unprotectedfavicon
favicon 时间:2021-05-22 阅读:()
ABrowser-BasedDistributedSystemfortheDetectionofHTTPSStrippingAttacksagainstWebPagesMarcoPrandiniandMarcoRamilliUniversit`adiBologna,DEIS,VialedelRisorgimento2,40136Bologna,Italy{marco.
prandini,marco.
ramilli}@unibo.
itAbstract.
HTTPSstrippingattacksleverageacombinationofweakcongura-tionchoicestotrickusersintoprovidingsensitivedatathroughhijackedconnec-tions.
Herewepresentabrowserextensionthathelpswebuserstodetectthiskindofintegrityandauthenticitybreaches,byextractingrelevantfeaturesfromthebrowsedpagesandcomparingthemtoreferencevaluescomingfromdiffer-entsortsoftrustedsources.
Therationalebehindtheextensionisdiscussedanditseffectivenessisdemonstratedwithsomequantitativeresults,gatheredontheprototypethathasbeenimplementedforMozillaFirefox.
Keywords:HTTPSstripping,Peer-to-peer,Browserplugin.
1IntroductionStealingsensitivedatafromusersisoneofthemostcommontargetspursuedbyattack-ersontheWeb.
Therearemanywaystolureusersintoprovidingtheirdataoverthewrongconnection,leadingtotheattacker'sserverinsteadofthelegitimateone.
Even-tually,thewidespreadusageofHTTPSseemedliketheultimateweaponagainstthiskindofhijacking.
However,theverysuccessofHTTPSbackredasmanyhigh-trafcwebsitesstaggeredunderthecomputationalloadassociatedwithservingeverypagethroughanencryptedconnection.
Thisleadsomesitestoadoptatrade-offsolution,foreseeingtheusageofHTTPSonlyfortheconnectionsinvolvingthetransmissionofsensitivedata.
However,thelackofintegrityprotectionforthepagecontainingthelinkforthesubmissionopensacrackthatanattackercanleveragetocompromisethewholetransaction.
Thispaperillustratesamethodforsolvingthisproblembasedonabrowserextension.
Inthefollowing,section2detailstheattack;section3outlinesthedesignprinciplesoftheproposedcountermeasure;section4describestheextensionimplementationasaMozillaFirefoxplugin;nallysection5drawsconclusions.
2AnalysisoftheAttackLet'sassumethecommonscenarioinwhichauseronaclienthost(CH)wantstoestab-lishasecuretransactionwithaWebserveronaserverhost(SH).
GiventhatCHandSHmustexchangedataonthenetwork,aManInTheMiddle(MITM)attackispossibleiftheattackerhost(ATH),bymeansofskillfulmanipulationofnetworkdevices,becomesagatewayforthetrafcstream.
TheattackerinterceptsthetrafcfromthesourceandD.
Gritzalis,S.
Furnell,andM.
Theoharidou(Eds.
):SEC2012,IFIPAICT376,pp.
549–554,2012.
cIFIPInternationalFederationforInformationProcessing2012550M.
PrandiniandM.
Ramilli'()(*$**#$&0122123452126552122'')-*7(8)*9-'*,-'(%&)-:+5-35-+(8(8)*+5-'(*$*#$&0122124942124942122'')-*'(0.
)7(8(8()8;"$-,((8(8>5212,352122'')-*(8((Fig.
1.
Screenshotoftheloginboxonthehomepageofabank.
Notice(a)thatthepageisservedonHTTP,(b)thegraphicssuggestingasecureloginprocess,and(c)theunderlyingHTMLcode,whichsendsdataonHTTPS,thatis,aslongasaMITMattackdoesnotmodifyit.
forwardsittothedestination(andviceversa),preservingtheillusionofCHandSHofbeingconnectedthroughanunalteredchannel,butatthesametimebeingabletomodifymessagesandinsertnewones.
Whilethisisnotacompletelytrivialfeat,therearesoundreasonstoworryaboutthispossibility,iftheattackerisonthesamenetworkofthevictimbutalsoifheisinaremotelocation,duetotheinsecuredefaultcong-urationofmanyhomeaccessrouters[5,2].
Anattacktotheprofessionally-managedinfrastructureontheserversideislesslikelytosucceed.
AnykindofMITMwouldfailiftheveryrstpageofthevisitedsiteisservedonHTTPS(andtheuserchecksitactuallyis!
