Pseudo Constant Time Implementations of TLS Are Only Pseudo Secure

Today, about 10% of TLS connections are still using CBC-mode cipher suites, despite a long history of attacks and the availability of better options (e.g. AES-GCM). In this work, we present three new types of attack against four popular fully patched implementations of TLS (Amazon's s2n, GnuTLS, mbed TLS and wolfSSL) which elected to use "pseudo constant time" countermeasures against the Lucky 13 attack on CBC-mode. Our attacks combine several variants of the PRIME+PROBE cache timing technique with a new extension of the original Lucky 13 attack. They apply in a cross-VM attack setting and are capable of recovering most of the plaintext whilst requiring only a moderate number of TLS connections. Along the way, we uncovered additional serious (but easy to patch) bugs in all four of the TLS implementations that we studied; in three cases, these bugs lead to Lucky 13 style attacks that can be mounted remotely with no access to a shared cache. Our work shows that adopting pseudo constant time countermeasures is not sufficient to attain real security in TLS implementations in CBC mode.

[1]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[2]  Klaus Wagner,et al.  Flush+Flush: A Fast and Stealthy Cache Attack , 2015, DIMVA.

[3]  Ralph C. Merkle,et al.  Secrecy, authentication, and public key systems , 1979 .

[4]  Kenneth G. Paterson,et al.  Lucky Thirteen: Breaking the TLS and DTLS Record Protocols , 2013, 2013 IEEE Symposium on Security and Privacy.

[5]  Peter Gutmann,et al.  Encrypt-then-MAC for Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) , 2014, RFC.

[6]  Michael Hamburg,et al.  Meltdown: Reading Kernel Memory from User Space , 2018, USENIX Security Symposium.

[7]  Juraj Somorovsky,et al.  Systematic Fuzzing and Testing of TLS Libraries , 2016, CCS.

[8]  Mengyuan Li,et al.  STACCO: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves , 2017, CCS.

[9]  Yuval Yarom,et al.  FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack , 2014, USENIX Security Symposium.

[10]  Serge Vaudenay,et al.  Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS , 2002, EUROCRYPT.

[11]  Gorka Irazoqui Apecechea,et al.  Lucky 13 Strikes Back , 2015, AsiaCCS.

[12]  Khawaja Amer Hayat,et al.  Password Interception in a SSL/TLS Channel , 2004 .

[13]  Elisabeth Oswald,et al.  Counting Keys in Parallel After a Side Channel Attack , 2015, ASIACRYPT.

[14]  Bodo Möller,et al.  This POODLE Bites: Exploiting The SSL 3.0 Fallback , 2014 .

[15]  Kenneth G. Paterson,et al.  Lucky Microseconds: A Timing Attack on Amazon's s2n Implementation of TLS , 2016, EUROCRYPT.

[16]  Michael K. Reiter,et al.  Cross-VM side channels and their use to extract private keys , 2012, CCS.

[17]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[18]  Brian Huffman,et al.  Continuous Formal Verification of Amazon s2n , 2018, CAV.

[19]  Stephan Krenn,et al.  Cache Games -- Bringing Access-Based Cache Attacks on AES to Practice , 2011, 2011 IEEE Symposium on Security and Privacy.

[20]  Naomi Benger,et al.  "Ooh Aah... Just a Little Bit" : A Small Amount of Side Channel Can Go a Long Way , 2014, CHES.

[21]  Gernot Heiser,et al.  Last-Level Cache Side-Channel Attacks are Practical , 2015, 2015 IEEE Symposium on Security and Privacy.

[22]  Stefan Mangard,et al.  ARMageddon: Cache Attacks on Mobile Devices , 2015, USENIX Security Symposium.

[23]  Yuval Yarom,et al.  May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519 , 2017, CCS.

[24]  Elisabeth Oswald,et al.  Characterisation and Estimation of the Key Rank Distribution in the Context of Side Channel Evaluations , 2016, IACR Cryptol. ePrint Arch..

[25]  Gorka Irazoqui Apecechea,et al.  Cache Attacks Enable Bulk Key Recovery on the Cloud , 2016, CHES.

[26]  Naomi Benger,et al.  Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack , 2014, IACR Cryptol. ePrint Arch..

[27]  Andrey Bogdanov,et al.  Fast and Memory-Efficient Key Recovery in Side-Channel Attacks , 2015, SAC.

[28]  Gilles Barthe,et al.  Verifiable side-channel security of cryptographic implementations: constant-time MEE-CBC , 2016, IACR Cryptol. ePrint Arch..

[29]  Avishai Wool,et al.  A Bounded-Space Near-Optimal Key Enumeration Algorithm for Multi-subkey Side-Channel Attacks , 2017, CT-RSA.

[30]  Tanja Lange,et al.  Flush, Gauss, and reload : a cache attack on the BLISS lattice-based signature scheme , 2016 .

[31]  François-Xavier Standaert,et al.  An optimal Key Enumeration Algorithm and its Application to Side-Channel Attacks , 2012, IACR Cryptol. ePrint Arch..

[32]  Klaus Wagner,et al.  Flush+Flush: A Stealthier Last-Level Cache Attack , 2015, ArXiv.

[33]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.