Successfully reported this slideshow.
Your SlideShare is downloading. ×

Http2 Security Perspective

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Loading in …3
×

Check these out next

1 of 24 Ad
Advertisement

More Related Content

Advertisement

Similar to Http2 Security Perspective (20)

Advertisement

Recently uploaded (20)

Http2 Security Perspective

  1. 1. HTTP/2 A Security Perspective
  2. 2. Who am I? • Not a pen-tester <Not-yet/> • Threat Analysis Engineer • With NULL since 2009. • PC Gamer • https://github.com/sunilkr • @_badbot
  3. 3. HTTP Trivia •ISO-OSI Layer ? •Official versions till dates? •Rivaled by? •How old is HTTP?
  4. 4. HTTP Trivia •For most of us: HTTP  WWW  Internet.
  5. 5. HTTP Evolution • Started by Sir Tim Berners-Lee in 1989. • Originally designed for transferring HyperText (HTML). • The intention was to create links between pages; The “Web”.
  6. 6. HTTP/0.9 • Never an official version. • No RFC. • Specification is only a couple of pages. • Clients requests an HyperText document, Server delivers. • Client creates connection. • Client sends GET request. • Server sends HTML document. • Server terminates connection marking end of message. • Requests are idempotent.
  7. 7. HTTP/1.0 • RFC 1945 - May 1996. • HTTP became a true messaging protocol. • Defined request and response headers. • Added methods: • HEAD • POST • Added support for other media formats (MIME Types). • Basic Authentication.
  8. 8. HTTP/1.1 RFC 2068 in 1997 (obsoleted by RFC 2616 in 1999) • Added more methods • OPTIONS • PUT • DELETE • TRACE • CONNECT • More status codes • Reusable connection. • Virtual Hosts. • Bandwidth Management. • Caching. • Response streaming.
  9. 9. HTTP/1.1 Hyper Text Transfer Protocol GET /download.html HTTP/1.1 Host: www.ethereal.com User-Agent: Mozilla/5.0 Accept: text/html;q=0.9 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://www.ethereal.com/l HTTP/1.1 200 OK Date: Thu, 13 May 2004 10:17:12 GMT Server: Apache Last-Modified: Tue, 20 Apr 2004 13:17:00 GMT ETag: "9a01a-4696-7e354b00" Accept-Ranges: bytes Content-Length: 18070 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: text/html; charset=ISO-8859-1 <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html …………
  10. 10. Why new HTTP? • Inadequate use of TCP • Not enough data in request/responses. • One transaction per round-trip. • Head of line blocking • Some requests may take longer than others. • Pipelining issues • Few connections per host. • Bloated HTTP headers • Extremely large cookies • Headers are not compressed. Host: cat.hk.as.criteo.com User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://cas.criteo.com/delivery/afr.php?ptv=9&abp=1&zoneid=38 8248&cb=84495440049&nodis=1&charset=UTF- 8&dc=3&atfr=0&loc=https%3A%2F%2Fvanwilgenburg.wordpress.c om%2F2015%2F11%2F22%2Fhow-to-capture-and-decode-http2- traffic-with-wireshark%2F Cookie: eid=*1Ap7Pr2f7E5MRKE2nWevBcU%2bbUWL%2fuELr2TfCeknIxMr e7BHXU6sl2NOQ4xTQMmmcE%2fpP%2f%2bjxgjT58Z7cfzeaEgdxXS V8Qz7wMC5KYLeuAsFgza%2bISy%2bAQqOYhm%2bmQaI%2bshaK 0wLrQIDUhYtySDPYgiYB0g7Ncyx%2fbWiN%2fcVQc%2bwBbEN5EV wYHNxqGp16wuoMx%2fBeDaihRV5HTFWsxXUImZAj5bXhai5mB0 9GzaWh%2brUlJ4Nd7hQdTpiZwm3faLd2YHKH1z9ApJQo%2bwpae Z0Us6%2ffjHcleA6Qit5aTkR1HVNbtGU1kaSQarbWS5GGv0k5wp0lk udhKVcSSp4VZQQPoF%2b1R1RM%2bObYZ%2fx71VmxY2iBV9wQLR K7byMp%2fuPDnog7; udc=*1LbahqkXZ3D4c7uvf%2fuPM6w%3d%3d; zdi=*1b4U4KpFuuqNUwsFewyLzxQ%3d%3d; uid=c0789c78-f944- 4ff1-a605-515e662a5088; __gads=ID=31ee0d4ce58ad5f9:T=1475937455:S=ALNI_MYSo0crw SD7kqO6l4QkHSG463W3Fw Connection: keep-alive
  11. 11. The big problem of Latency
  12. 12. Solving the Latency problem •Spriting • Partial images. •Inlining • data URI. •Concatenation • One big file. •Sharding • Multiple Virtual Hosts • Cache-invalidation issues. • More data transferred than actually required. • Development mess. • Browsers need to wait more. • Server administration issues
