agenda
play

Agenda Technical background ! Same-Origin Policy ! - PowerPoint PPT Presentation

Sep 18, 2022 •290 likes •804 views

H TTP ! E ncrypted ! I nformation can be ! S tolen through ! T CP-windows by ! Mathy Vanhoef & Tom Van Goethem Agenda Technical background ! Same-Origin Policy ! Compression-based attacks ! SSL/TLS & TCP ! Nitty gritty

  1. H TTP ! E ncrypted ! I nformation can be ! S tolen through ! T CP-windows by ! Mathy Vanhoef & Tom Van Goethem

  2. Agenda • Technical background ! • Same-Origin Policy ! • Compression-based attacks ! • SSL/TLS & TCP ! • Nitty gritty HEIST details ! • Demo ! • Countermeasures H E I S T 2

  3. Same-Origin Policy GET /vault Mr. Sniffles https://bunnehbank.com H E I S T 3

  4. Same-Origin Policy GET /vault Mr. Sniffles https://bunnehbank.com H E I S T 3

  5. the World Wide Web https://bunnehbank.com Mr. Sniffles H E I S T 4

  6. the World Wide Web https://bunnehbank.com Mr. Sniffles H E I S T 4

  7. the World Wide Web GET /vault https://bunnehbank.com Mr. Sniffles H E I S T 4

  8. the World Wide Web GET /vault https://bunnehbank.com Mr. Sniffles H E I S T 4

  9. the World Wide Web GET /vault https://bunnehbank.com Mr. Sniffles H E I S T 4

  10. the World Wide Web GET /vault https://bunnehbank.com Mr. Sniffles H E I S T 4

  11. the World Wide Web GET /vault https://bunnehbank.com Mr. Sniffles H E I S T 5

  12. the World Wide Web GET /vault https://bunnehbank.com Mr. Sniffles H E I S T 6

  13. Agenda • Technical background ! • Same-Origin Policy ! • Compression-based attacks ! • SSL/TLS & TCP ! • Nitty gritty HEIST details ! • Demo ! • Countermeasures H E I S T 7

  14. /vault Uncompressed Compressed You requested: 
 You requested: 
 /vault 
 /vault 
 vault_secret=carrots4life _secret=carrots4life → 51 bytes → 47 bytes H E I S T 8

  15. /vault?secret=a /vault?secret=c You requested: 
 You requested: 
 /vault?secret=a 
 /vault?secret=c 
 _ carrots4life _ arrots4life → 50 bytes → 49 bytes H E I S T 9

  16. /vault?secret=a /vault?secret=c You requested: 
 You requested: 
 /vault?secret=a 
 /vault?secret=c 
 49 bytes < 50 bytes → 'c' is a correct guess _ carrots4life _ arrots4life → 50 bytes → 49 bytes H E I S T 10

  17. /vault?secret=ca /vault?secret=cb You requested: 
 You requested: 
 /vault?secret=ca 
 /vault?secret=cb 
 _ rrots4life _ arrots4life → 49 bytes → 50 bytes H E I S T 11

  18. /vault?secret=ca /vault?secret=cb You requested: 
 You requested: 
 /vault?secret=ca 
 /vault?secret=cb 
 49 bytes < 50 bytes → 'ca' is a correct guess _ rrots4life _ arrots4life → 49 bytes → 50 bytes H E I S T 12

  19. Compression-based Attacks • Compression and Information Leakage of Plaintext [FSE'02] ! • Chosen plaintext + compression = plaintext leakage ! • CRIME [ekoparty'12] ! • Exploits SSL compression ! • BREACH [Black Hat USA'13] ! • Exploits HTTP compression H E I S T 13

  20. Agenda • Technical background ! • Same-Origin Policy ! • Compression-based attacks ! • SSL/TLS & TCP ! • Nitty gritty HEIST details ! • Demo ! • Countermeasures H E I S T 14

  21. GET /vault TCP handshake S Y N SYN, ACK ACK SSL handshake Client Hello Server Hello P r e - M a s t e r S e c r e t H E I S T 15

  22. GET /vault encrypt( 
 GET /vault HTTP/1.1 
 Cookie: user=mr.sniffles ! Host: bunnehbank.com ! .... 
 ) 1 TCP data packet H E I S T 16

  23. encrypt( ) = 29 TCP data packets H E I S T 17

  24. encrypt( ) = 29 TCP data packets TCP packet 1 initcwnd TCP packet 2 = ... 10 TCP packet 10 H E I S T 18

  25. encrypt( ) = 29 TCP data packets TCP packet 1 initcwnd TCP packet 2 = ... 10 TCP packet 10 10 ACKs H E I S T 18

  26. encrypt( ) = 29 TCP data packets TCP packet 1 initcwnd TCP packet 2 = ... 10 TCP packet 10 10 ACKs cwnd = 20 H E I S T 18

  27. encrypt( ) = 29 TCP data packets TCP packet 1 initcwnd TCP packet 2 = ... 10 TCP packet 10 10 ACKs cwnd = 20 TCP packet 11 ... TCP packet 29 H E I S T 18

  28. HEIST • A set of techniques that allow attacker to determine the exact size of a network response ! • ... purely in the browser ! • Can be used to perform compression-based attacks, such as CRIME and BREACH, in the browser H E I S T 19

  29. Browser Side-channels • Send authenticated request to /vault resource ! fetch('https://bunnehbank.com/vault', {mode: "no-cors", credentials:"include"}) • Returns a Promise , which resolves as soon as browser receives the first byte of the response performance.getEntries()[-1].responseEnd • Returns time when response was completely downloaded H E I S T 20

  30. HEIST • Step 1: find out if response fits in a single TCP window H E I S T 21

  31. Fetching small resource: T2 - T1 is very small TCP handshake 
 first byte 
 complete received initial TCP 
 GET /vault window received time T1 T2 responseEnd initial TCP 
 fetch('...') window sent Promise 
 SSL handshake 
 complete resolves H E I S T 22

  32. Fetching large resource: T2 - T1 is round-trip time TCP handshake 
 first byte 
 second TCP 
 complete received window received initial TCP 
 GET /vault window received time T1 T2 ACK sent responseEnd initial TCP 
 fetch('...') window sent second TCP 
 Promise 
 SSL handshake 
 window sent complete resolves H E I S T 23

  33. HEIST • Step 1: find out if response fits in a single TCP window ! • Step 2: discover exact response size H E I S T 24

  34. Discover Exact Response Size initcwnd second TCP window Reflected content: x bytes Resource size: ?? bytes H E I S T 25

  35. Discover Exact Response Size initcwnd second TCP window Reflected content: x/2 bytes Resource size: ?? bytes H E I S T 26

  36. Discover Exact Response Size initcwnd second TCP window Reflected content: x/2+x/4 bytes Resource size: ?? bytes H E I S T 27

  37. After log(n) checks, we find: 
 ! y bytes of reflected content = 1 TCP window ! ! y+1 bytes of reflected content = 2 TCP windows 
 → resource size = initcwnd - y bytes initcwnd second TCP window Reflected content: y bytes Resource size: ?? bytes H E I S T 28

  38. HEIST • Step 1: find out if response fits in a single TCP window ! • Step 2: discover exact response size ! • Step 3: do the same for large responses ( > initcwnd ) H E I S T 29

  39. Determine size of large responses • Large response = bigger than initial TCP window • initcwnd is typically set to 10 TCP packets ! • ~14kB ! • TCP windows grow as packets are acknowledged ! • We can arbitrarily increase window size H E I S T 30

  40. = 19 TCP data packets GET /foo CWND = 10 10 TCP packets 10 ACKs CWND = 20 GET /vault 19 TCP packets 19 ACKs sent in single 
 TCP window H E I S T 31

  41. HEIST • Step 1: find out if response fits in a single TCP window ! • Step 2: discover exact response size ! • Step 3: do the same for large responses ( > initcwnd ) ! • Step 4: if available, leverage HTTP/2 H E I S T 32

  42. Leveraging HTTP/2 • HTTP/2 is the new HTTP version ! • Preserves the semantics of HTTP ! • Main changes are on the network level ! • Only a single TCP connection is used for parallel requests H E I S T 33

  43. Leveraging HTTP/2 • Determine exact response size without reflected content in the same response ! • Use (reflected) content in other responses on the same server ! • Note that BREACH still requires (a few bytes of) reflective content in the same resource H E I S T 34

  44. = 6 TCP packets /reflect?x=... = 3 TCP packets GET /reflect?x=... CWND = 10 GET /vault Promise 
 9 TCP packets resolves 9 ACKs responseEnd contains both 
 /reflect 
 and /vault H E I S T 35

  45. = 6 TCP packets /reflect?x=... = 5 TCP packets GET /reflect?x=... CWND = 10 GET /vault Promise 
 10 TCP packets resolves 10 ACKs CWND = 20 1 TCP packet contains both 
 1 ACK responseEnd /reflect and 
 part of /vault H E I S T 36

  47. DEMO H E I S T 38

  48. Other targets • Compression-based attacks ! • gzip compression is used by virtually every website ! • Size-exposing attacks ! • Uncover victim's demographics from popular social networks ! • Reveal victim's health conditions from online health websites ! • .... ! • Hard to find sites that are not vulnerable H E I S T 39

  49. Countermeasures • Browser layer ! • Prevent side-channel leak (infeasible) ! • Disable third-party cookies (complete) ! • HTTP layer ! • Block illicit requests (inadequate) ! • Disable compression (incomplete) ! • Network layer ! • Randomize TCP congestion window (inadequate) ! • Apply random padding (inadequate) H E I S T 40

  50. Conclusion • Collection of techniques to discover network response size in the browser , for all authenticated cross-origin resources ! • Side-channel originates from subtle interplay between multiple layers ! • Allows for compression-based and size-exposing attacks ! • HTTP/2 makes exploitation easier ! • Many countermeasures, few that actually work H E I S T 41

  51. H E I S T Questions? Mathy Vanhoef ! Tom Van Goethem ! @vanhoefm ! @tomvangoethem ! mathy.vanhoef@cs.kuleuven.be tom.vangoethem@cs.kuleuven.be

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

R E B I R T H R E B I R T H 1 Meeting Agenda Meeting Agenda Agenda 1

R E B I R T H R E B I R T H 1 Meeting Agenda Meeting Agenda Agenda 1

Annual General Meeting of Shareholders No. 1/2015 28 January 2015 At 1.30 P.M. at Athenee Crystal Hall, 3rd Floor, Plaza Athenee Bangkok R E B I R T H R E B I R T H 1 Meeting Agenda Meeting Agenda Agenda 1 To certify

879 views • 54 slides
Negotiating Conflicts Eff Effectively ti l Agenda Agenda Agenda Agenda Introductions

Negotiating Conflicts Eff Effectively ti l Agenda Agenda Agenda Agenda Introductions

Negotiating Conflicts Eff Effectively ti l Agenda Agenda Agenda Agenda Introductions Introductions 1) Negotiation Characteristics 2) Approaches to Conflict 2) Approaches to Conflict 3) Issues, Positions, and Interests 4)

1.06k views • 60 slides
Web E Web E ngineer ngineer ing Pr ing Pr oc ess oc ess We e k 2 Agenda (Lecture) Agenda

Web E Web E ngineer ngineer ing Pr ing Pr oc ess oc ess We e k 2 Agenda (Lecture) Agenda

Web E Web E ngineer ngineer ing Pr ing Pr oc ess oc ess We e k 2 Agenda (Lecture) Agenda (Lecture) Web Engineering Process W b E i i P Agenda (Lab) Agenda (Lab) Web 2.0 architecture patterns Project proposal P j t l

1.06k views • 19 slides
Anaheim August 27, 2008 Agenda Agenda Agenda Introduction New Rule Requirements

Anaheim August 27, 2008 Agenda Agenda Agenda Introduction New Rule Requirements

Anaheim August 27, 2008 Agenda Agenda Agenda Introduction New Rule Requirements Compliance Plan Upgrade Issues Questions Introduction Introduction Introduction Danny Luong Senior Enforcement Manager Background

989 views • 29 slides
Capital markets day 27 th September 2017 Agenda Time Agenda item Led by Time Agenda item

Capital markets day 27 th September 2017 Agenda Time Agenda item Led by Time Agenda item

Capital markets day 27 th September 2017 Agenda Time Agenda item Led by Time Agenda item Led by 14:15 TEA &amp; COFFEE BREAK 11.00 Introduction Carolyn McCall 11.05 1. Market / Network 14.30 4. Making travel easy &amp; affordable

1.22k views • 90 slides
Community Advisory Group Meeting June 20, 2016 Agenda 1. Welcome, Introductions and Agenda

Community Advisory Group Meeting June 20, 2016 Agenda 1. Welcome, Introductions and Agenda

Community Advisory Group Meeting June 20, 2016 Agenda 1. Welcome, Introductions and Agenda Overview 2. Public Comment (items not on the agenda) 3. CAG Questions and Concerns (items not on the agenda) 4. Labor Issue Update 5. New Generation

1.22k views • 55 slides
Agenda TOSITA Agenda July 15, 2015 9:30 - 10:00: Registration 10:00 -10:10: Welcome- PECO

Agenda TOSITA Agenda July 15, 2015 9:30 - 10:00: Registration 10:00 -10:10: Welcome- PECO

Agenda TOSITA Agenda July 15, 2015 9:30 - 10:00: Registration 10:00 -10:10: Welcome- PECO Perspective Bill Patterer -PECO 10:10- 10:20: Workshop Agenda/ EP-ACT Intro/EV overview Tony Bandiero EP-ACT 10:20- 10:35: EVSEs - What are They?

291 views • 15 slides
Agenda Agenda Linda Rammler, UConn UCEDD (copy from Agenda handout) Fr. John Gallagher,

Agenda Agenda Linda Rammler, UConn UCEDD (copy from Agenda handout) Fr. John Gallagher,

2/21/18 Agenda Agenda Linda Rammler, UConn UCEDD (copy from Agenda handout) Fr. John Gallagher, O.F.M. Cap. (St. Pius X Church) Kim Ranell Newgass (Baptist Church in New Haven) Mary Lou Freitas (Bethany Covenant) Doris

508 views • 5 slides
Mississauga Halton LHIN CSS and MH&amp;A Sector Meeting June 11, 2010 Agenda Agenda Welcome

Mississauga Halton LHIN CSS and MH&amp;A Sector Meeting June 11, 2010 Agenda Agenda Welcome

Mississauga Halton LHIN CSS and MH&amp;A Sector Meeting June 11, 2010 Agenda Agenda Welcome and Agenda Community Care Information Management Program Herb Spence Stakeholder Engagement, HRIS (CCIM) Eugene Cortes - Project Lead,

2.11k views • 122 slides
Welcome June 2020 Agenda I. Welcome and Introductions II. Consent Agenda a. Approval of June

Welcome June 2020 Agenda I. Welcome and Introductions II. Consent Agenda a. Approval of June

Welcome June 2020 Agenda I. Welcome and Introductions II. Consent Agenda a. Approval of June Agenda b. Approval of February minutes c. Women in Jail Research Study III. Old Business a. JRAC Membership b. COVID-19 Strategies and Sustainability

539 views • 26 slides
Todays Agenda Todays Agenda Continued Todays Agenda Continued Save the Date August

Todays Agenda Todays Agenda Continued Todays Agenda Continued Save the Date August

Todays Agenda Todays Agenda Continued Todays Agenda Continued Save the Date August 17 &amp; 18, 2021 10th Annual Nation to Nation Consultation Host: Chickasaw Nation USDA Leadership &amp; Tribal Leaders Oklahoma NRCS

892 views • 65 slides
E-beam and X-ray: Why? What? How? 1 Introduction &amp; Agenda Agenda: We are investing to

E-beam and X-ray: Why? What? How? 1 Introduction &amp; Agenda Agenda: We are investing to

E-beam and X-ray: Why? What? How? 1 Introduction &amp; Agenda Agenda: We are investing to supply and service a growing market E-Beam and X-ray are complementary solution that are financially viable Mevex and IBA are there to help

198 views • 15 slides
Katie Dively, Research Scientist II Agenda Agenda Agenda Agenda Welcome! 7 Step

Katie Dively, Research Scientist II Agenda Agenda Agenda Agenda Welcome! 7 Step

Katie Dively, Research Scientist II Agenda Agenda Agenda Agenda Welcome! 7 Step Communication Process Your Role Next Steps Centers Purpose Centers Purpose Centers Purpose Centers Purpose We are an

744 views • 55 slides
IDN BOF Agenda Harald Alvestrand, chair Agenda - 1 0900: Agenda bash, blue sheet, scribe ! 0910:

IDN BOF Agenda Harald Alvestrand, chair Agenda - 1 0900: Agenda bash, blue sheet, scribe ! 0910:

IDN BOF Agenda Harald Alvestrand, chair Agenda - 1 0900: Agenda bash, blue sheet, scribe ! 0910: Introduction to the IDN revision - John Klensin - An orientation on the main goals of the revision - Explanation of the division of labor between

233 views • 10 slides
#EdSummit @MorenoValleyUSD @BarrCenter 1 Agenda 10:45 Agenda 10:45 - 11:30 am 11:30 am

#EdSummit @MorenoValleyUSD @BarrCenter 1 Agenda 10:45 Agenda 10:45 - 11:30 am 11:30 am

#EdSummit @MorenoValleyUSD @BarrCenter 1 Agenda 10:45 Agenda 10:45 - 11:30 am 11:30 am 10:45 - 10:50 am: Introductions 10:50 - 10:55 am: MVUSD Board President Susan Smith 10:55 - 11:00 am: MVUSD Superintendent Dr. Martinrex Kedziora

408 views • 21 slides
Agenda Item 4: PUBLIC COMMENT Individuals may speak on any topic for up to three minutes; during

Agenda Item 4: PUBLIC COMMENT Individuals may speak on any topic for up to three minutes; during

4/25/19 SA SAN F FRANCISQ SQUITO C CREEK S F C J PA . O R G J O I N T P O W E R S A U T H O R I T Y BOARD OF DIRECTORS MEETING Menlo Park City Council Chambers April 25, 2019 at 2:30 p.m. AGENDA 1. ROLL CALL 2. APPROVAL OF AGENDA 3.

158 views • 15 slides
JPEG Compression Ian Snyder December 11, 2009 Ian Snyder JPEG Compression Outline

JPEG Compression Ian Snyder December 11, 2009 Ian Snyder JPEG Compression Outline

Outline Introduction Images and Compression Walkthrough of JPEG Compression Steps Complete Compression Process Results and Conclusion JPEG Compression Ian Snyder December 11, 2009 Ian Snyder JPEG Compression Outline Introduction Images

594 views • 45 slides
Attribute-Value Reordering for Efficient Hybrid OLAP O WEN K ASER Dept. of Computer Science and

Attribute-Value Reordering for Efficient Hybrid OLAP O WEN K ASER Dept. of Computer Science and

DOLAP03, November 7, 2003. Attribute-Value Reordering for Efficient Hybrid OLAP O WEN K ASER Dept. of Computer Science and Applied Statistics University of New Brunswick, Saint John, NB Canada D ANIEL L EMIRE National Research Council of

713 views • 37 slides
Compression and Similarity Indexing for Time Series Masters Thesis Marco Neumann | 19th of

Compression and Similarity Indexing for Time Series Masters Thesis Marco Neumann | 19th of

CHAIR PROF. BHM Compression and Similarity Indexing for Time Series Masters Thesis Marco Neumann | 19th of August 2016 KIT University of the State of Baden-Wuerttemberg and National Laboratory of the Helmholtz Association www.kit.edu

983 views • 46 slides
Development of high rate MWPC and data compression function with FADC (II) Nguyen Minh Truong

Development of high rate MWPC and data compression function with FADC (II) Nguyen Minh Truong

Development of high rate MWPC and data compression function with FADC (II) Nguyen Minh Truong (Osaka U.), Coworker: Masaharu Aoki(Osaka U.), Youichi Igarashi(KEK), Masatoshi Saito(KEK), Hiroaki Natori (KEK), Nguyen Duy Thong (Osaka U.) Open-It,

310 views • 27 slides
A Novel Scalable IPv6 Lookup Scheme Using Compressed Pipelined Tries Michel Hanna, Sangyeun Cho,

A Novel Scalable IPv6 Lookup Scheme Using Compressed Pipelined Tries Michel Hanna, Sangyeun Cho,

A Novel Scalable IPv6 Lookup Scheme Using Compressed Pipelined Tries Michel Hanna, Sangyeun Cho, and Rami Melhem Computer Science Department, University of Pittsburgh, Pittsburgh, PA, 15260, USA { mhanna,cho,melhem } @cs.pitt.edu Abstract. An

482 views • 14 slides
CO 2 GAS COMPRESSION FLEXIBILITY AND SOLUTIONS THROUGH VARIOUS SERVICES AND DESIGNS JASON SOWELS

CO 2 GAS COMPRESSION FLEXIBILITY AND SOLUTIONS THROUGH VARIOUS SERVICES AND DESIGNS JASON SOWELS

CO 2 GAS COMPRESSION FLEXIBILITY AND SOLUTIONS THROUGH VARIOUS SERVICES AND DESIGNS JASON SOWELS BUSINESS DEVELOPMENT MANAGER JSOWELS@REAGANPOWER.COM CELL: 337-962-5867 AGENDA 1. TYPES OF COMPRESSION SOLUTIONS 2. PROPER CO 2 COMPRESSION SIZING

394 views • 8 slides
SAFE Clean Energy Compression merger Investor presentation Milan, November 2017 Executive

SAFE Clean Energy Compression merger Investor presentation Milan, November 2017 Executive

SAFE Clean Energy Compression merger Investor presentation Milan, November 2017 Executive summary Landi Renzo Group and Clean Energy Fuels (CLNE NASDAC) are considering to merge their wholly owned subsidiaries SAFE and Clean Energy

752 views • 22 slides
Company Presentation SEPTEMBER 2018 Cautionary Statement This presentation includes

Company Presentation SEPTEMBER 2018 Cautionary Statement This presentation includes

Company Presentation SEPTEMBER 2018 Cautionary Statement This presentation includes &quot;forward-looking statements&quot;. Such forward-looking statements are subject to a number of risks and uncertainties, many of which are beyond ARs

1.2k views • 80 slides

More recommend