There’s yet another flaw in SSL that you should be aware of. It’s called the Bicycle Attack and here’s a quick overview from the guy who discovered it:
It is usually assumed that HTTP traffic encapsulated in TLS doesn’t reveal the exact sizes of its parts, such as the length of a cookie header, or the payload of a HTTP POST request that may contain variable-length credentials such as passwords. In this paper I show that the redundancy of the plaintext HTTP headers included in each and every request can be exploited in order to reveal the length of particular components (such as passwords) of particular requests (such as authentication to a web application).
The redundancy of HTTP in practice allows for an iterative resolution of the length of ‘unknowns’ in a HTTP message until the lengths of all its components are known except for a coveted secret, such as a password, whose length is then implied. The attack furthermore exploits the property of stream-oriented cipher suites such as those based on Galois/Counter Mode that the exact size of the plaintext can be known to a man-in-the-middle.
In short, The HTTPS Bicycle attack can result in the length of personal and secret data, such as passwords and GPS co-ordinates, being exposed from a packet capture of a user’s HTTPS traffic. This opens the door to all sorts of attacks such as brute force password attacks where you already know how long the password is. Charming. What’s worse is that you can’t detect this attack at present.
There’s no fix for this at present. But one hopes a lot of smarter people than I are looking at it so that users are protected.
Like this:
Like Loading...
Related
This entry was posted on January 7, 2016 at 9:35 am and is filed under Commentary with tags SSL. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
New And Scary SSL Flaw In The Wild
There’s yet another flaw in SSL that you should be aware of. It’s called the Bicycle Attack and here’s a quick overview from the guy who discovered it:
It is usually assumed that HTTP traffic encapsulated in TLS doesn’t reveal the exact sizes of its parts, such as the length of a cookie header, or the payload of a HTTP POST request that may contain variable-length credentials such as passwords. In this paper I show that the redundancy of the plaintext HTTP headers included in each and every request can be exploited in order to reveal the length of particular components (such as passwords) of particular requests (such as authentication to a web application).
The redundancy of HTTP in practice allows for an iterative resolution of the length of ‘unknowns’ in a HTTP message until the lengths of all its components are known except for a coveted secret, such as a password, whose length is then implied. The attack furthermore exploits the property of stream-oriented cipher suites such as those based on Galois/Counter Mode that the exact size of the plaintext can be known to a man-in-the-middle.
In short, The HTTPS Bicycle attack can result in the length of personal and secret data, such as passwords and GPS co-ordinates, being exposed from a packet capture of a user’s HTTPS traffic. This opens the door to all sorts of attacks such as brute force password attacks where you already know how long the password is. Charming. What’s worse is that you can’t detect this attack at present.
There’s no fix for this at present. But one hopes a lot of smarter people than I are looking at it so that users are protected.
Share this:
Like this:
Related
This entry was posted on January 7, 2016 at 9:35 am and is filed under Commentary with tags SSL. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.