Security Bootcamp 2013 - Timing info-leak made easy - Quan Minh Tâm

1,250 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,250
On SlideShare
0
From Embeds
0
Number of Embeds
479
Actions
Shares
0
Downloads
49
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Security Bootcamp 2013 - Timing info-leak made easy - Quan Minh Tâm

  1. 1. Timing Info-leak Made Easy Presenter: Quan Minh Tam
  2. 2. Đơn vị tổ chức: Đơn vị tài trợ:
  3. 3. Outline • Review SSL/TLS weaks • BEAST is not beast • CRIME is not crime – Compression – CRIME • TIME is time – CRIME+ 10/22/2013 11:32 PM www.securitybootcamp.vn
  4. 4. Cryptanalysis • • • • • • • Chosen plaintext | ciphertext Adaptive chosen plaintext | ciphertext Side channel attack Bruteforce attack Meet-in-the middle Linear | differential attack Birthday 10/22/2013 11:32 PM www.securitybootcamp.vn
  5. 5. Timeline • • • • • • BEAST - 2011 CRIME - 2012 BREACH - 2013 LUCKY 13 - 2013 TIME - 2013 RC4 biases in TLS 10/22/2013 11:32 PM www.securitybootcamp.vn
  6. 6. CRIME 10/22/2013 11:32 PM www.securitybootcamp.vn
  7. 7. CRIME • Compression Ratio Info-leak Made Easy • Chosen plaintext attack 10/22/2013 11:32 PM www.securitybootcamp.vn
  8. 8. CRIME 10/22/2013 11:32 PM www.securitybootcamp.vn
  9. 9. COMPRESSION 10/22/2013 11:32 PM www.securitybootcamp.vn
  10. 10. COMPRESSION 10/22/2013 11:32 PM www.securitybootcamp.vn
  11. 11. COMPRESSION 10/22/2013 11:32 PM www.securitybootcamp.vn
  12. 12. COMPRESSION http://www.c-sharpcorner.com/uploadfile/shivprasadk/best-practice-no-4-improve-bandwidth-performance-of-asp-net-sites-using-iis-compression/ 10/22/2013 11:32 PM www.securitybootcamp.vn
  13. 13. COMPRESSION • • • • Gzip/Deflate HTTP Respone body HTTP Request body Header compression – SSL/TLS Compression • Servers: Open SSL, others • Clients: Chrome – SPDY • Server: Apache mod_spdy • Client: -IE 10/22/2013 11:32 PM www.securitybootcamp.vn
  14. 14. CRIME demo 10/22/2013 11:32 PM www.securitybootcamp.vn
  15. 15. How can you become a victim of CRIME? • 1st requirement: the attacker can sniff your network traffic. – You share a (W)LAN. – He's hacked your home router. – He's your network admin, ISP or government. https://docs.google.com/presentation/d/11eBmGiHbYcHR9gL5nDyZChu_-lCa2GizeuOfaLU2HOU/edit#slide=id.g1d134dff_0_165 10/22/2013 11:32 PM www.securitybootcamp.vn
  16. 16. How can you become a victim of CRIME? • 2nd requirement: you visit evil.com. – You click on a link. – Or you surf a nonHTTPS site. https://docs.google.com/presentation/d/11eBmGiHbYcHR9gL5nDyZChu_-lCa2GizeuOfaLU2HOU/edit#slide=id.g1e3070b2_1_21 10/22/2013 11:32 PM www.securitybootcamp.vn
  17. 17. TIME 10/22/2013 11:32 PM www.securitybootcamp.vn
  18. 18. Review • Round-Trip Time (RTT) • Maximum Transmission Unit (MTU) • Maximum Segment Size (MSS) MSS = MTU - sizeof(TCPHDR) - sizeof(IPHDR) • TCP Sliding Window System 10/22/2013 11:32 PM www.securitybootcamp.vn
  19. 19. http://ulam2.cs.luc.edu/ebook/html/slidingwindows.html 10/22/2013 11:32 PM www.securitybootcamp.vn
  20. 20. TIME • Timing Info-leak Made Easy • Chosen Plaintext Attack • Targets compression and timing information leakage 10/22/2013 11:32 PM www.securitybootcamp.vn
  21. 21. • HTTP request – CRIME for request to extract cookie data • HTTP response – Extended CRIME to extract response data – Access a behind authentication resource for user login status detection – Application specific: e.g. number of digits in bank account balance 10/22/2013 11:32 PM www.securitybootcamp.vn
  22. 22. HTTP payload • HTTP Payload size may carry sensitive information – HTTP payload size differences detection is sufficient to extract the sensitive information • Using timing measurements attacker can distinguish HTTP payload size differences • These timing measurements can be done with javascript on attacker site 10/22/2013 11:32 PM www.securitybootcamp.vn
  23. 23. XHR POC • Create HTTP request with XHR – XHR adheres to SOP • Allows GET requests to flow – If headers allow show response – If not, abort • We don’t care for the response – Timing leaks the request size • Use getTime() on XHR events – onreadystatechange • Noise elimination – Repeat the process (say 10 times) and obtain Minimal time 10/23/2013 2:41 AM www.securitybootcamp.vn
  24. 24. • HTML with Javascript, sending method is XHR • Sends one byte diff requests alternately 10 times – The longer request crosses the send window boundary – The shorter is exactly within • Measures requests time • Outputs length and time • Outputs the minimal timing values for both requests’ length 10/23/2013 2:51 AM www.securitybootcamp.vn
  25. 25. XHR 10/22/2013 11:32 PM www.securitybootcamp.vn
  26. 26. 10/23/2013 2:33 AM www.securitybootcamp.vn
  27. 27. 10/23/2013 2:35 AM www.securitybootcamp.vn
  28. 28. 10/22/2013 11:32 PM www.securitybootcamp.vn
  29. 29. 10/23/2013 2:50 AM www.securitybootcamp.vn
  30. 30. Real world SCB 1 10/23/2013 2:53 AM www.securitybootcamp.vn
  31. 31. • Iframe 1 • Use getTime() on iframe events – onLoad – Onreadystatechange(IE) 10/23/2013 3:02 AM www.securitybootcamp.vn
  32. 32. Real world SCB 2 10/23/2013 2:57 AM www.securitybootcamp.vn
  33. 33. • HTTP request with IMG src – It is not a image? Don’t worry – X-Frame-Options? Don’t worry • Use getTime() on img events – onLoad – Onreadystatechange(IE) 10/23/2013 3:07 AM www.securitybootcamp.vn 2
  34. 34. New Risk? 10/23/2013 3:09 AM www.securitybootcamp.vn
  35. 35. New Risk? • Automation attack – via URL – via loadtine • SOP? – data leaked out 10/23/2013 3:12 AM www.securitybootcamp.vn
  36. 36. MITIGATIONS • • • • Adding random timing delays X-Frame-Options Unknown-parameter CAPTCHA, CSRF token 10/22/2013 11:32 PM www.securitybootcamp.vn
  37. 37. MITIGATIONS • Adding random timing delays ineffective 10/23/2013 3:15 AM www.securitybootcamp.vn
  38. 38. MITIGATIONS • X-Frame-Options – Browser should support and respect “XFrame-Options'' header for all content inclusion (not just IFRAME); 10/23/2013 3:23 AM www.securitybootcamp.vn
  39. 39. MITIGATIONS • CSRF protection • Unknow parameter • Captcha 10/23/2013 3:23 AM www.securitybootcamp.vn
  40. 40. That’s all 10/23/2013 3:24 AM www.securitybootcamp.vn

×