Recently, researchers disclosed that Raccoon attack could Let attackers break SSL/TLS encryption. Read on to know more about it…
Recently, security researchers found that there are implementation-level issues in production-grade TLS applications. The team of academics disclosed details about a novel timing attack technique named Raccoon attack.
Transport Layer Security (TLS) protocol plays a vital role to secure all communications between website servers and web browsing, email, instant messaging, and Voice over IP (VoIP) applications.
About Raccoon Attack
Dubbed “Raccoon Attack,” the server-side attack exploits a side-channel in the cryptographic protocol (versions 1.2 and lower) to extract the shared secret key used for secure communications between two parties.
“The root cause for this side channel is that the TLS standard encourages non-constant-time processing of the DH secret,” the researchers explained their findings in a paper. “If the server reuses ephemeral keys, this side channel may allow an attacker to recover the premaster secret by solving an instance of the Hidden Number Problem.”
New Attack Vector
The attack targets the Diffie-Hellman (DH) key exchange process, in which the attacker tries to find the time required to perform any cryptographic operation, and use that information to obtain some parts of the algorithm. For instance, by having a precise measurement of timing, an attacker can develop a simple algorithm that could identify whether a computed premaster secret starts with zero bytes or not. By knowing the values leading to a premaster secret starting with zero, now the attacker can create a set of equations and use a Hidden Number Problem (HNP) solver to compute the original premaster secret.
While most users should probably not be concerned about Raccoon, several major software vendors have released patches and mitigations to protect customers.
Several vendors have already taken action upon this new discovery and have released patches to address the flaw in their TLS implementations. This includes Microsoft (CVE-2020-1596), Mozilla, OpenSSL (CVE-2020-1968), and F5 Networks (CVE-2020-5929).
Microsoft has released an update for Windows to address the vulnerability, and OpenSSL, which has assigned the issue a low severity rating, has published an advisory describing impact and mitigations.
Past cyberattacks on TLS focused on weak parameter choices or missing parameter validation. In August, a bug (CVE-2020-13777) in open-source TLS library GnuTLS, made TLS 1.3 sessions vulnerable to an attack. In the same month, a researcher had identified a way to exploit the features in TLS to carry out Server-Side Request Forgery (SSRF) attacks. They, moreover, developed a tool called TLS Poison, that could allow a generic SSRF via TLS.
Security experts say that the Raccoon attack is extremely hard to pull off as it requires extremely rare conditions to be met. However, it is possible that some hackers may try to leverage these vulnerabilities in combination with other attack methods to sharpen their attacks. Thus, it is recommended to patch these vulnerabilities at the earliest.