fbpx
Wikipedia

Downgrade attack

May 01, 2024

A downgrade attack, also called a bidding-down attack,[1] or version rollback attack, is a form of cryptographic attack on a computer system or communications protocol that makes it abandon a high-quality mode of operation (e.g. an encrypted connection) in favor of an older, lower-quality mode of operation (e.g. cleartext) that is typically provided for backward compatibility with older systems.[2] An example of such a flaw was found in OpenSSL that allowed the attacker to negotiate the use of a lower version of TLS between the client and server.[3] This is one of the most common types of downgrade attacks. Opportunistic encryption protocols such as STARTTLS are generally vulnerable to downgrade attacks, as they, by design, fall back to unencrypted communication. Websites which rely on redirects from unencrypted HTTP to encrypted HTTPS can also be vulnerable to downgrade attacks (e.g., sslstrip), as the initial redirect is not protected by encryption.[4]

Attack edit

Downgrade attacks are often implemented as part of a Man-in-the-middle (MITM) attack, and may be used as a way of enabling a cryptographic attack that might not be possible otherwise.[5] Downgrade attacks have been a consistent problem with the SSL/TLS family of protocols; examples of such attacks include the POODLE attack.

Downgrade attacks in the TLS protocol take many forms.[6] Researchers have classified downgrade attacks with respect to four different vectors, which represents a framework to reason about downgrade attacks as follows:[6]

  1. The protocol element that is targeted
    • Algorithm
    • Version
    • Layer
  2. The type of vulnerability that enables the attack
    • Implementation
    • Design
    • Trust-model
  3. The attack method
    • Dropping
    • Modification
    • Injection
  4. The level of damage that the attack causes
    • Broken Security
    • Weakened Security

There are some recent proposals[7][8] that exploit the concept of prior knowledge to enable TLS clients (e.g. web browsers) to protect sensitive domain names against certain types of downgrade attacks that exploit the clients' support for legacy versions or non-recommended ciphersuites (e.g. those that do not support forward secrecy or authenticated encryption) such as the POODLE, ClientHello fragmentation,[9][10] and a variant of the DROWN (aka "the special drown") downgrade attacks. [clarification needed]

Removing backward compatibility is often the only way to prevent downgrade attacks. However, sometimes the client and server can recognize each other as up-to-date in a manner that prevents them. For example, if a Web server and user agent both implement HTTP Strict Transport Security and the user agent knows this of the server (either by having previously accessed it over HTTPS, or because it is on an "HSTS preload list"[11][12][13]), then the user agent will refuse to access the site over vanilla HTTP, even if a malicious router represents it and the server to each other as not being HTTPS-capable.

See also edit

References edit

  1. ^ "Security Implications of 5G Networks" (PDF). U C Berkley Center for Long-Term Cybersecurity. Retrieved 24 November 2021.
  2. ^ "Version rollback attack".
  3. ^ Praetorian (19 August 2014). "Man-in-the-Middle TLS Protocol Downgrade Attack". Praetorian. Retrieved 13 April 2016.
  4. ^ Mutton, Paul (17 March 2016). "95% of HTTPS servers vulnerable to trivial MITM attacks | Netcraft". www.netcraft.com. Retrieved 11 December 2023.
  5. ^ "Downgrade attack". encyclopedia.kaspersky.com. Retrieved 5 September 2023.
  6. ^ a b Alashwali, E. S. and Rasmussen, K. (2018). What's in a Downgrade? A Taxonomy of Downgrade Attacks in the TLS Protocol and Application Protocols Using TLS. 4th Int. Workshop on Applications and Techniques in Cyber Security (ATCS) co-located with 14th Int. Conf. in Security and Privacy in Communication Networks (SecureComm). Springer. pp. 469–487. arXiv:1809.05681.{{cite conference}}: CS1 maint: multiple names: authors list (link)
  7. ^ Alashwali, E. S. and Rasmussen, K. (2018). On the Feasibility of Fine-Grained TLS Security Configurations in Web Browsers Based on the Requested Domain Name. 14th Int. Conf. in Security and Privacy in Communication Networks (SecureComm). Springer. pp. 213–228. arXiv:1809.05686.{{cite conference}}: CS1 maint: multiple names: authors list (link)
  8. ^ Alashwali, E. S. and Szalachowski, P. (2018). DSTC: DNS-based Strict TLS Configurations. 13th Int. Conf. on Risks and Security of Internet and Systems (CRISIS). Springer. arXiv:1809.05674.{{cite conference}}: CS1 maint: multiple names: authors list (link)
  9. ^ ldapwiki. . Archived from the original on 17 March 2020. Retrieved 30 January 2019.
  10. ^ Beurdouche, B., Delignat-Lavaud, A., Kobeissi, N., Pironti, A., Bhargavan, K. (2015). FLEXTLS A Tool for Testing TLS Implementations. 9th USENIX Workshop on Offensive Technologies ({WOOT} 15. USENIX. Retrieved 30 January 2019.{{cite conference}}: CS1 maint: multiple names: authors list (link)
  11. ^ Adam Langley (8 July 2010). "Strict Transport Security". The Chromium Projects. Retrieved 22 July 2010.
  12. ^ David Keeler (1 November 2012). "Preloading HSTS". Mozilla Security Blog. Retrieved 6 February 2014.
  13. ^ Bell, Mike; Walp, David (16 February 2015). "HTTP Strict Transport Security comes to Internet Explorer". Retrieved 16 February 2015.

