Security issues in Transport Layer
Abdul Kalam Azad
12-1-5-008
April 16, 2016
Introduction
Transport layer is a protocol for host-to-host communication. Transport
layer must ensure to protect data when it is being transmitted.
Transport layer is the first layer of the TCP/IP model that offers reliability. Hence, transport layer security is an important subject.
Most common example of security issue in transport layer is Portscan
attack, which operates under the assumption that target host is compliant
with Transmission Control Protocol.
Security In Transport Layer
Currently, security needed in transport layer, viz. encryption, authentication, and data integrity, is provided by two protocols: SSL and TLS
2.1
SSL
SSL or Secure Socket Layer protocol was originally developed at Netscape
to enable ecommerce transaction security on the Web
2.2
TLS
TLS (Transport Layer Security) is an updated, more secure, version of SSL.
SSL 3.1 is renamed to TLS 1.0 by IETF. SSL and TLS are only applicable
in TCP protocol. For UDP protocol, DTLS or Datagram Transport Layer
Security is used.
Since, TLS and SSL are not interoperable, both are mentioned separately.
Insufficient Transport Layer Security
Poor applications leads to insufficient transport layer security, [1] where
not all traffic flowing between two endpoints is properly secured, which
makes it possible for attackers to perform man-in-the-middle attacks, e.g.
IP spoofing.
4
4.1
Known Attacks on TLS [2]
SSL Stripping
Various attacks attempt to remove the use of (SSL/TLS) altogether by modifying unencrypted protocols that request the use of TLS, specifically modifying HTTP traffic and HTML pages as they pass through the media.
4.2
STARTTLS Command Injection Attack
This is a software flaw where an attacker injects client commands during
the unprotected connection which are stored in buffer, such that commands
received prior to TLS negotiation are executed after TLS negotiation.
4.3
BEAST attack
The BEAST attack [BEAST] uses issues with the TLS 1.0 implementation of
Cipher Block Chaining (CBC) to decrypt parts of a packet, and specifically
to decrypt HTTP cookies when HTTP is run over TLS.
4.4
Padding Oracle Attacks
In cryptography, variable-length plaintext messages often have to be padded
(expanded) to be compatible with the underlying cryptographic primitive.
Padding Oracle Attack is performed by guessing whether a message is correctly padded or not.
4.5
Attacks on RC4
The RC4 algorithm has been used with TLS. Recent cryptanalysis results
exploit biases in the RC4 keystream to recover repeatedly encrypted plaintexts.
�4.6
Compression Attacks: CRIME, TIME, and BREACH
These vulnerabilities are a result of inadvertent information leakage through
data compression used over TLS
4.7
Theft of RSA Private Keys
When TLS is used with most non-Diffie-Hellman cipher suites, it is sufficient
to obtain the servers private key in order to decrypt any sessions (past and
future) that were initiated with that server.
4.8
Cross Protocol Attack
An attack that enables an adversary to successfully impersonate a server to
a random client after obtaining sufficient signed elliptic curve keys from the
original server.
4.9
Renegotiation
The attacker forms a TLS connection with the target server, injects content
of his choice, and then splices in a new TLS connection from a client.
4.10
Triple Handshake
The triple handshake attack enables the attacker to cause two TLS connections to share keying material.
4.11
Virtual Host Confusion
SSLv3 fallback and improper handling of session caches on the server side
can be abused by an attacker to establish a malicious connection to a virtual
host other than the one originally intended and approved by the server.
4.12
Denial of Service
A transport layer DoS attack involves sending many connection requests to
a target host. Since a client can easily force the server to expend relatively
large computational work, the risk of malicious clients and botnets mounting
denial-of-service attacks is very real. Example of DoS in transport layer is
TCP SYN flood, where succession of SYN requests to server crashes the
system
�4.13
Implementation Issues
Even when the protocol is properly specified, this does not guarantee the
security of implementations. In fact, there are very common issues that often
plague TLS implementations. Some widespread implementation issues are:
4.13.1
Heartbleed
This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. The vulnerability arises from buffer over-read, a situation where more data can be
read than should be allowed.
4.13.2
Early CCS
Some version of OpenSSL accepts ChangeCipherSpec (CCS) inappropriately
during a handshake. A successful exploit allows an attacker to intercept, decrypt, and modify the underlying plaintext traffic between vulnerable clients
and servers.
4.13.3
OprahSSL
An attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use valid leaf certificate to
act as a CA and issue an invalid certificate.
Transport Layer Protection Benefits
The primary benefit of transport layer security is the protection of web
application data from unauthorized disclosure and modification when it is
transmitted between clientsand server. Transport layer security also provides integrity guarantees and replay prevention.
References
1. Insufficient Transport Layer Protection. Veracode.
2. RFC 7457 - Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS). Internet Engineering Task
Force (IETF)