),because,withsomeexceptions[1],nobodycancircumventthecryptographicauthenticationandimpersonatetherealserver.
How-ever,theinitialpageisusuallytheoneresponsibleforasignicantpartofawebsitetrafc,andoftenisthestartingpointforanavigationthroughsectionsofthesitethatdonotneedprotection.
Thus,toavoidpayingthehighpriceassociatedwithservingtherstpageonHTTPS,manysitesuseplainHTTP.
Then,ifthepagecontainsaformfortheusertoprovideidenticationdata,thesubmissionoftheformisprotectedbypointingittoaHTTPSlink,reassuringtheuseraboutthesecurityoftheprocessbymeansofgraphicalcuesortextualexplanations(Fig.
1).
However,theattackerisleftfreetobecomeaMITMbetweenCHandSHduringtherst,unprotectedexchangeofinformation.
Hecanintercepttheinitialrequest/responsebetweenCHandSH,substitutingHTTPforHTTPSineverylinkofthereturnedpagebeforeservingittoCH.
WhenthebrowseronCHrequestsadditionalcontentslinkedfromthepage,orsubmitsaform,itactuallymakesaHTTPconnectiontoATH,wheretheattackercanreadeverybyteinplaintext.
TheattackerthenrelayseveryrequesttoSHusingthecorrectprotocolspeciedintheoriginalpage,tobesureofcomplyingwiththecongurationofSH,andsendsthedecryptedresponsebacktothebrowser;possibly,afaviconrepresentingasecurelockisalsoinjected(orcraftedintothepage),givingafalseperceptionofasecureconnectiontotheclient.
Thedetailedimplementationofthisattackisdescribedin[4].
ABrowser-BasedDistributedSystemfortheDetectionofHTTPSStrippingAttacks5513TheProposedCountermeasureAllthebrowserscomewithadefaultsettingtoalertusersabouttosubmitinformationoveraninsecurechannel.
Thisisaveryeffectivecountermeasureagainstthedescribedattack.
Unfortunately,webpagesthatsubmituser-provided,harmlessinformationoveraninsecurechannelareinthemillions.
Thusmostusers,aftertherstfewfalsealarms,disablethischeck[7].
Theproposedapproachistotreatwebpageslikeanyotherkindofpotentiallyma-liciouscontent,subjectingthemtotheanalysisofasecuritymoduleverysimilartoanti-malwaresoftware,andcomparingthecontentofthepageagainstsuitableinfor-mationpatternstotryanddetectifaMITMhasmodiedit.
Therearetwokeyissuesrelatedtothisapproach,namelychoosingamethodtoextractsensiblepagefeaturesandprovidinguserswiththereferencefeaturesrepresentingauthenticpages.
Therstissuearisesbecause,nowadays,thevastmajorityofwebpagesaredynami-callygenerated.
Theyalmostinvariablyincludesectionsthatchangeeachtimetheyareserved.
Itisnecessarytocharacterizeapagebyextractingonlytheinvariantparts,butmakingsurethattheyrepresentallthecontentswhoseintegrityneedstobechecked.
Theresultshouldbeangerprintofthepage,ahashvaluethatcanbereliablycom-putedeachtimethesamepageisvisitedandcomparedtoareferencevaluecomputedovertheauthenticpage.
Then,thesecondissuecomesintoplay.
Itisnecessarytodenehowtoprovidethereferencevaluetoeveryuserwhoisvisitingapageinatrustedway.
Regardingthesecondissue,weenvisagedthreepossiblescenarios.
LocalDatabase.
Inprinciple,eachusercanbuildalocaldatabasecontainingtherefer-encevaluesforthepagesofhisinterest.
Whilethismethodhastheundeniableadvan-tageofplacingtheuserinfullcontrolofthedatabase,itexhibitsasignicantdrawback:theusermustbeabsolutelysurethatheissafefromtheMITMattackwhenhecomputesthereferencevalue.
TrustedOnlineRepository.
Iftheusersarewillingtoplacetheirtrustuponathirdpartyofsomesort,forexampleadirectory,suchasystemcanactastheauthoritativesourceforcomputinganddistributingreferencevalues.
Thisapproachsuffersfromtheusualdrawbacksassociatedwithputtingacentralentityinchargeofessentialfunctions:theentityitselfbecomesaveryvaluabletargetforattackers,whowouldbehighlyre-wardedbyasuccessfulcompromiseofitsdatabaseorevenasimplerDoSattack.
