Posted on 05/12/2011
Professor Kenny Paterson
Every day we communicate online, buying goods, emailing friends or using instant messaging. We trust that the data we share, such as our credit card details, our home address or private conversations, are being kept safe from hackers, attackers and online thieves.
A system called Transport Layer Security (TLS) helps to do this, and after testing the latest version, researchers at Royal Holloway, University of London have mathematically proven that it is doing its job. The results are outlined in a paper entitled Tag Size Does Matter: Attacks and Proofs for the TLS Record Protocol, which will be presented at a week-long conference in Korea, which starts today (Monday 5 December).
One of these researchers, Professor Kenny Paterson from the Information Security Group (ISG) at Royal Holloway, University of London, said: “Because of our analysis of TLS version 1.2, we can now have higher confidence that the data we share online will be kept safe, secure and private”.
As web users, we may not have heard of TLS. When your web browser says ‘https’, rather than ‘http’, this is when the TLS system comes into play. TLS encrypts the messages as they are sent across the Internet, keeping our personal data safe from attackers.
However, the researchers did find a new vulnerability in the latest version of the TLS system.
Professor Paterson explains: “There is still scope for a ‘distinguishing attack’ against TLS 1.2, where an attacker could tell whether a user has sent a ‘yes’ or a ‘no’ during a transaction, for example.
“This kind of attack is usually considered a bit theoretical, but it can point to more serious underlying security issues.
“Fortunately, in the TLS case, this attack should never arise in practice. TLS uses something called a Message Authentication Code (MAC) tag to help provide security, and for our attack to work, we would need the MAC tag to be small. In short, our work proves that size does matter!”
Professor Paterson concluded: “In 2002, TLS 1.0 came under fire after researchers found a distinguishing attack against the system. In September 2011, the same basic idea was used to mount a much more serious attack against TLS 1.0, under the colourful name of the BEAST attack. So now the industry is finally getting ready to make the switch to TLS 1.2. We can have higher confidence in this latest version of TLS because of our work”.
The group of researchers, which also includes Professor Tom Ristenpart, University of Madison Wisconsin and Professor Tom Shrimpton, Portland State University, will present the findings of their research to an audience at the AsiaCrypt Conference in Korea.