May 01, 2024
downgrade, attack, this, article, needs, additional, citations, verification, please, help, improve, this, article, adding, citations, reliable, sources, unsourced, material, challenged, removed, find, sources, news, newspapers, books, scholar, jstor, septembe. This article needs additional citations for verification Please help improve this article by adding citations to reliable sources Unsourced material may be challenged and removed Find sources Downgrade attack news newspapers books scholar JSTOR September 2016 Learn how and when to remove this message A downgrade attack also called a bidding down attack 1 or version rollback attack is a form of cryptographic attack on a computer system or communications protocol that makes it abandon a high quality mode of operation e g an encrypted connection in favor of an older lower quality mode of operation e g cleartext that is typically provided for backward compatibility with older systems 2 An example of such a flaw was found in OpenSSL that allowed the attacker to negotiate the use of a lower version of TLS between the client and server 3 This is one of the most common types of downgrade attacks Opportunistic encryption protocols such as STARTTLS are generally vulnerable to downgrade attacks as they by design fall back to unencrypted communication Websites which rely on redirects from unencrypted HTTP to encrypted HTTPS can also be vulnerable to downgrade attacks e g sslstrip as the initial redirect is not protected by encryption 4 Attack editDowngrade attacks are often implemented as part of a Man in the middle MITM attack and may be used as a way of enabling a cryptographic attack that might not be possible otherwise 5 Downgrade attacks have been a consistent problem with the SSL TLS family of protocols examples of such attacks include the POODLE attack Downgrade attacks in the TLS protocol take many forms 6 Researchers have classified downgrade attacks with respect to four different vectors which represents a framework to reason about downgrade attacks as follows 6 The protocol element that is targeted AlgorithmVersionLayerThe type of vulnerability that enables the attack ImplementationDesignTrust modelThe attack method DroppingModificationInjectionThe level of damage that the attack causes Broken SecurityWeakened Security There are some recent proposals 7 8 that exploit the concept of prior knowledge to enable TLS clients e g web browsers to protect sensitive domain names against certain types of downgrade attacks that exploit the clients support for legacy versions or non recommended ciphersuites e g those that do not support forward secrecy or authenticated encryption such as the POODLE ClientHello fragmentation 9 10 and a variant of the DROWN aka the special drown downgrade attacks clarification needed Removing backward compatibility is often the only way to prevent downgrade attacks However sometimes the client and server can recognize each other as up to date in a manner that prevents them For example if a Web server and user agent both implement HTTP Strict Transport Security and the user agent knows this of the server either by having previously accessed it over HTTPS or because it is on an HSTS preload list 11 12 13 then the user agent will refuse to access the site over vanilla HTTP even if a malicious router represents it and the server to each other as not being HTTPS capable See also editSide channel attackReferences edit Security Implications of 5G Networks PDF U C Berkley Center for Long Term Cybersecurity Retrieved 24 November 2021 Version rollback attack Praetorian 19 August 2014 Man in the Middle TLS Protocol Downgrade Attack Praetorian Retrieved 13 April 2016 Mutton Paul 17 March 2016 95 of HTTPS servers vulnerable to trivial MITM attacks Netcraft www netcraft com Retrieved 11 December 2023 Downgrade attack encyclopedia kaspersky com Retrieved 5 September 2023 a b Alashwali E S and Rasmussen K 2018 What s in a Downgrade A Taxonomy of Downgrade Attacks in the TLS Protocol and Application Protocols Using TLS 4th Int Workshop on Applications and Techniques in Cyber Security ATCS co located with 14th Int Conf in Security and Privacy in Communication Networks SecureComm Springer pp 469 487 arXiv 1809 05681 a href Template Cite conference html title Template Cite conference cite conference a CS1 maint multiple names authors list link Alashwali E S and Rasmussen K 2018 On the Feasibility of Fine Grained TLS Security Configurations in Web Browsers Based on the Requested Domain Name 14th Int Conf in Security and Privacy in Communication Networks SecureComm Springer pp 213 228 arXiv 1809 05686 a href Template Cite conference html title Template Cite conference cite conference a CS1 maint multiple names authors list link Alashwali E S and Szalachowski P 2018 DSTC DNS based Strict TLS Configurations 13th Int Conf on Risks and Security of Internet and Systems CRISIS Springer arXiv 1809 05674 a href Template Cite conference html title Template Cite conference cite conference a CS1 maint multiple names authors list link ldapwiki ClientHello Archived from the original on 17 March 2020 Retrieved 30 January 2019 Beurdouche B Delignat Lavaud A Kobeissi N Pironti A Bhargavan K 2015 FLEXTLS A Tool for Testing TLS Implementations 9th USENIX Workshop on Offensive Technologies WOOT 15 USENIX Retrieved 30 January 2019 a href Template Cite conference html title Template Cite conference cite conference a CS1 maint multiple names authors list link Adam Langley 8 July 2010 Strict Transport Security The Chromium Projects Retrieved 22 July 2010 David Keeler 1 November 2012 Preloading HSTS Mozilla Security Blog Retrieved 6 February 2014 Bell Mike Walp David 16 February 2015 HTTP Strict Transport Security comes to Internet Explorer Retrieved 16 February 2015 Portal nbsp Internet Retrieved from https en wikipedia org w index php title Downgrade attack amp oldid 1189382762, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.