Skip to content

Der Triple Handshake Angriff auf TLS im Überblick

Geschrieben von Carsten Eilers am

Das folgende “Bild” zeigt die drei Handshakes des Triple Handshake Angriffs im Zusammenhang (nach den ersten drei Bildern in “Triple Handshakes Considered Harmful: Breaking and Fixing Authentication over TLS”).

Drei Handshakes sind gefährlich

                 Schritt 1
 Benutzer                                      Angreifer                                           Ziel
 Client C                                      Server A                                          Server S
    ¦                                             ¦                                                 ¦
    ¦--> ClientHello(cr, [RSA, DH], ...) -------->¦                                                 ¦
    ¦                                             ¦--> ClientHello(cr, [RSA], ...) ---------------->¦
    ¦                                             ¦                                                 ¦
    ¦                                             ¦                                                 ¦
    ¦<------------------------------------------------ ServerHello(sr, sid, RSA, ENC_ALG) <---------¦
    ¦                                             ¦                                                 ¦
    ¦                                             ¦<-- ServerCertificate(cert_S, pk_S) <------------¦
    ¦<-- ServerCertificate(cert_A, pk_A) <--------¦                                                 ¦
    ¦                                             ¦                                                 ¦
    ¦<------------------------------------------------ ServerHelloDone <----------------------------¦
    ¦                                             ¦                                                 ¦
    ¦                                             ¦                                                 ¦
    ¦--> ClientKeyExchange(rsa(pms, pk_A)) ------>¦                                                 ¦
    ¦                                             ¦--> ClientKeyExchange(rsa(pms, pk_S)) ---------->¦
    ¦                                             ¦                                                 ¦
    ¦--> ClientCCS -------------------------------------------------------------------------------->¦
    ¦                                             ¦                                                 ¦
    ¦--> ClientFinished(verifydata(log_1, ms)) -->¦                                                 ¦
    ¦                                             ¦--> ClientFinished(verifydata(log'_1, ms)) ----->¦
    ¦                                             ¦                                                 ¦
    ¦                                             ¦                                                 ¦
    ¦<------------------------------------------------ ServerCCS <----------------------------------¦
    ¦                                             ¦                                                 ¦
    ¦                                             ¦<-- ServerFinished(verifydata(log_2, ms)) <------¦
    ¦<-- ServerFinished(verifydata(log'_2, ms)) <-¦                                                 ¦
    ¦                                             ¦                                                 ¦
    ¦                                             ¦                                                 ¦
 neue Session:                                  kennt:                                     neue Session: 
 sid, ms, anon->cert_A                           sid, ms, cr, sr                           sid, ms, anon->cert_S
 cr, sr, RSA, ENC_ALG                             ¦                                        cr, sr, RSA, ENC_ALG  
    ¦                                             ¦                                                 ¦
    ¦                                             ¦                                                 ¦
    ¦--> Anwendungs-Daten ------------------------------------------------------------------------->¦
    ¦<------------------------------------------------ Anwendungs-Daten <---------------------------¦
    ¦                                             ¦                                                 ¦
    ¦            Schritt 2                        ¦                                                 ¦
    ¦                                             ¦                                                 ¦
    ¦--> ClientHello(cr', sid) -------------------------------------------------------------------->¦
    ¦                                             ¦                                                 ¦
    ¦<------------------------------------------------ ServerHello(sr', sid) <----------------------¦
    ¦                                             ¦                                                 ¦
    ¦<------------------------------------------------ ServerCCS <----------------------------------¦
    ¦                                             ¦                                                 ¦
    ¦<------------------------------------------------ ServerFinished(cvd=verifydata(log_1, ms)) <--¦
    ¦                                             ¦                                                 ¦
    ¦--> ClientCCS -------------------------------------------------------------------------------->¦
    ¦                                             ¦                                                 ¦
    ¦--> ClientFinished(svd=verifydata(log_2, ms)) ------------------------------------------------>¦
    ¦                                             ¦                                                 ¦
 neue Verbindung:                              kennt:                                       neue Verbindung: 
 sid, ms, cr', sr', cvd, svd                 sid, ms, cr', sr'                       sid, ms, cr', sr', cvd, svd
    ¦                                             ¦                                                 ¦
    ¦                                             ¦                                                 ¦
    ¦                                             ¦                                                 ¦
    ¦--> Anwendungs-Daten ------------------------------------------------------------------------->¦
    ¦<------------------------------------------------ Anwendungs-Daten <---------------------------¦
    ¦                                             ¦                                                 ¦
    ¦            Schritt 3                        ¦                                                 ¦
    ¦                                             ¦                                                 ¦
 vorhandene Session:                            kennt:                                     vorhandene Session: 
 sid, ms, anon->cert_A                       sid, ms, cr, sr                               sid, ms, anon->cert_S
 cr, sr, RSA, ENC_ALG                             ¦                                        cr, sr, RSA, ENC_ALG  
    ¦                                             ¦                                                 ¦
 vorhandene Verbindung:                         kennt:                                     vorhandene Verbindung: 
 sid, ms, cr', sr', cvd, svd                 sid, ms, cr', sr'                          sid, ms, cr', sr', cvd, svd
    ¦                                             ¦                                                 ¦
    ¦<-- Anwendungs-Daten_1 -------------------------- Anwendungs-Daten_2 ------------------------->¦
    ¦                                             ¦                                                 ¦
    ¦--> ClientHello(cr", [KEX_ALG'], [ENC_ALG'], cvd) -------------------------------------------->¦
    ¦                                             ¦                                                 ¦
    ¦<------------------------------------ ServerHello(sr", sid', KEX_ALG', ENC_ALG', cvd, svd) <---¦
    ¦                                             ¦                                                 ¦
    ¦<------------------------------------------------ ServerCertificate(cert_S, pk_S) <------------¦
    ¦                                             ¦                                                 ¦
    ¦<------------------------------------------------ ServerKeyExchange(sign(kex_s, sk_s)) <-------¦
    ¦                                             ¦                                                 ¦
    ¦<------------------------------------------------ CertificateRequest <-------------------------¦
    ¦                                             ¦                                                 ¦
    ¦<------------------------------------------------ ServerHelloDone <----------------------------¦
    ¦                                             ¦                                                 ¦
    ¦                                             ¦                                                 ¦
    ¦--> ClientCertificate(cert_C, pk_C)) --------------------------------------------------------->¦
    ¦                                             ¦                                                 ¦
    ¦--> ClientKeyExchange(kex_C) ----------------------------------------------------------------->¦
    ¦                                             ¦                                                 ¦
    ¦--> CertificateVerify(sign(log_1, sk_C), cert_C) --------------------------------------------->¦
    ¦                                             ¦                                                 ¦
    ¦--> ClientCCS -------------------------------------------------------------------------------->¦
    ¦                                             ¦                                                 ¦
    ¦--> ClientFinished(verifydata(log_2, ms') ---------------------------------------------------->¦
    ¦                                             ¦                                                 ¦
    ¦<------------------------------------------------ ServerCCS <----------------------------------¦
    ¦                                             ¦                                                 ¦
    ¦<------------------------------------------------ ServerFinished(verifydata(log_3, ms')) <-----¦
    ¦                                             ¦                                                 ¦
    ¦                                             ¦                                                 ¦
 neue Session:                                  kennt:                                       neue Session: 
 sid', ms', cert_C->cert_S                      cert_C                                sid, ms, cert_C->cert_S
 cr", sr", KEX_ALG', ENC_ALG'                     ¦                                   cr", sr", KEX_ALG', ENC_ALG'
    ¦                                             ¦                                                 ¦
    ¦--> Anwendungs-Daten_3------------------------------------------------------------------------>¦
    ¦                                             ¦                                                 ¦
    ¦<------------------------------------------------ Anwendungs-Daten_4 <-------------------------¦
    ¦                                             ¦                                                 ¦
 Erhalten von A:                                                                             Erhalten von C:
Anwendungs-Daten_1                                                                          Anwendungs-Daten_2           
      +                                                                                             +
Anwendungs-Daten_4                                                                          Anwendungs-Daten_3

Carsten Eilers

Trackbacks

Keine Trackbacks

Kommentare

Ansicht der Kommentare: Linear | Verschachtelt

Noch keine Kommentare

Kommentar schreiben

Die angegebene E-Mail-Adresse wird nicht dargestellt, sondern nur für eventuelle Benachrichtigungen verwendet.
Standard-Text Smilies wie 🙂 und 😉 werden zu Bildern konvertiert.
BBCode-Formatierung erlaubt
Formular-Optionen

Kommentare werden erst nach redaktioneller Prüfung freigeschaltet!