Scalable Scanning and Automatic Classification of TLS Padding Oracle Vulnerabilities

Explore the intricacies of Transport Layer Security (TLS) padding oracle vulnerabilities in this comprehensive conference talk presented at the Workshop on Attacks in Cryptography 2 (WAC2). Delve into TLS fundamentals, including cipher suites and CBC mode encryption, before examining the history and impact of padding oracle attacks like Lucky13 and ROBOT. Learn about innovative techniques for scanning and classifying vulnerabilities in the wild using tools like TLS-Crawler. Analyze real-world results from the Alexa Top 1 Million websites, and gain insights into vulnerability identification, clustering, and visualization methods. Explore the distinctions between weak, strong, and Poodle oracles, with a focus on recent OpenSSL vulnerabilities. Conclude with an overview of the responsible disclosure process and key contributions to the field of TLS security.

Intro
Transport Layer Security (TLS)
TLS Cipher Suites
TLS Encryption (CBC)
CBC Mode Decryption
CBC Malleability
Padding Oracles in TLS
Insecure Server
TLS Padding Oracle History
Lucky13
ROBOT
Padding Oracles in the Wild
Malformed Message Design
TLS-Crawler
Non-determinism
Prescanning Results
Alexa Top 1 Million Results
Vulnerability Identification
Example Fingerprint
How to visualize this?
Vulnerability Clustering: Example
Observability
Weak, Strong and Poodle Oracles
Weak Oracles
OpenSSL (CVE-2019-1559)
Disclosure Process
Contributions
Conclusion