Investigating TLS Version Downgrade in Enterprise Software
Pages 31 - 42
Abstract
In this paper, we revisit the problem of TLS version downgrade, with a specific focus on enterprise software, which are applications that play direct roles in the daily operations of an organization, including remote desktop, email, and VPN clients. Although TLS version downgrade is a classic problem, previous studies have mostly focused on its manifestations in browser applications. However, as TLS continues to gain prominence in other application scenarios, it is crucial to also investigate the implementation and deployment of TLS in other mission-critical appliances that depend upon TLS for their corresponding security guarantees. To this end, we identified and tested 217 enterprise software on 4 mainstream operating systems (OSes) for how they implement and deploy TLS downgrade defenses. We carefully designed a series of experiments to determine whether a client-side enterprise software is vulnerable to downgrade attacks. Results of our experiments paint the enterprise software ecosystem in a positive light, as only 8 enterprise client applications exhibit some vulnerabilities to TLS version downgrade due to missing protection mechanisms. Given the availability and low costs of standardized downgrade defenses, we champion their adoption by software vendors to put an end to the threat of TLS version downgrade. Finally, as various industries are moving away from legacy versions of TLS, it is also time for enterprise software vendors to rethink the necessity and merits of supporting old TLS versions in their products.
References
[1]
David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Béguelin, and Paul Zimmermann. 2015. Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (Denver, Colorado, USA) (CCS '15). Association for Computing Machinery, New York, NY, USA, 5--17. https://doi.org/10.1145/2810103.2813707
[2]
Abhishek A Agrawal. 2022. Top 10 Best Email Apps for 2022. https://integrately.com/blog/best-email-apps
[3]
Eman Salem Alashwali and Kasper Rasmussen. 2018. What's in a downgrade" A Taxonomy of Downgrade Attacks in the TLS Protocol and Application Protocols Using TLS. In Security and Privacy in Communication Networks: 14th International Conference, SecureComm 2018, Singapore, Singapore, August 8--10, 2018, Proceedings, Part II. Springer, 468--487.
[4]
Blake Anderson and David McGrew. 2019. TLS Beyond the Browser: Combining End Host and Network Data to Understand Application Behavior. In Proceedings of the Internet Measurement Conference (Amsterdam, Netherlands) (IMC '19). Association for Computing Machinery, New York, NY, USA, 379--392. https://doi.org/10.1145/3355369.3355601
[5]
Karthikeyan Bhargavan and Gaëtan Leurent. 2016. Transcript Collision Attacks: Breaking Authentication in TLS, IKE, and SSH. In Network and Distributed System Security Symposium. https://doi.org/10.14722/ndss.2016.23418
[6]
Daniel Bleichenbacher. 1998. Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS# 1. In Advances in Cryptology-CRYPTO'98: 18th Annual International Cryptology Conference Santa Barbara, California, USA August 23--27, 1998 Proceedings 18. Springer, 1--12.
[7]
Hanno Böck, Juraj Somorovsky, and Craig Young. 2018. Return Of Bleichenbachertextquoterights Oracle Threat (ROBOT). In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, Baltimore, MD, 817--849. https://www.usenix.org/conference/usenixsecurity18/presentation/bock
[8]
Peter Bright. 2018. Apple, Google, Microsoft, and Mozilla come together to end TLS 1.0. https://arstechnica.com/gadgets/2018/10/browser-vendors-unite-to-end-support-for-20-year-old-tls-1-0/.
[9]
Aldo Cortesi, Maximilian Hils, Thomas Kriechbaumer, and contributors. 2010--. mitmproxy: A free and open source interactive HTTPS proxy. https://mitmproxy.org/ [Version 9.0].
[10]
PCI Security Standards Council. 2018. Migrating from SSL and Early TLS.
[11]
Benjamin Dowling and Douglas Stebila. 2015. Modelling ciphersuite and version negotiation in the TLS protocol. In Information Security and Privacy: 20th Australasian Conference, ACISP 2015, Brisbane, QLD, Australia, June 29--July 1, 2015, Proceedings 20. Springer, 270--288.
[12]
Platon Kotzias, Abbas Razaghpanah, Johanna Amann, Kenneth G. Paterson, Narseo Vallina-Rodriguez, and Juan Caballero. 2018. Coming of Age: A Longitudinal Study of TLS Deployment. In Proceedings of the Internet Measurement Conference 2018 (Boston, MA, USA) (IMC '18). Association for Computing Machinery, New York, NY, USA, 415--428. https://doi.org/10.1145/3278532.3278568
[13]
Hyunwoo Lee, Doowon Kim, and Yonghwi Kwon. 2021. TLS 1.3 in Practice:How TLS 1.3 Contributes to the Internet. In Proceedings of the Web Conference 2021 (Ljubljana, Slovenia) (WWW '21). Association for Computing Machinery, New York, NY, USA, 70--79. https://doi.org/10.1145/3442381.3450057
[14]
Sangtae Lee, Youngjoo Shin, and Junbeom Hur. 2020. Return of version downgrade attack in the era of TLS 1.3. In Proceedings of the 16th International Conference on Emerging Networking EXperiments and Technologies (Barcelona, Spain) (CoNEXT '20). Association for Computing Machinery, New York, NY, USA, 157--168. https://doi.org/10.1145/3386367.3431310
[15]
Moxie Marlinspike. 2009. New Tricks for Defeating SSL in Practice. Black Hat DC, Vol. 2 (2009).
