March 09, 2024
Overview
Table of Contents
Background
HTTPS
TLS
Vulnerabilities
Forward Secrecy Vulnerability
Weak Cipher Suites
Quantum Weakness
Others
Conclusion
Background
HTTPS
HTTPS (Hypertext Transfer Protocol Secure) isan application-layer transferprotocol that is secured via encryption. The encryption protocol used today isTLS (Transport Layer Security) andit is the successor of SSL (Secure Sockets Layer).
TLS
TLS is an encryption protocol that operates between layers 4-7 of the OSI model.The most important part of the protocol occurs on layer 4 (the transport layer where TCP occurs). It's in this layer wherethe TLS handshake occurs sequentially after the TCP handshake.During this handshake, the important key exchange occurs(that is associated to the website's certificate). This is also where the biggest potential for vulnerabilities exists. Note that awebsite's certificate is effectively the public key of an asymmetric key pair that you use to establish this key exchange toshare a symmetric private key. This symmetric private key is used to encrypt the actual data because symmetric encryption is more suitablefor larger amounts of data.
Before wrapping up this section, it's important to mention why TLS operates on layers 5-7 (in addition to 4):
- Layer 5 (Session Layer): The key exchange establishes a session by way of the symmetric private key that is exchanged.
- Layer 6 (Presentation Layer): The symmetric private key that is exchanged is responsible for encrypting the data that is transmitted after the key exchange. This encryption is the presentation of the data.
- Layer 7 (Application Layer): This protocol lets the server know that the client is requesting the website through a TLS-secured port (typically through port 443 rather than 80).
Learn more about Symmetric vs Asymmetric Encryption.
Vulnerabilities
All of these vulnerabilities are addressed in TLS 1.3 (except for the quantum weakness).
Forward Secrecy Vulnerability
TLS 1.2 does not enforce Forward Secrecy (it's optional at the server).This means that if someone gains access to the private key that is exchanged in the key exchange, they can use it to decryptall past and future messages. Forward Secrecy restricts private key usage to a single message.
However, it's important to note that exploiting this vulnerability is difficult unless access to either the client or serveris gained.
Weak Cipher Suites
Each version of TLS has an approved list of cipher suites.Several of the cipher suites in TLS 1.2 have vulnerabilities, for example:
- RC4
- DSA
- MD5
- SHA1
- Weak Elliptic Curves
- RSA Key Exchange
- Static Diffie-Hellman (DH, ECDH)
- Triple DES (3DES)
Despite the removal of these weak cipher suites in TLS 1.3, weakness still exists -- to quantum attacks. This type of vulnerabilityis not likely to be exploited, but it's one that some may need to heed, given their application's use case, customers, and scale.
Quantum Weakness
The weakness to quantum attacks has largely to do with Shor's and Grover's algorithms.Shor's algorithm is able to reduce the problem space to intelligently brute force certain asymmetric ciphers from high-order exponential to polynomial time (e.g. RSA). Grover's is able to reducethe problem space to half of its exponential value for a larger number of ciphers (both symmetric and asymmetric, but mostly symmetric), even AES. For example, Grover's can reduce theproblem space from approximately N128 to N64 for AES-128, which puts it in the realm of feasibility for a strong enough computer. AES-256 is consideredquantum-resistant.
Others
Learn more from: HHS Cybersecurity Program.
Conclusion
Nothing that's connected to the internet can ever possibly be 100% secure. However, TLS 1.2 was released in 2008 and if your applicationintends to serve a large scale of customers, this simple update is a low-hanging fruit.
TLS 1.2, alongside this vulnerability, is expected to stick around for many years, given the time it takes for this scale of a deprecation.
Updated: 2024-03-11