Communications of the ACM
Vulnerabilities in Internet Encryption Protocol
The data generated by successful test attacks against the Transport Layer Security Internet encryption protocol by researchers at Ruhr-University Bochum will be incorporated into the latest iteration of the protocol.
Credit: GCN
Successful test attacks against the Transport Layer Security (TLS) Internet encryption protocol conducted by researchers at Ruhr-University Bochum (RUB) generated data that will be incorporated into the latest TLS iteration standardized by the Internet Engineering Task Force.
The tests included the successful theft of the encryption key that two parties negotiate with the current TLS version. The theft involved a strategy in which security experts fed errors into the secret message before placing it in the letter box and transmitting it to the server; this action was repeated multiple times, slightly altering the secret message each time. The resulting time lag provided the team with clues as to the contents of the message.
The next version of TLS defeats this kind of attack by replacing the RSA handshake protocol with the Diffie-Hellman key exchange. The key will be generated when each of the parties comes up with a sub-secret, and the individual components are mixed to produce the key. Both parties then delete the secret components for producing the sub-secrets, so recalculation of the key becomes impossible.
"As a result, intelligence agencies will be able to intercept only current and future information, but no longer past ones," says RUB researcher Jorg Schwenk.
From Ruhr-University Bochum (Germany)
View Full Article
Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA
No entries found