Report
On downgrade attacks in the TLS protocol
- Abstract:
- The TLS protocol was designed to support various versions and ciphersuites. This provides a high level of agility and backward compatibility. At the same time, it opens doors for so-called downgrade attacks. Downgrade attack is a specific type of attacks that result in forcing two communicating parties to use weaker configurations than the ones they wished to use. In this paper, we explore downgrade attacks in TLS. We revisit TLS 1.2, and summarise the major changes in the upcoming standard TLS 1.3 based on the latest draft (revision 14). We summarise notable examples of TLS downgrade attacks. Finally, we analyse TLS 1.3 protection mechanisms when a cryptographic primitive is broken. Our analysis adds clarity over the existing literature and shows the following: first, weak DHE parameters alone can not allow an attacker to complete a handshake with downgraded ciphersuite, due to a signature over the handshake transcript. Second, compromised digital signatures would allow successful version downgrade that leverages TLS 1.2 attacks (e.g. Logjam) but would not help the attacker to make both ends compute the same keys, due to disparity in the server's nonce that is used as input in the Key Derivation Function (KDF). Finally, weak hash functions would allow successful completion of the handshake despite different transcripts at each end-point, without the attacker knowing the key.
- Publication status:
- Not published
- Peer review status:
- Reviewed (other)
Actions
Access Document
- Files:
-
-
(Preview, Author's original, pdf, 503.2KB, Terms of use)
-
Authors
- Publisher:
- Centre for Doctoral Training in Cyber Security
- Series:
- CDT Technical Paper Series
- Publication date:
- 2016-07-01
- Language:
-
English
- Keywords:
- Pubs id:
-
pubs:655585
- UUID:
-
uuid:8cad0512-2f66-4374-b41f-66f630040781
- Local pid:
-
pubs:655585
- Deposit date:
-
2016-10-28
- ARK identifier:
Terms of use
- Copyright holder:
- Eman Alashwali
- Copyright date:
- 2016
- Notes:
- This is the published version of a technical paper "On downgrade attacks in the TLS protocol", published by The Centre for Doctoral Training in Cyber Security in 2016-05
If you are the owner of this record, you can report an update to it here: Report update to this record