Playback: A TLS 1.3 Story


Introduction


Secure communications are one of the most important topics in information security, and the Transport Layer Security (TLS) protocol is currently the most used protocol to provide secure communications on the internet. For example, when you are connecting to your online banking application, your favorite instant message application or social networks, all those communications are being transmitted using TLS. With TLS, the information sent by the browser and the service is secured and encrypted, meaning that the information cannot be modified or tampered with by an attacker. The communications are also verified to ensure that the browser is connected to the right endpoint (e.g. Wikipedia).

This week at Black Hat and DEF CON, Cisco security consultants Alfonso Garcia Alguacil and Alejo Murillo Moya will deliver a presentation, called "Playback: A TLS 1.3 Story," about some of the known security implications of using 0-RTT and will show proof of concepts of some attacks that have been seen in real-world environments. The intent is to raise awareness across the security community about that new feature. The presentation will be presented at Black Hat USA 18 and DEF CON 26. Attendees will learn about TLS 1.3 0-RTT, see some examples about how an attacker could take advantage of that new feature and get an understanding of the security implications of enabling the feature and how it could be used safely minimizing any potential security impacts.


Playback: A TLS 1.3 Story

TLS was born as a substitute of the ancient secure sockets layer (SSL) protocol, which was starting to show its age and was open to multiple types of attacks. The first version of TLS, 1.0, was created in 1999 and it was based on SSLv3. Since then, TLS 1.1 (2006) and TLS 1.2 (2008) were created to improve previous versions of the protocol, solving some of the security weaknesses that security researchers discovered in the past two decades.

TLS 1.3 is the new protocol version. It is not officially released yet, but it is in the final stage, just waiting for the final approval. In any case, some important vendors and open-source projects are currently supporting it. The TLS 1.3 Working Group released multiple iterations (drafts) that refined and improved the protocol in the past four years. One of the outcomes of that hard work is that TLS 1.3 has been simplified, and several vulnerabilities were fixed. For example, in TLS 1.2, the number of ciphers supported was high — maybe there were too many — and the working group decided to limit this new version to support only five ciphers.

TLS 1.3 has also introduced a new feature to improve the performance of new connections. The name of this feature is "0-RTT" (zero round trip time resumption) and it resumes sessions faster that can push data to the server without needing to wait for a server confirmation. 0-RTT makes this possible, as it reuses cryptographic information obtained in the first connection to the server. The following diagram shows how TLS 1.3 0-RTT resumption works:



This can improve performance, but it has some known security implications.

For all of the Talos-related fun at Black Hat and DEF CON, be sure to read our complete guide here.

We are looking forward to meeting and seeing everyone at Black Hat and DEF CON. Be sure to come by booth #504 and say hello. And, of course, pick up a new, limited-edition Snort pig for your collection.

Tags: ,
Share: Email, ReBlog, Twitter, Facebook, Pinterest, Google+
Newer Post: Newer Post
Older Post: Older Post
Date:
Edit this post

Discussion

Powered by Manual Template
Name

.NET 0-day 0day ACDSee Adobe advisory adwind AMP Android Antenna House antivirus apple APT arbitrary code execution Attribution Automation Bahamut BASS beers with talos bitcoin Bitvote Black Hat botnet Brazil BRKSEC-2010 CASC chrome cisco Cisco Live Cisco Security Clam AV ClamAV Cobalt group code injection command injection conferences Coverage cryptocurrency cryptomining CSV CTA CVE-2016-8610 CVE-2017-0199 cve-2017-11882 CVE-2017-5638 CVE-2018-3857 CVE-2018-3858 CVE-2018-3859 CVE-2018-3860 CVE-2018-3870 CVE-2018-3871 CVE-2018-8506 cybercrime dark cloud DDE Decryptor Def Con detection dispute DOC DoS Excel Exploit exploit kits RTF fast flux Flash formbook Foscam Foxit Fuzzing gandcrab google GoScanSSH gozi gplayed GravityRAT Group123 Hangul healthcare HWP Hyland IcedID ICS IDA Pro IMAP incident response India inesap infostealer intel iOS IoT iot malware iPhone IR isfb jRAT JScript kernel mode KevDroid Korea Linux macros MalDoc Malware Malware Analysis Malware Research MDM meltdown meraki Microsoft Microsoft Patch Tuesday Middle East miners mining mobile device management monero Moxa ms tuesday natus NavRAT new router malware NordVPN North Korea nvidia Office office router attack Olympic Destoryer Olympic Destroyer Olympics opsec password stealer patch tuesday PDF phishing PhotoLine PLC podcast pony Powershell privilege escalation ProntoVPN PTEX PubNub PubNubRAT py2exe Pyeongchang pyrebox python Qatar ransomware RAT remcos remote access tool remote code execution research research spotlight reven ReversingLabs Rocke Rockwell Automation ROKRAT rootkit rtf ruby ryptoShuffler samsam samsung Scriptlets security updates sennoma signatures SimpleDirect Media Layer smartthings Smoke Loader Snort Snort Rules Sony South Korea spam spectre spyeye stealer steam struts support Talos TALOS-2017-0507 talosintelligence.com telegrab telegram Tetrane Thanatos ThanatosDecryptor threat intelligence Threat Research Threat Research Summit Threat Round-up Threat Roundup ThreatGrid threats TIFF trickbot trojan TTRS Umbrella ursnif VBScript VMI vpn filter attack VPNFiler VPNFilter VPNFilter malware vuln dev vulndev vulnerabilities Vulnerability vulnerability analysis Vulnerability Report Vulnerability Research vulnerability spotlight vulnerabillity vulnerable routers Whitepaper Windows WindowsCodecs.dll wipers xamarin XSS
false
ltr
item
materialize material: Playback: A TLS 1.3 Story
Playback: A TLS 1.3 Story
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0_dd-Xo9rsAx1kDLH5pExiPrZvz7x11VwKvEbPo7jvHHPpNwR1fFWTqYI4xxISDnLOZ4WxKG2M4gojS9FsQXilNvnOrSbGrC23Hh7z1-Pk3T5qZQQghDA2ngiscF6ssxqbcO8DHMmALA/s640/PortiBHDFPic.png
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0_dd-Xo9rsAx1kDLH5pExiPrZvz7x11VwKvEbPo7jvHHPpNwR1fFWTqYI4xxISDnLOZ4WxKG2M4gojS9FsQXilNvnOrSbGrC23Hh7z1-Pk3T5qZQQghDA2ngiscF6ssxqbcO8DHMmALA/s72-c/PortiBHDFPic.png
materialize material
https://materialize-material.blogspot.com/2018/08/playback-tls-13-story.html
https://materialize-material.blogspot.com/
http://materialize-material.blogspot.com/
http://materialize-material.blogspot.com/2018/08/playback-tls-13-story.html
true
1816414542238562206
UTF-8
Not found any posts Not found any related posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU Tag ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Contents See also related Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS CONTENT IS PREMIUM Please share to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy