Security and Attacks

  

As discussed, the server is always authenticated, and SSL allows for the client to also be authenticated. SSL provides for secure notification of exceptional conditions, error, and connection closure - assuming that keys are correctly generated and kept secure. As of this writing, no good attacks are known on SSL itself, but there are a few on specific implementations . Each cipher suite has algorithms for key establishment, digital signatures, data encryption, and message digest. The SSL security depends on the security of the cipher used. Also, the random (both client and server) is used to generate the other keys and thus affects the SSL implementation security. Therefore, select your random number generator carefully .

Recall that the client and server share the client random and server random elements and so, if an attacker knows the master_secret , all the other keys may be derived; the attacker can decrypt the records or compute the MAC keys. This is very significant because the attacker can change records ( decrypting the record and changing the message), although to avoid lots of work, he may not want to change the record length.

Caution  

The selection of the client and server random affects the SSL implementation.

The attacker could even intercept the connection, behave as one of the end points (the server, for example), establish another connection with the other end point (the client), and control the exchange - this is known as a man-in-the-middle attack. SSL provides a check on the handshake precisely to avoid this type of attack, but because the master_secret has been compromised, it could be possible.

The master_secret may be acquired if the key establishment algorithm is compromised. In addition, if the key establishment algorithm is compromised for a CA, the attacker can impersonate all entities that trust the CA.

SSL uses digital signatures to authenticate the certificates, to sign the Ephemeral keys, and to sign the CertificateVerify messages. Therefore, if the algorithm used for digital signatures is compromised, it affects all these uses and makes SSL vulnerable. For instance, if the server's key is compromised, the attacker can pose as the server; or if the client key is compromised, the attacker can pose as the client. The server key is a valuable key to attack and a timing cryptanalysis attack can be used. The attacker using the timing cryptanalysis attack times the victim while it uses the private key and with enough samples, the attacker can recover the entire key. In 1996, Paul Kocher publicized details on this attack and examples using RSA, DH, and DSS.

Tip  

A countermeasure to the timing cryptanalysis attack is to slow down operations by a random amount of time, or to make the operations take the same amount of time.

There is a wide range of data encryption algorithms used to encrypt the message; SSL supports a variety of algorithms from the strong 3DES to 40-bit RC4. The selection of data encryption algorithm depends on the data you are transmitting.

Another attack is the million-message attack, usually used with RSA with PKCS #1. The attacker uses the encrypted pre_master_secret to generate a series of messages ( roughly a million). The victim's server is then probed with these messages and the responses examined until the original message is determined. This is a simplistic explanation and the exact details are beyond the scope of this book.

One countermeasure is, if the server detects an error during the handshake (there are errors in the message), to continue with the handshake by sending a message filled with a pre_master_secret with random data. Another counter attack is to use a padding algorithm sensitive to alterations to the plaintext since all messages used by the attacker will be rejected automatically.

  


Java Security Solutions
Java Security Solutions
ISBN: 0764549286
EAN: 2147483647
Year: 2001
Pages: 222

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net