Shuo Chen†, Ziqing Mao† ‡, Yi-Min Wang†, Ming Zhang† †Microsoft Research ‡Purdue University May 20th, 2009 IEEE Symposium on Security and Privacy, May 2009
Download ReportTranscript Shuo Chen†, Ziqing Mao† ‡, Yi-Min Wang†, Ming Zhang† †Microsoft Research ‡Purdue University May 20th, 2009 IEEE Symposium on Security and Privacy, May 2009
Shuo Chen†, Ziqing Mao† ‡, Yi-Min Wang†, Ming Zhang† †Microsoft Research ‡Purdue University May 20th, 2009 IEEE Symposium on Security and Privacy, May 2009 1 HTTPS: end-to-end secure protocol for web traffic. Adversary assumption: MITM (man-in-the-middle). browser proxy Internet HTTPS server SSL tunnel Are today’s browser implementations consistent with this assumption? IEEE Symposium on Security and Privacy, May 2009 2 Key finding A class of browser vulnerabilities (demo) proxy can defeat end-to-end security promised by HTTPS Vulnerabilities exist in all major browsers Industry outreach Technical work finished in summer 2007 Paper withheld until this conference Worked with all vendors to address the issues IEEE Symposium on Security and Privacy, May 2009 3 Browser PBP HTTPS server Rendering modules HTTP/HTTPS HTTP/HTTPS Unencrypted TCP/IP TCP/IP SSL tunnel, encrypted IEEE Symposium on Security and Privacy, May 2009 4 Key issue: browsers load unencrypted content from proxy in the HTTPS context of the victim server Attack 1: Proxy’s error response Attack 2: Proxy’s redirection Attack 3: HTTP-intended pages that are HTTPS loadable Attack 4: Visual context (GUI behavior, no script) IEEE Symposium on Security and Privacy, May 2009 5 Proxy’s error page: e.g., 502-server-not-found, other 4xx/5xx response; Script in error page runs in https://bank.com. browser PBP Bank server https://bank.com 502:Server not found https://bank.com <iframe src= “https://bank.com”> IEEE Symposium on Security and Privacy, May 2009 6 bank.com server browser PBP <script src=“https://js. bank.com/foo.js”> https://bank.com https://js.bank.com HTTP 302: redirection to https://evil.com evil.com server Script will run in the context of https://bank.com IEEE Symposium on Security and Privacy, May 2009 7 Many websites provide both HTTP and HTTPS services What’s wrong with HPIHSL pages? sensitive HPIHSL Sensitive pages, e.g. checkout HTTPS only Non-sensitive pages, e.g., merchandise Intended for HTTP access However, non-sensitive pages are often accessible through HTTPS as well!. Non-sensitive They often import scripts through HTTP The scripts will run in the HTTPS context. HTTP scripts IEEE Symposium on Security and Privacy, May 2009 8 Browsers warn about HTTP resource in HTTPS contexts, don’t they? The detection logic is only to determine the address bar’s appearance Address bar only concerns top level page, so … IEEE Symposium on Security and Privacy, May 2009 9 Using an HTTPS iframe in an HTTP top level page. Top level: HTTP Hidden iframe: HTTPS for an HPIHSL page IEEE Symposium on Security and Privacy, May 2009 10 Very easy to find HPIHSL pages that import scripts The paper shows 12 websites having this problem. These HTTPS domains are not trustworthy. They cover a wide range Online shopping sites Banks, credit card companies Open source projects management site Top computer science departments Even the home domain of a leading certificate authority IEEE Symposium on Security and Privacy, May 2009 11 In attack 1, script in proxy’s error page runs in the HTTPS context. (all browsers) This attack No script, only static HTML Due to GUI behavior IE, Opera and Chrome display a certificate on the GUI as long as it is in the certificate cache. IEEE Symposium on Security and Privacy, May 2009 12 Schedule a one-second timer for refreshing the page. <head> <meta HTTP-EQUIV=“Refresh” CONTENT=“1; URL=https://www.paypal.com”> </head> the phishing page (5xx) Before the timer is expired, cache a PayPal certificate <img src=“https://www.paypal.com/a.jpg” style=“display:none”> A perfect GUI spoofing attack Fresh browser, single tab, address bar input IEEE Symposium on Security and Privacy, May 2009 13 IEEE Symposium on Security and Privacy, May 2009 14 Proxies are used in many environments Corporate and university networks Hospitals, hotels Third-party free proxies Due to PBP issues, security of HTTPS communication depends on proxy’s integrity Is proxy infected by viruses, hijacked by attackers or configured by malicious insiders? IEEE Symposium on Security and Privacy, May 2009 15 All these attacks work as long as (1) Attacker can sniff your machine at the link layer For HTTPS, you need to assume this. (2) The browser has its proxy capability ON WPAD: Web Proxy Auto Discovery PAC script: Proxy Auto Config script Manual configuration IEEE Symposium on Security and Privacy, May 2009 16 Our test bed Proxy required for web traffic to the Internet WPAD (default), PAC-script-config or manual-config Tested on Ethernet Tested on open wireless network GET /wpad.dat GET /wpad.dat return goodProxy_cfg return PBP_cfg attacker IEEE Symposium on Security and Privacy, May 2009 17 IE 8 (since Firefox beta 2) 3.0.10 Fixed Fixed Error-response issue Redirection issue N/A Fixed Safari 3.2.2 Opera since Chrome (or before) Dec. 2007 1.0.154.53 Fixed Fixed Fixed Fixed Fixed N/A HPIHSL issue fix suggested Fix proposed for next version Acknowledged Acknowledged Acknowledged Cached certificate issue Fixed N/A Fixed Future PBP issues N/A Fixed Besides point fixes, how can we systematically prevent (or find) these bugs? IEEE Symposium on Security and Privacy, May 2009 18 Not a fundamental “solution” HTTPS security should not depend on the network. However, it is worthwhile to have mitigations Some issues not patched New issues found in the future Mitigations Wireless router: use WPA (WiFi Protected Access) Corporate network: deploy IPSec on many types of servers Not only web servers, but DNS, DHCP, PAC servers Travelling employees: secure-VPN to your corporate networks IEEE Symposium on Security and Privacy, May 2009 19 The PBP adversary Targeting the rendering modules Encrypted/unencrypted contents confused Rendering modules HTTP/HTTPS Developers of rendering modules need to deal with MITM TCP/IP HTTPS layer not masking MITM for rendering modules. Beyond HTTPS Other end-to-end protocols: Kerberos, IPSec, etc E.g., HTTP over IPSec, using Kerberos authentication What do you want to achieve if a proxy is in between? IEEE Symposium on Security and Privacy, May 2009 20 HTTPS is flawed. We argue that many proxies are not secure enough to tunnel HTTPS. We advocate link layer security. In addition to browser issues, we also show issues in WPAD, etc. IEEE Symposium on Security and Privacy, May 2009 21 http://research.microsoft.com/en-us/projects/occur/ A free web service for timestamping research ideas Why: some research contributions cannot be published immediately, e.g., due to responsible disclosure policy. What: OCCUR gives your idea a timestamp from VeriSign Details: search for “Microsoft OCCUR” or ask me offline IEEE Symposium on Security and Privacy, May 2009 22