This report analyses the security of older TLS versions by illustrating a taxonomy of attacks and explaining technical details on the BEAST and Lucky Thirteen attack. The fundamentals of TLS are based on the TLS 1.2 standard. Furthermore, the advantages of a migration to TLS 1.3 are highlighted.

The internet has become part of our daily lives. When the internet was originally designed, no one was considering the potential threats it might behold. Today, all devices connected to the internet have one thing in common - they rely on secure protocols to protect the information in transit. This is where Secure Socket Layer (SSL) and Transport Layer Security (TLS) come into play.

The Transport Layer Security protocol quickly became dominant for use in applications and servers for transferring data across the internet in a secure manner. One way to recognize a secure website is the usage of Hypertext Transfer Protocol Secure (HTTPS). The “S” in HTTPS stands for “Secure” and is an easy characteristic to identify secure website connections.

Furthermore, to highlight to a client that TLS is used to protect HTTP, the server may replace the protocol naming in the URL with https and add a lock symbol or even a coloured address bar. Besides, the Google Chrome Web browser has started flagging all unencrypted HTTP sites as "not secure" Moreover, Google is penalizing websites which are not protected.

The TLS Protocol is widely used for providing internet security. The protocol has been subject to several version upgrades over the course of its 25-year lifespan. Although TLS 1.3 is the latest version, its predecessor TLS 1.2 is most widely supported by websites. The versions minor to TLS 1.3 have several vulnerabilities which have been exploited in attacks like POODLE, BEAST etc.

Excerpt

1 Introduction

1.1 Motivation

1.2 Research Objective

1.3 Structure of this report

2 Fundamentals of SSL/TLS and DTLS

2.1 Introduction

2.2 SSL/TLS

2.2.1 TLS Record Protocol

2.2.2 TLS Handshake Protocol

2.3 DTLS

2.3.1 DTLS Record Protocol

2.3.2 DTLS Handshake Protocol

2.4 Summary

3 Attacks on SSL/TLS and DTLS

3.1 Introduction

3.2 BEAST Attack

3.2.1 How the Attack Works

3.2.2 Mitigation

3.3 Lucky Thirteen Attack

3.3.1 How the Attack Works

3.3.2 Padding Oracle Attack

3.3.3 Mitigation

4 TLS 1.3

4.1 Introduction

4.2 TLS Handshake Protocol

4.3 Summary

5 Conclusions

Objectives and Topics

The report aims to analyze the security vulnerabilities of legacy TLS versions (specifically TLS 1.2 and older) and to examine the security and performance benefits gained by migrating to the modern TLS 1.3 protocol standard.

Fundamentals of SSL, TLS, and DTLS architectures.
Detailed technical analysis of prominent attacks, including BEAST and Lucky Thirteen.
Evaluation of security threats resulting from legacy protocol features like CBC mode and predictable IVs.
Analysis of improvements introduced in TLS 1.3, such as AEAD ciphers and optimized handshakes.

Excerpt from the Book

3.2.1 How the Attack Works

The BEAST attack targets the Cipher Block Chaining (CBC) encryption implemented in TLS 1.0 and earlier protocol versions. The problem is the predictability of the IVs, which allows the attacker to reduce CBC mode to Electronic Code Book (ECB) mode, which is considered as inherently insecure. In ECB, the input data is split into blocks and encrypted individually (cf. Figure 14). Several security issues are connected with this approach, starting with not hiding the deterministic nature of block cipher encryptions. This means that the encryption of the same input data would always result into the same output. Furthermore, ECB lacks diffusion of message patterns.

The previously described property of the ECB encryption mode is especially useful for an attacker. He can use it to recover earlier encrypted data by guessing the input. Ristic [39] describes the following steps for an attacker:

1. Observe a block of encrypted data that contains some secret. The block size depends on the encryption algorithm (e.g., 16 bytes for AES-128).

2. Submit 16 bytes of plaintext for encryption. The attacker is only able to guess the entire block at once, due to the avalanche effect in block ciphers.

3. Observe encrypted block and compare to ciphertext observed in step 1. If they are equal, the guess is correct. If not, go back to step 2 and keep guessing.

Summary of Chapters

1 Introduction: Provides the motivation for internet security and outlines the scope of this research report.

2 Fundamentals of SSL/TLS and DTLS: Explains the basic architecture, layers, and operational handshake protocols of SSL/TLS and DTLS.

3 Attacks on SSL/TLS and DTLS: Presents a taxonomy of common attacks and provides deep technical insights into the BEAST and Lucky Thirteen exploits.

4 TLS 1.3: Discusses the major improvements and architectural changes in TLS 1.3 regarding security and performance.

5 Conclusions: Summarizes the findings, confirms TLS 1.3 as the new de-facto standard, and highlights the importance of keeping protocols updated.

Keywords

TLS 1.3, TLS 1.2, SSL, DTLS, IT Security, BEAST Attack, Lucky Thirteen, Padding Oracle Attack, CBC mode, AEAD, Handshake Protocol, Encryption, Network Security, Cipher Suite, Vulnerabilities

Frequently Asked Questions

What is the primary focus of this report?

The report focuses on analyzing the security posture of older TLS versions (1.2 and below) and exploring the advantages of migrating to TLS 1.3.

What are the main thematic areas covered?

The paper covers the fundamental principles of SSL/TLS/DTLS, a taxonomy of common security attacks, and a detailed comparison between legacy protocols and the modern TLS 1.3 standard.

What is the core research objective?

The objective is to evaluate the security of TLS versions minor to 1.3 and to demonstrate why migration to the newer standard is beneficial for security and performance.

Which scientific methods are applied?

The author uses a literature-based analysis, examining existing RFCs, cryptographic studies, and documented real-world attack scenarios to illustrate technical vulnerabilities.

What topics are discussed in the main body?

The main body covers the theoretical foundations of TLS, detailed mechanism analysis of the BEAST and Lucky Thirteen attacks, and the structural improvements brought by TLS 1.3.

Which keywords define this work?

Key terms include TLS 1.3, BEAST, Lucky Thirteen, Padding Oracle, AEAD, CBC Mode, and IT Security.

How does the BEAST attack exploit TLS 1.0?

BEAST exploits predictable initialization vectors (IVs) in CBC mode, allowing an attacker to reduce the security to ECB mode and perform chosen-plaintext attacks to recover sensitive session data.

Why is the Lucky Thirteen attack significant?

It is a timing-based side-channel attack that exploits the way TLS 1.2 handles MAC validation and padding in CBC mode, allowing for plaintext discovery.

What security improvements does TLS 1.3 offer over 1.2?

TLS 1.3 removes legacy algorithms, mandates Perfect Forward Secrecy (PFS), encrypts more of the handshake, and eliminates vulnerability-prone version negotiation.

Excerpt out of 41 pages - scroll top

Details

Title: On the security of TLS 1.2 and TLS 1.3. A comparison
College: Ruhr-University of Bochum
Grade: 95%
Author: Sarah Syed-Winkler (Author)
Publication Year: 2021
Pages: 41
Catalog Number: V1037281
ISBN (eBook): 9783346456601
ISBN (Book): 9783346456618
Language: English
Tags: TLS Transport Layer Security SSL DTLS Security Secure Socket Layer TLS 1.2 TLS 1.3
Product Safety: GRIN Publishing GmbH

Quote paper: Sarah Syed-Winkler (Author), 2021, On the security of TLS 1.2 and TLS 1.3. A comparison, Munich, GRIN Verlag, https://www.grin.com/document/1037281

On the security of TLS 1.2 and TLS 1.3. A comparison