PeerExchange.
Atanygiventime,awebpageisviewedbyasetofclients.
Themorepopularthepage,themoreinterestingtargetitmakesforanattacker,andthelargertheset.
Undertheassumptionthatmasscompromiseofclientsisunlikely,itispossibletosharethereferencevaluesbetweeneveryclientthroughapeer-to-peernetwork,andtochoosethemostfrequentvalueassociatedwithagivenURLasthecorrectone.
4PrototypeWeimplementedthedescribedsolutionasabrowserpluginwhichcanwarntheuserofapossibleattack.
Theextension'sarchitectureprovidesaneasymeansofportingthecodeonmanydifferentplatforms,simplychangingthebrowser-specicinterfacetothe552M.
PrandiniandM.
Ramillicorelogic,writteninJava.
Asofnow,theSecureExtension(SecExt)pluginisavailableforMozillaFirefox,chosenforbeingthemostwidespreadopensourcebrowser,athttp://code.
google.
com/p/secureext/downloads/list,andausagedemocanbeviewedathttp://www.
youtube.
com/user/SecExt.
Thepluginarchitectureismodeledaroundthethethreebasicfunctionsoutlinedinthegeneraldescription:pagecharacterization,pageevaluation,andinformationsharing.
Thefollowingparagraphsdescribethedetailofeachphase.
4.
1PageCharacterizationWebpagesareusuallycomposedofmanydifferentsections,includingpartsthataredy-namicallygeneratedandthusdiffereachtimethepageisloaded.
Tryingtocharacterizeapagebysimplycomputingitshashwithamessagedigestalgorithmoveritswholecontentwouldcertainlyfailtoyieldasensiblereferencevalue.
Itwouldneverbethesameevenifthepageisauthentic.
Theprocesswedevisedforpropercharacterizationstartsbyobservingthat,forourpurposes,theonlyimportantkindofcontentisthesetoflinkspossiblypointingtothesubmissiontargetoftheloginform,ofotherformcollectingsensitivedatafromtheuser,orpossiblyopeningsuchaforminaseparatebutcloselyrelatedspace(iframe,pop-upwindow,etc.
).
EverybitofthepagewhichisnotaURListhendiscarded.
Thecharacterizationprocedurethenremovestheparameters(i.
e.
anythingfollowinga""character,ifpresent,thatcouldmakethesamepagelookdifferenteachtimeitisloaded)fromeachURL.
Theirremovaldoesnotaffectthereliabilityofattackdetection,sincetheattackeraimssimplyatchanging"https"into"http".
Actually,theURLcleaningcouldbepushedevenfurtherbyremovingeverythingbuttheprotocol,hostandportelementsoftheURL,todealwithsitesthatuse"/"insteadof""tohavedynamicpagesindexedbysearchengines,butweneedfurthertestingtodecidewhetherthe(rathersmall)increaseingeneralityisworththelossofcapturedinformationornot.
Finally,thestringoriginatedbytheconcatenationofthecleanedURLsisgivenastheinputofamessagedigestalgorithm,whosecompactandxed-sizeoutputiswellsuitedtosummarizethepagecharacteristics.
Apagecanincludecodefromseparatesources,forexamplebymeansofiframecommands.
Theprocesscanhandlethispossibilityveryeasily:SecExtconsiderseachpieceofHTMLcodethatcanbereferencedbyaURLasanindependent"page".
Let'ssupposethataseparatepieceofcodeisincludedbythemainpagetohandleuserlogin.
IfthemainpageisservedonHTTP,theattackerwilltargetthelinkpointingtotheincludedcode,andtheattackwillberecognizedasamodicationtothemainpage.
IfthemainpageissecuredbyHTTPS,buttheincludedcodeisvulnerabletothestrippingattackinstead,thelatterwillbeindependentlycharacterizedandasuccessfulattackagainstitwillbeexplicitlyreported.
4.
2PageEvaluationEachtimetheuserloadsapageinthebrowser,theSecExtplugincomputesitshashvalueaccordingtotheillustratedalgorithm,thenlooksforrecordsregardingthepageABrowser-BasedDistributedSystemfortheDetectionofHTTPSStrippingAttacks553inthedatabase(whoseconstructionisdetailedinthenextsection4.
3).
Thequerycanyielddifferentoutcomes.
–Norecordsarefoundforthepage'sURL.
Nocheckcanbemadeabouttheintegritystatusofthepage.
ItispossibletoenvisageapluginenhancementwarningtheusertryingtosubmitdataonHTTPfromthiskindofunveriablepages.
Theevaluationoftheconsequencesintermsofusabilityareunderinvestigation.
–ThehashofthecurrentpagematchesthevaluemostfrequentlyassociatedwithitsURLinthedatabase.
SecExtdeducesthatmostlikelythebrowsedpagehasnotbeencompromisedthroughanHTTPSstrippingattack.
–ThehashofthecurrentpagedoesnotmatchthevaluemostfrequentlyassociatedwithitsURLinthedatabase.
Thecurrentpagethenhasadifferentcontentfromtheversionmostcommonlyseenindifferenttimesorplaces.
Thepluginalertstheuserbyvisualizingawarningmessageonthescreen.
Beforetheusercaninteractwiththebrowsedpageheneedstoconrmthewarningmessage.
Thenitisuptotheuserbrowsingthepageornot,possiblyafterin-deepvericationoftheunderlyingcode.
4.
3InformationSharingSecExtcanbuildthedatabaseofhashvaluesbycompositionoftwodifferentpartialsources:alocaldatabase,containingonlyhashescomputedbythelocalsystem,andaglobaldatabase,whichisitselfacollationofthelocaldatabasessharedbyotherusersoveraP2Pnetwork.
ThesumofthesepartsallowsSecExttoleveragebothlocalknowl-edge,possiblygatheredinacontrolledenvironmentwheretheusercancondentlyas-sumetobesafefromMITMattacks,andthesamekindofknowledgegatheredbyuserswhorunSecExtaswell.
Inthelattercase,weclaimthatalargeenoughuserbasewillleadtothepopulationofaglobaldatabasecontainingastrikingmajorityofhashvaluescomputedoverpageswhichhavenotbeentamperedwith.
TheP2PnetworkruninSecExtisbaseduponaJavaimplementationoftheChordprotocol[6],chosenforthisrstprototypeforitssimplicity.
TheChorddaemonrunsinabackgroundprocesstokeepthecommunicationwithpeersactiveindependentlyofthepluginactivations.
Chordexploitsadistributedhashtabletostorekey-valuepairsbyassigningkeystodifferentcomputers(knownas"nodes");anodewillstorethevaluesforallthekeysforwhichitisresponsible.
Chordspecieshowkeysareassignedtonodes,andhowanodecandiscoverthevalueforagivenkeybyrstlocatingthenoderesponsibleforthatkey.
Insimplerterms,Chordletstheconnectednodestocollectivelybuildavirtualsharedfolder.
Everypeersharesitslocaldatabaseasale,placedinthevirtualfolder,namedbyauniquenodeidentier.
Thelecangetactuallycopiedonotherpeerswhentheycomeonlineandsearchfornewresources.
Thevirtualglobaldatabasethatisthecollationofallthelocaldatabasesisthenmateriallyrepresentedbyahighlyavailablecollectionofles,andtheloadtoaccessitisspreadamongthepeers.
4.
4ExperimentalValidationWetestedtheSecExtplugineffectivenessinalabenvironment.
Theresults,whichcannotbedetailedhereforspaceconstraints,showedsatisfactorydetectionratesanda554M.
PrandiniandM.
Ramillilimitedamountoffalsepositives.
Anaccuratejudgmentofoursolution,however,mustwaituntilsomelimitationsregardingthesecurityoftheP2Pexchangearesolvedandareal-world,widertestingcampaigncanberolledout.
5ConclusionsandFutureWorkWesurveyedalargesetofwebsitesbelongingmainlytonancialinstitutions,whichareparticularlyinterestingforfraudsterslookingforusercredentialstosteal,andfoundasignicantfractionofthemvulnerabletotheHTTPSstrippingattack.
Sinceuserscannotforcewebmasterstoxtheproblemwhereitshouldbexed,weproposedaclient-side,anti-malware-styleapproachtothedetectionoftheattack.
Itleveragesthedistributedknowledgeofapotentiallylargecommunityofuserstoidentifymodiedpageseveniftheuserhasnevervisitedthembefore,exploitingpeer-to-peerarchitec-turestospreadknowledgeofthereferencevaluesrepresentingunalteredpageswithoutresortingtoatrustedthirdparty.
