HGI researchers discover vulnerability in TLS 1.2 and earlier versions

The TLS encryption protocol is normally considered to be very safe - but a team of researchers at HGI has now discovered a vulnerability.

Credits: tnhs_project.

Credits: tnhs_project.

Their "Raccoon Attack" exploits an unintentional side channel in the specification, which can be used to break the encryption by taking specific parameters into account. Attackers would thus be able to access sensitive data. However, according to the scientists, the conditions for the attack are so complex that it is unlikely that cybercriminals will use the vulnerability. The team consists of Robert Merget, Marcus Brinkmann and Jörg Schwenk from the Chair of Network and Data Security as well as Nimrod Aviram, Tel Aviv University, Juraj Somorovsky, University of Paderborn and Johannes Mittmann from the German Federal Office for Information Security (BSI).

The vulnerability lies in the Diffie-Hellmann key exchange and the processing of the resulting secret, the so-called premaster secret. In TLS 1.2 and earlier versions, it is intended that all leading zero bytes of the premaster secret are removed before further processing with hash functions takes place. At this point, the timing attack begins: The processing of the premaster secrets by the hash functions allows time measurements to be made which allow conclusions to be made as to whether leading zeros have been removed or not. An attacker can then use this side channel to create a system of equations that is dependent on the premaster secret of a victim connection. By solving these equations, known as Hidden Number Problems (HNP), the attacker can obtain the secret key of a victim connection.

Detailed information on the attack is provided by the researchers on their website

General note: In case of using gender-assigning attributes we include all those who consider themselves in this gender regardless of their own biological sex.