TIME and again: an SSL breach before BREACH
Last week at Black Hat 2013, one of the briefings that garnered a lot of attention was ‘SSL, GONE IN 30 SECONDS – A BREACH BEYOND CRIME.’. The briefing detailed an extension of 2012’s CRIME attack. While the original CRIME attack targeted a compression information leakage vulnerability in order to expose secrets contained in compressed and encrypted HTTP requests, the new BREACH attack exposed secrets in HTTP responses. The briefing and accompanying paper successfully explain a complex subject that involves different domains (compression, encryption, web protocols, etc.) in a very clear way.
At Black Hat Europe earlier this year, I presented on a similar topic. The briefing, called “A PERFECT CRIME? ONLY TIME WILL TELL,“ discusses this extension of the CRIME attack as well as some timing based attacks on SSL. The abstract includes some specific mentions on “the relevancy of compression ratio information leakage for HTTP responses,” which is discussed in detail in the publicly available white paper .
Our work did not stop at applying the CRIME attack to responses. Digging deeper, we were able to determine that the compression vulnerability can be exploited even if the attacker does not have any eavesdropping capability, by using timing inference.
This is one of the reasons why conferences like Black Hat is so important. We have been in touch with the authors of the BREACH paper, who have added a note about it in their website and will mention our work in their paper. We hope that the renewed interest in the attack will motivate browser’ and server vendors to find a solution for it, including the grave, additional timing issues which our TIME attack had exposed.
For more information, follow these links:
Authors & Topics: