Lecture Notes in Computer Science, vol 2729. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45146-4_34
Download citation
DOI: https://doi.org/10.1007/978-3-540-45146-4_34
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40674-7
Online ISBN: 978-3-540-45146-4
eBook Packages: Springer Book Archive