SSL/TLS, a 20-year old security protocol, has become a major component securing network communications, from HTTPS e-commerce and social network sites to Virtual Private Networks, from e-mail protocols to virtually every possible protocol.
The problem SSL/TLS is trying to solve can be summarised as an authenticated key exchange followed by the establishment of a secure channel providing confidentiality and integrity to application data. Theorerically, this problem is a solved one. Actually, SSL/TLS comes with a heavy history, from its inception as SSLv2, which is vulnerable to numerous attacks, up to TLS 1.3, still a work in progress at the IETF.
Thus, the algorithms and modes used in practice in TLS do not reflect the state of the art. In this presentation, we will describe three examples of weak constuctions that are still frequently used by our browsers:
- the MAC-then-Encrypt paradigm (Lucky13, POODLE) ;
- RSA encryption using PKCS# v1.5 (Bleichenbacher, DROWN) ;
- RSA signature using PKCS# v1.5 (Bleichenbacher, Berserk)
Présenté lors de l'école d'été Cyber In Bretagne à Rennes, France en juillet 2016BibTeX Présentation