RFC 7457 Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS)
1. RFC 7457
Summarizing Known Attacks on
Transport Layer Security (TLS)
and Datagram TLS (DTLS)
19th Oct 2018
Kazumasa Kaneko
Graduate School of Engineering, The University of Tokyo
https://datatracker.ietf.org/doc/rfc7457/
1
2. What is TLS?
ジオトラスト https://www.geotrust.co.jp/ssl_guideline/ssl_beginners/
2
3. List of attacks
• SSL Stripping
• STARTTLS Command Injection Attack (CVE-2011-0411)
• 2.3. BEAST (CVE-2011-3389)
• Padding Oracle Attacks
• Attacks on RC4
• Compression Attacks: CRIME, TIME, and BREACH
• Certificate and RSA-Related Attacks
• Theft of RSA Private Keys
• Diffie-Hellman Parameters
• Renegotiation (CVE-2009-3555) .
• Triple Handshake (CVE-2014-1295)
• Virtual Host Confusion
• Denial of Service
• Implementation Issues
• Usability
3
http://delivery.acm.org/10.1145/2390000/2382206/p62-mavrogiannopoulos.pdf?ip=157.82.169.221&id=2382206&acc=ACTIVE%20SERVICE&key=D2341B890AD12BFE%2E925D03907F1B22EF%2E4D4702B0C3E38B35%2E4D4702B0C3E38B35&__acm__=1539601821_108848a01f9124d6d56f6aa7049a9c97
https://tools.ietf.org/id/draft-mavrogiannopoulos-tls-cross-protocol-00.html
Cross protocol attack
WS-Attack by Wagner & Schneier : サーバーの証明書をいじって、DHのパラメーターをRSAだと思わせる→DHのパラメーターは素数pと何らかの数字gなので、それをもとにしたk^g mod pからkを求めるのは簡単
DROWN
A Cross-Protocol Attack on the TLS Protocol (Mavrogiannopoulos) : ECDHのパラメーターをDHだと思わせる