ssl gone in 30 seconds
play

SSL, GONE IN 30 SECONDS b r e a c h A BREACH beyond CRIME SSL, - PowerPoint PPT Presentation

Dec 19, 2022 •252 likes •553 views

Angelo Prado Neal Harris Yoel Gluck SSL, GONE IN 30 SECONDS b r e a c h A BREACH beyond CRIME SSL, GONE IN 30 SECONDS PREVIOUSLY... CRIME Target Requirements Presented at Secrets in HTTP TLS compression ekoparty 2012 headers MITM A

  1. Angelo Prado Neal Harris Yoel Gluck SSL, GONE IN 30 SECONDS b r e a c h A BREACH beyond CRIME SSL, GONE IN 30 SECONDS

  2. PREVIOUSLY... CRIME Target Requirements Presented at Secrets in HTTP TLS compression ekoparty 2012 headers MITM A browser Juliano Rizzo Thai Duong b r e a c h SSL, GONE IN 30 SECONDS

  3. COMPRESSION OVERVIEW DELATE:  LZ77: reducing bits by reducing redundancy • Googling the googles -> Googling the g(-13,4)s  Huffman coding: reducing bits by employing an entropy encoding algorithm • aka. replace common bytes with shorter codes b r e a c h SSL, GONE IN 30 SECONDS

  4. SO ABOUT CRIME... The Compression Oracle: SSL doesn ’ t hide length TLS/SPDY compress headers CRIME issues requests with every possible character, and measures the ciphertext length Looks for the plaintext which compresses the most – guesses the secret byte by byte Requires small bootstrapping sequence knownKeyPrefix=secretCookieValue b r e a c h SSL, GONE IN 30 SECONDS

  5. IT ’ S FIXED! TLS Compression Disabled b r e a c h SSL, GONE IN 30 SECONDS

  6. IT ’ S FIXED! b r e a c h SSL, GONE IN 30 SECONDS

  7. DO NOT PANIC » « IT ’ S FIXED b r e a c h SSL, GONE IN 30 SECONDS

  8. [let ’ s bring it back to life] b r e a c h SSL, GONE IN 30 SECONDS

  9. INTRODUCING B rowser R econnaissance & E xfiltration via BREACH A daptive C ompression of H ypertext b r e a c h SSL, GONE IN 30 SECONDS

  10. BREACH / the ingredients GZIP SSL / TLS [ any version] · Could be turned off ;) · Very prevalent · Highly impractical to turn off · Any browser, any web server A secret in the response body · CSRF, SIDs, PII, ViewState… Fairly stable pages · and much more · It only takes one Attacker-supplied data · Less than 30 seconds for simple pages · Guess (in response body) · Minutes to hours for more complicated dynamic bodies Three-characters prefix · To bootstrap compression MITM / traffic visibility · No tampering / SSL downgrade b r e a c h SSL, GONE IN 30 SECONDS

  11. [PREFIX / sample bootstrap] Guess (in response body) Target secret (CSRF token) b r e a c h SSL, GONE IN 30 SECONDS

  12. BREACH / architecture b r e a c h SSL, GONE IN 30 SECONDS

  13. BREACH / command & control b r e a c h SSL, GONE IN 30 SECONDS

  14. ORACLE ONE CHARACTER AIRBAGS COLLISIONS AT A TIME · Guessing byte-by-byte · Random amount · Attempt recovery for of padding multiple winners · Detect & roll-back from wrong path TWO TRIES · Issue two HTTPs requests per guess https://target-server.com/page.php?blah=blah2... 7 &secret=4bf {}{}(...){}{}{}{}{} &secret=4bf {}{}(...){}{}{}{}{} 7 b r e a c h SSL, GONE IN 30 SECONDS

  15. ORACLE / logic (II) Guess Swap Swap last two characters in the guess  Measure overall size increase  https://target-server.com/page.php?blah=blah2... 7 &secret=4bf &secret=4b f 7 Character set pool (to eliminate Huffman tree changes between guesses) Add all characters to all guesses, shifting the guessed  character into position https://target-server.com/page.php?blah=blah2... &secret=4bf {}{}(...){}{}{}{}{}---a-b-c-d- … -5-6-8-9- … 7 &secret=4bf {}{}(...){}{}{}{}{}---a-b-c-d- … -5-6-7-9- … 8 b r e a c h SSL, GONE IN 30 SECONDS

  16. C&C/ logic Traffic Monitor MITM: ARP spoofing, Transparent relay SSL proxy  DNS, DHCP, WPAD… HTML/JS Controller I. Dynamically generated for specific target server II. Injects & listens to iframe streamer from c&c:81 that dictates the new HTTP requests to be performed ( img.src=. ..) III. Issues the outbound HTTP requests to the target site via the victim's browser, session-riding a valid SSL channel IV. Upon synchronous completion of every request ( onerror ) , performs a unique callback to c&c:82 for the Traffic Monitor to measure encrypted response size b r e a c h SSL, GONE IN 30 SECONDS

  17. C&C/ logic Main C&C Driver Coordinates character guessing  Adaptively issues requests to target website  Listens to JS callbacks upon request completion  Oracle measures -inbound- packets length  Has built-in intelligence for conflict resolution and  recovery b r e a c h SSL, GONE IN 30 SECONDS

  18. ROADBLOCKS Less than ideal conditions: In theory, two-tries allows for short-circuiting once winner  is found In practice, still need to evaluate all candidates  Huffman encoding causes collisions  Conflict resolution & recovery mechanisms (I) (In case of conflict / no winners) 1. Dynamic airbags 2. Look-ahead (2+ characters) – more reliable, but more expensive Best value • • Averages b r e a c h SSL, GONE IN 30 SECONDS

  19. ROADBLOCKS Conflict resolution & recovery mechanisms (II) Rollback (in-memory path, last-known conflict )  Detect substrings in secret/guess  Check compression ratio of guess string  Page URL / HTML entity encoding Can interfere with collision bootstrapping and secret  key-space b r e a c h SSL, GONE IN 30 SECONDS

  20. MORE ROADBLOCKS Circumventing cache For targets & callback – random timestamp  Block mode vs. stream cipher mode Align response to a tipping point and overflow into the  next block Guess Window ( keeping response aligned ) – as we add  characters to the guess, we remove others b r e a c h SSL, GONE IN 30 SECONDS

  21. EVEN MORE ROADBLOCKS Keep-Alive (a premature death) Image requests vs. scripts vs. CORS requests  Browser synchronicity limits (1x) Hard to correlate HTTP requests to TCP segments  Filtering out noise Active application?  Background polling?  b r e a c h SSL, GONE IN 30 SECONDS

  22. YET MORE ROADBLOCKS ‘ Unstable ’ pages (w/ random DOM blocks) Averaging – statistical outlier removal and detection  Collateral effects of Huffman tree Weight (symbol) normalization  Other Misc. Oracles Patent-pending  b r e a c h SSL, GONE IN 30 SECONDS

  23. OVERWHELMED? b r e a c h SSL, GONE IN 30 SECONDS

  24. DEMO TIME (let us pray) b r e a c h SSL, GONE IN 30 SECONDS

  25. THE TOOL b r e a c h SSL, GONE IN 30 SECONDS

  26. MITIGATIONS RANDOMIZING DYNAMIC MASKING THE LENGTH SECRETS THE SECRET · variable padding · dynamic CSRF · random XOR – easy, · fighting against math tokens per request dirty, practical path · /FAIL · downstream enough SEPARATING CSRF-PROTECT THROTTLING SECRETS EVERYTHING & MONITORING · deliver secrets in · unrealistic input-less servlets DISABLING GZIP · chunked secret FOR DYNAMIC separation (lib patch) PAGES b r e a c h SSL, GONE IN 30 SECONDS

  27. FUTUREWORK Better understanding of DEFLATE / GZIP Beyond HTTPS Very generic side-channel  Other protocols, contexts?  Stay tuned for the next BREACH b r e a c h SSL, GONE IN 30 SECONDS

  28. WANT MORE? BreachAttack.com PAPER PRESENTATION POC TOOL b r e a c h SSL, GONE IN 30 SECONDS

  29. THANK YOU EVERYBODY ! Angelo Prado Neal Harris Yoel Gluck angelpm@gmail.com neal.harris@gmail.com yoel.gluck2@gmail.com @PradoAngelo @IAmTheNeal Don ’ t forget to fill out* the questionnaire if you liked it BreachAttack.com * ignore otherwise b r e a c h SSL, GONE IN 30 SECONDS

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SSL, GONE IN 30 SECONDS b r e a c h A BREACH beyond CRIME SSL, GONE IN 30 SECONDS AGENDA

SSL, GONE IN 30 SECONDS b r e a c h A BREACH beyond CRIME SSL, GONE IN 30 SECONDS AGENDA

Angelo Prado Neal Harris Yoel Gluck SSL, GONE IN 30 SECONDS b r e a c h A BREACH beyond CRIME SSL, GONE IN 30 SECONDS AGENDA Proceed with caution: Review of CRIME Introducing BREACH In the weeds Demo time! Mitigations b r e a c h SSL,

526 views • 40 slides
THEY KNEW THEY KNOW 2.5 QUINTILLION BYTES OF DATA A DAY (2,500,000,000,000,000,000) 1000

THEY KNEW THEY KNOW 2.5 QUINTILLION BYTES OF DATA A DAY (2,500,000,000,000,000,000) 1000

THEY KNEW THEY KNOW 2.5 QUINTILLION BYTES OF DATA A DAY (2,500,000,000,000,000,000) 1000 seconds = 17 minutes 1M seconds = 12 days 1B seconds = 32 years 1T seconds = 32,000 years 1Q seconds = Metcalfes Law The

416 views • 20 slides
Seconds Aim I can measure and record time in seconds. Success Criteria I can measure time

Seconds Aim I can measure and record time in seconds. Success Criteria I can measure time

Seconds Aim I can measure and record time in seconds. Success Criteria I can measure time in seconds. I can record my measurements. Minute Measure How many faces can you draw in one minute? Click the timer for a 1 minute countdown.

449 views • 18 slides
How to Add New Fonts to Google Slides in 60 Seconds by Andrew Childress 31 Oct 2018 Length:

How to Add New Fonts to Google Slides in 60 Seconds by Andrew Childress 31 Oct 2018 Length:

6/1/2020 How to Add New Fonts to Google Slides in 60 Seconds How to Add New Fonts to Google Slides in 60 Seconds by Andrew Childress 31 Oct 2018 Length: Short Languages: E ngli s h Google Slides Communication How-To In 60 Seconds Just

363 views • 4 slides
4 Fluency & Reasoning Teaching Slides Hours, Minutes & Seconds 4 Fluency &

4 Fluency & Reasoning Teaching Slides Hours, Minutes & Seconds 4 Fluency &

Time 4 Fluency & Reasoning Teaching Slides Hours, Minutes & Seconds 4 Fluency & Reasoning Teaching Slides www.masterthecurriculum.co.uk Hours, Minutes & Seconds Activity 1 Sort the activities under the headings depending

1.11k views • 64 slides
Prepare pen and paper to write. An activity for Day 1 An activity for Day 1 Take 45 seconds to

Prepare pen and paper to write. An activity for Day 1 An activity for Day 1 Take 45 seconds to

An activity for Day 1 Prepare pen and paper to write. An activity for Day 1 An activity for Day 1 Take 45 seconds to look over the following list of pairs of words, but do not write anything down . An activity for Day 1 Take 45 seconds to look

451 views • 10 slides
Lecture 04: Performance Name: ID: EX-1 If computer A runs a program in 10 seconds and computer

Lecture 04: Performance Name: ID: EX-1 If computer A runs a program in 10 seconds and computer

Lecture 04: Performance Name: ID: EX-1 If computer A runs a program in 10 seconds and computer B runs the same program in 15 seconds, how much faster is A than B? Solution: EX-1 If computer A runs a program in 10 seconds and computer B

317 views • 10 slides
The most important 30 seconds of your presentation As it becomes increasingly difficult for

The most important 30 seconds of your presentation As it becomes increasingly difficult for

The most important 30 seconds of your presentation As it becomes increasingly difficult for businesses to differentiate themselves from their com- petitors a presentation at a business event offers a fantastic opportunity to help you and your

216 views • 3 slides
1 Netscape 1.1 Seeding Process RNG_CreateContext() { (seconds, microseconds) = time of day; /*

1 Netscape 1.1 Seeding Process RNG_CreateContext() { (seconds, microseconds) = time of day; /*

1 Netscape 1.1 Seeding Process RNG_CreateContext() { (seconds, microseconds) = time of day; /* Time elapsed since 1970 */ pid = process ID; ppid = parent process ID; a = mklcpr(microseconds); b = mklcpr(pid + seconds + (ppid << 12)); seed =

302 views • 7 slides
Not Your Typical Grand Reopening! Shut down in seconds it seems, now businesses are trying to

Not Your Typical Grand Reopening! Shut down in seconds it seems, now businesses are trying to

Not Your Typical Grand Reopening! Shut down in seconds it seems, now businesses are trying to move towards reopening in this COVID-19 environment. Employees are anxious, eager, fearful, burned out and more. How to take steps to open back up

121 views • 8 slides
Open Up? Work From Home? What to do! Shut down in seconds it seems, now businesses are trying to

Open Up? Work From Home? What to do! Shut down in seconds it seems, now businesses are trying to

Open Up? Work From Home? What to do! Shut down in seconds it seems, now businesses are trying to move towards reopening. Employees are anxious, eager, fearful, burned out and more. How to take steps to open back up in a safe way. 1 Welcome

327 views • 15 slides
Getting Credentials from a locked Windows PC in 12 Seconds Joe Granneman, MBA, CISSP

Getting Credentials from a locked Windows PC in 12 Seconds Joe Granneman, MBA, CISSP

Getting Credentials from a locked Windows PC in 12 Seconds Joe Granneman, MBA, CISSP Principal Consultant About illumination.io Rockford based Cybersecurity Services Penetration Testing HIPAA, PCI, and GLBA Compliance Testing

225 views • 19 slides
Claude TADONKI MINES ParisTech PSL Research University Centre de Recherche Informatique

Claude TADONKI MINES ParisTech PSL Research University Centre de Recherche Informatique

Got 2 seconds Sequential Expected 84 seconds 84/84 = 1 second !?! Got 25 seconds Claude TADONKI MINES ParisTech PSL Research University Centre de Recherche Informatique claude.tadonki@mines-paristech.fr Sminaire MATHEMATIQUES ET

374 views • 23 slides
Proposed New Finn Hill Fire Station Presented by Kirkland Fire Chief Kevin Nalder When Seconds

Proposed New Finn Hill Fire Station Presented by Kirkland Fire Chief Kevin Nalder When Seconds

When Seconds Count Proposed New Finn Hill Fire Station Presented by Kirkland Fire Chief Kevin Nalder When Seconds Count 20 calls per day 7,200 calls in 2010 Nearly every hour of every day Kirkland Fire Department Firefighters/EMTs are called

294 views • 28 slides
When Seconds Count Proposed New Finn Hill Fire Station Kirkland Fire Chief Kevin Nalder When

When Seconds Count Proposed New Finn Hill Fire Station Kirkland Fire Chief Kevin Nalder When

When Seconds Count Proposed New Finn Hill Fire Station Kirkland Fire Chief Kevin Nalder When Seconds Count 20 calls per day 7,200 calls in 2010 Nearly every hour of every day Kirkland Fire Department Firefighters/EMTs are called to help

389 views • 27 slides
Home? What to do! Shut down in seconds it seems, now businesses are trying to move towards

Home? What to do! Shut down in seconds it seems, now businesses are trying to move towards

Open Up? Work From Home? What to do! Shut down in seconds it seems, now businesses are trying to move towards reopening. Employees are anxious, eager, fearful, burned out and more. How to take steps to open back up in a safe way. Welcome Back

669 views • 8 slides
Survey of Cyber Moving Targets Presented By Sharani Sankaran Moving Target Defense A cyber

Survey of Cyber Moving Targets Presented By Sharani Sankaran Moving Target Defense A cyber

Survey of Cyber Moving Targets Presented By Sharani Sankaran Moving Target Defense A cyber moving target technique refers to any technique that attempts to defend a system and increase the complexity of cyber attacks by making the system

728 views • 27 slides
StratCom in Context: The Hidden Architecture of U.S. Militarism Jacqueline Cabasso Western

StratCom in Context: The Hidden Architecture of U.S. Militarism Jacqueline Cabasso Western

Slide 1 StratCom in Context: The Hidden Architecture of U.S. Militarism Jacqueline Cabasso Western States Legal Foundation April 12, 2008 Presented at the 16 th Annual Space Organizing Conference Global Network Against Weapons & Nuclear

419 views • 18 slides
GOT SPIES IN YOUR WIRES? Agenda 2 2 Introduction Meat and Potatoes Questions

GOT SPIES IN YOUR WIRES? Agenda 2 2 Introduction Meat and Potatoes Questions

Marshall Heilman GOT SPIES IN YOUR WIRES? Agenda 2 2 Introduction Meat and Potatoes Questions Introduction 3 3 Evolution of Cyber Attacks 4 - Technical Problem - Unix Systems -- 1998 - Servers - Attacks Were a Nuisance -

948 views • 47 slides
Participant Manual August 2017 Pre-CERCLA Screening Training Pre-CERCLA Screening Course 1

Participant Manual August 2017 Pre-CERCLA Screening Training Pre-CERCLA Screening Course 1

Pre-CERCLA Screening Training Participant Manual August 2017 Pre-CERCLA Screening Training Pre-CERCLA Screening Course 1 Course Objectives After taking this course, participants will be able to explain: What a Pre-CERCLA Screening

1.02k views • 57 slides
Network Security Today: Finding Complex Attacks at 100Gb/s Robin Sommer International Computer

Network Security Today: Finding Complex Attacks at 100Gb/s Robin Sommer International Computer

Network Security Today: Finding Complex Attacks at 100Gb/s Robin Sommer International Computer Science Institute, & Lawrence Berkeley National Laboratory robin@icsi.berkeley.edu http://www.icir.org/robin TU Mnchen, September 2012

1.27k views • 92 slides
SUPPORTING THE WRITING AND COMMUNICATION SKILLS OF EMERGING SCIENTISTS Susanmarie Harrington

SUPPORTING THE WRITING AND COMMUNICATION SKILLS OF EMERGING SCIENTISTS Susanmarie Harrington

SUPPORTING THE WRITING AND COMMUNICATION SKILLS OF EMERGING SCIENTISTS Susanmarie Harrington University of Vermont Susan.harrington@uvm.edu Lisa Emerson Massey University, NEW ZEALAND L.Emerson@massey.ac.nz Reconnaissance Would you

746 views • 22 slides
Combined functionality and need for new tactics for optimized use of AUV-systems Presentation for

Combined functionality and need for new tactics for optimized use of AUV-systems Presentation for

Combined functionality and need for new tactics for optimized use of AUV-systems Presentation for UDT 2019 AUV 62 System 20 years of R&D 1996-1999 DAIM - Digital Acoustic Imaging . FOI and Saab together with LTH and CTH (Universities)

816 views • 24 slides
Leveragi aging g Physi sics cs for or Se Secu curi rity: Micro ro-PM PMUs Us Anna

Leveragi aging g Physi sics cs for or Se Secu curi rity: Micro ro-PM PMUs Us Anna

Leveragi aging g Physi sics cs for or Se Secu curi rity: Micro ro-PM PMUs Us Anna Scaglione, Arizona State University Funded by the U.S. Department of Energy and the U.S. Department of Homeland Security | cred-c.org 1 Contents

268 views • 22 slides

More recommend