-
8/18/2019 Security Issues in Transport Layer
1/4
Security issues in Transport Layer
Abdul Kalam Azad
12-1-5-008
April 16, 2016
1 IntroductionTransport layer is a protocol for host-to-host
communication. Transportlayer must ensure to protect data when it
is being transmitted.
Transport layer is the first layer of the TCP/IP model that
offers relia-bility. Hence, transport layer security is an
important subject.
Most common example of security issue in transport layer is
Portscanattack, which operates under the assumption that target
host is compliantwith Transmission Control Protocol.
2 Security In Transport Layer
Currently, security needed in transport layer, viz.
encryption, authentica-tion, and data integrity, is provided
by two protocols: SSL and TLS
2.1 SSL
SSL or Secure Socket Layer protocol was originally developed at
Netscapeto enable ecommerce transaction security on the Web
2.2 TLS
TLS (Transport Layer Security) is an updated, more secure,
version of SSL.SSL 3.1 is renamed to TLS 1.0 by IETF. SSL and TLS
are only applicablein TCP protocol. For UDP protocol, DTLS or
Datagram Transport LayerSecurity is used.Since, TLS and SSL are not
interoperable, both are mentioned separately.
1
-
8/18/2019 Security Issues in Transport Layer
2/4
3 Insufficient Transport Layer Security
Poor applications leads to insufficient transport layer
security, [1] wherenot all traffic flowing between two endpoints is
properly secured, whichmakes it possible for attackers to perform
man-in-the-middle attacks, e.g.IP spoofing.
4 Known Attacks on TLS [2]
4.1 SSL Stripping
Various attacks attempt to remove the use of (SSL/TLS)
altogether by mod-
ifying unencrypted protocols that request the use of TLS,
specifically mod-ifying HTTP traffic and HTML pages as they pass
through the media.
4.2 STARTTLS Command Injection Attack
This is a software flaw where an attacker injects client
commands duringthe unprotected connection which are stored in
buffer, such that commandsreceived prior to TLS negotiation are
executed after TLS negotiation.
4.3 BEAST attack
The BEAST attack [BEAST] uses issues with the TLS 1.0
implementation of
Cipher Block Chaining (CBC) to decrypt parts of a packet, and
specificallyto decrypt HTTP cookies when HTTP is run over TLS.
4.4 Padding Oracle Attacks
In cryptography, variable-length plaintext messages often have
to be padded(expanded) to be compatible with the underlying
cryptographic primitive.Padding Oracle Attack is performed by
guessing whether a message is cor-rectly padded or not.
4.5 Attacks on RC4
The RC4 algorithm has been used with TLS. Recent cryptanalysis
resultsexploit biases in the RC4 keystream to recover repeatedly
encrypted plain-texts.
2
-
8/18/2019 Security Issues in Transport Layer
3/4
4.6 Compression Attacks: CRIME, TIME, and BREACH
These vulnerabilities are a result of inadvertent information
leakage throughdata compression used over TLS
4.7 Theft of RSA Private Keys
When TLS is used with most non-Diffie-Hellman cipher suites, it
is sufficientto obtain the server’s private key in order to decrypt
any sessions (past andfuture) that were initiated with that
server.
4.8 Cross Protocol Attack
An attack that enables an adversary to successfully impersonate
a server toa random client after obtaining sufficient signed
elliptic curve keys from theoriginal server.
4.9 Renegotiation
The attacker forms a TLS connection with the target server,
injects contentof his choice, and then splices in a new TLS
connection from a client.
4.10 Triple Handshake
The triple handshake attack enables the attacker to cause two
TLS connec-tions to share keying material.
4.11 Virtual Host Confusion
SSLv3 fallback and improper handling of session caches on the
server sidecan be abused by an attacker to establish a malicious
connection to a virtualhost other than the one originally intended
and approved by the server.
4.12 Denial of Service
A transport layer DoS attack involves sending many connection
requests to
a target host. Since a client can easily force the server to
expend relativelylarge computational work, the risk of malicious
clients and botnets mountingdenial-of-service attacks is very real.
Example of DoS in transport layer isTCP SYN flood, where succession
of SYN requests to server crashes thesystem
3
-
8/18/2019 Security Issues in Transport Layer
4/4
4.13 Implementation Issues
Even when the protocol is properly specified, this does not
guarantee thesecurity of implementations. In fact, there are very
common issues that oftenplague TLS implementations. Some widespread
implementation issues are:
4.13.1 Heartbleed
This weakness allows stealing the information protected, under
normal con-ditions, by the SSL/TLS encryption used to secure the
Internet. The vul-nerability arises from buffer over-read, a
situation where more data can beread than should be allowed.
4.13.2 Early CCS
Some version of OpenSSL accepts ChangeCipherSpec (CCS)
inappropriatelyduring a handshake. A successful exploit allows an
attacker to intercept, de-crypt, and modify the underlying
plaintext traffic between vulnerable clientsand servers.
4.13.3 OprahSSL
An attacker could cause certain checks on untrusted certificates
to be by-passed, such as the CA flag, enabling them to use valid
leaf certificate to
act as a CA and “issue” an invalid certificate.
5 Transport Layer Protection Benefits
The primary benefit of transport layer security is the
protection of webapplication data from unauthorized disclosure and
modification when it istransmitted between clientsand server.
Transport layer security also pro-vides integrity guarantees and
replay prevention.
6 References
1. ”Insufficient Transport Layer Protection.” Veracode.
2. ”RFC 7457 - Summarizing Known Attacks on Transport Layer
Secu-rity (TLS) and Datagram TLS (DTLS).” Internet Engineering
TaskForce (IETF)
4
