truncating tls connections to violate beliefs in web
play

Truncating TLS Connections to Violate Beliefs in Web Applications - PowerPoint PPT Presentation

May 11, 2023 •14 likes •164 views

Truncating TLS Connections to Violate Beliefs in Web Applications Ben Smyth & Alfredo Pironti 27 July 1 Aug 2013 http://www.bensmyth.com http://alfredo.pironti.eu/research/ Contribution Attacks which truncate TLS connections to exploit

  1. Truncating TLS Connections to Violate Beliefs in Web Applications Ben Smyth & Alfredo Pironti 27 July – 1 Aug 2013 http://www.bensmyth.com http://alfredo.pironti.eu/research/

  2. Contribution Attacks which truncate TLS connections to exploit logical web application flaws, enabling: Cast votes [on behalf of honest voters] in Helios elections ● Full control of Microsoft Live accounts ● Temporary access to Google accounts ● We suspect our insights will lead to the discovery of further attacks.

  3. TLS security Application Security: Server (and client) authentication ● Confidentiality ● Crypto TLS Integrity: messages received as sent ● – Single connection TCP Termination modes: Graceful closure ● – all messages received as sent Te Termination mod odes Termination modes Fatal closure (e.g., after a corrupt message) ● ignored ignored – a prefix of messages received as sent

  4. Truncating TLS connections “ failure to properly close a connection no longer requires that a session not be resumed [...] to conform with widespread implementation practice ” – TLS specification Consider a wire transfer to “ Charlie's Angels” : POST /wire_transfer.php HTTP/1.1 Host: mybank.com Content-Type: application/x-www-form- urlencoded Content-Length: 40 amount=1000&recipient=Charlie%27s_Angels Suppose the request is fragmented by TLS 1)POST […] recipient=Charlie 2)%27s_Angels Attack: Drop the 2 nd fragment to transfer money to Charlie.

  5. Truncating TLS connections “ failure to properly close a connection no longer requires that a session not be resumed [...] to conform with widespread implementation practice ” – TLS specification Consider a wire transfer to “ Charlie's Angels” : Server ignores: termination mode ● POST /wire_transfer.php HTTP/1.1 Host: mybank.com Content-Length field ● Content-Type: application/x-www-form- urlencoded Fix: Content-Length: 40 wire transfers upon ● amount=1000&recipient=Charlie%27s_Angels graceful closure only Suppose the request is fragmented by TLS check lengths ● 1)POST […] recipient=Charlie 2)%27s_Angels Attack works against Apache Attack: Drop the 2 nd fragment to transfer money to Charlie. Henceforth, we consider truncation attacks which drop messages, rather than fragments

  6. Challenges for web applications Web applications: Browsers maintain multiple ● connections (to load content in parallel, for example) TLS provides: No integrity gaurantees ● across multiple connections – hence, ordering issues between connections

  7. Challenges for web applications Web applications: Browsers maintain multiple ● connections (to load content in parallel, for example) TLS provides: Adversary model (standard): ● Adversary has full control of No integrity gaurantees ● the network across multiple connections – hence, ordering issues – i.e., read, delete, and between connections inject messages

  8. Helios electronic voting system A cryptographically verifiable electronic voting system Verifiability enables us to use untrusted DREs and check afterwards that the claimed result is valid

  9. Helios: Ballot casting 1) REQUESTS https://vote.heliosvoting.org/helios/elections/<<id>>/cast_done Response: 200 - OK; HTML payload: … <p><b>For your safety, we have logged you out.</b></p> <iframe border="0" src="/auth/logout" frameborder="0" height="0" width="0"> </iframe> … 2) REQUESTS https://vote.heliosvoting.org/auth/logout Response: 302 - Moved Temporarily Location[http://vote.heliosvoting.org/] Notification of sign-out before DRE makes the request! 3) Truncate sign-out request 4) Use the DRE to cast a new vote No TLS protection: sign-out request (2) and adversary (4) use different connections. However, attack is detected, because Helios is verifiable. Fix: (1) & (2) atomic. A video demonstrating this attack will be available online.

  10. Microsoft Live accounts Setting: Shared computer (e.g., public library, work place, …) ● – Trusted computer, i.e., not tampered with – Adversary accesses computer after honest user has finished Video Demo (Live demos are too stressful!) The video will be available online.

  11. Microsoft Live accounts Setting: Shared computer (e.g., public library, work place, …) ● – Trusted computer, i.e., not tampered with – Adversary accesses computer after honest user has finished Notification of sign-out before server receives request (client's belief ≠ server's belief)! Truncate sign-out ● Access account on another connection ● Fixes: Centralise authentication; or ● Chain sign-out requests ● The video will be available online.