  13. 13. HTTP/2 - Overview • RFC 7540 published on 15th May 2015. • RFC7541 defines HPACK. • Based on SPDY/3.x by Google. • Retains HTTP/1.x semantics. • Retains http:// and https:// URL formats. • Still using TCP. • No more minor versions. • Next is HTTP/3 • Reduces optional parts of HTTP.
  14. 14. HTTP/2 - Features • Binary framing. • Stream multiplexing. • Priorities and Dependencies. • Header compression. • Server push. • Flow control. • Protocol upgrade.
  15. 15. HTTP/2 – Binary framing • Total frame header (9 bytes) • Length (3 bytes) • 3 bytes (24 bits) unsigned int value • Can be changed by sending SETTING_MAX_FRAME_SIZE • Does not include header length. • Type (1 byte) • Frame type • Flags (1 byte) • Specific to frame type. • Stream ID (4 bytes) • Reserved (1 bit) • ID (31 bits) • Payload (<length> bytes)
  16. 16. HTTP/2 – Stream Multiplexing • One packet may contain many STREAM (Multiplexed) • STREAM can be split over multiple packets/frames • CONTINUE frame • STREAM has multiple frames • HEADERS Frame • DATA Frame • Frame Types: • PRIORITY • RST_STREAM • SETTINGS • PUSH_PROMISE • PING • GO_AWAY • WINDOW_UPDATE
  17. 17. HTTP/2 – Priorities & Dependencies • Response may not be served in order of requests. • Creates a dependency tree and assign weight. • Prioritize streams based on weight.
  18. 18. HTTP/2 – Header Compression • HPACK (RFC 7541) • Pseudo-headers • Uses 2 tables to map headers to indexes and preserve ordering • Static Table • Used to index fixed list of standard headers. • Dynamic Table • Used to index custom/non-standard headers • Strings and Integer values are represented differently to save space. • Can use Huffman coding for encoding actual values. :method: GET :scheme: http :path: / :authority: www.example.com Byte Decoding Value 82 == Indexed - Add == idx = 2 :method: GET 86 == Indexed - Add == idx = 6 :scheme: http 84 == Indexed - Add == idx = 4 :path: / 41 == Literal indexed == Indexed name (idx = 1) :authority 0f Literal value (len = 15) 15 7777 772e 6578 616d 706c 652e 636f 6d www.example.com 8286 8441 0f77 7777 2e65 7861 6d70 6c65
  19. 19. HTTP/2 – Server Push • Server sends data even before client requests. • Client holds extra data in cache. • Server sends a PUSH_PROMISE frame identifying pushed stream • HEADERS frame of pushed stream is not like usual response headers. • Contains :path of pushed stream DATA. • Client can reject pushed data. • RST_STREAM.
  20. 20. HTTP/2 – Protocol Upgrade • NPN (Next Protocol Negotiation) • Designed for SPDY. • Server’s offer, Client’s choice. • Over TLS only. • ALPN (Application Layer Protocol Negotiation) • HTTP/2 official. • Client’s offer, Server’s choice. • Part of TLS handshake. • Upgrade header (Upgrade: h2c) • To be used on un-encrypted HTTP. • Requires 1 extra roundtrip.
  21. 21. HTTP/2 - Security • Promoted TLS • Minimum TLS version 1.2. • Blacklisted Cipher-Suites. • Minimum key-size requirement. • No TLS renegotiation. • Cross-protocol attacks • TLS+ALPN. • Not much in plain text. • Intermediary Encapsulation Attacks • Invalid header name/values should result in invalid request. • Context aware compressi0n. • BREACH/CRIME • Frame Padding • BREACH/CRIME
  22. 22. HTTP/2 – Security/2 • Huge rework for WAFs • HTTP/2 is binary. • Can use a proxy to translate to HTTP/1.1 traffic. • Opportunistic encryption • Alt-Svc header. • Connection Reuse • Action correlation. • Caching of server push • Limits on HEADERS block size • Denial of Service • Slow Read (CVE-2016-1546) • HPACK Bomb (CVE-2016-1544, CVE-2016-2525) • Dependency Cycle Attack (CVE-2015-8659) • Stream Multiplexing Abuse (CVE-2016-0150)
  23. 23. The Future : QUIC • Quick UDP Internet Connections • TCP + TLS + HTTP/2 over UDP • Long term enhancements to TCP • No more 3 way handshake. • Reduced Round Trip. • Connection Migration. • Proactive speculative retransmission. • Automatic fallback to TCP.
  24. 24. You have a question!? All images are found via Google search. They belong to their respective owners.

Editor's Notes

  • It less about security because we don’t know much about HTTP/2.
  • I have not played any of them.
  • HTTP/0.9 was not official version, only documented.

    Gopher came along the same time. Used to present information in catalogs (mostly recipes)

    First draft in 1989.
  • Used for Human-Machine interaction as well as machine-to-machine interaction.

    Not everything we call web uses HTTP. Like DBs, Peripheral devices, Network management etc.
  • Which protocol at Transport Later?
    Extremely simple.
  • Which header is used to declare media type?

    https://www.w3.org/Protocols/HTTP/1.0/spec.html
  • Method definitions?

    CONNECT is generally used by TLS to connect through proxies.

    CORS?

    Cache-control:

    Transfer-encoding: chunked
  • HTTP stands for? TextFraming

    DEMO1: Wireshark HTTP1
  • Response is only 43 bytes.

    Request length is 1096 bytes

    Half of that is cookies only.
  • DEMO2 : FF timing tool.

    5 Mbps seems optimal.

    Latency is more in mobile networks.
  • Spriting: Download large image, cut into pieces. E.g. national flags.
    Inlining: critical CSS/JS in HTML
    Concatenation: Append multiple CSS and JS into one file
    Sharding: Using multiple host names to parallelize TCP connections
  • Speed is primary concern.
  • Note more text framing.
  • Length is only payload length

    https://raw.githubusercontent.com/bagder/http2-explained/master/images/frame-layout.png
  • Handles TCP misuse
    Less handshakes
    Bandwidth optimization

    http://www.slideshare.net/adrianfcole/http2-whats-inside-and-why
  • Solves the problem of Ahead Of Line Blocking.

    https://nghttp2.org/blog/2014/04/27/how-dependency-based-prioritization-works/
    http://www.slideshare.net/adrianfcole/http2-whats-inside-and-why

  • Will take a few hours to explain HPACK

    DEMO3: Wireshark HTTP/2
  • RST_STREAM frame terminates sending data related to stream from either side
  • How to start talking HTTP/2?

    NPN is not standard but supported by most implementation because it existed before ALPN

    http://image.slidesharecdn.com/0wx7wvsyssixorne6oi4-signature-3e4156dfa5ca73d9c41ffa9d4c46761ec7b02523c13cc2ad1873addb96cbf495-poli-141013224659-conversion-gate01/95/googles-ilya-grigorik-on-http-20-39-638.jpg?cb=1413240588
    https://www.linuxbabe.com/nginx/difference-between-npn-and-alpn-plus-how-to-enable-alpn-on-your-site
  • SNI name is not exactly as DNS name.

    Endpoints MAY treat negotiation of key sizes smaller than the lower limits as a connection error (Section 5.4.1) of type INADEQUATE_SECURITY

    2048 key size for ephemeral finite field Diffie-Hellman
    224 bits for cipher suites that use ephemeral elliptic curve Diffie-Hellman (ECDHE)

    Cross-protocol attacks : an attacker causes a client to initiate a transaction in one protocol toward a server that understands a different protocol. May lead to access to restricted resources.

    Intermediary Encapsulation Attacks: HTTP Splitting

  • New problems

    Opportunistic encryption: There is no was to indicate if Alt-svc endpoint is unencrypted.

    Un-authenticated data in server push.

    Same connection to Sub-Domains also. Request may be directed to wrong server by default.

    Same header may encoded with different values based on order/context.

  • QUIC is developed by Google.

    Connection Migration: uses 64bit id. Can use same ID over multiple interfaces.
  • http://www.http2demo.io/

×