Attacks against SSL/TLS - BEAST/CRIME/BREACH
(a) BEAST (Browser Exploit Against SSL/TLS)
-
By Juliano Rizzo and Thai Duong, 2011 @ ekoparty Security Conference in Buenos Aires, Argentina
-
Decrypts secure cookies against CBC mode (i.e AES or 3DES) in TLSv1
**
(b) CRIME (Compression Ratio Info-leak Made Easy)
-
By Juliano Rizzo and Thai Duong, 2012 @ ekoparty Security Conference in Buenos Aires, Argentina
-
leverages compression side-channel, recovers the HTTP request headers
-
Injects partial chosen plaintext (CPA) into a victim’s requests + measures the size of encrypted traffic
-
HTTP-level compression: gzip (RFC 1952), defalte (RFC 1951)
-
Mitigated by disabling TLS/SPDY compression
**
- Wiki: http://en.wikipedia.org/wiki/CRIME_(security_exploit) 2. Tor and BEAST: https://blog.torproject.org/blog/tor-and-beast-ssl-attack 3. Schneier’s Article: https://www.schneier.com/blog/archives/2011/09/man-in-the-midd_4.html 4. Generic attacks with compression: http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf
(c) BREACH (Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext)
-
By Angelo Prado, Neal Harris, and Yoel Gluck, 2013 @ Blackhat 2013
-
CVE-2013-3587
-
leverages compression, takes advantage of HTTP responses
- Mitigated by:Disabling HTTP compression
- Separating secrets from user input
- Randomizing secrets per request
- Masking secrets (effectively randomizing by XORing with a random secret per request)
- Protecting vulnerable pages with CSRF
- Length hiding (by adding random number of bytes to the responses)
- Rate-limiting the requests
**
Enjoy Reading This Article?
Here are some more articles you might like to read next: