Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS

Описание к видео Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS

by Sean Devlin & Hanno Böck & Aaron Zauner & Philipp Jovanovic

We investigate nonce-reuse issues with the Galois/Counter Mode (GCM) algorithm as used in TLS. Nonce reuse in GCM allows an attacker to recover the authentication key and forge messages as described by Joux. With an Internet-wide scan we identified over 70,000 HTTPS servers that are at risk of nonce reuse. We also identified 184 HTTPS servers repeating nonces directly in a short connection. Affected servers include large corporations, financial institutions, and a credit card company. We implement a proof of concept attack allowing us to violate the authenticity of affected HTTPS connections and inject content.

Комментарии

Информация по комментариям в разработке