Esistono meccanismi nel protocollo TLS 1.2 contro gli attacchi temporali?

0

Esistono meccanismi nel TLS 1.2 protocol (non implementazione) contro gli attacchi temporali? Ad esempio, che il tempo di risposta dell'handshake dovrebbe essere riempito fino a X millisecondi? O dovrei implementare tali meccanismi manualmente?

    
posta Bleeding Alice 05.08.2017 - 05:32
fonte

1 risposta

2

Sì. Vedi RFC per TLS 1.2 (RFC5246) e nota il MUST.

   Implementation note: Canvel et al. [CBCTIME] have demonstrated a
   timing attack on CBC padding based on the time required to compute
   the MAC.  In order to defend against this attack, implementations
   MUST ensure that record processing time is essentially the same
   whether or not the padding is correct.  In general, the best way to
   do this is to compute the MAC even if the padding is incorrect, and
   only then reject the packet.  For instance, if the pad appears to be
   incorrect, the implementation might assume a zero-length pad and then
   compute the MAC.  This leaves a small timing channel, since MAC
   performance depends to some extent on the size of the data fragment,
   but it is not believed to be large enough to be exploitable, due to
   the large block size of existing MACs and the small size of the
   timing signal.
    
risposta data 08.08.2017 - 15:27
fonte

Leggi altre domande sui tag