Topics in cryptography: analysis of TLS man-in-the-middle attacks

Abstract

Transport Layer Security (TLS) is an essential cryptographic protocol for web security in today’s digitally connected world, given the porous nature of the Internet and the evolving cybersecurity threat landscape. However, older protocol versions of TLS, particularly TLS 1.0, are found to be vulnerable to several attacks, including those involving attackers employing Man-in-the-Middle (MITM) techniques.

In this report, we will analyze 2 well-known TLS attacks that involve MTIM and target similar vulnerabilities in TLS 1.0, namely: Padding Oracle On Downgraded Legacy Encryption (POODLE) and Browser Exploit Against SSL/TLS (BEAST). Through a detailed analysis of the attack mechanisms employed in each attack, this study will examine how both attacks exploit weaknesses in the Cipher Block Chaining (CBC) mode of operation for encryption and decryption adopted in TLS 1.0, as well as Padding Oracle vulnerabilities found in TLS 1.0 to compromise TLS connections between client web browsers and web servers. Proof-of-Concept (PoC) simulations of both attacks are also implemented using Python to demonstrate the inner workings and mechanisms of the attacks in a computationally feasible manner. Moreover, given the similarity in the nature of the attacks and the vulnerabilities exploited by the attacks, we will evaluate and compare the complexity of the attacks based on execution time, brute-force attempts needed and overall impact in the real world.

Finally, the report shall discuss various specific strategies to safeguard TLS connections, not only against POODLE and BEAST attacks but also potentially other TLS attacks.