Abstract
As a countermeasure against the famous Bleichenbacher attack on RSA based ciphersuites, all TLS RFCs starting from RFC 2246 (TLS 1.0) propose “to treat incorrectly formatted messages in a manner indistinguishable from correctly formatted RSA blocks”. In this paper we show that this objective has not been achieved yet (cf. Table 1): We present four new Bleichenbacher side channels, and three successful Bleichenbacher attacks against the Java Secure Socket Extension (JSSE) SSL/TLS implementation and against hardware security appliances using the Cavium NITROX SSL accelerator chip. Three of these side channels are timingbased, and two of them provide the first timing-based Bleichenbacher attacks on SSL/TLS described in the literature. Our easurements confirmed that all these side channels are observable over a switched network, with timing differences between 1 and 23 microseconds. We were able to successfully recover the PreMasterSecret using three of the four side channels in a realistic measurement setup.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the 23rd USENIX Security Symposium |
| Pages | 733-748 |
| Number of pages | 16 |
| Publication status | Published - 2014 |
| Externally published | Yes |
| Event | 23rd USENIX Security Symposium 2014 - San Diego, United States Duration: 20 Aug 2014 → 22 Aug 2014 Conference number: 23 https://www.usenix.org/conference/usenixsecurity14 |
Conference
| Conference | 23rd USENIX Security Symposium 2014 |
|---|---|
| Abbreviated title | USENIX Security |
| Country/Territory | United States |
| City | San Diego |
| Period | 20/08/14 → 22/08/14 |
| Internet address |