Cryptology ePrint Archive: Report 2021/591

Automated Detection of Side Channels in Cryptographic Protocols: DROWN the ROBOTs!

Jan Peter Drees and Pritha Gupta and Eyke Hüllermeier and Tibor Jager and Alexander Konze and Claudia Priesterjahn and Arunselvan Ramaswamy and Juraj Somorovsky

Abstract: Currently most practical attacks on cryptographic protocols like TLS are based on side channels, such as padding oracles. Some well-known recent examples are DROWN, ROBOT and Raccoon (USENIX Security 2016, 2018, 2021). Such attacks are usually found by careful and time-consuming manual analysis by specialists. In this paper, we consider the question of how such attacks can be systematically detected and prevented before (large-scale) deployment. We propose a new, fully automated approach, which uses supervised learning to identify arbitrary patterns in network protocol traffic. In contrast to classical scanners, which search for known side channels, the detection of general patterns might detect new side channels, even “unexpected” ones, such as those from the ROBOT attack. To analyze this approach, we develop a tool to detect Bleichenbacher-like padding oracles in TLS server implementations, based on an ensemble of machine learning algorithms. We verify that the approach indeed detects known vulnerabilities successfully and reliably. The tool also provides detailed information about detected patterns to developers, to assist in removing a potential padding oracle. Due to the automation, the approach scales much better than manual analysis and could even be integrated with a CI/CD pipeline of a development environment, for example.

Category / Keywords: cryptographic protocols / Bleichenbacher, machine learning, side channel, TLS

Date: received 5 May 2021

Contact author: jan drees at uni-wuppertal de, pritha gupta at uni-paderborn de, tibor jager at uni-wuppertal de

Available format(s): PDF | BibTeX Citation

Version: 20210510:082730 (All versions of this report)

Short URL: ia.cr/2021/591


[ Cryptology ePrint archive ]