Raccoon Attack Could Let Attackers Break SSL/TLS Encryption

One of the essential components of an online business is to create a trusting environment in which customers can feel confident in making purchases. SSL certificates establish a secure connection form the basis of trust.

The main part of an SSL certificate is digitally signed by a trusted CA such as DigiCert. All the browsers come with a pre-installed list of trusted CAs known as the Trusted Route CA Store. To add a reliable route to the CA store and thus become a certificate. The Authority must comply with and audit the security and authentication standards established by a company's browsers.

Here we discuss a Racoon attack that allows an attacker to break the encryption and read sensitive communication under specific conditions. A new researcher has explained the Transport Layer Security (TLS) protocol, which allows the attacker to break this encryption.

Dubbed "Raccoon Attack," is a server-side attack that exploits a side-channel in the cryptographic protocol to extract the shared secret keys used for secure communications between two parties. The cryptographic protocol versions prone to this exploitation are versions 1.2 and lower.

The basic reason for this side-channel is that the THS standard promotes DH secrets' unstable processing. If the ephemeral server keys are reused, this side-channel may allow the attacker to recover the Promaster secret by fixing an example of several hidden problems.

However, the academics stated that this vulnerability is hard to exploit and relies on a specific server configuration to be exploitable and on exact timing measurements.

Using time measurements to compromise a crypto-system and leak sensitive information has been the heart of many timing attacks. This same strategy is employed by Raccoon to the Diffie-Hellman (DH) key exchange process during a TLS Handshake, to trade data over a public network securely. This key generated during the exchange enables secure browsing on the Internet, allowing users to safely visit websites by protecting the communications against man-in-the-middle (MitM) attacks and eavesdropping.

The malicious party records handshake messages between a server and client to break this security wall. This record is then used to initiate new handshakes to the server. The malicious party also records the time it takes for the server to respond to the operations involved in deriving the shared key.

Assuming the attacker can identify the edge case, it allows the bad actor to decipher the original handshake's secret key and ultimately decrypt the Transport Layer Security (TLS) traffic to recover its contents in plaintext.

The attack has its constraints, and it necessitates that the server reuses the same DH ephemeral key (a mode called DHE) across sessions. The attacker must be close to the target server as possible to perform high precision timing measurements.

While Raccoon is hard to replicate in the real world, but several F5 products were found vulnerable to a particular version of the attack (CVE-2020-5929). This version of the attack directly observes the contents of server responses without resorting to timing measurements.

Microsoft, F5, OpenSSL, and Mozilla have all released patches to prevent the attack by addressing the concern with ephemeral key reuse. As a part, Mozilla has turned off the DH and DHE cipher suites in its Firefox browser, and Microsoft's advisory recommends users to disable TLS_DHE.

The analysts found that our attack exploits that servers may reuse the secret DH exponent for many sessions, thus forgoing forward secrecy.

Raccoon teaches a lesson for protocol security: For protocols where some cryptographic secrets can continuously be queried by one of the parties, the attack surface is made broader. The Raccoon attack revealed that we should be careful when giving attackers access to such queries.