SSL Screw Ups
-
Upload
michael-coates -
Category
Documents
-
view
2.483 -
download
0
description
Transcript of SSL Screw Ups
![Page 2: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/2.jpg)
Who am I?
Web Security Engineer @ Mozilla
Contributor OWASP 2010 Top 10
Author OWASP TLS Cheat Sheet
Creator & Leader OWASP AppSensor
Security Blogger http://michael-coates.blogspot.com
2
![Page 3: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/3.jpg)
SSL: Super Shiny Locks
3
![Page 4: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/4.jpg)
Padlock != Secure
4
![Page 5: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/5.jpg)
SSL Growth
> 1 Million SSL Certificates
5
![Page 6: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/6.jpg)
The Good
Confidentiality Integrity Replay Protection End Point Authentication
6
![Page 7: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/7.jpg)
Problem: Usability
7
![Page 8: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/8.jpg)
Problem: User Expectations
How did you get to the site? Is HTTPS in the URL? Are those 0’s or O’s? Did you get any browser warning messages?
Did you click “ok” or “accept” to any popup boxes?
8
![Page 9: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/9.jpg)
Scenario: Insecure Landing Page
9
<form method="POST" action="https://mybank.com/login" > Username: <input type="text" name="user"> <br>
Password: <input type="password" name="pass"> <br> </form>
http://mybank.com
![Page 10: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/10.jpg)
… <form method="POST"
action="http://mybank.com/login" >
…
… <form method="POST"
action="https://mybank.com/login" >
…
Exploiting Insecure Landing Page
10
HTTP REQUEST GET http://mybank.com
HTTP Response
Steven
*******
POST http://mybank.com
user:Steven&pass:JOSHUA
mybank.com
http://mybank.com
Steven
*******
![Page 11: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/11.jpg)
Problem: Insecure Redirects
11
http://mybank.com https://mybank.com
![Page 12: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/12.jpg)
SSL
Insecure Redirects – Behind The Scenes
12
Get http://mybank.com
302 Redirect Location: https://mybank.com
Get https://mybank.com
200 Found
mybank.com
![Page 13: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/13.jpg)
Exploiting Insecure Redirects
13
Get http://mybank.com
302 Redirect Location:
http://mybank.com
https://phishmybank.com
http://malware.com
mybank.com
![Page 14: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/14.jpg)
Insecure Redirects via Google
“Bank of America” http://www.bankofamerica.com/
“Chase” http://www.chase.com/
“Wachovia” http://www.wachovia.com Cookie set on HTTP response too!
“Wells Fargo” http://www.wellsfargo.com/
14
![Page 15: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/15.jpg)
Scenario: Insecure Content
15
SSL Request
Response
Request Response
mybank.com
scripts.com
Request Response
![Page 16: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/16.jpg)
Exploiting Insecure Content
16
SSL Request
Response
Request Response
mybank.com
scripts.com
Request Response
<script>BADNESS</script>
![Page 17: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/17.jpg)
Scenario: HTTP after Login
17
scripts.com
Request Response
Welcome!
Request Response Update
Profile
SSL Request
Response Set SessionID: 5593…
mybank.com
![Page 18: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/18.jpg)
Exploiting HTTP after Login
18
SSL Request
Response Set SessionID: 5593…
mybank.com
scripts.com
Response Welcome!
