New TLS encryption-busting attack also impacts the newer TLS 1.3

TLS 1.3

A team of academics has revealed a new cryptographic attack this week that can break encrypted TLS traffic, allowing attackers to intercept and steal data previously considered safe & secure.

This new downgrade attack –which doesn’t have a fancy name like most cryptography attacks tend to have– works even against the latest version of the TLS protocol, TLS 1.3, released last spring and considered to be secure.

The new cryptographic attack isn’t new, per-se. It’s yet another variation of the original Bleichenbacher oracle attack.

The original attack was named after Swiss cryptographer Daniel Bleichenbacher, who in 1998 demonstrated a first practical attack against systems using RSA encryption in concert with the PKCS#1 v1 encoding function.

Over the years, cryptographers have come up with variations on the original attack, such as in 2003, 2012, 2012, 2014, 2014, 2014, 2015, 2016 (DROWN), 2017 (ROBOT), and 2018.

The reason for all these attack variations is because the authors of the TLS encryption protocol decided to add countermeasures to make attempts to guess the RSA decryption key harder, instead of replacing the insecure RSA algorithm.

These countermeasures have been defined in Section 7.4.7.1 of the TLS standard (RFC 5246), which many hardware and software vendors across the years have misinterpreted or failed to follow to the letter of the law.

These failure in regards to implementing proper mitigations has resulted in many TLS-capable servers, routers, firewalls, VPNs, and coding libraries still being vulnerable to Bleichenbacher attack variations, which found and exploited problems in the incorrect mitigation procedures.

The latest Bleichenbacher attack variations was described in a technical paper published on Wednesday, this week, and entitled “The 9 Lives of Bleichenbacher’s CAT: New Cache ATtacks on TLS Implementations.”

Seven researchers from all over the world found –yet again– another way to break RSA PKCS#1 v1.5, the most common RSA configuration used to encrypt TLS connections nowadays. Besides TLS, this new Bleichenbacher attack also works against Google’s new QUIC encryption protocol as well.

“The attack leverages a side-channel leak via cache access timings of these implementations in order to break the RSA key exchanges of TLS implementations,” researchers said.

Even the newer version of the TLS 1.3 protocol, where RSA usage has been kept to a minimum, can be downgraded in some scenarios to TLS 1.2, where the new Bleichenbacher attack variation works.

“We tested nine different TLS implementations against cache attacks and seven were found to be vulnerable: OpenSSL, Amazon s2n, MbedTLS, Apple CoreTLS, Mozilla NSS, WolfSSL, and GnuTLS,” researchers said.

Updated versions of all the affected libraries were published concurrently in November 2018, when researchers published an initial draft of their research paper.

For more details, the following CVE identifiers have been assigned to the security bugs enabling this new Bleichenbacher attack: CVE-2018-12404, CVE-2018-19608, CVE-2018-16868, CVE-2018-16869, and CVE-2018-16870.

The two libraries that were not vulnerable were BearSSL and Google’s BoringSSL.

Related security coverage:

New TLS encryption-busting attack also impacts the newer TLS 1.3 1
About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews



bitcoin
Bitcoin (BTC) $ 43,752.00
ethereum
Ethereum (ETH) $ 3,087.33
cardano
Cardano (ADA) $ 2.21
tether
Tether (USDT) $ 1.00
binance-coin
Binance Coin (BNB) $ 374.29
xrp
XRP (XRP) $ 0.984326
solana
Solana (SOL) $ 145.82
polkadot
Polkadot (DOT) $ 30.88
usd-coin
USD Coin (USDC) $ 1.00
dogecoin
Dogecoin (DOGE) $ 0.221816
USD
EUR
GBP
bitcoinBitcoin (BTC)
$ 43,752.00
ethereumEthereum (ETH)
$ 3,087.33
tetherTether (USDT)
$ 1.00
bitcoin-cashBitcoin Cash (BCH)
$ 538.09
litecoinLitecoin (LTC)
$ 158.79
bitcoinBitcoin (BTC)
37.308,42
ethereumEthereum (ETH)
2.632,64
tetherTether (USDT)
0,852725
bitcoin-cashBitcoin Cash (BCH)
458,84
litecoinLitecoin (LTC)
135,40
bitcoinBitcoin (BTC)
31,958.65
ethereumEthereum (ETH)
2,255.14
tetherTether (USDT)
0.73045
bitcoin-cashBitcoin Cash (BCH)
393.05
litecoinLitecoin (LTC)
115.99

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Crypto Scams
Crypto Scams Still Persistent In 2021, SEC Warns About Red Flags To Watch
September 9, 2021
Poly Network
Here’s How Hackers Stole Over $600 million in the Poly Network Attack
August 12, 2021
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021
Cryptocurrency Exchanges
Cryptocurrency Exchanges and the Plague of Scams and Bans
June 29, 2021
What Role Do Cryptocurrencies Play In The Era Of Ransomware Attacks?
June 9, 2021

Blockchain/Cryptocurrency Questions and Answers

Beginner’s Guide to Investing in Cryptocurrency
August 9, 2021
Short-Sell Cryptocurrency
How to Short-Sell Cryptocurrency: A Brief Overview
July 17, 2021
Klaytn
What Is Klaytn (KLAY) And How Does It Work?
July 16, 2021
Cryptocurrencies
Our Crypto Roundup Interview Asks- Do Cryptocurrencies Have a Future?
July 15, 2021
Solana
What Is Solana (SOL) And How Does It Work?
June 26, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin43,962 0.49 % 4.07 % 8.77 %
Ethereum3,099.6 0.96 % 5.67 % 13.80 %
Cardano2.230 0.44 % 5.39 % 10.72 %
Tether0.9986 0.03 % 0.08 % 0.23 %
Binance Coin376.05 0.46 % 3.82 % 12.53 %
XRP0.9881 0.86 % 5.94 % 11.69 %
Solana146.74 1.21 % 12.74 % 7.48 %
Polkadot30.87 2.19 % 17.29 % 10.73 %
USD Coin1.000 0.07 % 0.09 % 0.18 %
Dogecoin0.2226 0.63 % 5.72 % 10.01 %

bitcoin
Bitcoin (BTC) $ 43,752.00
ethereum
Ethereum (ETH) $ 3,087.33
cardano
Cardano (ADA) $ 2.21
tether
Tether (USDT) $ 1.00
binance-coin
Binance Coin (BNB) $ 374.29
xrp
XRP (XRP) $ 0.984326
solana
Solana (SOL) $ 145.82
polkadot
Polkadot (DOT) $ 30.88
usd-coin
USD Coin (USDC) $ 1.00
dogecoin
Dogecoin (DOGE) $ 0.221816