[16]
Bodo Moeller, Thai Duong, and Krzysztof Kotowicz. 2014. This POODLE Bites: Exploiting the SSL 3.0 Fallback. https://security.googleblog.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
[17]
B. Moeller and A. Langley. 2015. TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks. RFC 7507 (Proposed Standard). https://doi.org/10.17487/RFC7507
[18]
Kathleen Moriarty and Stephen Farrell. 2021. Deprecating TLS 1.0 and TLS 1.1. RFC 8996. https://doi.org/10.17487/RFC8996
[19]
Damian Poddebniak, Fabian Ising, Hanno Böck, and Sebastian Schinzel. 2021. Why TLS is better without STARTTLS: A Security Analysis of STARTTLS in the Email Context. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, 4365--4382. https://www.usenix.org/conference/usenixsecurity21/presentation/poddebniak
[20]
Abbas Razaghpanah, Arian Akhavan Niaki, Narseo Vallina-Rodriguez, Srikanth Sundaresan, Johanna Amann, and Phillipa Gill. 2017. Studying TLS Usage in Android Apps. In Proceedings of the 13th International Conference on Emerging Networking EXperiments and Technologies (Incheon, Republic of Korea) (CoNEXT '17). Association for Computing Machinery, New York, NY, USA, 350--362. https://doi.org/10.1145/3143361.3143400
[21]
E. Rescorla. 2018. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446 (Proposed Standard). https://doi.org/10.17487/RFC8446
[22]
Eric Rescorla, Hannes Tschofenig, and Nagendra Modadugu. 2022. The Datagram Transport Layer Security (DTLS) Protocol Version 1.3. RFC 9147. https://doi.org/10.17487/RFC9147
[23]
Anindita Sengupta. 2023. Best Remote Desktop Software. https://www.g2.com/categories/remote-desktop
[24]
Y. Sheffer, R. Holz, and P. Saint-Andre. 2015. Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS). RFC 7457 (Informational). https://doi.org/10.17487/RFC7457
[25]
Mike Taylor. 2019. TLS 1.0 and 1.1 Removal Update. https://hacks.mozilla.org/2019/05/tls-1-0-and-1--1-removal-update/.
[26]
Ka Lok Wu, Man Hong Hue, Ngai Man Poon, Kin Man Leung, Wai Yin Po, Kin Ting Wong, Sze Ho Hui, and Sze Yiu Chau. 2023. Back to School: On the (In)Security of Academic VPNs. In 32nd USENIX Security Symposium (USENIX Security 23). USENIX Association, Anaheim, CA, 5737--5754. https://www.usenix.org/conference/usenixsecurity23/presentation/wu-ka-lok
Index Terms
- Investigating TLS Version Downgrade in Enterprise Software
Recommendations
Return of version downgrade attack in the era of TLS 1.3
CoNEXT '20: Proceedings of the 16th International Conference on emerging Networking EXperiments and TechnologiesTransport Layer Security (TLS) protocol is often vulnerable to version downgrade attacks, where a man-in-the-middle attacker interferes with the handshake protocol and leads the communicating parties to fall back from a higher version of TLS to lower ...
How to Misuse SMTP over TLS: A Study of the (In) Security of Email Server Communication
TRUSTCOM '15: Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA - Volume 01Electronic mail is one of the oldest and widely used services in the Internet. In this paper, an empirical study of the security properties of email server communication within the German IP address space range is presented. Instead of investigating end-...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
June 2024
429 pages
ISBN:9798400704215
DOI:10.1145/3626232
- General Chair:
- João P. Vilela,
- Program Chairs:
- Haya Schulmann,
- Ninghui Li
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 19 June 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- Chinese University of Hong Kong
- Research Grants Council (RGC) of Hong Kong
- Department of Information Engineering, CUHK
Conference
CODASPY '24
Sponsor:
CODASPY '24: Fourteenth ACM Conference on Data and Application Security and Privacy
June 19 - 21, 2024
Porto, Portugal
Acceptance Rates
Overall Acceptance Rate 149 of 789 submissions, 19%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 204Total Downloads
- Downloads (Last 12 months)204
- Downloads (Last 6 weeks)69
Reflects downloads up to 12 Dec 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in