WeimplementedthecountermeasureasapluginforMozillaFirefox,andveriedthepracticalfeasibilityandcorrectnessofallitsbasicprinciples.
Thepluginwasabletocorrectlycharacterizethepagesusedfortesting,tak-ingintoaccountalltherelevantdataforevaluatingitsintegritybutavoidingtoincludevariablepartsthatcouldtriggerfalsepositives.
Currently,weareworkingtoachievehighercommunicationsefciencyandbetterhandlingofupdatesthroughnergran-ularity,whereasforthisrstprototypeweimplementedtheknowledgesharingasadistributionofthewholereferencevaluesdatabaseontheP2Pnetwork.
Wearealsoex-tendingSecExttowardsamorecomprehensivearchitecture,tobeabletoeasily"hook"differentcode-analysismodulesintothecorelogic,timelyaddingnewdetectioncapa-bilitieswhennewthreatsappear.
References1.
Dhamija,R.
,Tygar,J.
D.
,Hearst,M.
:Whyphishingworks.
In:ProceedingsoftheSIGCHIConferenceonHumanFactorsinComputingSystems,CHI2006,pp.
581–590.
ACM,NewYork(2006)2.
Heffner,C.
:Howtohackmillionsofrouters.
In:BlackHatConference2010(2010)3.
Nikiforakis,N.
,Younan,Y.
,Joosen,W.
:HProxy:Client-SideDetectionofSSLStrippingAttacks.
In:Kreibich,C.
,Jahnke,M.
(eds.
)DIMVA2010.
LNCS,vol.
6201,pp.
200–218.
Springer,Heidelberg(2010),doi:10.
1007/978-3-642-14215-4124.
Prandini,M.
,Ramilli,M.
,Cerroni,W.
,Callegati,F.
:SplittingtheHTTPSstreamtoattacksecurewebconnections.
IEEESecurityandPrivacy8,80–84(2010)5.
Stamm,S.
,Ramzan,Z.
,Jakobsson,M.
:Drive-ByPharming.
In:Qing,S.
,Imai,H.
,Wang,G.
(eds.
)ICICS2007.
LNCS,vol.
4861,pp.
495–506.
Springer,Heidelberg(2007),10.
1007/978-3-540-77048-0386.
Stoica,I.
,Morris,R.
,Karger,D.
,Kaashoek,M.
F.
,Balakrishnan,H.
:Chord:Ascalablepeer-to-peerlookupserviceforinternetapplications.
SIGCOMMComput.
Commun.
Rev.
31,149–160(2001)7.
Sunshine,J.
,Egelman,S.
,Almuhimedi,H.
,Atri,N.
,Cranor,L.
F.
:Cryingwolf:anempiri-calstudyofSSLwarningeffectiveness.
In:Proceedingsofthe18thConferenceonUSENIXSecuritySymposium,SSYM2009,pp.
399–416.
USENIXAssociation,Berkeley(2009)
prandini,marco.
ramilli}@unibo.
itAbstract.
HTTPSstrippingattacksleverageacombinationofweakcongura-tionchoicestotrickusersintoprovidingsensitivedatathroughhijackedconnec-tions.
Herewepresentabrowserextensionthathelpswebuserstodetectthiskindofintegrityandauthenticitybreaches,byextractingrelevantfeaturesfromthebrowsedpagesandcomparingthemtoreferencevaluescomingfromdiffer-entsortsoftrustedsources.
Therationalebehindtheextensionisdiscussedanditseffectivenessisdemonstratedwithsomequantitativeresults,gatheredontheprototypethathasbeenimplementedforMozillaFirefox.
Keywords:HTTPSstripping,Peer-to-peer,Browserplugin.
1IntroductionStealingsensitivedatafromusersisoneofthemostcommontargetspursuedbyattack-ersontheWeb.
Therearemanywaystolureusersintoprovidingtheirdataoverthewrongconnection,leadingtotheattacker'sserverinsteadofthelegitimateone.
Even-tually,thewidespreadusageofHTTPSseemedliketheultimateweaponagainstthiskindofhijacking.
However,theverysuccessofHTTPSbackredasmanyhigh-trafcwebsitesstaggeredunderthecomputationalloadassociatedwithservingeverypagethroughanencryptedconnection.
