Raccoon Attack: Breaking Through TLS Encryption via Timing Attack
Transport Layer Security (TLS) protocol plays a vital role to secure all communications between website servers and web browsing, email, instant messaging, and Voice over IP (VoIP) applications.
The newly found attack vector
Recently, researchers have found implementation-level issues in production-grade TLS applications. The team of academics disclosed details about a novel timing attack technique named Raccoon attack.
- The attack targets the Diffie-Hellman (DH) key exchange process, in which the attacker tries to find the time required to perform any cryptographic operation, and use that information to obtain some parts of the algorithm.
- For instance, by having a precise measurement of timing, an attacker can develop a simple algorithm that could identify whether a computed premaster secret starts with zero bytes or not.
- By knowing the values leading to a premaster secret starting with zero, now the attacker can create a set of equations and use a Hidden Number Problem (HNP) solver to compute the original premaster secret.
Several vendors have already taken action upon this new discovery and have released patches to address the flaw in their TLS implementations. This includes Microsoft (CVE-2020-1596), Mozilla, OpenSSL (CVE-2020-1968), and F5 Networks (CVE-2020-5929).
A dig into the past attacks
Past cyberattacks on TLS focused on weak parameter choices or missing parameter validation.
- In August, a bug (CVE-2020-13777) in open-source TLS library GnuTLS, made TLS 1.3 sessions vulnerable to an attack.
- In the same month, a researcher had identified a way to exploit the features in TLS to carry out Server-Side Request Forgery (SSRF) attacks. They, moreover, developed a tool called TLS Poison, that could allow a generic SSRF via TLS.
Experts say that the Raccoon attack is extremely hard to pull off as it requires extremely rare conditions to be met. However, it is possible that some hackers may try to leverage these vulnerabilities in combination with other attack methods to sharpen their attacks. Thus, it is recommended to patch these vulnerabilities at the earliest.