BEAST stands for (Browser Exploit Against SSL/TLS)
Somewhat similar to POODLE but with a difference that we chose a plain text(Chosen Plaintext Attack CPA). Using javascript we can inject some plain text on the client side.This attack rely on CBC mode of block cipher.
CBC Mode of Encryption
Cₙ = E ( Pₙ ⊕ Cₙ_₁ ) where C₀ =IV and E is encryption function for e.g. AES/DES, Pₙ is plain text of block size.
In TLS 1.0, next message IV is chosen as the last cipher block of previous message.
What is known:
*All Ciphertext is known.
*Next message IV is previous block.
*Attacker can inject some plain text.
In the diagram above, we know purple and yellow as they are cipher text.We have to modify orange such that both red cipher text match. Remember that AES has 16 bytes block size i.e. 128 bits and it will be tough to guess those many bytes, instead we craft URL such that we only have to guess 1 byte. Something similar that we did in POODLE attack.
Orange part would become: 15 byte of known value || 1 byte of unknown
When the first message get encrypted we know the corresponding cipher text and then when we reach ‘control’ phase we know 15 bytes of known value and after 2⁸ iteration can guess the single byte. Similarly attacker can retries rest of the bytes also.
Mitigation:
Support TLS 1.1 onward on server.
0/n or 1/n-1 approach taken by Chrome.
Reference: