Web Security

Web Security
Philipp Winter
philwint@kau.se
Karlstad University
Oct.11,2012
What does it contain?
The Web consists mostly of:
Protocols HTTP,TLS/X.509,DNS
Content HTML,Flash,JavaScript,...
What happens when you go to https://www.kau.se?
1.Your local DNS resolver sends a request for www.kau.se
which hopefully resolves to the correct IP address.
2.Your browser establishes a TCP connection to the IP address.
3.Your browser initiates a TLS connection and gets a certicate
which hopefully really belongs to kau.se.
4.Your browser fetches a web site which hopefully does not
contain malicious HTML or JavaScript.
There are many ways to mess with this process.
DNS
A Reminder
I
The Domain Name System maps host names to IP addresses.
I
Makes life easier for humans and provides additional
exibility.
I
DNS servers are queried for www.kau.se and return
193.10.226.10.
DNS Cache Poisoning
I
Conceptually similar to ARP cache poisoning.
I
Attacker wants victim to resolve www.kau.se to his own
malicious machine instead of the real KAU web server.
I
Attacker makes remote DNS cache store wrong mapping from
domain to IP address.
I
Mostly,cache poisoning is possible because DNS replies are
not signed.\Solution":DNSSEC.
I
ISPs have full control over DNS trac and can manipulate
search queries,e.g.to conduct censorship.
DNS { A More Exotic Problem
I
Certain characters in some fonts look very similar
(paypal.com/paypaI.com).
I
Non-ASCII in DNS names (punycode domains) made this
problem worse.
I
This problem is not limited to DNS!Can you think of
something else?
I
Bitcoin tackles this problem by avoiding certain characters
(0OIl) in addresses [1].
SSL/TLS
Overview (1/2)
I
Transport Layer Security is the successor of Secure Socket
Layer.
I
While TLS secures TCP-based trac,DTLS (Datagram TLS)
can be used for UDP.
I
Both are crypto protocols to protect condentiality,
authenticity and integrity.
I
SSL/TLS is used by web browsers,chat clients,VoIP
software,...[2]
I
HTTP!HTTPS,telnet!SSH,FTP!SFTP,...
Overview (2/2)
I
TLS is a layer between TCP and the application layer
protocol (e.g.HTTP).
I
Newest version is TLS 1.2.Standardized in 2008 but not yet
widely available in software.
I
Popular implementations:OpenSSL,GnuTLS,NSS.
TLS and X.509
I
X.509 is a PKI standard and species certicates,CRLs,path
validation algorithms and much more.
I
TLS is tightly coupled with X.509 certicates to provide
authentication.
I
openssl s
client -connect www.kau.se:443
I
openssl x509 -noout -text -inform PEM -in
cert.pem
Trusted Third Parties
I
Browsers contain dozens of root certicates of trusted third
parties.
I
Do you really trust these organizations you have never heard
of?
I
Reminder:It is enough if just one of them turns evil or gets
compromised [4]!
TLS and Speed
I
TLS can mean an overhead of 3.4 to 9 over unsecured trac
[3].
I
Public-key cryptography is the most expensive part (20% {
58%).
I
AES-NI is AES instruction set extension for x86 architecture
cat/proc/cpuinfo | grep --color=always aes
I
Speeds up AES if applications support it
I
Yet,Google and other huge content providers can aord to
enable TLS by default.
The TLS Handshake
Look at Ge's slides from last year.
Let's look at TLS on the wire!
SSLstrip { Preventing HTTPS from Being Used
I
Small tool by Moxie Marlinspike [5].
I
Scans HTTP trac and rewrites HTTPS-links to
HTTP-links.
I
Also modies the links to\appear"secure although they
aren't.
I
Very simple but highly eective attack.
HTTP Strict Transport Security
I
HSTS is a policy stating that web servers can tell that they
are to be accessed over HTTPS only.
I
Complying browser will automatically turn insecure HTTP
links into HTTPS links when HSTS is active for web server.
I
Important:SSLstrip attack becomes ineective.
I
Also,if authenticity is not present,there is no way to proceed
anyway.
Perspectives/Convergence
I
Observation:MITM is often local phenomenon.We might
be aected here,but not someone in Australia.
I
Let's see if in Australia,they see the same certicate!
I
perspectives and convergence,both browser addons,attempt
to do that.
How it Works
Source:ars technica
HTTP and the Web
Social Engineering using Weird URLs (1/2)
What web site is this?
http://www.kau.se@0xd822b52d
Social Engineering using Weird URLs (2/2)
I
216.34.181.48 is the A record of slashdot.org.
I
python -c"print
hex((216<<24)+(34<<16)+(181<<8)+(45))"
I
0xd822b52d is the IP address in hexadecimal and can be used
by browsers.
I
http://www.kau.se@0xd822b52d
The Same Origin Policy
I
Stops code in the twitter tab from messing with the code in
the facebook tab.
I
Code can only interact if the following three conditions hold:
I
Same domain (twitter.com 6= facebook.com)
I
Same application layer protocol (HTTPS 6= HTTP)
I
Same port number (443 6= 80)
I
So code can only interact if it's from the same origin!
Vulnerabilities in the Web
I
Browsers and web apps are insanely complex and partially
supersede operating systems.
I
Vast amount of vulnerabilities which often come down to
poor input validation.
I
XSS,CSRF,SQL injection,RFI,...
I
All these problems led to web application rewalls.
I
Safe playground:Damn Vulnerable Web Applications
(http://www.dvwa.co.uk).
Literature I
Base58Check encoding.
https://en.bitcoin.it/wiki/Base58Check_encoding.
OpenSSL Applications.
http://www.openssl.org/related/apps.html.
Cristian Coarfa,Peter Druschel,and Dan S.Wallach.
Performance Analysis of TLS Web Servers.
In Network & Distributed System Security Symposium.The Internet Society,
2002.
Dennis Fisher.
Comodo,DigiNotar Attacks Expose Crumbling Foundation of CA System.
https://threatpost.com/en_us/blogs/
comodo-diginotar-attacks-expose-crumbling-foundation-ca-system-090211.
Moxie Marlinspike.
sslstrip.
http://www.thoughtcrime.org/software/sslstrip/.