Cryptology ePrint Archive: Report 2014/724

Protecting Encrypted Cookies from Compression Side-Channel Attacks

Janaka Alawatugoda and Douglas Stebila and Colin Boyd

Abstract: Compression is desirable for network applications as it saves bandwidth; however, when data is compressed before being encrypted, the amount of compression leaks information about the amount of redundancy in the plaintext. This side channel has led to successful CRIME and BREACH attacks on web traffic protected by the Transport Layer Security (TLS) protocol. The general guidance in light of these attacks has been to disable compression, preserving confidentiality but sacrificing bandwidth. In this paper, we examine two techniques---heuristic separation of secrets and fixed-dictionary compression---for enabling compression while protecting high-value secrets, such as cookies, from attack. We model the security offered by these techniques and report on the amount of compressibility that they can achieve.

Category / Keywords: cryptographic protocols / CRIME attack, BREACH attack, Side-channel attacks, Data compression, TLS/SSL

Original Publication (with major differences): Financial Cryptography 2015

Date: received 17 Sep 2014, last revised 30 Dec 2014

Contact author: janaka alawatugoda at qut edu au

Available format(s): PDF | BibTeX Citation

Version: 20141230:222327 (All versions of this report)

Short URL: ia.cr/2014/724

Discussion forum: Show discussion | Start new discussion