Please use this identifier to cite or link to this item: http://repository.iiitd.edu.in/xmlui/handle/123456789/135
Title: Exploiting TLS to disrupt privacy of traffic in web-application
Authors: Biswas, Sandipan
Sanadhya, Somitra Kumar (Advisor)
Keywords: Side Channel Attack
TLS
Padding
Privacy
WPA2
k-indistinguishability
Issue Date: 2-May-2014
Abstract: The Transport Layer Protocol (TLS) ensures con dentiality and integrity of tra c between communicating parties over internet. Almost all web applications commonly use TLS. A block cipher (such as AES, Camellia etc.) is used in a mode of operation (such as CBC, GCM etc.) to achieve con dentiality. If the message length is not a multiple of the block size of the underlying cipher in CBC mode, then message is padded suitably to make it of the right length. Although CTR mode does not necessarily require message padding but if the sender wishes to hide exact message length from attackers, then message padding can be used even in this mode. Chen et. al at IEEE SP (2010) described techniques based on di erent packet sizes generated as various events take place in web applications to infer the state of the web-application. This attack could allow an attacker to breach the privacy of the user. At PETS 2012, Liu. et. al. proposed a scheme to pad messages in a group to make all the packets of the same size to achieve k-indistinguishability. They claimed that this scheme could withstand the attacks described in Chen et. al's work. In this work, we analyze privacy and security aspects of encryption modes, padding schemes and order of padding of messages in TLS during encrypted communication between client and web-application on the server. We show that using padding schemes to pad all packets to hide message sizes during communication without considering underlying encryption modes and padding methodology is not safe . We consider the technique of Liu et. al when certain combinations of encryption modes and padding schemes are used in TLS. We show that k-indistinguishability of packets does not always hold. In particular, we describe a chosen ciphertext attack to show that the MACPAD- ENCRYPT model to generate ciphertext in the TLS record protocol helps the attacker in disrupting privacy of tra c under certain conditions. We also show how a similar attack can be carried out on CCMP protocol used in WPA2 to maintain con dentiality and integrity in wireless networks if MAC-PAD-ENCRYPT is followed.
URI: https://repository.iiitd.edu.in/jspui/handle/123456789/135
Appears in Collections:Year-2014

Files in This Item:
File Description SizeFormat 
MTCSIS12018.pdf521.4 kBAdobe PDFView/Open


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.