Paper 2017/1189

Return Of Bleichenbacher's Oracle Threat (ROBOT)

Hanno Böck, Juraj Somorovsky, and Craig Young

Abstract

Many web hosts are still vulnerable to one of the oldest attacks against RSA in TLS. We show that Bleichenbacher’s RSA vulnerability from 1998 is still very prevalent in the Internet and affects almost a third of the top 100 domains in the Alexa Top 1 Million list, among them Facebook and Paypal. We identified vulnerable products from at least eight different vendors and open source projects, among them F5, Citrix, Radware, Cisco, Erlang, Bouncy Castle, and WolfSSL. Further we have demonstrated practical exploitation by signing a message with the private key of facebook.com’s HTTPS certificate. Finally, we discuss countermeasures against Bleichenbacher attacks in TLS and recommend to deprecate the RSA encryption key exchange in TLS and the PKCS #1 v1.5 standard.

Note: Hopefully really last update, add Citrix advisory to bibliography.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
RSATLSpublic-key cryptography
Contact author(s)
hanno @ hboeck de
History
2017-12-12: received
Short URL
https://ia.cr/2017/1189
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/1189,
      author = {Hanno Böck and Juraj Somorovsky and Craig Young},
      title = {Return Of Bleichenbacher's Oracle Threat (ROBOT)},
      howpublished = {Cryptology ePrint Archive, Paper 2017/1189},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/1189}},
      url = {https://eprint.iacr.org/2017/1189}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.