Sites Inria

Version française

Computer Security

MD - 5/03/2014

Inria has discovered a new loophole in the TLS protocol, widely used to secure data exchanges over the Internet

On the 4th of March 2014, at the IETF 89 conference, a team of Inria researchers announced the discovery of a major security loophole in the TLS protocol. This protocol is the main security mechanism employed to protect communications over the Internet. Under certain circumstances, this weakness would allow hackers to steal the identities of users, particularly in banking and business networks. This loophole only affects a small number of Internet users and an update has already been released to address the problem. However, researchers at Inria are recommending that the TLS protocol be radically rewritten.

TLS, a guarantee of web security

The TLS protocol is used by all connected systems, including browsers, email clients, mobile phones and WiFi routers. It is also the main mechanism used to secure the exchange of money over the Internet. The reliability of this protocol is under constant scrutiny, especially since the recent NSA eavesdropping scandal and a number of critical failures in Apple products. As part of a joint Microsoft Research - Inria research centre, researchers from the Inria Paris – Rocquencourt PROSECCO research team in collaboration with colleagues in Microsoft Research have been developing tests to mathematically prove the security of the TLS protocol. Using these techniques, a determined hacker could steal a user’s security certificate by means of a malicious server and use it, for example, to authorise a bank transfer.

Patch already deployed

The loophole only affects a small proportion of HTTPS Internet addresses where the authentication system uses a TLS certificate. These certificates are needed, for example, to prove one’s identity to a bank or to connect to a company’s internal network. Users can easily protect themselves by downloading the latest versions of the Chrome, Firefox, Internet Explorer or Safari browsers, as these have already been updated to close the loophole. The fact that all these publishers have updated their software is not simply a matter of luck. The PROSECCO team warned them of the problem six months in advance. “We are well used to working with these publishers”, explains Karthik Bhargavan, head of the PROSECCO research team. “We suggested a number of solutions, and most of these have been adopted”.

Other loopholes may still be there

However, Karthik Bhargavan believes that a number of security problems with the protocol may still remain.

We have shown the way. Other, less well-intentioned, programmers may try to find similar exploits. If we want to avoid a succession of similar alerts in the next few years, we are going to have to rewrite the TLS protocol from the ground up.

This week, the PROSECCO team has begun discussions with the Internet Engineering Task Force (IETF) who are responsible for managing the development of the TLS protocol.

Keywords: TLS Protocol Prosecco Security