Question

Suppose Alice and Bob are communicating over an SSL session. Suppose an attacker, who does not have any of the shared keys, inserts a bogus TCP segment into a packet stream with correct TCP checksum and sequence numbers (and correct IP addresses and port numbers). Will SSL at the receiving side accept the bogus packet and pass the payload to the receiving application? Why or why not?

Short answer

No, SSL will reject the bogus packet due to failed decryption and integrity checks.

Step-by-step solution

Understanding SSL session

SSL (Secure Sockets Layer) is designed to provide a secure communication channel. It encrypts the data being transmitted, ensuring both privacy and data integrity between communicating applications.

Checking SSL data encryption

In an SSL session, data is encrypted using shared session keys that are exchanged securely between Alice and Bob during the handshake process. If data arrives that cannot be decrypted with these keys, it is considered invalid.

Evaluating the attacker's packet

The attacker creates a TCP segment with valid sequence numbers and a proper checksum, pretending to be part of the SSL conversation. However, the attacker does not possess the session keys required to encrypt this segment's payload as Alice or Bob does.

SSL decryption failure for bogus packet

When the bogus TCP packet reaches the SSL layer, SSL attempts to decrypt it using session keys. Since the attacker has crafted the packet without these keys, the decryption will fail as the payload does not match any valid encrypted data.

Verification by SSL

SSL performs an integrity check using Message Authentication Code (MAC). Failure to decrypt correctly results in a checksum mismatch under SSL, revealing the packet's invalidity.

Decision of the SSL receiver

Due to the failed decryption and integrity check, SSL will recognize the packet as tampered or invalid. Therefore, it will reject the bogus segment and will not pass it to the application layer.

Key concepts

TCP Segment

A TCP segment is a chunk of data that is transmitted over the network in the TCP/IP model. It consists of a TCP header and a data payload. The header contains essential information that includes:

• Source and destination ports
• Sequence number
• Checksum for error-checking

Before a TCP segment is accepted by the receiving entity, it must pass several checks including the correctness of the sequence number and checksum. However, even if a TCP segment is constructed correctly in these aspects, it does not guarantee acceptance by the layers above it, such as SSL, which performs additional security checks.

Data Encryption

Data encryption is a process of converting plain data or text into a scrambled, unreadable form called ciphertext. The primary goal is to protect confidentiality and integrity during the transmission of data over networks.
Encryption involves algorithms and encryption keys. In an SSL session, shared session keys are created during a secure handshake and used to encrypt all transmitted data, ensuring that even if a malicious party intercepts the data, they cannot understand it without the key.
Whenever data is received, it must be decrypted back into its original form before usage. This process confirms the data’s authenticity, preventing malicious alterations. For Alice and Bob, the encrypted messages ensure their communications are both confidential and tamper-proof.

Session Keys

Session keys are temporary encryption keys used for a specific communication session between two parties. They are critical components in securing SSL, as they protect data transmitted during a session.
When Alice and Bob begin their SSL conversation, they first agree on session keys through a secure handshake process. These keys are then used to encrypt and decrypt the data exchanged between them for the duration of their connection.
Session keys provide several advantages:

• Security: They ensure each session has unique encryption, preventing interceptions of past messages from compromising current communications.
• Performance: Temporary keys can be generated easily and quickly, making them efficient compared to persistent keys.

Without these keys, encrypted data cannot be decrypted properly, showcasing their importance in the overall security of data transmission.

Message Authentication Code (MAC)

A Message Authentication Code (MAC) is a security measure used to verify the integrity and authenticity of a message. During SSL communication, MACs are combined with session keys to ensure messages have not been altered in transit.
The process involves:

• Generating a MAC value from a message using a secret key.
• Sending this MAC along with the message.
• Upon receipt, the receiver generates a MAC from the received message and compares it to the transmitted MAC.

If the two MACs match, the message validates as authentic and unchanged. If they do not, it indicates potential tampering, and the message is flagged or rejected.
In the scenario where an attacker sends a bogus TCP segment, the MAC verification will fail since the attacker, lacking the session keys, cannot produce the correct MAC. This verification is crucial in confirming the security and authenticity of communication in SSL sessions.