Report icon

Report

On downgrade attacks in the TLS protocol

Abstract:
The TLS protocol was designed to support various versions and ciphersuites. This provides a high level of agility and backward compatibility. At the same time, it opens doors for so-called downgrade attacks. Downgrade attack is a specific type of attacks that result in forcing two communicating parties to use weaker configurations than the ones they wished to use. In this paper, we explore downgrade attacks in TLS. We revisit TLS 1.2, and summarise the major changes in the upcoming standard TLS 1.3 based on the latest draft (revision 14). We summarise notable examples of TLS downgrade attacks. Finally, we analyse TLS 1.3 protection mechanisms when a cryptographic primitive is broken. Our analysis adds clarity over the existing literature and shows the following: first, weak DHE parameters alone can not allow an attacker to complete a handshake with downgraded ciphersuite, due to a signature over the handshake transcript. Second, compromised digital signatures would allow successful version downgrade that leverages TLS 1.2 attacks (e.g. Logjam) but would not help the attacker to make both ends compute the same keys, due to disparity in the server's nonce that is used as input in the Key Derivation Function (KDF). Finally, weak hash functions would allow successful completion of the handshake despite different transcripts at each end-point, without the attacker knowing the key.
Publication status:
Not published
Peer review status:
Reviewed (other)

Actions

Access Document

Files:

Authors

More by this author
Institution:
University of Oxford
Division:
MPLS
Department:
Computer Science
Role:
Author


Publisher:
Centre for Doctoral Training in Cyber Security
Series:
CDT Technical Paper Series
Publication date:
2016-07-01


Language:
English
Keywords:
Pubs id:
pubs:655585
UUID:
uuid:8cad0512-2f66-4374-b41f-66f630040781
Local pid:
pubs:655585
Deposit date:
2016-10-28
ARK identifier:

Terms of use


Views and Downloads






If you are the owner of this record, you can report an update to it here: Report update to this record

TO TOP