IIIT-Delhi Institutional Repository

Exploiting TLS to disrupt privacy of traffic in web-application

Show simple item record

dc.contributor.author Biswas, Sandipan
dc.contributor.author Sanadhya, Somitra Kumar (Advisor)
dc.date.accessioned 2014-05-02T08:34:28Z
dc.date.available 2014-05-02T08:34:28Z
dc.date.issued 2014-05-02T08:34:28Z
dc.identifier.uri https://repository.iiitd.edu.in/jspui/handle/123456789/135
dc.description.abstract The Transport Layer Protocol (TLS) ensures con dentiality and integrity of tra c between communicating parties over internet. Almost all web applications commonly use TLS. A block cipher (such as AES, Camellia etc.) is used in a mode of operation (such as CBC, GCM etc.) to achieve con dentiality. If the message length is not a multiple of the block size of the underlying cipher in CBC mode, then message is padded suitably to make it of the right length. Although CTR mode does not necessarily require message padding but if the sender wishes to hide exact message length from attackers, then message padding can be used even in this mode. Chen et. al at IEEE SP (2010) described techniques based on di erent packet sizes generated as various events take place in web applications to infer the state of the web-application. This attack could allow an attacker to breach the privacy of the user. At PETS 2012, Liu. et. al. proposed a scheme to pad messages in a group to make all the packets of the same size to achieve k-indistinguishability. They claimed that this scheme could withstand the attacks described in Chen et. al's work. In this work, we analyze privacy and security aspects of encryption modes, padding schemes and order of padding of messages in TLS during encrypted communication between client and web-application on the server. We show that using padding schemes to pad all packets to hide message sizes during communication without considering underlying encryption modes and padding methodology is not safe . We consider the technique of Liu et. al when certain combinations of encryption modes and padding schemes are used in TLS. We show that k-indistinguishability of packets does not always hold. In particular, we describe a chosen ciphertext attack to show that the MACPAD- ENCRYPT model to generate ciphertext in the TLS record protocol helps the attacker in disrupting privacy of tra c under certain conditions. We also show how a similar attack can be carried out on CCMP protocol used in WPA2 to maintain con dentiality and integrity in wireless networks if MAC-PAD-ENCRYPT is followed. en_US
dc.language.iso en_US en_US
dc.subject Side Channel Attack en_US
dc.subject TLS en_US
dc.subject Padding en_US
dc.subject Privacy en_US
dc.subject WPA2 en_US
dc.subject k-indistinguishability en_US
dc.title Exploiting TLS to disrupt privacy of traffic in web-application en_US
dc.type Thesis en_US

Files in this item

This item appears in the following Collection(s)

Show simple item record

Search Repository

Advanced Search


My Account