Systematic Fuzzing Testing Of TLS Libraries

Discuss About The Systematic Fuzzing Testing Of TLS Libraries?

Computer security is a major part of a business enterprise and the security threats associated with it is also a major point of concern. In the field of computer securities, vulnerability in the system is termed as a weakness which can eventually lead to dangerous threats. This can also be termed as a weakness which can eventually be used by unethical users or dangerous hackers for breaching into the system. This report includes a discussion about the Bleichenbacher attack whose main workings were based on damaging the SSL certificate of a network. This report also includes the possible threats available from this kind of attacks. Moreover, this report also includes the mitigation procedures that can be utilized in case of this type of attacks.

This section of the report discusses about the main concepts of this bleichenbacher attack and the possible resources associated to it.

The ROBOT attack is also termed as a customized form of the Bleichenbacher that allows the use of a private key belonging to a TLS server for performing signing as well as RSA decryptions [1]. In addition, this type of attack can also be used to attack the HTTPS host in a website.

According to the ROBOT attack on the various vendor companies including Palo Alto network and IBM, there has been a new kind of Bleichenbacher attack which utilized the SSL vulnerabilities. The description of this type of attack was published by three researchers who were responsible for providing the reason for this. Their research was mainly done by running the Bleichenbacher attack algorithm against the known RSA key exchanges. This was followed by running through a modern set of TLS stacks which led to the discovery of vulnerable sites [2]. In addition, the researchers were also responsible for contacting these websites and working with the TLS stack vendors. 

Several websites found on the internet were affected which also included well-known websites like Paypal and Facebook. In addition, according to a report, 27 of the top 100 websites ranked by Alexa were affected by this kind of attack.

The description of Bleichenbacher attack is termed to be the “million message attack” which is in place from the year 1998. The main workings of the Bleichenbacher attack involve sending various amounts of cipher texts in variations to a TLS server destination. This is the main reason for it to be considered as the “original padding Oracle attack” for TLS servers [3]. After receiving such amounts of cipher texts, the destination TLS server tries to decrypt the sent cipher texts and sends either one of the two error codes. These codes are mainly the failure in decrypting messaguse e or the messing up of padding message.

Recent threat

By sending varied cipher texts to a TLS server and by analyzing the difference between the two received error codes, an attacker can construct the sequence of the message using one bit at a time. During this sending and receiving session of a TLS server, the attacker can hack in to the system to steal user credentials which will lead to a breach in the system.

There have been many varied attempts of the Bleichenbacher attack which have been found to be the main cause for many types of breaches. According to the records of the python-rsa library in the year 2016, there have been reports of the Bleichenbacher attack. Moreover, a German security team was responsible in finding the evidence of this kind of attack in the XML encryption in the year 2012.

The Bleichenbacher is termed as a protocol attack on theories. However, there are no such types of attacks are ever seen to be executed closely. To address these, the secret forward ciphers, including the DHE and the ECDHE are applied which are not supposed to be vulnerable to the Bleichenbacher attack. In addition, the major TLS stacks support forward secrecy which is in turn supported by the browsers as well [4]. However, there are vulnerabilities in a small population of the world mainly due to presence of two factors. The one are those people who use RSA for various reasons and the other group of people who does not utilize the forward secrecies due to the need for passive monitoring requirements. There are also major companies who are adopting such means and their customers are the one who faces the risk. This is mainly because breaches in the system can lead to the theft of information from the system. This in turn will lead to the customers losing faith from the business [5]. As a result, the business will be heavily impacted which may result in the reduction of the brand image in the market

Another impact of this kind of attack is the active TLS handshake. This attack can also be used to get the TLS server to accept arbitrary messages. This will lead to the formation of an incident relating to a man-in-the-middle attack. However, for an attacker to utilize the Bleichenbacher attack, it would require a long time for a successful breach which is termed as the biggest limitation of this kind of attack.

Description of the attack

Lastly, the Bleichenbacher attack can also be customized for various other kinds of attacks. The Bleichenbacher padding can be used to decrypt some other secret cipher which will then be used to crack any other recorded TLS session [6]. This is another impact which is to be mitigated strictly.

For adopting standards to mitigate the risks required, there are several ways to do so. The first mitigation strategy is to identify the presence of patches to the system. This will help in making the system secure and address the vulnerabilities present in the system. In addition, the use of the Cisco ACE device must be avoided. Since a long time, this device was discontinued by Cisco and hence no updates of such devices are possible [7]. It was found that there are various hosts which still use this kind of devices. These kinds of devices cannot support any cipher suites and thus, they cannot be used for generating a secure TLS connections.

