Paper 2016/475

Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS

Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky, and Philipp Jovanovic

Abstract

We investigate nonce reuse issues with the GCM block cipher mode as used in TLS and focus in particular on AES-GCM, the most widely deployed variant. With an Internet-wide scan we identified 184 HTTPS servers repeating nonces, which fully breaks the authenticity of the connections. Affected servers include large corporations, financial institutions, and a credit card company. We present a proof of concept of our attack allowing to violate the authenticity of affected HTTPS connections which in turn can be utilized to inject seemingly valid content into encrypted sessions. Furthermore we discovered over 70,000 HTTPS servers using random nonces, which puts them at risk of nonce reuse if a large amount of data is sent over the same connection.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
TLSAESGCMAEADnonce
Contact author(s)
hanno @ hboeck de
History
2016-05-19: received
Short URL
https://ia.cr/2016/475
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/475,
      author = {Hanno Böck and Aaron Zauner and Sean Devlin and Juraj Somorovsky and Philipp Jovanovic},
      title = {Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS},
      howpublished = {Cryptology ePrint Archive, Paper 2016/475},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/475}},
      url = {https://eprint.iacr.org/2016/475}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.