Now imagine that you’re a MiTM, or a man-in-the-middle. The server will send back an error message and terminate the connection. If the computed HMAC-SHA1 checksum does not match the reference checksum, then there has been an error or a forgery. Compute the HMAC-SHA1 of what’s left in the buffer (less padding and reference checksum).Remove the last 20 bytes (the length of an HMAC-SHA1 checksum) and store it for reference.Identify any padding at the end of the decrypted buffer, and strip it off.Decrypt the received data, which should be a multiple of 16 bytes in length.When a TLS server receives a packet that is HMAC-SHA1 checksummed and AES-CBS encrypted, it needs to validate it, like this: The TLS packet checksums are stored inside the encryption layer, after the raw data but before any necessary padding.Data packets that aren’t a multiple of 16 bytes long must be padded out until they are. The AES block cipher encrypts 16 bytes at a time.Greatly oversimplified, the attack relies on the following details: Nadhem AlFardan and Kenneth Paterson of Royal Holloway, a renowned centre for information security research that is part of the University of London, realised they could use these two security features against one another because of the way they are combined in TLS. You might assume that using not one but two strong cryptographic primitives would inevitably boost security, but cryptographers don’t think that way. Include a strong cryptographic checksum, usually HMAC-SHA1, to prevent errors and forgeries.Are encrypted with a secure block cipher, usually AES in CBC mode, to keep the contents secret.The authors of the paper noticed that the encrypted packets in most TLS sessions: To give you some idea of what makes cryptographers tick, and how they manage to extract order even out of carefully-contrived chaos, here’s how it all started. → The paper’s name is a bit cheeky – the authors wryly note that “in some sense, thirteen is lucky, but twelve would have been luckier,” since 12-byte headers would make their attack even more efficient. The name comes from the fact that encrypted TLS packets have thirteen header bytes that are consumed in one of the cryptographic calculations on which TLS relies. Like 2011’s infamous BEAST attack, it has a groovy name: Lucky Thirteen. It’s the system that puts the S into HTTPS (that’s the padlock you see on secure websites), and provides the security for many other protocols, too. TLS, or Transport Layer Security, is the successor to SSL, or Secure Sockets Layer. The security of online transactions is again in the spotlight as a pair of UK cryptographers take aim at TLS.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |