LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 14, 2012 0:19 UTC (Fri) by butlerm (subscriber, #13312)
In reply to: CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost) by intgr
Parent article: CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

>By having access to any intermediate node/router between the client and the server -- your ISP or government could easily do it.

Okay, so now your ISP or government has to be motivated enough to capture your traffic, and then somehow entice you to visit a specific web page while you have a secure session open to the target site, on the same browser. That is doable, I suppose, if you are desperate enough.

Speaking of which, whatever motivated Microsoft to make all browser windows operate in the same session context in the first place? Chrome used to correctly operate with separate sessions for separately created tabs or window groups, but then they changed to have shared sessions like Microsoft.

That is the _real_ cause of this browser vulnerability. If the browser manufacturers didn't share private data across what ought to be separate sessions, it would be impossible to implement a chosen plaintext attack on the session cookie from other random web pages in the first place.

>Or even anyone with a BGP router could force the Internet to route and hijack certain traffic through them, like when Pakistan took down YouTube all over the world.

"Anyone" with a BGP router cannot do this kind of thing. You have to have unfiltered BGP access, which any sane transit provider will only provide to other major transit providers - meaning Tier 1 and Tier 2 ISPs. Of course we are more or less completely vulnerable to them.

(Log in to post comments)

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 14, 2012 0:40 UTC (Fri) by intgr (subscriber, #39733) [Link]

> and then somehow entice you to visit a specific web page while you have a secure session open to the target site, on the same browser

It's actually easier than that. When you visit *any* HTTP (non-secure) site, they can inject the necessary JavaScript code to carry out the attack.

> If the browser manufacturers didn't share private data across what ought to be separate sessions

Agreed. Personally I'd prefer restricting or policing how cross-domain requests are authenticated -- that would address many other attacks, too.

> "Anyone" with a BGP router cannot do this kind of thing

Right you are, but that's still way too many people and organizations to trust.

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 14, 2012 5:46 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link]

>"Anyone" with a BGP router cannot do this kind of thing. You have to have unfiltered BGP access, which any sane transit provider will only provide to other major transit providers - meaning Tier 1 and Tier 2 ISPs. Of course we are more or less completely vulnerable to them.
Oh, but there are SO many insane transit providers.

I was shocked once that our stub AS was not filtered at one of our upstream. I've checked - my bogus announcement propagated as far as AMS-IX, so I could (in theory) cause a major Internet disruption in Europe with only few lines of configuration.

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 14, 2012 9:35 UTC (Fri) by paulj (subscriber, #341) [Link]

You have to have unfiltered BGP access, which any sane transit provider will only provide to other major transit providers

........ Sorry, I need a few more seconds to compose myself, stop rolling on the floor laughing, and get back on my chair before I can reply. ;)

Two problems:

1. You're assuming that the internet has clear borders between "anyone with a BGP router" and "major transit providers". You're assuming it is difficult for anyone in the out-set to persuade anyone in the in-set to let them in. Bear in mind some parts of the "transit provider" set can be large clusters of quite small players (sometimes literally 1-man operations). Bear in mind the internet has been growing at a good pace, and is likely to continue to grow for some time, and that many in the "transit provider" set have a business model that depends on that growth happening.

2. Ignoring point 1, taking it as given a clear delineation criteria between the transit ASes and the edges (clear from the POV of the transit providers), and a transit provider set which are *all* strongly motivated to exclude any new entrants: You're assuming that a large percentage of transit providers are both, a) technically competent at specifying filters b) have a clear financial motivation to spend their resources on implementing operational processes to ensure new non-transit customers will consistently have filters applied. Even if the vast majority of transit providers meet assumption a (and it's not clear that's the case ☺), assumption b doesn't hold for most (at least, it's not immediately obvious to them). So, there isn't really a great pressure on them to reliably implement these filters, and so often they don't (because they generally don't, or because their processes aren't rigorous enough to ensure they reliably do).

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 14, 2012 10:00 UTC (Fri) by paulj (subscriber, #341) [Link]

Edit: s/*all* strongly motivated to exclude any new entrants/*none* have a financial motivation to include new entrants/

(if they have a motivation to exclude then 2b clearly becomes true, oops ;) ).

Editing posts..

Posted Sep 14, 2012 10:17 UTC (Fri) by geertj (subscriber, #4116) [Link]

A request to our grumpy editor: will we see editing of comments for spelling/other mistakes in the site at some point? It's pretty annoying to see these correction posts (and i've had to do those myself as well in the past).

Editing posts..

Posted Sep 14, 2012 10:52 UTC (Fri) by hummassa (subscriber, #307) [Link]

Facebook solved the "historical revisionism" problem with editing in a really nice way: if you edit a post, the old version is just invisible, and it's still accessible via a "edited/show edition history" button/link.

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 16, 2012 8:34 UTC (Sun) by butlerm (subscriber, #13312) [Link]

>So, there isn't really a great pressure on them to reliably implement these filters, and so often they don't (because they generally don't, or because their processes aren't rigorous enough to ensure they reliably do).

The original poster claimed that "anyone with a BGP router" could do this, which is clearly not the case. One would hope that the various attempts to secure BGP route advertisements would have born some fruit by now, but apparently that isn't the case either.

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 16, 2012 18:16 UTC (Sun) by paulj (subscriber, #341) [Link]

Well, I was replying to the person who was claiming the other extreme, that such announcements required a kind of BGP connection that was very hard to obtain. Which is not the case. I did not argue that "anyone with a BGP router" could do it, however there are no real obstacles, other than needing a relatively small amount of money and perhaps a little time, to acquiring the capability.

Work to secure the BGP protocol is still quite a way away from being finished, never mind deployed.

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 18, 2012 17:34 UTC (Tue) by paulj (subscriber, #341) [Link]

Oh, another factor to consider is that you don't actually need to own a BGP router, in the legal sense. You just need control of it. Major router vendor control plane software is not immune to being 0wned...

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds