Postcards from the Post-HTTP World: Amplification of HTTPS
Vulnerabilities in the Web Ecosystem
Kerwin Sun
“Our results are disquieting: 898 websites are fully compromisable, allowing for script injection, while 977 websites present low integrity pages that the attacker can tamper with.
2
Presentation BreakdownIntroduction
- Problem- Research Goals and Contributions- Background
Solution- Methodology- Results- Discussion
Criticisms- Structure- Ecological validity- Sampling validity- Other limitations
3
1.Introduction
Problem!!!
5
Modern Web Ecosystem becoming very complex- Increase in number of Dependencies- Increase in number of Subdomains
Complexity amplifies vulnerabilities of all websites in the system
- Vulnerabilities propagate through tree- Dependencies and subdomains may be
vulnerable- Communication channels may be vulnerable
Literature in space is limited and outdated- Does not explore true feasibility and viability of
attacks- Does not consider client side mitigation
Research Goals and Contributions
6
Review existing attacks on TLS- Investigate which attacks are still possible
modern clients- Characterize and define attacks as attack trees
(condition analysis)Build and run analysis platform
- Implement checks/conditions defined by attack tree
- Scan top 10,000 websites - Scan auditional 90,816 incoming
dependencies/subdirectories Identify capacity of damage
- Run checks for attacks enabled by TLS vulnerability
- Identify implications of security vulnerability
Background
7
Handshake Protocol- Hello -> Server Hello -> Key exchange -> Cipher
Exchange Finish- Shared Key material = Pre Master Secret (PMS)
Key exchange- RSA key exchange- Static Diffie-Hellman key exchange – (EC)DH - Ephemeral Diffie-Hellman key exchange –
(EC)DHEConfidentiality and integrity
- Provided at the Transport Layer using Record protocol
- Use Keys generated during handshake protocol
2.Solution
Methodology - Known Attacks
9
Protocol version downgrade - Force client side to downgrade TLS version and expose vulnerabilityRSA decryption oracles - Vulnerability in padding scheme in “PKC #1 1.5” algorithm used in PMS exchangeRSA signature oracles - Fast decryption oracles can compute rsa signature and impersonate servers Heartbleed - Long term decryption of server private key, uses side channels
Methodology - Insecure Channels
10
Categorize attacks by which security property they break. 3 different channel states in order of severity. Partially leaky:
- Channel exposing side channel - Attacker able to gain information over time
Leaky: - Vulnerable to MITM attack- Vulnerable to confidentiality attacks- Attacker able to decrypt all dataflow
Tainted: - Attacker able to decrypt all dataflow- Also arbitrarily modify data packets
Attack tree = Condition tree which enable specific attacks to take place
Methodology - Analysis Platform
11
Tool designed for dynamic security analysis
(1) Access website
(2) Collect Dom (subresource/cookies)
(3) Enumerate Subdomain
(4) Run tools to identify cryptographic vulnerabilities
(5) Maps results to attack tree conditions
ResultsWhat did they find???
12
Results
13
Of the 10,000 domains and 90,816 subresources scanned:
- TLS vulnerability present in 5,574 (5,5%) domains- 4,818 allow for establishing tainted channels- 733 allow for establishing leaky channels- 912 allow for establishing partially leaky
channels
5,574Vulnerabilities present
14
Security RisksPage Integrity:
- Inclusion of malicious scripts.
- Stealing of user information.
- Session hijacking.
Authentication Credentials:
- Interception and decryption of web traffic.
- Stealing access credentials.
- Attack gain access to web database.
Web Tracking- Tracking user
information.- Track user
activity/location- Building profile
of target user.
15
2.Criticisms
Praise
17
Looks at only attacks which are practical (with modern browsers)Implementation is comprehensive, attack trees documented and reusableDetailed exploration of security risksMethodology well documentedGood cross referenced sourcesRecommends suggestion of possible security fixes
18
Ethical Limitations
19
Exclusively Public tool Unintrusive scans usedPublished vulnerabilities No attack narrative performed
Result weaknesses
20
Results don't clearly show scale of affected ecosystemResults not comprehensively presented Results measurement assumes all websites of same size
Structure/Presentation issues
21
Structure is unclear and inconsistent Title names are repeated but change meaningSeparation of sections unclear Tables not refered or referred retroactively Some grammatical errors
Other weaknesses
22
Focus on HTTPS/TLS implementation No investigation on how web ecosystem affects other vulnerabilities No investigation into dynamic interaction with other vulnerabilitiesThreat model is static and assumptions are made Computation resource feasibility no explored
THANK YOU FOR LISTENING“The most disquieting aspect here is that just a single vulnerable tracker may significantly harm user privacy at scale, as long as it is popular enough to be included on many different websites”
23