Re: [TLS] Possible timing attack on TLS 1.3 padding mechanism

"Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> Thu, 01 March 2018 21:52 UTC

Return-Path: <Kenny.Paterson@rhul.ac.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3FBD12FAC3 for <tls@ietfa.amsl.com>; Thu, 1 Mar 2018 13:52:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.079
X-Spam-Level: ***
X-Spam-Status: No, score=3.079 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, GB_SUMOF=5, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=rhul.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1pGS2H2mYegK for <tls@ietfa.amsl.com>; Thu, 1 Mar 2018 13:52:55 -0800 (PST)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0062.outbound.protection.outlook.com [104.47.1.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE88E1201FA for <tls@ietf.org>; Thu, 1 Mar 2018 13:52:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rhul.onmicrosoft.com; s=selector1-rhul-ac-uk; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=W9WtcODi1YSggBAWGSoJflUexn1HidQFymOdi8KjsH0=; b=ULc1H/RNZye3o0yy3nbARSwXY8899I7NlZ1OKPAzGJM/wFa6r676AaKZyDOUHsYgPplZfZ7NRCnnraUmQWY6+E00NaFo8KuAV/VqJyW4pGu4Evw6IEv0OwS3b8LozTwCRYqbnOE/3694fC30NjgKshqqslJNtiwRnIEHi3uAWq8=
Received: from AM4PR0301MB1906.eurprd03.prod.outlook.com (10.168.2.156) by AM4PR0301MB2211.eurprd03.prod.outlook.com (10.165.44.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Thu, 1 Mar 2018 21:52:52 +0000
Received: from AM4PR0301MB1906.eurprd03.prod.outlook.com ([fe80::c5a2:a1b:708e:7a80]) by AM4PR0301MB1906.eurprd03.prod.outlook.com ([fe80::c5a2:a1b:708e:7a80%14]) with mapi id 15.20.0548.014; Thu, 1 Mar 2018 21:52:52 +0000
From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
To: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: Possible timing attack on TLS 1.3 padding mechanism
Thread-Index: AQHTsaelJwznZeG3GEqfoybTZY5wZw==
Date: Thu, 1 Mar 2018 21:52:51 +0000
Message-ID: <16A9FD3A-7805-4130-8438-39D0D3E7E3AB@rhul.ac.uk>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.28.0.171108
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Kenny.Paterson@rhul.ac.uk;
x-originating-ip: [88.109.208.96]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0301MB2211; 7:96XfZDXJD6nq/VUDaA6tYgjACRw/HIxpSWC2L8S0yUgmY5lIb7AVwJlSqKFx48qAvNq0E34+EOFkbFx9krduuzHElirN09iOYGJkTmZdmGw3omC2ghN9MjNPyFzJHR7ZoPdJEWGRGOMwuRwy/lq37Crc9CySQpCvqrEVLjkBU/+Gdt7YmFZeLi3iJeBzgUaQz2VjkYf6URF1bxs40Jwd1Q6u4hNBBKZJiUwkIWM+u92Fn6SlBBuvO73BgK4PTxCK
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 85ca0b69-01f0-4487-a1d8-08d57fbec836
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(8989060)(4534165)(4627221)(201703031133081)(201702281549075)(8990040)(5600026)(4604075)(3008032)(2017052603307)(7153060)(7193020); SRVR:AM4PR0301MB2211;
x-ms-traffictypediagnostic: AM4PR0301MB2211:
x-microsoft-antispam-prvs: <AM4PR0301MB2211F56AA1F44DD135FA29BABCC60@AM4PR0301MB2211.eurprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(3002001)(10201501046)(93006095)(93001095)(3231220)(944501231)(52105095)(6041288)(20161123558120)(20161123562045)(201703131423095)(201702281529075)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(6072148)(201708071742011); SRVR:AM4PR0301MB2211; BCL:0; PCL:0; RULEID:; SRVR:AM4PR0301MB2211;
x-forefront-prvs: 05986C03E0
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(366004)(39380400002)(39860400002)(376002)(346002)(189003)(199004)(106356001)(83716003)(99286004)(58126008)(316002)(82746002)(229853002)(551984002)(105586002)(5660300001)(25786009)(186003)(3846002)(74482002)(6116002)(86362001)(786003)(6506007)(26005)(59450400001)(102836004)(36756003)(97736004)(6436002)(478600001)(68736007)(6486002)(66066001)(3280700002)(72206003)(14454004)(8936002)(81156014)(2906002)(81166006)(305945005)(8676002)(7736002)(33656002)(2900100001)(5250100002)(3660700001)(53936002)(6246003)(6512007)(491001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0301MB2211; H:AM4PR0301MB1906.eurprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: rhul.ac.uk does not designate permitted sender hosts)
x-microsoft-antispam-message-info: nItdBp9HeGa9Zj+o1HqSpeA9LSG9YpPOA12XBgnNoz5Mbf6wCi0ueVOTRcAxYs+scx53rTbavc/Wb+tztW5iPN7eUIqmR3yBsU+bOn9DDK0YKm9Jf5xvcd8aLp7JarGgmTwto80hBh3Sa3j5Vv2L7g4BPpHr2V5rktQWU5Zo6DU=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <1B6BE5743467B44CBD90E3152FEAA49D@eurprd03.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: rhul.ac.uk
X-MS-Exchange-CrossTenant-Network-Message-Id: 85ca0b69-01f0-4487-a1d8-08d57fbec836
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Mar 2018 21:52:52.1549 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2efd699a-1922-4e69-b601-108008d28a2e
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0301MB2211
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/-vLI-ThLp28EBwaQX05zIQkmfWM>
Subject: Re: [TLS] Possible timing attack on TLS 1.3 padding mechanism
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Mar 2018 21:52:57 -0000

