|
|
Log in / Subscribe / Register

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 13, 2012 18:48 UTC (Thu) by butlerm (subscriber, #13312)
Parent article: CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

How does the attacker get the size of the compressed data without packet sniffing on the client? And presumably the only way to packet sniff on the client is already to have made a root level compromise.

But if you have a root level compromise, you could presumably capture the actual keystrokes or even read the decrypted cookie out of the browser memory. No?

to post comments

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 13, 2012 21:03 UTC (Thu) by intgr (subscriber, #39733) [Link] (16 responses)

> How does the attacker get the size of the compressed data without packet sniffing on the client
  • By haging access to any intermediate node/router between the client and the server -- your ISP or government could easily do it.
  • On Ethernet, even being in the same network segment as a router makes it possible to snoop anyone's packets (ARP spoofing/poisoning).
  • Or even anyone with a BGP router could force the Internet to route and hijack certain traffic through them, like when Pakistan took down YouTube all over the world.

IP networks are very vulnerable in general. That's the threat model TLS is supposed to protect against -- it establishes a secure channel over an insecure network.

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 13, 2012 21:06 UTC (Thu) by intgr (subscriber, #39733) [Link] (4 responses)

> being in the same network segment as a router

Sorry, that was misleading. I meant any Ethernet segment where the traffic passes through, such as your office network or an Internet exchange point.

> haging access

Should be "having access"

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 13, 2012 22:26 UTC (Thu) by dlang (guest, #313) [Link] (3 responses)

> > being in the same network segment as a router

>Sorry, that was misleading. I meant any Ethernet segment where the traffic passes through, such as your office network or an Internet exchange point.

actually, this isn't enough by itself nowdays.

With most of the ethernet infrastructure being switches, you will only occasionally see packets destined for other systems.

You can start playing games with ARP to try and route all traffic on the network through your machine instead of the router it is supposed to go through, but this sort of thing tends to cause other problems, so it's far from stealthy.

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 14, 2012 10:09 UTC (Fri) by paulj (subscriber, #341) [Link] (2 responses)

Many "ethernet" segments these days are shared Wifis - inherently a multi-access medium.

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 15, 2012 23:44 UTC (Sat) by cmccabe (guest, #60281) [Link] (1 responses)

Most (though not all) wifi is encrypted these days.

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 20, 2012 22:01 UTC (Thu) by cesarb (subscriber, #6266) [Link]

> Most (though not all) wifi is encrypted these days.

Wifi does not encrypt the size of the packets.

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 13, 2012 21:13 UTC (Thu) by raven667 (guest, #5198) [Link]

Also the size and location of the plaintext in the encrypted data is public information, the attacker can make their own requests and measure where in the response the session cookies and whatnot are stored and apply that knowledge to another encrypted session.

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 14, 2012 0:19 UTC (Fri) by butlerm (subscriber, #13312) [Link] (9 responses)

>By having access to any intermediate node/router between the client and the server -- your ISP or government could easily do it.

Okay, so now your ISP or government has to be motivated enough to capture your traffic, and then somehow entice you to visit a specific web page while you have a secure session open to the target site, on the same browser. That is doable, I suppose, if you are desperate enough.

Speaking of which, whatever motivated Microsoft to make all browser windows operate in the same session context in the first place? Chrome used to correctly operate with separate sessions for separately created tabs or window groups, but then they changed to have shared sessions like Microsoft.

That is the _real_ cause of this browser vulnerability. If the browser manufacturers didn't share private data across what ought to be separate sessions, it would be impossible to implement a chosen plaintext attack on the session cookie from other random web pages in the first place.

>Or even anyone with a BGP router could force the Internet to route and hijack certain traffic through them, like when Pakistan took down YouTube all over the world.

"Anyone" with a BGP router cannot do this kind of thing. You have to have unfiltered BGP access, which any sane transit provider will only provide to other major transit providers - meaning Tier 1 and Tier 2 ISPs. Of course we are more or less completely vulnerable to them.

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 14, 2012 0:40 UTC (Fri) by intgr (subscriber, #39733) [Link]

> and then somehow entice you to visit a specific web page while you have a secure session open to the target site, on the same browser

It's actually easier than that. When you visit *any* HTTP (non-secure) site, they can inject the necessary JavaScript code to carry out the attack.

> If the browser manufacturers didn't share private data across what ought to be separate sessions

Agreed. Personally I'd prefer restricting or policing how cross-domain requests are authenticated -- that would address many other attacks, too.

> "Anyone" with a BGP router cannot do this kind of thing

Right you are, but that's still way too many people and organizations to trust.

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 14, 2012 5:46 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link]

>"Anyone" with a BGP router cannot do this kind of thing. You have to have unfiltered BGP access, which any sane transit provider will only provide to other major transit providers - meaning Tier 1 and Tier 2 ISPs. Of course we are more or less completely vulnerable to them.
Oh, but there are SO many insane transit providers.

I was shocked once that our stub AS was not filtered at one of our upstream. I've checked - my bogus announcement propagated as far as AMS-IX, so I could (in theory) cause a major Internet disruption in Europe with only few lines of configuration.

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 14, 2012 9:35 UTC (Fri) by paulj (subscriber, #341) [Link] (6 responses)

You have to have unfiltered BGP access, which any sane transit provider will only provide to other major transit providers

........ Sorry, I need a few more seconds to compose myself, stop rolling on the floor laughing, and get back on my chair before I can reply. ;)

Two problems:

1. You're assuming that the internet has clear borders between "anyone with a BGP router" and "major transit providers". You're assuming it is difficult for anyone in the out-set to persuade anyone in the in-set to let them in. Bear in mind some parts of the "transit provider" set can be large clusters of quite small players (sometimes literally 1-man operations). Bear in mind the internet has been growing at a good pace, and is likely to continue to grow for some time, and that many in the "transit provider" set have a business model that depends on that growth happening.

2. Ignoring point 1, taking it as given a clear delineation criteria between the transit ASes and the edges (clear from the POV of the transit providers), and a transit provider set which are *all* strongly motivated to exclude any new entrants: You're assuming that a large percentage of transit providers are both, a) technically competent at specifying filters b) have a clear financial motivation to spend their resources on implementing operational processes to ensure new non-transit customers will consistently have filters applied. Even if the vast majority of transit providers meet assumption a (and it's not clear that's the case ☺), assumption b doesn't hold for most (at least, it's not immediately obvious to them). So, there isn't really a great pressure on them to reliably implement these filters, and so often they don't (because they generally don't, or because their processes aren't rigorous enough to ensure they reliably do).

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 14, 2012 10:00 UTC (Fri) by paulj (subscriber, #341) [Link] (2 responses)

Edit: s/*all* strongly motivated to exclude any new entrants/*none* have a financial motivation to include new entrants/

(if they have a motivation to exclude then 2b clearly becomes true, oops ;) ).

Editing posts..

Posted Sep 14, 2012 10:17 UTC (Fri) by geertj (guest, #4116) [Link] (1 responses)

A request to our grumpy editor: will we see editing of comments for spelling/other mistakes in the site at some point? It's pretty annoying to see these correction posts (and i've had to do those myself as well in the past).

Editing posts..

Posted Sep 14, 2012 10:52 UTC (Fri) by hummassa (guest, #307) [Link]

Facebook solved the "historical revisionism" problem with editing in a really nice way: if you edit a post, the old version is just invisible, and it's still accessible via a "edited/show edition history" button/link.

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 16, 2012 8:34 UTC (Sun) by butlerm (subscriber, #13312) [Link] (2 responses)

>So, there isn't really a great pressure on them to reliably implement these filters, and so often they don't (because they generally don't, or because their processes aren't rigorous enough to ensure they reliably do).

The original poster claimed that "anyone with a BGP router" could do this, which is clearly not the case. One would hope that the various attempts to secure BGP route advertisements would have born some fruit by now, but apparently that isn't the case either.

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 16, 2012 18:16 UTC (Sun) by paulj (subscriber, #341) [Link] (1 responses)

Well, I was replying to the person who was claiming the other extreme, that such announcements required a kind of BGP connection that was very hard to obtain. Which is not the case. I did not argue that "anyone with a BGP router" could do it, however there are no real obstacles, other than needing a relatively small amount of money and perhaps a little time, to acquiring the capability.

Work to secure the BGP protocol is still quite a way away from being finished, never mind deployed.

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions (threatpost)

Posted Sep 18, 2012 17:34 UTC (Tue) by paulj (subscriber, #341) [Link]

Oh, another factor to consider is that you don't actually need to own a BGP router, in the legal sense. You just need control of it. Major router vendor control plane software is not immune to being 0wned...


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds