New attack removes TLS protocol encryption

This new attack is also functional against the recently released TLS 1.3 protocol

A new cryptographic attack capable of disrupting the encrypted Transport Layer Security (TLS) traffic has been discovered; according to network security and ethical hacking specialists from the International Institute of Cyber Security, this could allow threat actors to intercept and extract data transported by a method that was considered secure.

This new attack variant is functional even against TLS 1.3, the latest version of the security protocol, launched during the second quarter of 2018. The attack is not entirely new, the experts pointed out; it is a variant of a known attack, specifically the Bleichenbacher attack.

According to specialists in network security, the original attack was named because of Daniel Bleichenbacher, an expert in cryptography, who in 1998 made the first variant of attacks against systems using RSA encryption together with the function of PKCS # 1 V1 encryption. Since then, multiple variants of the attack have been developed by various experts.

The main reason for the emergence of so many variants of the Bleichenbacher attack is that the TLS security protocol authors opted to add protection measures to make it more difficult to guess the RSA encryption key, rather than replacing this algorithm with a whole new development. These measures were defined in the section of the TLS standard, but since their publication there are plenty of hardware and software developers who do not implement them as dictated by the protocol.

According to network security experts, the implementation flaws of these security measures have caused countless servers, firewalls, routers, VPN, and code libraries supporting TS to still be vulnerable to some variants of the Bleichenbacher attack.

A new way to break RSA PKCS#1 v1 (the most used RSA configuration for encrypting TLS connections) was recently discovered and, as if this was not enough, this new Bleichenbacher attack variant is also functional in QUIC, the new encryption protocol for Google.

“The attack takes advantage of a side channel leak through these implementations to break the RSA key exchange of TLS deployments,” the investigators mentioned in their report.  “We tested nine different TLS implementations against cache attacks and we can confirm that 7 are vulnerable: OpenSSL, Amazon s2n, MbedTLS, Apple CoreTLS, Mozilla NSS, WolfSSL and GnuTLS”.

The updated versions of all the affected libraries were published simultaneously since November 2018, when the researchers revealed the first advances of their work.

The vulnerabilities that make this new variant of Bleichenbacher attack viable have been tracked as: CVE-2018-12404, CVE-2018-19608, CVE-2018-16868, CVE-2018-16869 and CVE-2018-16870.