Yet another critical vulnerability exists (CVE-2014-3566) in something we use everyday and much like the other serious vulnerabilities discovered recently this one potentially affects around 97% of the internet.
SSL 3.0 was improved upon by SSL 2.0 by adding SHA-1 based ciphers and support for certificate authentication. This was done as serious security flaws were found in the previous version and so v3.0 was born. TLS 1.0 took over in 1999 but you should really be using at least v1.1 or v1.2 as lets face it, they were created for a reason right? Nobody creates a new version of anything for the fun of it do they, especially when it is being used by a large part of the internet.
Padding attacks are nothing new though as Serge Vaudenay a French cryptographer published back in 2002 and later in 2010 successful attacks were applied to several web application frameworks (WAFS).
What is an Oracle Attack though? Well “an oracle attack is an attack that exploits the availability of a weakness in the system which can be used as an “oracle” which can give a simple go/no go indication to show whether the attacker has reached, or is nearing, their goal. The attacker can then combine the oracle with systematic search of the problem space to complete their attack.”
Ok but what is an oracle? Well “an oracle is a mechanism used by software testers and software engineers for determining whether a test has passed or failed. It is used by comparing the output(s) of the system under test, for a given test case input, to the outputs that the oracle determines that product should have. The term was first used and defined in William Howden’s Introduction to the Theory of Testing.”
Now that we have discovered what a Padding oracle attack is we have pieced together some of the POODLE acronym, it actually stands for “Padding Oracle On Downgraded Legacy Encryption”and it was discovered by Google.
Ok, how does this look in a diagram? Glad you asked as I put together a little flowchart below which you may find interesting as this is a protocol flaw and not an implementation issue.
What you are looking at in the above flowchart is a lot simpler than it looks, it is a Cipher Block Chain (CBC). “In cryptography a mode of operation is an algorithm that uses a block cipher to provide an information service such as confidentiality or authenticity.”
Pretty much your plaintext goes in, it then has an initialization vector (iv) added to it, think of this as a starting variable (sv) which is used to randomise the encryption process, each block of plaintext is encrypted using a key that is derived from the previous block of ciphertext that is scrambled using a process called exclusive-OR (Xor) and padded where necessary to make blocks of the required size.
CBC is still widely used today as you have now discovered with the discovery of POODLE which is sure to have some tools released in the coming days much like the BEAST (Browser Exploit Against SSL/TLS) or CRIME attacks, BEAST like this vulnerability was also discovered by Thai Duong along with Juliano Rizzo and discovered on September 23, 2011.
How do I protect myself from a POODLE attack?
Don’t connect to a Wi-Fi hotspot that you are not in control of as this is where the most probable attack will most likely occur at the time of writing this article. It is possible to be downgraded to SSL 3.0 if using another protocol so even if you are using something else this could be your fall back!
How can I detect it?
Use an Intrusion Detection System (IDS) as signatures already exist to detect such a threat that may be happening on your network.
“Padding oracle attack – Wikipedia, the free encyclopedia.” 2010. 16 Oct. 2014 <http://en.wikipedia.org/wiki/Padding_oracle_attack>
“Oracle (software testing) – Wikipedia, the free encyclopedia.” 2009. 16 Oct. 2014 <http://en.wikipedia.org/wiki/Oracle_(software_testing)>
“Block cipher mode of operation – Wikipedia, the free …” 2004. 16 Oct. 2014 <http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation>