truncating tls connections to violate beliefs in web
play

Truncating TLS Connections to Violate Beliefs in Web Applications - PowerPoint PPT Presentation

May 11, 2023 •14 likes •164 views

Truncating TLS Connections to Violate Beliefs in Web Applications Ben Smyth & Alfredo Pironti 27 July 1 Aug 2013 http://www.bensmyth.com http://alfredo.pironti.eu/research/ Contribution Attacks which truncate TLS connections to exploit

  1. Truncating TLS Connections to Violate Beliefs in Web Applications Ben Smyth & Alfredo Pironti 27 July – 1 Aug 2013 http://www.bensmyth.com http://alfredo.pironti.eu/research/

  2. Contribution Attacks which truncate TLS connections to exploit logical web application flaws, enabling: Cast votes [on behalf of honest voters] in Helios elections ● Full control of Microsoft Live accounts ● Temporary access to Google accounts ● We suspect our insights will lead to the discovery of further attacks.

  3. TLS security Application Security: Server (and client) authentication ● Confidentiality ● Crypto TLS Integrity: messages received as sent ● – Single connection TCP Termination modes: Graceful closure ● – all messages received as sent Te Termination mod odes Termination modes Fatal closure (e.g., after a corrupt message) ● ignored ignored – a prefix of messages received as sent

  4. Truncating TLS connections “ failure to properly close a connection no longer requires that a session not be resumed [...] to conform with widespread implementation practice ” – TLS specification Consider a wire transfer to “ Charlie's Angels” : POST /wire_transfer.php HTTP/1.1 Host: mybank.com Content-Type: application/x-www-form- urlencoded Content-Length: 40 amount=1000&recipient=Charlie%27s_Angels Suppose the request is fragmented by TLS 1)POST […] recipient=Charlie 2)%27s_Angels Attack: Drop the 2 nd fragment to transfer money to Charlie.

  5. Truncating TLS connections “ failure to properly close a connection no longer requires that a session not be resumed [...] to conform with widespread implementation practice ” – TLS specification Consider a wire transfer to “ Charlie's Angels” : Server ignores: termination mode ● POST /wire_transfer.php HTTP/1.1 Host: mybank.com Content-Length field ● Content-Type: application/x-www-form- urlencoded Fix: Content-Length: 40 wire transfers upon ● amount=1000&recipient=Charlie%27s_Angels graceful closure only Suppose the request is fragmented by TLS check lengths ● 1)POST […] recipient=Charlie 2)%27s_Angels Attack works against Apache Attack: Drop the 2 nd fragment to transfer money to Charlie. Henceforth, we consider truncation attacks which drop messages, rather than fragments

  6. Challenges for web applications Web applications: Browsers maintain multiple ● connections (to load content in parallel, for example) TLS provides: No integrity gaurantees ● across multiple connections – hence, ordering issues between connections

  7. Challenges for web applications Web applications: Browsers maintain multiple ● connections (to load content in parallel, for example) TLS provides: Adversary model (standard): ● Adversary has full control of No integrity gaurantees ● the network across multiple connections – hence, ordering issues – i.e., read, delete, and between connections inject messages

  8. Helios electronic voting system A cryptographically verifiable electronic voting system Verifiability enables us to use untrusted DREs and check afterwards that the claimed result is valid

  9. Helios: Ballot casting 1) REQUESTS https://vote.heliosvoting.org/helios/elections/<<id>>/cast_done Response: 200 - OK; HTML payload: … <p><b>For your safety, we have logged you out.</b></p> <iframe border="0" src="/auth/logout" frameborder="0" height="0" width="0"> </iframe> … 2) REQUESTS https://vote.heliosvoting.org/auth/logout Response: 302 - Moved Temporarily Location[http://vote.heliosvoting.org/] Notification of sign-out before DRE makes the request! 3) Truncate sign-out request 4) Use the DRE to cast a new vote No TLS protection: sign-out request (2) and adversary (4) use different connections. However, attack is detected, because Helios is verifiable. Fix: (1) & (2) atomic. A video demonstrating this attack will be available online.

  10. Microsoft Live accounts Setting: Shared computer (e.g., public library, work place, …) ● – Trusted computer, i.e., not tampered with – Adversary accesses computer after honest user has finished Video Demo (Live demos are too stressful!) The video will be available online.

  11. Microsoft Live accounts Setting: Shared computer (e.g., public library, work place, …) ● – Trusted computer, i.e., not tampered with – Adversary accesses computer after honest user has finished Notification of sign-out before server receives request (client's belief ≠ server's belief)! Truncate sign-out ● Access account on another connection ● Fixes: Centralise authentication; or ● Chain sign-out requests ● The video will be available online.

  12. Google accounts Setting: Shared computer (e.g., public library, work place, …) 1)GET https://accounts.google.com/Logout?continue=https://www.google.com/webhp Response: 302 - Moved Temporarily, Location[http://www.google.com/accounts/Logout2? ilo=1&ils=mail,s.FR&ilc=0&continue=https://www.google.com/webhp?zx=1388193849] 2)GET http://www.google.com/accounts/Logout2?ilo=1&ils=mail,s.FR&ilc=0 &continue=https://www.google.com/webhp?zx=1388193849 Response: 200 - OK; HTML payload: <body onload="doRedirect() "> <script type="text/javascript"> function doRedirect() { location.replace("http://www.google.fr/accounts/Logout2?ilo=1&ils=s.FR& ilc=1&continue=https://www.google.com/webhp?zx=1076119961"); } </script> <img width="0" height="0" alt="Sign Out" src="https://mail.google.com/mail?logout=img&zx=-2531125006460954395"> </body> 3)GET https://mail.google.com/mail?logout=img&zx=-2531125006460954395 Response: 200 - OK; a one pixel gif. 4)...

  13. Google accounts: Attack <body onload="doRedirect() "> <script type="text/javascript"> function doRedirect() { location.replace("http://www.google.fr/accounts/Logout2?ilo=1&ils=s.FR& ilc=1&continue=https://www.google.com/webhp?zx=1076119961"); } </script> <img width="0" height="0" alt="Sign Out" src="https://mail.google.com/mail?logout=img&zx=-2531125006460954395"> </body> Notification of sign-out before server receives request! Truncate Gmail sign-out with TCP reset ● – (TCP drop hangs the browser) Fatal connection closure ignored ● Access Gmail on another connection ● – House-keeping terminates (~5mins) Fixes: Handle fatal connection closure; or ● Centralise auth. or chain sign-outs ● A video demonstrating this attack will be available online.

  14. Summary We exploit flaws in sign-out procedures to prevent termination of ● sessions, whilst notifying the user of success. – Attacks against Helios, Google & Microsoft Consequently, even trusted shared computers offer no security! ● Fixes proposed, therefore trusted shared computers offer security. ● All vulnerabilities have been disclosed; ● but none have been fixed. Further attacks? (Vendors, let's discuss your products; Hackers, ● let's discuss their products.)

  15. Questions? Tariff Industry: beer* ● Academics: citations ● Journalists: compliments ● * Exceptions might be made for future clients/employers... http://www.bensmyth.com http://alfredo.pironti.eu/research/

Recommend

Outline 1 The General Framework A Central Limit Theorem for Truncating A standard stochastic

Outline 1 The General Framework A Central Limit Theorem for Truncating A standard stochastic

The General Framework The General Framework TCL for truncating Stochastic Algorithms TCL for truncating Stochastic Algorithms A motivating example in finance A motivating example in finance Convergence Rate Convergence Rate Scheme of the

508 views • 9 slides
The Diversity of Beliefs in Real Time: The Diversity Diversity of of Beliefs Beliefs in Real

The Diversity of Beliefs in Real Time: The Diversity Diversity of of Beliefs Beliefs in Real

Stanford Institute of Theoretical Economics 2009 Segment 8: When are Diverse Beliefs Central? August 12, 2009 The Diversity of Beliefs in Real Time: The Diversity Diversity of of Beliefs Beliefs in Real Time: in Real Time: The Estimates of

466 views • 19 slides
Intuitive Beliefs Jawwad Noor Boston University 2 Introduction Economics: rational beliefs

Intuitive Beliefs Jawwad Noor Boston University 2 Introduction Economics: rational beliefs

1 Intuitive Beliefs Jawwad Noor Boston University 2 Introduction Economics: rational beliefs described by a prior probability + Bayesian updating Psychology: Beliefs are not monotone let alone additive (conjunction/disjunction

1.08k views • 38 slides
Linear connections on Lie groups The affine space of linear connections on a compact Lie group G

Linear connections on Lie groups The affine space of linear connections on a compact Lie group G

Linear connections on Lie groups The affine space of linear connections on a compact Lie group G contains a distinguished line segment with endpoints the connections L and R which make left (resp. right) invariant vector fields parallel.

240 views • 20 slides
Autocorrelation When a regression model is fitted to time series data, the residuals often violate

Autocorrelation When a regression model is fitted to time series data, the residuals often violate

ST 430/514 Introduction to Regression Analysis/Statistics for Management and the Social Sciences II Autocorrelation When a regression model is fitted to time series data, the residuals often violate the standard assumptions by being correlated .

398 views • 13 slides
Are Stated Expectations Actual Beliefs? New Evidence for the Beliefs Channel of Investment Demand

Are Stated Expectations Actual Beliefs? New Evidence for the Beliefs Channel of Investment Demand

Are Stated Expectations Actual Beliefs? New Evidence for the Beliefs Channel of Investment Demand Haoyang Liu Federal Reserve Bank of New York Christopher Palmer MIT and NBER July 2020 The views expressed are ours and do not necessarily

830 views • 59 slides
Accepting Nuclear Attributes from Diablo Canyon Would Violate MBCPs Central Mission:

Accepting Nuclear Attributes from Diablo Canyon Would Violate MBCPs Central Mission:

Accepting Nuclear Attributes from Diablo Canyon Would Violate MBCPs Central Mission: Clean Power, Community Choice Presentation to the Policy Board of Monterey Bay Community Power by Daniel Hirsch Retired Director of the Program on

937 views • 78 slides
Explain what an adversary would have to do to violate the Computational Diffie-Hellman assumption (

Explain what an adversary would have to do to violate the Computational Diffie-Hellman assumption (

Explain what an adversary would have to do to violate the Computational Diffie-Hellman assumption ( CDH ) Question #1 Why isnt raw RSA , E N ( M ) = M 3 mod N , a secure way to encrypt a plaintext M N ? Question #1 1 Explain what an

488 views • 6 slides
M OBILE C OMPUTING Syntax Errors Violate language rules program won't compile Source:

M OBILE C OMPUTING Syntax Errors Violate language rules program won't compile Source:

Excep&amp;ons EECS1012 M OBILE C OMPUTING Syntax Errors Violate language rules program won't compile Source: programmer Defense: modern IDEs expose these Run&amp;me Errors Make an invalid opera?on program will crash Source:

196 views • 3 slides
The C.I.T.Y. C.I.T.Y. Connections Connections Creating Individualized Transitions for Youth A

The C.I.T.Y. C.I.T.Y. Connections Connections Creating Individualized Transitions for Youth A

The C.I.T.Y. C.I.T.Y. Connections Connections Creating Individualized Transitions for Youth A Project of the Pittsburgh Public Schools Pittsburgh Public Schools Program for Students with Exceptionalities CITY Connections Serving Students

459 views • 19 slides
Inequality and Beliefs Christina Fong Department of Social and Decision Sciences Carnegie Mellon

Inequality and Beliefs Christina Fong Department of Social and Decision Sciences Carnegie Mellon

Inequality and Beliefs Christina Fong Department of Social and Decision Sciences Carnegie Mellon University Outline Egalitarian preferences and behaviors are affected by beliefs about justice and closely related beliefs about the moral

530 views • 20 slides
1 Outline Agenda Connections Market Overview Progress with Contestability at Distribution

1 Outline Agenda Connections Market Overview Progress with Contestability at Distribution

Connections Update UR Connections Policy Call for Evidence Workshop Joint presentation by NIE Networks and SONI 12 December 2016 1 Outline Agenda Connections Market Overview Progress with Contestability at Distribution Status of

412 views • 15 slides
When do data mining results violate privacy? Chris Clifton March 17, 2004 This is joint work

When do data mining results violate privacy? Chris Clifton March 17, 2004 This is joint work

When do data mining results violate privacy? Chris Clifton March 17, 2004 This is joint work with Jiashun Jin and Murat Kantarcolu Individual Privacy: Protect the record Individual item in database must not be disclosed

382 views • 13 slides
The Quakers and their Beliefs By: Mady Waugh Who are the They are known as the religious

The Quakers and their Beliefs By: Mady Waugh Who are the They are known as the religious

The Quakers and their Beliefs By: Mady Waugh Who are the They are known as the religious society of Quakers? friends They first started in England in the 1650s The people of this group had similar beliefs George Fox

461 views • 6 slides
fifteen wood construction: connections Wood Connections 1 Elements of Architectural Structures

fifteen wood construction: connections Wood Connections 1 Elements of Architectural Structures

E LEMENTS OF A RCHITECTURAL S TRUCTURES : F ORM, B EHAVIOR, AND D ESIGN ARCH 614 D R. A NNE N ICHOLS S PRING 2019 lecture fifteen wood construction: connections Wood Connections 1 Elements of Architectural Structures S2019abn Lecture 15

478 views • 15 slides
Nuclear Matrix Elements for Tensor Interactions that Violate Local Lorentz Invariance Alex Brown

Nuclear Matrix Elements for Tensor Interactions that Violate Local Lorentz Invariance Alex Brown

Nuclear Matrix Elements for Tensor Interactions that Violate Local Lorentz Invariance Alex Brown and Vladimir Zelevinsky Alex Brown and Vladimir Zelevinsky National Superconducting Cyclotron Laboratory and Department of Physics and Astronomy

628 views • 35 slides
Simple Connections: If the line of action of the

Simple Connections: If the line of action of the

Bolted Connections

409 views • 39 slides
Do Network-layer Connections Solve DoS ? Katerina Argyraki David R. Cheriton Datagrams vs.

Do Network-layer Connections Solve DoS ? Katerina Argyraki David R. Cheriton Datagrams vs.

Do Network-layer Connections Solve DoS ? Katerina Argyraki David R. Cheriton Datagrams vs. Connections Datagrams vs. Connections Connection-less network layer flexibility, simplicity best-effort service Datagrams vs. Connections

1.06k views • 71 slides
Please PROCEED to those classrooms. CONNECTIONS CLASSES 2018-2019 WHAT ARE CONNECTIONS CLASSES?

Please PROCEED to those classrooms. CONNECTIONS CLASSES 2018-2019 WHAT ARE CONNECTIONS CLASSES?

CONNECTIONS CLASSES 6 TH GRADE 2019-2020 If your CLASS this period SAYS: + ART Intro Only 3 rd (500 HALL) + BAND (500 HALL) + CHORUS (500 HALL) + PE (GYM) + HEALTH (GYM) + ADVENTURE QUEST (GYM) + ORCHESTRA (ATRIUM) Please PROCEED to

515 views • 38 slides
ACHIEVING INVESTMENT EXCELLENCE Theory and Practice of Investment Beliefs Alfred Slager 13

ACHIEVING INVESTMENT EXCELLENCE Theory and Practice of Investment Beliefs Alfred Slager 13

ACHIEVING INVESTMENT EXCELLENCE Theory and Practice of Investment Beliefs Alfred Slager 13 November 2019 Jaap van Dam A Swiss Pensions Carveout event Partner 1. The board as a source of return 2. Investment beliefs why it matters and

666 views • 22 slides
VIRGINIA HOLLIS Virginia boasts 30+ years in Media Strategy, Connections Planning and Connections

VIRGINIA HOLLIS Virginia boasts 30+ years in Media Strategy, Connections Planning and Connections

VIRGINIA HOLLIS Virginia boasts 30+ years in Media Strategy, Connections Planning and Connections Architecture. She currently applies her experience at independent executive media strategy and planning agency, Magnetic Connection; and

172 views • 16 slides
MAJOR PROJECT By Noemi Bisicchia What do I like? Food Art Kids There are Connections? st 1

MAJOR PROJECT By Noemi Bisicchia What do I like? Food Art Kids There are Connections? st 1

MA Web design and Content Planning MAJOR PROJECT By Noemi Bisicchia What do I like? Food Art Kids There are Connections? st 1 Idea Connections Problems How to deal with children who are picky eaters? Solutions Creative food designs to

792 views • 26 slides
Facul ulty M Minds ndset B Beliefs and nd St Stud udent Motivat ation on ELIZABETH A A.

Facul ulty M Minds ndset B Beliefs and nd St Stud udent Motivat ation on ELIZABETH A A.

Facul ulty M Minds ndset B Beliefs and nd St Stud udent Motivat ation on ELIZABETH A A. C CANNI NING NG WASHINGTON STATE UNIVERSITY Mindset Theory Personal beliefs about the malleability or fixedness of ability and talent 1.

763 views • 26 slides
Moduli spaces of flat connections on colored surfaces David Li-Bland joint work with Pavol

Moduli spaces of flat connections on colored surfaces David Li-Bland joint work with Pavol

Moduli spaces of flat connections on colored surfaces David Li-Bland joint work with Pavol Severa Tuesday, July 31, 2012 Introduction Moduli space of flat connections Towards a finite dimensional construction Flat connections on the

1.88k views • 91 slides

More recommend