| Author | Meyer, Christopher; Somorovsky, Juraj; Weiss, Eugen; Schwenk, Jörg; Schinzel, Sebastian; Tews, Erik |
|---|
| Date | 2014 |
|---|
| Type | Conference Proceedings |
|---|
| Abstract | As a countermeasure against the famous Bleichenbacher
attack on RSA based ciphersuites, all TLS RFCs starting
from RFC 2246 (TLS 1.0) propose “to treat incorrectly
formatted messages in a manner indistinguishable from
correctly formatted RSA blocks”.
In this paper we show that this objective has not been
achieved yet (cf. Table 1): We present four new Bleichenbacher side channels, and three successful Bleichenbacher attacks against the Java Secure Socket Extension
(JSSE) SSL/TLS implementation and against hardware
security appliances using the Cavium NITROX SSL accelerator chip. Three of these side channels are timingbased, and two of them provide the first timing-based
Bleichenbacher attacks on SSL/TLS described in the literature. Our measurements confirmed that all these side
channels are observable over a switched network, with
timing differences between 1 and 23 microseconds. We
were able to successfully recover the PreMasterSecret
using three of the four side channels in a realistic measurement setup. |
|---|
| Isbn | 978 -1- 931971-15 -7 |
|---|
| Serie | SEC'14 |
|---|
| In | Proceedings of the 23rd USENIX conference on Security Symposium, p.733-748 |
|---|
| Publisher | USENIX Association |
|---|
| Partn | TUD-CS-2014-1099 |
|---|
| Url | https://tubiblio.ulb.tu-darmstadt.de/id/eprint/98212 |
|---|
