The attack – known as Raccoon – affects TLS 1.2 and previous versions, which specify that any leading bytes beginning with zero in the premaster secret are stripped out. The premaster secret is the shared key used by the client and server to compute the subsequent TLS keys for each session.
"Since the resulting premaster secret is used as an input into the key derivation function, which is based on hash functions with different timing profiles, precise timing measurements may enable an attacker to construct an oracle from a TLS server. This oracle tells the attacker whether a computed premaster secret starts with zero or not," the description of the attack says.
"Based on the server timing behavior, the attacker can find values leading to premaster secrets starting with zero. In the end, this helps the attacker to construct a set of equations and use a solver for the Hidden Number Problem (HNP) to compute the original premaster secret established between the client and the server."
Excerpted from "Raccoon Attack can Compromise Some TLS Connections", by Dennis Fisher
In addition to leading the applied cryptography group, Dan co-directs the computer security lab. His research focuses on applications of cryptography to computer security. His work includes cryptosystems with novel properties, web security, security for mobile devices, and cryptanalysis.
- "Method to keep private data private proves perfect", November 2018
- "Boneh & Wang receive Endowed Professorships", October 2018
- "Dan Boneh and Christos Kozyrakis named as ACM 2016 Fellows", December 2016