Thisleadsomesitestoadoptatrade-offsolution,foreseeingtheusageofHTTPSonlyfortheconnectionsinvolvingthetransmissionofsensitivedata.
However,thelackofintegrityprotectionforthepagecontainingthelinkforthesubmissionopensacrackthatanattackercanleveragetocompromisethewholetransaction.
Thispaperillustratesamethodforsolvingthisproblembasedonabrowserextension.
Inthefollowing,section2detailstheattack;section3outlinesthedesignprinciplesoftheproposedcountermeasure;section4describestheextensionimplementationasaMozillaFirefoxplugin;nallysection5drawsconclusions.
2AnalysisoftheAttackLet'sassumethecommonscenarioinwhichauseronaclienthost(CH)wantstoestab-lishasecuretransactionwithaWebserveronaserverhost(SH).
GiventhatCHandSHmustexchangedataonthenetwork,aManInTheMiddle(MITM)attackispossibleiftheattackerhost(ATH),bymeansofskillfulmanipulationofnetworkdevices,becomesagatewayforthetrafcstream.
TheattackerinterceptsthetrafcfromthesourceandD.
Gritzalis,S.
Furnell,andM.
Theoharidou(Eds.
):SEC2012,IFIPAICT376,pp.
549–554,2012.
cIFIPInternationalFederationforInformationProcessing2012550M.
PrandiniandM.
Ramilli'()(*$**#$&0122123452126552122'')-*7(8)*9-'*,-'(%&)-:+5-35-+(8(8)*+5-'(*$*#$&0122124942124942122'')-*'(0.
)7(8(8()8;"$-,((8(8>5212,352122'')-*(8((Fig.
1.
Screenshotoftheloginboxonthehomepageofabank.
Notice(a)thatthepageisservedonHTTP,(b)thegraphicssuggestingasecureloginprocess,and(c)theunderlyingHTMLcode,whichsendsdataonHTTPS,thatis,aslongasaMITMattackdoesnotmodifyit.
forwardsittothedestination(andviceversa),preservingtheillusionofCHandSHofbeingconnectedthroughanunalteredchannel,butatthesametimebeingabletomodifymessagesandinsertnewones.
Whilethisisnotacompletelytrivialfeat,therearesoundreasonstoworryaboutthispossibility,iftheattackerisonthesamenetworkofthevictimbutalsoifheisinaremotelocation,duetotheinsecuredefaultcong-urationofmanyhomeaccessrouters[5,2].
Anattacktotheprofessionally-managedinfrastructureontheserversideislesslikelytosucceed.
AnykindofMITMwouldfailiftheveryrstpageofthevisitedsiteisservedonHTTPS(andtheuserchecksitactuallyis!
),because,withsomeexceptions[1],nobodycancircumventthecryptographicauthenticationandimpersonatetherealserver.
How-ever,theinitialpageisusuallytheoneresponsibleforasignicantpartofawebsitetrafc,andoftenisthestartingpointforanavigationthroughsectionsofthesitethatdonotneedprotection.
Thus,toavoidpayingthehighpriceassociatedwithservingtherstpageonHTTPS,manysitesuseplainHTTP.
Then,ifthepagecontainsaformfortheusertoprovideidenticationdata,thesubmissionoftheformisprotectedbypointingittoaHTTPSlink,reassuringtheuseraboutthesecurityoftheprocessbymeansofgraphicalcuesortextualexplanations(Fig.
1).
However,theattackerisleftfreetobecomeaMITMbetweenCHandSHduringtherst,unprotectedexchangeofinformation.
Hecanintercepttheinitialrequest/responsebetweenCHandSH,substitutingHTTPforHTTPSineverylinkofthereturnedpagebeforeservingittoCH.
WhenthebrowseronCHrequestsadditionalcontentslinkedfromthepage,orsubmitsaform,itactuallymakesaHTTPconnectiontoATH,wheretheattackercanreadeverybyteinplaintext.
TheattackerthenrelayseveryrequesttoSHusingthecorrectprotocolspeciedintheoriginalpage,tobesureofcomplyingwiththecongurationofSH,andsendsthedecryptedresponsebacktothebrowser;possibly,afaviconrepresentingasecurelockisalsoinjected(orcraftedintothepage),givingafalseperceptionofasecureconnectiontotheclient.
Thedetailedimplementationofthisattackisdescribedin[4].
