Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS)

Over the last few years, there have been several serious attacks on Transport Layer Security (TLS), including attacks on its most commonly used ciphers and modes of operation. This document summarizes these attacks, with the goal of motivating generic and protocol-specific recommendations on the usage of TLS and Datagram TLS (DTLS).

[1]  Peter Gutmann Encrypt-then-MAC for TLS and DTLS , 2013 .

[2]  Eric Rescorla,et al.  Datagram Transport Layer Security , 2006, RFC.

[3]  Amichai Shulman A Perfect CRIME? Only TIME Will Tell , 2013 .

[4]  Bruce Schneier,et al.  Applied cryptography : protocols, algorithms, and source codein C , 1996 .

[5]  Scott R. Fluhrer,et al.  Additional Diffie-Hellman Tests for the Internet Key Exchange Protocol Version 2 (IKEv2) , 2013, RFC.

[6]  Peter Gutmann,et al.  Encrypt-then-MAC for Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) , 2014, RFC.

[7]  Adi Shamir,et al.  Weaknesses in the Key Scheduling Algorithm of RC4 , 2001, Selected Areas in Cryptography.

[8]  Eric Rescorla Keying Material Exporters for Transport Layer Security (TLS) , 2010, RFC.

[9]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[10]  Kenneth G. Paterson,et al.  Lucky Thirteen: Breaking the TLS and DTLS Record Protocols , 2013, 2013 IEEE Symposium on Security and Privacy.

[11]  Eric Rescorla,et al.  Datagram Transport Layer Security Version 1.2 , 2012, RFC.

[12]  Vlastimil Klíma,et al.  Attacking RSA-Based Sessions in SSL/TLS , 2003, CHES.

[13]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[14]  Goutam Paul,et al.  Permutation After RC4 Key Scheduling Reveals the Secret Key , 2007, Selected Areas in Cryptography.

[15]  Abhijit Choudhury,et al.  AES Galois Counter Mode (GCM) Cipher Suites for TLS , 2008, RFC.

[16]  Frederik Vercauteren,et al.  A cross-protocol attack on the TLS protocol , 2012, CCS.

[17]  Adi Shamir,et al.  A Practical Attack on Broadcast RC4 , 2001, FSE.

[18]  Stephen Farrell,et al.  Pervasive Monitoring Is an Attack , 2014, RFC.

[19]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[20]  Ralph Holz Recommendations for Secure Use of TLS and DTLS , 2014 .

[21]  Larry Zhu,et al.  Channel Bindings for TLS , 2010, RFC.

[22]  Serge Vaudenay,et al.  Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS , 2002, EUROCRYPT.

[23]  Jeff Hodges,et al.  HTTP Strict Transport Security (HSTS) , 2012, RFC.

[24]  Kenneth G. Paterson,et al.  On the Security of RC4 in TLS , 2013, USENIX Security Symposium.

[25]  Andrei Popov,et al.  Prohibiting RC4 Cipher Suites , 2015, RFC.

[26]  Chris Palmer,et al.  Public Key Pinning Extension for HTTP , 2015, RFC.

[27]  Antoine Delignat-Lavaud Virtual Host Confusion : Weaknesses and Exploits Black Hat 2014 Report * , 2014 .

[28]  Eric Rescorla,et al.  Transport Layer Security (TLS) Renegotiation Indication Extension , 2010, RFC.

[29]  Vitaly Shmatikov,et al.  Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations , 2014, 2014 IEEE Symposium on Security and Privacy.

[30]  Bernard P. Zajac Applied cryptography: Protocols, algorithms, and source code in C , 1994 .

[31]  Bodo Möller,et al.  This POODLE Bites: Exploiting The SSL 3.0 Fallback , 2014 .

[32]  Daniel Bleichenbacher,et al.  Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1 , 1998, CRYPTO.

[33]  Alfredo Pironti,et al.  Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS , 2014, 2014 IEEE Symposium on Security and Privacy.

[34]  R. Stephenson A and V , 1962, The British journal of ophthalmology.

[35]  Vitaly Shmatikov,et al.  The most dangerous code in the world: validating SSL certificates in non-browser software , 2012, CCS.

[36]  Pratik Guha Sarkar,et al.  ATTACKS ON SSL A COMPREHENSIVE STUDY OF BEAST , CRIME , TIME , BREACH , LUCKY 13 & RC 4 BIASES , 2013 .