Response Update Profile
Request SessionID: 5593…
Request SessionID: 5593…
![Page 19: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/19.jpg)
Problem: Cookie Forcing
19
![Page 20: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/20.jpg)
Problem URL Leakage
20
Transition SiteA.com to SiteB.com
Expectation Result
HTTP-‐>HTTP Referrer Leaked Referrer Leaked
HTTP-‐>HTTPS Referrer Leaked Referrer Leaked
HTTPS-‐>HTTP Referrer Secure Referrer Secure
HTTPS-‐>HTTPS Referrer Secure Referrer Leaked
![Page 21: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/21.jpg)
Exploiting URL Leakage
21
Viewing Charlie’s Profile Favorite Movie: Sneakers
Favorite Food: spam Personal Blog: Click Here
https://secure.com?sessionID=55769…
<a href=“https://charlieblog.com”>Click Here</a>
![Page 22: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/22.jpg)
Exploiting URL Leakage
22
SSL Request
secure.com
charlieblog.com Viewing Charlie’s Profile Favorite Movie: Sneakers
Favorite Food: spam Personal Blog: Click Here
Response
SSL
Request GET charlieblog.com HTTP/1.0 Referrer: https://secure.com?sessionID=55769…
![Page 23: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/23.jpg)
Problem: False Internal Trust
23
Internal Network
SSN, Credit Card, Pin, PII…
mybank.com
SSL
![Page 24: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/24.jpg)
Problem: Not all SSL is equal
View Ciphers by Strength
openssl ciphers <strength> -v
Test Server: openssl s_client -connect site.com:443 -cipher <strength>
Test Client: openssl s_server -www -cert cacert.pem -
key cakey.pem
<strength>=NULL|LOW|MEDIUM|HIGH|FIPS
24
FIPS Approved Ciphers ADH-AES256-SHA DHE-RSA-AES256-SHA DHE-DSS-AES256-SHA AES256-SHA ADH-AES128-SHA DHE-RSA-AES128-SHA DHE-DSS-AES128-SHA AES128-SHA ADH-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA EDH-DSS-DES-CBC3-SHA DES-CBC3-SHA
LOW Strength Ciphers ADH-DES-CBC-SHA EDH-RSA-DES-CBC-SHA EDH-DSS-DES-CBC-SHA DES-CBC-SHA DES-CBC-MD5
![Page 25: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/25.jpg)
More Problems
MD5 Collision Rogue CA Creation Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen
Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger http://www.win.tue.nl/hashclash/rogue-ca/
SSLstrip Null Prefix Attacks Against SSL/TLS Certificates Moxie Marlinspike http://www.thoughtcrime.org/software/sslstrip/ http://www.thoughtcrime.org/papers/null-prefix-attacks.pdf
25
![Page 26: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/26.jpg)
MD5 Collision
Attacker requests legitimate cert from CA
Exploits MD5 Collision to create legitimate CA
Issues legit certs from authorized CA
26
![Page 27: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/27.jpg)
MD5 Collision Rogue CA
27
Root CA
CA
SSL Cert amazon.com
Root CA
CA CA
CA
![Page 28: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/28.jpg)
MD5 Collision Rogue CA
28
Root CA
CA
SSL Cert amazon.com
Root CA
CA CA
CA
SSL Cert
Attacker CA
MD5 Collision
![Page 29: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/29.jpg)
Null Prefix Attack
CA Verifies Root Domain Ownership www.foo.com www.blah.foo.com nonexistent.a.b.c.foo.com amazon.com\0.foo.com
Browser SSL Verification Microsoft CryptoAPI - \0 is eos
amazon.com == amazon.com\0.foo.com
29
foo.com
![Page 30: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/30.jpg)
SSLstrip
MitM SSL Connections ARP Spoofing IP Tables
Auto Strip SSL -> HTTPS to HTTP Execute Null Prefix Attack Block Certificate Revocation Messages OCSP Attacks
30
![Page 31: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/31.jpg)
Is There Hope?
Average User == Not Technical
Most Deployments Vulnerable
Specialized Attack Tools Available
31
![Page 32: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/32.jpg)
Doing It Right…
32
The Application SSL only No HTTP -‐> HTTPS redirects : HTTP shows “User Education” message No SSL errors or warnings
The User Bookmark the HTTPS page Stop if any SSL warnings/errors presented
The Browser Set realistic user expectations Support STS/ForceTLS
![Page 33: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/33.jpg)
Solution: Strict Transport Security
Server Side Option Header tells browser to only send HTTPS requests for site
Blocks Connection w/any Errors
33
HTTP/1.1 200 OK Server: Apache Cache-‐Control: private Strict-‐Transport-‐Security : max-‐age=500; includesubdomains
![Page 34: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/34.jpg)
Resources – TLS Cheat Sheet
34
http://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet
Rule -‐ Use TLS for All Login Pages and All Authenticated Pages Rule -‐ Use TLS on Any Networks (External and Internal) Transmitting Sensitive Data Rule -‐ Do Not Provide Non-‐TLS Pages for Secure Content Rule -‐ Do Not Perform Redirects from Non-‐TLS Page to TLS Login Page Rule -‐ Do Not Mix TLS and Non-‐TLS Content Rule -‐ Use "Secure" Cookie Flag Rule -‐ Keep Sensitive Data Out of the URL
![Page 35: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/35.jpg)
Resources - ssllabs.com (Ivan Ristic)
35
![Page 36: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/36.jpg)
Resources – sslfail.com (Tyler Reguly, Marcin Wielgoszewski)
36
![Page 38: SSL Screw Ups](https://reader038.fdocuments.in/reader038/viewer/2022103000/555299f1b4c9051f108b5056/html5/thumbnails/38.jpg)
38