[Cryptography] ALPACA

Jerry Leichter leichter at lrw.com
Wed Jun 9 10:16:21 EDT 2021 

This is a new attack - described by Ars Technica at https://arstechnica.com/gadgets/2021/06/hackers-can-mess-with-https-connections-by-sending-data-to-your-email-server/ but the authors' overview at https://alpaca-attack.com is excellent - makes use of an interesting vulnerability in TLS:  TLS certificates validate host names, not IP addresses or port numbers.  So if a server shares the same hostname for multiple services, and active attacker can redirect an HTTPS connection attempt to, say, the SMTP port that speaks TLS (though not, of course, the HTTP that comes embedded in the connection that gets established).  It's possible, in specialized but not impossibly rare circumstances, to leverage this for various attacks.  The authors themselves say this isn't something to get all worked up about ... but it's worth understanding and, over time, blocking.

Cryptographically, nothing new is happening here.  But I think it's yet another illustration of a broad issue in security:  Mechanisms being used in areas they were never designed to serve, opening new holes:

o Social Security numbers were never intended as secure identifiers, but we use them that way all over the place, leading to years of problems as they are, in fact, terrible secure identifiers.
o Text messages were never intended to be private, authenticated, or really have much in the way of any security properties, but we leverage them all over the place as second factors in authentication, which they are poorly suited for.
o Overlapping the previous message, telephone numbers were never intended as secure identifiers, and even ignoring everything else, a good fraction of them are given up and fairly quickly reused every year, making them terrible for anything other than routing calls.

TLS - well, SSL, but assumptions about usage are deeply buried in designs and changing them in later improvements is very tricky - had a very specific goal of securing HTTP connections between browsers and hosts.  We've ended up using it for all kinds of very different purposes.  In its original use, no one but the web server would "speak" SSL, so an attack like this couldn't get started.  These days, SSL/TLS speakers are common.

Our ability to reuse protocols and implementations and such is incredibly powerful - hell, HTTP was originally seen as a way to serve static files.  For security-relevant protocols and implementations, this can have significant hidden dangers.
                                                        -- Jerry

More information about the cryptography mailing list