Security Bootcamp 2013 - Timing info-leak made easy - Quan Minh Tâm

Timing Info-leak

Made EasyPresenter: Quan Minh Tam

Đơn vị tổ chức:

Đơn vị tài trợ:

Outline

• Review SSL/TLS weaks

• BEAST is not beast

• CRIME is not crime

– Compression

– CRIME

• TIME is time

– CRIME+

10/22/2013 11:32 PM www.securitybootcamp.vn

Cryptanalysis

• Chosen plaintext | ciphertext

• Adaptive chosen plaintext | ciphertext

• Side channel attack

• Bruteforce attack

• Meet-in-the middle

• Linear | differential attack

• Birthday


Timeline


• BEAST - 2011

• CRIME - 2012

• BREACH - 2013

• LUCKY 13 - 2013

• TIME - 2013

• RC4 biases in TLS

CRIME


CRIME

• Compression Ratio Info-leak Made Easy

• Chosen plaintext attack


CRIME


COMPRESSION


COMPRESSION


http://www.c-sharpcorner.com/uploadfile/shivprasadk/best-practice-no-4-improve-bandwidth-performance-of-asp-net-sites-using-iis-compression/

http://www.c-sharpcorner.com/uploadfile/shivprasadk/best-practice-no-4-improve-bandwidth-performance-of-asp-net-sites-using-iis-compression/

COMPRESSION


• Gzip/Deflate

• HTTP Respone body

• HTTP Request body

• Header compression

– SSL/TLS Compression

• Servers: Open SSL, others

• Clients: Chrome

– SPDY

• Server: Apache mod_spdy

• Client: -IE

CRIME demo


How can you become a victim of CRIME?

• 1st requirement: the

attacker can sniff your

network traffic.

– You share a (W)LAN.

– He's hacked your home

router.

– He's your network

admin, ISP or

government.


https://docs.google.com/presentation/d/11eBmGiHbYcHR9gL5nDyZChu_-lCa2GizeuOfaLU2HOU/edit#slide=id.g1d134dff_0_165

http://arstechnica.com/security/2012/10/dsl-modem-hack-infects-millions-with-malware/

https://docs.google.com/presentation/d/11eBmGiHbYcHR9gL5nDyZChu_-lCa2GizeuOfaLU2HOU/editslide=id.g1d134dff_0_165

How can you become a victim of CRIME?

• 2nd requirement:

you visit evil.com.

– You click on a link.

– Or you surf a non-

HTTPS site.


https://docs.google.com/presentation/d/11eBmGiHbYcHR9gL5nDyZChu_-lCa2GizeuOfaLU2HOU/edit#slide=id.g1e3070b2_1_21

https://docs.google.com/presentation/d/11eBmGiHbYcHR9gL5nDyZChu_-lCa2GizeuOfaLU2HOU/editslide=id.g1e3070b2_1_21

TIME


Review

• Round-Trip Time (RTT)

• Maximum Transmission Unit (MTU)

• Maximum Segment Size (MSS)

MSS = MTU - sizeof(TCPHDR) - sizeof(IPHDR)

• TCP Sliding Window System



http://ulam2.cs.luc.edu/ebook/html/slidingwindows.html

http://ulam2.cs.luc.edu/ebook/html/slidingwindows.html

TIME

• Timing Info-leak Made Easy

• Chosen Plaintext Attack

• Targets compression and timing

information leakage


• HTTP request

– CRIME for request to extract cookie data

• HTTP response

– Extended CRIME to extract response data

– Access a behind authentication resource

for user login status detection

– Application specific: e.g. number of digits in

bank account balance


HTTP payload

• HTTP Payload size may carry sensitive

information

– HTTP payload size differences detection is

sufficient to extract the sensitive information

• Using timing measurements attacker can

distinguish HTTP payload size differences

• These timing measurements can be done with

javascript on attacker site


XHR POC

• Create HTTP request with XHR– XHR adheres to SOP

• Allows GET requests to flow

– If headers allow show response

– If not, abort

• We don’t care for the response

– Timing leaks the request size

• Use getTime() on XHR events– onreadystatechange

• Noise elimination– Repeat the process (say 10 times) and obtain Minimal time

10/23/2013 2:41 AM www.securitybootcamp.vn

• HTML with Javascript, sending method is XHR

• Sends one byte diff requests alternately 10 times

– The longer request crosses the send window boundary

– The shorter is exactly within

• Measures requests time

• Outputs length and time

• Outputs the minimal timing values for both requests’

length


XHR


Real world


1

SCB

• Iframe

• Use getTime() on iframe events

– onLoad

– Onreadystatechange(IE)


1

Real world


2

SCB

• HTTP request with IMG src

– It is not a image? Don’t worry

– X-Frame-Options? Don’t worry

• Use getTime() on img events

– onLoad

– Onreadystatechange(IE)


2

New Risk?


New Risk?


• Automation attack

– via URL

– via loadtine

• SOP?

– data leaked out

MITIGATIONS

• Adding random timing delays

• X-Frame-Options

• Unknown-parameter

• CAPTCHA, CSRF token


MITIGATIONS

• Adding random timing delays


ineffective

MITIGATIONS

• X-Frame-Options

– Browser should support and respect “X-

Frame-Options'' header for all content

inclusion (not just IFRAME);


MITIGATIONS

• CSRF protection

• Unknow parameter

• Captcha


That’s all


Security Bootcamp 2013 - Timing info-leak made easy - Quan Minh Tâm

Technology

Transcript of Security Bootcamp 2013 - Timing info-leak made easy - Quan Minh Tâm