Skip to main content
SpringerLink
Log in

On the Robustness of Applications Based on the SSL and TLS Security Protocols

  • Conference paper
Public Key Infrastructure (EuroPKI 2007)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4582))

Included in the following conference series:

Abstract

The SSL and TLS security protocols have been designed and implemented to provide end-to-end data security. This includes data integrity that is the data cannot be modified, replayed or reordered by an attacker without being detected at the receiving endpoint. SSL and TLS however does not provide data delivery integrity, in the sense they do not guarantee that all the sent data will actually arrive at the other side. This is because, for example, SSL/TLS cannot know in advance which is the exact size of the data to be sent over the secured channel. The mosts recent versions (SSLv3 and TLSv1) provide some form of protection against loss of data records by means of sequence numbers and specialized close_notify alert messages to be sent when tearing down the SSL connection. Unfortunately, this is not enough when the last record containing application data together with the closure alert are deleted on purpose, as it happens in the truncation attacks. SSLv3/TLSv1 specifications do not indicate what should happen (at the application level) if the close_notify message never arrives at the receiver. Consequently, for applications where it is important to ascertain that the data reached untruncated the other party, it is required to have an additional control at the application level.

In this paper we show (based on practical tests) that some widely-used applications implementing SSLv3 and TLSv1 do not perform further controls on the size of the data to be received, and thus they are vulnerable to truncation attacks. For tests we implemented a specialized MITMSSL tool, used to manipulate the SSL/TLS records exchanged between two communicating parties.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. OpenSSL library, available at http://www.openssl.org

  2. SSL 3.0 Specification, available at http://wp.netscape.com/eng/ssl3/

  3. Dierks, T., Allen, C.: The TLS Protocol Version 1.0. RFC 2246, IETF (January 1999)

    Google Scholar 

  4. Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.1. RFC 4346, IETF (April 2006)

    Google Scholar 

  5. Vaudenay, S.: Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 534–545. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  6. Oppliger, R.: Security Technologies for the World Wide Web, 2nd edn. Artech House Publishers, Norwood, MA (2003)

    Google Scholar 

  7. Wagner, D., Schneier, B.: Analysis of the SSL 3.0 Protocol. In: Proc. of The Second USENIX Workshop on Electronic Commerce Proceedings, November 1996, pp. 29–40. USENIX Press (1996)

    Google Scholar 

  8. Brumley, D., Boneh, D.: Remote Timing Attacks are Practical. In: Proc. of 12th Usenix Security Symposium, pp. 1–14 (2003)

    Google Scholar 

  9. Canvel, B., Hiltgen, A., Vaudenay, S., Vuagnoux, M.: Password Interception in a SSL/TLS Channel. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 583–599. Springer, Heidelberg (2003)

    Google Scholar 

  10. Thomas, S.: SSL and TLS Essentials - Securing the Web. John Wiley & Sons Inc, West Sussex (2000)

    Google Scholar 

  11. Shirey, R.: Internet Security Glossary, RFC 2828 (May 2000)

    Google Scholar 

  12. Oppliger, R., Hauser, R., Basin, D.: SSL/TLS Session-Aware User Authentication - Or How to Effectively Thwart the Man-in-the-Middle. Computer Communications 29(12), 2238–2246 (2006)

    Article  Google Scholar 

  13. Modadugu, N., Rescorla, E.: The Design and Implementation of Datagram TLS. In: Proceedings of ISOC NDSS 2004, February 2004, San Diego, California (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Politecnico di Torino, Dip. di Automatica e Informatica, Corso Duca degli Abruzzi, No. 24, 10129, Torino, Italy)

    Diana Berbecaru & Antonio Lioy

Authors
  1. Diana Berbecaru
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Antonio Lioy
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Javier Lopez Pierangela Samarati Josep L. Ferrer

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Berbecaru, D., Lioy, A. (2007). On the Robustness of Applications Based on the SSL and TLS Security Protocols. In: Lopez, J., Samarati, P., Ferrer, J.L. (eds) Public Key Infrastructure. EuroPKI 2007. Lecture Notes in Computer Science, vol 4582. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73408-6_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-73408-6_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-73407-9

  • Online ISBN: 978-3-540-73408-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation