Monday, November 16, 2009

Exploiting HTTPS using SSL Flaw
By Uma Mahesh

Today security is most critical factor in business applications. Security is implemented at transport layer using SSL Protocol known as Transport Layer Security (TLS). Any secure transactions are carried over internet using https which is implemented using SSL and Digital Certificates. A flaw is discovered in the protocol due to Transport Layer Security Renegotiation. An attacker can leverage this loop hole by Man in the Middle Attack. Internet Engineering Task Force (IETF) is working to provide the fix this protocol level flaw.

A normal HTTPS session involves negotiation for algorithm support (handshake), key exchange and authentication followed by encrypted data transmission. This would happen when a client requests HTTPS Server for a resource/request that needs client certificate authentication. TLS Renegotiation is triggered by sending ClientHello packet (Initial handshake packet). The process is as usual but is encrypted in current session.

Now the attacker waits for client trying to connect to Server, hijacks the connection. Then Attacker establishes a secure connection with server and then request for resource that cause renegotiation and also issues a transaction with ignore prefix (Injection Attack).
“GET acc/transferAmt.php?to=XXX&from=YYY\r\n”
“X-Ignore” #(\r\n missing so that next packet data is appended to this request packet)
Now attacker just acts as proxy between client and server. After client certificate authentication, client and server establish a new connection which attacker cannot see, but the transaction issued previously is positive. As “X-Ignore” ignores the header (original client request) and still use clients credentials (Cookies) sent along with client request.
A successful injection attack can cause even bigger problems as it can steal critical data by injecting a POST command. It was successfully implemented with twitter to steal password and twitter has updated immediately. The immediate fix released has disabled renegotiation, but it is not complete as it would disrupt existing applications


Rescorla Draft on TLS Renegotiate

Posted by Uma Mahesh_>> at 2:03 AM  

Labels:

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)