  12. Google accounts Setting: Shared computer (e.g., public library, work place, …) 1)GET https://accounts.google.com/Logout?continue=https://www.google.com/webhp Response: 302 - Moved Temporarily, Location[http://www.google.com/accounts/Logout2? ilo=1&ils=mail,s.FR&ilc=0&continue=https://www.google.com/webhp?zx=1388193849] 2)GET http://www.google.com/accounts/Logout2?ilo=1&ils=mail,s.FR&ilc=0 &continue=https://www.google.com/webhp?zx=1388193849 Response: 200 - OK; HTML payload: <body onload="doRedirect() "> <script type="text/javascript"> function doRedirect() { location.replace("http://www.google.fr/accounts/Logout2?ilo=1&ils=s.FR& ilc=1&continue=https://www.google.com/webhp?zx=1076119961"); } </script> <img width="0" height="0" alt="Sign Out" src="https://mail.google.com/mail?logout=img&zx=-2531125006460954395"> </body> 3)GET https://mail.google.com/mail?logout=img&zx=-2531125006460954395 Response: 200 - OK; a one pixel gif. 4)...

  13. Google accounts: Attack <body onload="doRedirect() "> <script type="text/javascript"> function doRedirect() { location.replace("http://www.google.fr/accounts/Logout2?ilo=1&ils=s.FR& ilc=1&continue=https://www.google.com/webhp?zx=1076119961"); } </script> <img width="0" height="0" alt="Sign Out" src="https://mail.google.com/mail?logout=img&zx=-2531125006460954395"> </body> Notification of sign-out before server receives request! Truncate Gmail sign-out with TCP reset ● – (TCP drop hangs the browser) Fatal connection closure ignored ● Access Gmail on another connection ● – House-keeping terminates (~5mins) Fixes: Handle fatal connection closure; or ● Centralise auth. or chain sign-outs ● A video demonstrating this attack will be available online.

  14. Summary We exploit flaws in sign-out procedures to prevent termination of ● sessions, whilst notifying the user of success. – Attacks against Helios, Google & Microsoft Consequently, even trusted shared computers offer no security! ● Fixes proposed, therefore trusted shared computers offer security. ● All vulnerabilities have been disclosed; ● but none have been fixed. Further attacks? (Vendors, let's discuss your products; Hackers, ● let's discuss their products.)

  15. Questions? Tariff Industry: beer* ● Academics: citations ● Journalists: compliments ● * Exceptions might be made for future clients/employers... http://www.bensmyth.com http://alfredo.pironti.eu/research/

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Outline 1 The General Framework A Central Limit Theorem for Truncating A standard stochastic

Outline 1 The General Framework A Central Limit Theorem for Truncating A standard stochastic

The General Framework The General Framework TCL for truncating Stochastic Algorithms TCL for truncating Stochastic Algorithms A motivating example in finance A motivating example in finance Convergence Rate Convergence Rate Scheme of the

508 views • 9 slides
The Diversity of Beliefs in Real Time: The Diversity Diversity of of Beliefs Beliefs in Real

The Diversity of Beliefs in Real Time: The Diversity Diversity of of Beliefs Beliefs in Real

Stanford Institute of Theoretical Economics 2009 Segment 8: When are Diverse Beliefs Central? August 12, 2009 The Diversity of Beliefs in Real Time: The Diversity Diversity of of Beliefs Beliefs in Real Time: in Real Time: The Estimates of

466 views • 19 slides
Intuitive Beliefs Jawwad Noor Boston University 2 Introduction Economics: rational beliefs

Intuitive Beliefs Jawwad Noor Boston University 2 Introduction Economics: rational beliefs

1 Intuitive Beliefs Jawwad Noor Boston University 2 Introduction Economics: rational beliefs described by a prior probability + Bayesian updating Psychology: Beliefs are not monotone let alone additive (conjunction/disjunction

1.08k views • 38 slides
Linear connections on Lie groups The affine space of linear connections on a compact Lie group G

Linear connections on Lie groups The affine space of linear connections on a compact Lie group G

Linear connections on Lie groups The affine space of linear connections on a compact Lie group G contains a distinguished line segment with endpoints the connections L and R which make left (resp. right) invariant vector fields parallel.

240 views • 20 slides
Autocorrelation When a regression model is fitted to time series data, the residuals often violate

Autocorrelation When a regression model is fitted to time series data, the residuals often violate

ST 430/514 Introduction to Regression Analysis/Statistics for Management and the Social Sciences II Autocorrelation When a regression model is fitted to time series data, the residuals often violate the standard assumptions by being correlated .

398 views • 13 slides
Are Stated Expectations Actual Beliefs? New Evidence for the Beliefs Channel of Investment Demand

Are Stated Expectations Actual Beliefs? New Evidence for the Beliefs Channel of Investment Demand

Are Stated Expectations Actual Beliefs? New Evidence for the Beliefs Channel of Investment Demand Haoyang Liu Federal Reserve Bank of New York Christopher Palmer MIT and NBER July 2020 The views expressed are ours and do not necessarily

830 views • 59 slides
Accepting Nuclear Attributes from Diablo Canyon Would Violate MBCPs Central Mission:

Accepting Nuclear Attributes from Diablo Canyon Would Violate MBCPs Central Mission:

Accepting Nuclear Attributes from Diablo Canyon Would Violate MBCPs Central Mission: Clean Power, Community Choice Presentation to the Policy Board of Monterey Bay Community Power by Daniel Hirsch Retired Director of the Program on

937 views • 78 slides
Explain what an adversary would have to do to violate the Computational Diffie-Hellman assumption (

Explain what an adversary would have to do to violate the Computational Diffie-Hellman assumption (

Explain what an adversary would have to do to violate the Computational Diffie-Hellman assumption ( CDH ) Question #1 Why isnt raw RSA , E N ( M ) = M 3 mod N , a secure way to encrypt a plaintext M N ? Question #1 1 Explain what an

488 views • 6 slides
M OBILE C OMPUTING Syntax Errors Violate language rules program won't compile Source:

M OBILE C OMPUTING Syntax Errors Violate language rules program won't compile Source:

Excep&amp;ons EECS1012 M OBILE C OMPUTING Syntax Errors Violate language rules program won't compile Source: programmer Defense: modern IDEs expose these Run&amp;me Errors Make an invalid opera?on program will crash Source:

196 views • 3 slides
The C.I.T.Y. C.I.T.Y. Connections Connections Creating Individualized Transitions for Youth A

The C.I.T.Y. C.I.T.Y. Connections Connections Creating Individualized Transitions for Youth A

The C.I.T.Y. C.I.T.Y. Connections Connections Creating Individualized Transitions for Youth A Project of the Pittsburgh Public Schools Pittsburgh Public Schools Program for Students with Exceptionalities CITY Connections Serving Students

459 views • 19 slides
Inequality and Beliefs Christina Fong Department of Social and Decision Sciences Carnegie Mellon

Inequality and Beliefs Christina Fong Department of Social and Decision Sciences Carnegie Mellon

Inequality and Beliefs Christina Fong Department of Social and Decision Sciences Carnegie Mellon University Outline Egalitarian preferences and behaviors are affected by beliefs about justice and closely related beliefs about the moral

530 views • 20 slides
1 Outline Agenda Connections Market Overview Progress with Contestability at Distribution

1 Outline Agenda Connections Market Overview Progress with Contestability at Distribution

Connections Update UR Connections Policy Call for Evidence Workshop Joint presentation by NIE Networks and SONI 12 December 2016 1 Outline Agenda Connections Market Overview Progress with Contestability at Distribution Status of

412 views • 15 slides
When do data mining results violate privacy? Chris Clifton March 17, 2004 This is joint work

When do data mining results violate privacy? Chris Clifton March 17, 2004 This is joint work

When do data mining results violate privacy? Chris Clifton March 17, 2004 This is joint work with Jiashun Jin and Murat Kantarcolu Individual Privacy: Protect the record Individual item in database must not be disclosed

382 views • 13 slides
The Quakers and their Beliefs By: Mady Waugh Who are the They are known as the religious

The Quakers and their Beliefs By: Mady Waugh Who are the They are known as the religious

The Quakers and their Beliefs By: Mady Waugh Who are the They are known as the religious society of Quakers? friends They first started in England in the 1650s The people of this group had similar beliefs George Fox

461 views • 6 slides
fifteen wood construction: connections Wood Connections 1 Elements of Architectural Structures

fifteen wood construction: connections Wood Connections 1 Elements of Architectural Structures

E LEMENTS OF A RCHITECTURAL S TRUCTURES : F ORM, B EHAVIOR, AND D ESIGN ARCH 614 D R. A NNE N ICHOLS S PRING 2019 lecture fifteen wood construction: connections Wood Connections 1 Elements of Architectural Structures S2019abn Lecture 15

478 views • 15 slides
Nuclear Matrix Elements for Tensor Interactions that Violate Local Lorentz Invariance Alex Brown

Nuclear Matrix Elements for Tensor Interactions that Violate Local Lorentz Invariance Alex Brown

Nuclear Matrix Elements for Tensor Interactions that Violate Local Lorentz Invariance Alex Brown and Vladimir Zelevinsky Alex Brown and Vladimir Zelevinsky National Superconducting Cyclotron Laboratory and Department of Physics and Astronomy

628 views • 35 slides
Proximity in the Age of Distraction: Robust Approximate Nearest Neighbor Search Sariel Har-Peled

Proximity in the Age of Distraction: Robust Approximate Nearest Neighbor Search Sariel Har-Peled

Proximity in the Age of Distraction: Robust Approximate Nearest Neighbor Search Sariel Har-Peled Sepideh Mahabadi UIUC MIT Nearest Neighbor Problem Nearest Neighbor Dataset of points in a metric space (, ) , e.g.

967 views • 81 slides
Hashing - Introduction Dictionary Dictionary = a dynamic set that supports the = a dynamic set

Hashing - Introduction Dictionary Dictionary = a dynamic set that supports the = a dynamic set

Hashing - Introduction Dictionary Dictionary = a dynamic set that supports the = a dynamic set that supports the operations INSERT, DELETE, SEARCH operations INSERT, DELETE, SEARCH Examples : Examples : a symbol table

474 views • 21 slides
Time-memory Trade-offs for Near-collisions Conclusion Combining trunc &amp; codes Time-memory

Time-memory Trade-offs for Near-collisions Conclusion Combining trunc &amp; codes Time-memory

Introduction 1/24 Gatan Leurent Time-memory Trade-offs for Near-collisions Conclusion Combining trunc &amp; codes Time-memory trade-offs Memoryless FSE 2013 UCL Crypto Group FSE 2013 Time-memory Trade-offs for Near-collisions G.

430 views • 31 slides
Hash Truncation Tim Polk August 1, 2005 Why Hash Truncation? Assume we have confidence in a

Hash Truncation Tim Polk August 1, 2005 Why Hash Truncation? Assume we have confidence in a

Hash Truncation Tim Polk August 1, 2005 Why Hash Truncation? Assume we have confidence in a hash algorithm H that produces a digest of length N If an application or protocol needs a message digest of length Np, and Np &lt; N

383 views • 7 slides
Truncated Unity Functional renormalization group (TUfRG) for 2D lattices: getting more

Truncated Unity Functional renormalization group (TUfRG) for 2D lattices: getting more

Truncated Unity Functional renormalization group (TUfRG) for 2D lattices: getting more quantitative 1. fRG: quantitative issues 2. TUfRG in momentum space: recent results 3. TUfRG for frquency dependence: outlook Carsten Honerkamp Institute for

785 views • 29 slides
QFT Dynamics from CFT Data Zuhair U. Khandker University of Illinois, Urbana-Champaign Boston

QFT Dynamics from CFT Data Zuhair U. Khandker University of Illinois, Urbana-Champaign Boston

QFT Dynamics from CFT Data Zuhair U. Khandker University of Illinois, Urbana-Champaign Boston University with N. Anand, V. Genest, E. Katz, C. Hussong, M. Walters Non-Perturbative Methods in Quantum Field Theory, ICTP, Sep 4 th 2019 Preface

480 views • 46 slides
Bayesian Optimization under Heavy-tailed Payoffs Sayak Ray Chowdhury Joint work with Aditya

Bayesian Optimization under Heavy-tailed Payoffs Sayak Ray Chowdhury Joint work with Aditya

Bayesian Optimization under Heavy-tailed Payoffs Sayak Ray Chowdhury Joint work with Aditya Gopalan Department of ECE, Indian Institute of Science NeurIPS, Dec. 2019 Black-box optimization 1.5 Problem: Maximize an unknown 1 utility

967 views • 17 slides
Introd u cing time based q u eries MAN IP U L ATIN G TIME SE R IE S DATA W ITH XTS AN D ZOO IN

Introd u cing time based q u eries MAN IP U L ATIN G TIME SE R IE S DATA W ITH XTS AN D ZOO IN

Introd u cing time based q u eries MAN IP U L ATIN G TIME SE R IE S DATA W ITH XTS AN D ZOO IN R Je re y R y an Creator of x ts and q u antmod ISO 8601:2004 International standard for date and time Le to right from most to least signi

250 views • 24 slides

More recommend