Categories
Web Application Security

What is BEAST?

Browser Exploit Against SSL/TLS

BEAST is an attack against SSL/TLS which is the cryptographic system that protects data sent online. A practical attack was found to be possible against TLS v1.0 and SSLv3.0 (and below). The issue is that the Initialisation Vector (IV) utilised as part of the encryption process can be determined by an attacker. IVs are utilised to prevent encrypted data from being deterministic, they essentially make it harder for attackers to determine patterns in encrypted data. Without them if a repeating pattern is evident in the plaintext then it will be evident in the ciphertext and this type of informations is greatly useful to an attacker. IVs are designed to prevent this, however with the BEAST attack they are shown to be deterministic which greatly reduces their use as a protection mechanism.

It reduces the protection but the deterministic nature is of limited use to an attacker and they are only able to retrieve small amounts of information from the encrypted data, however with attacks against web applications small amounts of data can cause a large impact – if an attacker is able to retrieve information such as session tokens.