TY - GEN
T1 - TLS record protocol
T2 - 10th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2015
AU - Levillain, Olivier
AU - Gourdin, Baptiste
AU - Debar, Hervé
N1 - Publisher Copyright:
Copyright © 2015 ACM.
PY - 2015/4/14
Y1 - 2015/4/14
N2 - TLS and its main application HTTPS are an essential part of internet security. Since 2011, several attacks against the TLS Record protocol have been presented. To remediate these aws, countermeasures have been proposed. They were usually specific to a particular attack, and were sometimes in contradiction with one another. All the proofs of concept targeted HTTPS and relied on the repetition of some secret element inside the TLS tunnel. In the HTTPS context, such secrets are pervasive, be they authentication cookies or anti-CSRF tokens. We present a comprehensive state of the art of attacks on the Record protocol and the associated proposed countermeasures. In parallel to the community efforts to find reliable long term solutions, we propose masking mechanisms to avoid the repetition of sensitive elements, at the transport or application level. We also assess the feasibility and effciency of such defense-in-depth mechanisms. The recent POODLE vulnerability confirmed that our proposals could thwart unknown attacks, since they would have blocked it.
AB - TLS and its main application HTTPS are an essential part of internet security. Since 2011, several attacks against the TLS Record protocol have been presented. To remediate these aws, countermeasures have been proposed. They were usually specific to a particular attack, and were sometimes in contradiction with one another. All the proofs of concept targeted HTTPS and relied on the repetition of some secret element inside the TLS tunnel. In the HTTPS context, such secrets are pervasive, be they authentication cookies or anti-CSRF tokens. We present a comprehensive state of the art of attacks on the Record protocol and the associated proposed countermeasures. In parallel to the community efforts to find reliable long term solutions, we propose masking mechanisms to avoid the repetition of sensitive elements, at the transport or application level. We also assess the feasibility and effciency of such defense-in-depth mechanisms. The recent POODLE vulnerability confirmed that our proposals could thwart unknown attacks, since they would have blocked it.
U2 - 10.1145/2714576.2714592
DO - 10.1145/2714576.2714592
M3 - Conference contribution
AN - SCOPUS:84942515212
T3 - ASIACCS 2015 - Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security
SP - 225
EP - 236
BT - ASIACCS 2015 - Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security
PB - Association for Computing Machinery
Y2 - 14 April 2015 through 17 April 2015
ER -