A team of academic researchers has discovered a timing vulnerability in some versions of the TLS specification that can allow an attacker to decrypt encrypted connections if some highly specific conditions are met. Although the flaw is potentially quite dangerous, the researchers said it is very difficult to exploit and is likely not a method a real world attacker would use.
The attack that the team developed is highly complex, and the flaw only exists in some specific implementations of TLS that use static cipher suites for Diffie-Hellman key exchange or reuse the ephemeral keys in TLS-DHE cipher suites. In order to be vulnerable to the attack, a server must meet one of those conditions and an attacker must also be able to run highly precise timing measurements against the server. That timing measurement is essentially a side channel that allows the attacker to determine whether the first byte of the shared secret between the server and the client in the shared secret of the DH key exchange begins with a zero.
The attack, which is known as Raccoon, affects TLS 1.2 and previous versions, which specify that any leading bytes beginning with zero in the premaster secret are stripped out. The premaster secret is the shared key used by the client and server to compute the subsequent TLS keys for each session.
“Since the resulting premaster secret is used as an input into the key derivation function, which is based on hash functions with different timing profiles, precise timing measurements may enable an attacker to construct an oracle from a TLS server. This oracle tells the attacker whether a computed premaster secret starts with zero or not,” the description of the attack says.
“Based on the server timing behavior, the attacker can find values leading to premaster secrets starting with zero. In the end, this helps the attacker to construct a set of equations and use a solver for the Hidden Number Problem (HNP) to compute the original premaster secret established between the client and the server.”
A successful attack using this technique could allow the adversary to get access to any of the encrypted data sent between the client and server, including sensitive information such as account passwords, financial data, or corporate documents. However, not only does the attacker need to find a server that uses DH(E) and reuses session keys, he needs to be able to observe the first connection between the client and server. The attacker also needs to be close enough to the server to conduct the precise timing measurements required. That’s a long list of requirements, and although it’s not out of reach for some classes of attackers, the researchers said adversaries are more likely to use other, simpler methods.
"My colleagues then implemented math. And we got the attack working.”
However, despite all of the complex math involved in the work the research team from Ruhr University Bochum, Tel Aviv University, Paderborn University, and Bundesamt für Sicherheit in der Informationstechnik, performed to perfect the technique, a real world attacker would not necessarily need to understand all of the details in order to execute the attack.
“I don't think the attack requires an advanced understanding to pull off. If one would write a tool to do the math everyone could use it. The attack's difficulty rises from the rare circumstances in which the attack works and the complexity of performing high precision timing measurements. The side channel is only a few thousand CPU cycles such that noise on the network or on the victim server makes the measurements noisy,” Robert Merget, the lead author of the paper, said in an email.
Merget maintains the TLS-Attacker framework, which analyzes TLS libraries, and he came upon the seed idea for the Raccoon attack while researching a different type of attack.
“I looked at the key derivation in SSL 3 looking for another attack and then noticed that this could not be implemented in constant time. After a quick thought, I knew that this would also mean that the newer TLS PRF's could also not be implemented in constant time for DHE. The attack is much easier to see when looking at SSL 3, as the hash function call, which creates the side channel is in plain sight,” Merget said.
“In the newer standards its implicit through the HMAC call, which is really a detail of HMAC. I didn't know if or how this could be exploited though. I consulted my colleagues and analyzed the problem further, as this looked very similar to a Bleichenbacher attack (it is a little different as you cannot really choose the number you multiply with). We then noticed that the Hidden Number Problem from Dan Boneh et al. was exactly what you needed to reconstruct the shared secret. My colleagues then implemented math. And we got the attack working.”
The researchers disclosed the details of the attack to browser vendors, large server operators, and vendors that were affected. Some F5 BIG-IP appliances are affected, and the company has published guidance on mitigating the vulnerability. Mozilla has disabled the affected cipher suites in Firefox, a move the company was already planning. Some versions of OpenSSL are affected, as well, and the maintainers have moved all of the remaining Diffie-Hellman cipher suites to the “weak-ssl-ciphers” list as a result.