Hi,

I've been analysing the record protocol spec for TLS 1.3 a bit, specifically the new padding mechanism. I think there's a possible timing attack on a naïve implementation of de-padding. Maybe this is already known to people who've been paying more attention than me!

Recall that the padding mechanism permits an arbitrary number of 00 bytes to be added after the plaintext and content type byte, up to the max record size. This data is then encrypted using whichever AEAD scheme is specified in the cipher suite. This padding scheme is quite important for TLS 1.3 because the current AEAD schemes do leak the length of record plaintexts. There should be no padding oracle style attack possible because of the integrity guarantees of the AEAD schemes in use. 

The idea for the timing attack is as follows. 

The natural way to depad (after AEAD decryption) is to remove the 00 bytes at the end of the plaintext structure one by one, until a non-00 byte is encountered. This is then the content type byte. Notice that the amount of time needed to execute this depadding routine would be proportional to the number of padding bytes. If there's some kind of response record for this record, then measuring the time taken from reception of the target record to the appearance of the response record can be used to infer information about the amount of padding, and thereby, the true length of the plaintext (since the length of the padded plaintext is known from the ciphertext length).

The timing differences here would be small. But they could be amplified by various techniques. For example, the cumulative timing difference over many records could allow leakage of the sum of the true plaintext lengths. Think of a client browser fetching a simple webpage from a browser. The page is split over many TLS records, each of which is individually padded, with the next GET request from the client being the "response record". (This is a pretty simplistic view of how a web browser works, I know!). The total timing difference might then be sufficient for webpage fingerprinting, for example. 

I'm not claiming this is a big issue, but maybe something worth thinking about and addressing in the TLS 1.3 spec.

There's at least a couple of ways to avoid the problem:

1. Do constant-time depadding - by examining every byte in the plaintext structure even after the first non-00 byte is encountered. 
2. Add an explicit padding length field at the end of the plaintext structure, and removing padding without checking its contents. (This should be safe because of the AEAD integrity guarantees.) 

Option 2 is probably a bit invasive at this late stage in the specification process. Maybe a sentence or two on option 1 could be added to the spec.

Thoughts?

Cheers,

Kenny