The second mitigation standard is to disable the RSA encryption. The Bleichenbacher attack can only affect the TLS cipher related nodes that are associated with RSA encryption. In the modern times, almost all of the TLS stack servers are associated with Elliptic Curve Diffie-Hellman key exchange which needs the RSA encryption standards for signature related purposes. These nodes are considered to be risky as well as less secure [8]. Moreover, these nodes do not support any kind of forward secrecy ciphers. However, only the ciphers which start with TLS_RSA are to be disabled and not the ones with RSA signatures like DHE or ECDHE.

The last option is to rate-limit the SSL handshakes from each individual IP addresses. If the TLS stack server includes a data plane which can be programmable, a simple tracking rule for keeping record of the TLS requests for each flow will be sufficient address it [9]. In addition, due to various attacks, the handshake operation of the TLS stack server is limited to less than 10 seconds.

The implementers of the TLS stack servers are considered for their replying mechanisms. They reply written messages for each text received. For foiling the padding attacks and the timing oracle attacks, the attackers need to reply with single error codes. In addition, this must be considered by replying at the same time.

For addressing such vulnerabilities, the server administrator needs to develop a copy of the message and then make a comparison of the incoming message with the copy of the file developed. If there is a match, then there are no vulnerabilities [10]. If there is no match, only a single line error code will be sent. This helps in solving the padding oracle attacks and the timing oracle attacks. However, this can only be implemented by sophisticated and advanced programmers who have experience with the infosec requirements.

Impact of the Bleichenbacher attack

Conclusion

Thus, it can be concluded that the Bleichenbacher attack can cause heavy damages to any system. This will also be responsible for any company or organization to lose their brand images in the market. For this reason, the Bleichenbacher attack is termed to be a dangerous attack which utilizes the SSL vulnerability in any kind of system. It has been mentioned in this report about the list of the companies who have been found to be vulnerable. In addition, this report has also discussed the various impacts of the Bleichenbacher attack. Moreover, the mitigation strategies that can be adopted are also listed in this report. Lastly, this report has also discussed about the future applications which can be adopted to reduce the presence of any further attacks.

References

[1] Meyer, Christopher, Juraj Somorovsky, Eugen Weiss, Jörg Schwenk, Sebastian Schinzel, and Erik Tews. "Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks." In USENIX Security Symposium, pp. 733-748. 2014.

[2] Paar, Christoph, David Adrian, Emilia Kasper, J. Alex Halderman, Jens Steube, Juraj Somorovsky, Luke Valenta et al. "DROWN: Breaking TLS using SSLv2." (2016).

[3] Jonsson, Jakob, Kathleen Moriarty, Burt Kaliski, and Andreas Rusch. "PKCS# 1: RSA Cryptography Specifications Version 2.2." (2016).

[4] Böck, Hanno, Juraj Somorovsky, and Craig Young. "Return Of Bleichenbacher’s Oracle Threat (ROBOT)." (2017).

[5] Sheffer, Y., R. Holz, and P. Saint-Andre. Summarizing known attacks on transport layer security (tls) and datagram tls (dtls). No. RFC 7457. 2015.

[6] De Mulder, Elke, Michael Hutter, Mark E. Marson, and Peter Pearson. "Using Bleichenbacher’s solution to the hidden number problem to attack nonce leaks in 384-bit ECDSA: etended version." Journal of Cryptographic Engineering 4, no. 1 (2014): 33-45.

[7] Aviram, Nimrod, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta et al. "DROWN: Breaking TLS Using SSLv2." In USENIX Security Symposium, pp. 689-706. 2016.

[8] Holz, Ralph, Yaron Sheffer, and Peter Saint-Andre. "Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS)." (2015).

[9] Jager, Tibor, Jörg Schwenk, and Juraj Somorovsky. "On the security of TLS 1.3 and QUIC against weaknesses in PKCS# 1 v1. 5 encryption." In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 1185-1196. ACM, 2015.

[10] Somorovsky, Juraj. "Systematic fuzzing and testing of TLS libraries." In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1492-1504. ACM, 2016.

[11] Jayalakshmi, Mrs N., and Mrs Nimmati Satheesh. "A STUDY ON OPEN SSL VULNERABILITIES WITH HEART BLEED WORM DETECTION." INTERNATIONAL JOURNAL (2015).

[12] Dubeuf, Jeremy, David Hely, and Vincent Beroulle. "Enhanced Elliptic Curve Scalar Multiplication Secure Against Side Channel Attacks and Safe Errors." In International Workshop on Constructive Side-Channel Analysis and Secure Design, pp. 65-82. Springer, Cham, 2017.