Downgrade Attack
   HOME

TheInfoList



Click Here for Items Related To - Downgrade Attack
OR:
Downgrade Attack on:   [Wikipedia]   [Google]   [Amazon]

A downgrade attack, also called a bidding-down attack or version rollback attack, is a form of
cryptographic Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or '' -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adve ...
attack on a computer system or communications protocol that makes it abandon a high-quality mode of operation (e.g. an encrypted connection) in favor of an older, lower-quality mode of operation (e.g.
cleartext In cryptography, plaintext usually means unencrypted information pending input into cryptographic algorithms, usually encryption algorithms. This usually refers to data that is transmitted or stored unencrypted. Overview With the advent of comp ...
) that is typically provided for backward compatibility with older systems. An example of such a flaw was found in OpenSSL that allowed the attacker to negotiate the use of a lower version of TLS between the client and server. This is one of the most common types of downgrade attacks.
Opportunistic encryption Opportunistic encryption (OE) refers to any system that, when connecting to another system, attempts to encrypt communications channels, otherwise falling back to unencrypted communications. This method requires no pre-arrangement between the two ...
protocols such as
STARTTLS Opportunistic TLS (Transport Layer Security) refers to extensions in plain text communication protocols, which offer a way to upgrade a plain text connection to an encrypted ( TLS or SSL) connection instead of using a separate port for encrypted ...
are generally vulnerable to downgrade attacks, as they, by design, fall back to unencrypted communication. Websites which rely on redirects from unencrypted HTTP to encrypted HTTPS can also be vulnerable to downgrade attacks (e.g.,
sslstrip Moxie Marlinspike is an American entrepreneur, cryptographer, and computer security researcher. Marlinspike is the creator of Signal (software), Signal, co-founder of the Signal Technology Foundation, and served as the first CEO of Signal Messen ...
), as the initial redirect is not protected by encryption.


Attack

Downgrade attacks are often implemented as part of a
Man-in-the-middle In cryptography and computer security, a man-in-the-middle, monster-in-the-middle, machine-in-the-middle, monkey-in-the-middle, meddler-in-the-middle, manipulator-in-the-middle (MITM), person-in-the-middle (PITM) or adversary-in-the-middle (AiTM) ...
(MITM) attack, and may be used as a way of enabling a cryptographic attack that might not be possible otherwise. Downgrade attacks have been a consistent problem with the SSL/TLS family of protocols; examples of such attacks include the
POODLE , nickname = , stock = , country = Germany or France (see history) , height = , maleheight = , femaleheight = , weight = , maleweight = , femaleweight = , coat ...
attack. Downgrade attacks in the TLS protocol take many forms. Researchers have classified downgrade attacks with respect to four different vectors, which represents a framework to reason about downgrade attacks as follows: There are some recent proposals that exploit the concept of ''prior knowledge'' to enable TLS clients (e.g. web browsers) to protect sensitive domain names against certain types of downgrade attacks that exploit the clients' support for legacy versions or non-recommended ciphersuites (e.g. those that do not support forward secrecy or authenticated encryption) such as the POODLE, ClientHello fragmentation, and a variant of the DROWN (aka "the special drown") downgrade attacks. Removing
backward compatibility Backward compatibility (sometimes known as backwards compatibility) is a property of an operating system, product, or technology that allows for interoperability with an older legacy system, or with input designed for such a system, especially i ...
is often the only way to prevent downgrade attacks. However, sometimes the client and server can recognize each other as up-to-date in a manner that prevents them. For example, if a Web server and user agent both implement
HTTP Strict Transport Security HTTP Strict Transport Security (HSTS) is a policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other co ...
and the user agent knows this of the server (either by having previously accessed it over HTTPS, or because it is on an "HSTS preload list"), then the user agent will refuse to access the site over vanilla HTTP, even if a malicious router represents it and the server to each other as not being HTTPS-capable.


See also

*
Blockchain A blockchain is a type of distributed ledger technology (DLT) that consists of growing lists of records, called ''blocks'', that are securely linked together using cryptography. Each block contains a cryptographic hash of the previous block, a ...
*
Cryptanalysis Cryptanalysis (from the Greek ''kryptós'', "hidden", and ''analýein'', "to analyze") refers to the process of analyzing information systems in order to understand hidden aspects of the systems. Cryptanalysis is used to breach cryptographic sec ...
*
Side-channel attack In computer security, a side-channel attack is any attack based on extra information that can be gathered because of the fundamental way a computer protocol or algorithm is implemented, rather than flaws in the design of the protocol or algorit ...


References

{{Portal bar, Internet Backward compatibility Computer network security Cryptographic attacks Transport Layer Security Web security exploits