ABrowser-BasedDistributedSystemfortheDetectionofHTTPSStrippingAttacks5513TheProposedCountermeasureAllthebrowserscomewithadefaultsettingtoalertusersabouttosubmitinformationoveraninsecurechannel.
Thisisaveryeffectivecountermeasureagainstthedescribedattack.
Unfortunately,webpagesthatsubmituser-provided,harmlessinformationoveraninsecurechannelareinthemillions.
Thusmostusers,aftertherstfewfalsealarms,disablethischeck[7].
Theproposedapproachistotreatwebpageslikeanyotherkindofpotentiallyma-liciouscontent,subjectingthemtotheanalysisofasecuritymoduleverysimilartoanti-malwaresoftware,andcomparingthecontentofthepageagainstsuitableinfor-mationpatternstotryanddetectifaMITMhasmodiedit.
Therearetwokeyissuesrelatedtothisapproach,namelychoosingamethodtoextractsensiblepagefeaturesandprovidinguserswiththereferencefeaturesrepresentingauthenticpages.
Therstissuearisesbecause,nowadays,thevastmajorityofwebpagesaredynami-callygenerated.
Theyalmostinvariablyincludesectionsthatchangeeachtimetheyareserved.
Itisnecessarytocharacterizeapagebyextractingonlytheinvariantparts,butmakingsurethattheyrepresentallthecontentswhoseintegrityneedstobechecked.
Theresultshouldbeangerprintofthepage,ahashvaluethatcanbereliablycom-putedeachtimethesamepageisvisitedandcomparedtoareferencevaluecomputedovertheauthenticpage.
Then,thesecondissuecomesintoplay.
Itisnecessarytodenehowtoprovidethereferencevaluetoeveryuserwhoisvisitingapageinatrustedway.
Regardingthesecondissue,weenvisagedthreepossiblescenarios.
LocalDatabase.
Inprinciple,eachusercanbuildalocaldatabasecontainingtherefer-encevaluesforthepagesofhisinterest.
Whilethismethodhastheundeniableadvan-tageofplacingtheuserinfullcontrolofthedatabase,itexhibitsasignicantdrawback:theusermustbeabsolutelysurethatheissafefromtheMITMattackwhenhecomputesthereferencevalue.
TrustedOnlineRepository.
Iftheusersarewillingtoplacetheirtrustuponathirdpartyofsomesort,forexampleadirectory,suchasystemcanactastheauthoritativesourceforcomputinganddistributingreferencevalues.
Thisapproachsuffersfromtheusualdrawbacksassociatedwithputtingacentralentityinchargeofessentialfunctions:theentityitselfbecomesaveryvaluabletargetforattackers,whowouldbehighlyre-wardedbyasuccessfulcompromiseofitsdatabaseorevenasimplerDoSattack.
PeerExchange.
Atanygiventime,awebpageisviewedbyasetofclients.
Themorepopularthepage,themoreinterestingtargetitmakesforanattacker,andthelargertheset.
Undertheassumptionthatmasscompromiseofclientsisunlikely,itispossibletosharethereferencevaluesbetweeneveryclientthroughapeer-to-peernetwork,andtochoosethemostfrequentvalueassociatedwithagivenURLasthecorrectone.
4PrototypeWeimplementedthedescribedsolutionasabrowserpluginwhichcanwarntheuserofapossibleattack.
Theextension'sarchitectureprovidesaneasymeansofportingthecodeonmanydifferentplatforms,simplychangingthebrowser-specicinterfacetothe552M.
PrandiniandM.
Ramillicorelogic,writteninJava.
Asofnow,theSecureExtension(SecExt)pluginisavailableforMozillaFirefox,chosenforbeingthemostwidespreadopensourcebrowser,athttp://code.
google.
com/p/secureext/downloads/list,andausagedemocanbeviewedathttp://www.
youtube.
com/user/SecExt.
Thepluginarchitectureismodeledaroundthethethreebasicfunctionsoutlinedinthegeneraldescription:pagecharacterization,pageevaluation,andinformationsharing.
Thefollowingparagraphsdescribethedetailofeachphase.
4.
1PageCharacterizationWebpagesareusuallycomposedofmanydifferentsections,includingpartsthataredy-namicallygeneratedandthusdiffereachtimethepageisloaded.
Tryingtocharacterizeapagebysimplycomputingitshashwithamessagedigestalgorithmoveritswholecontentwouldcertainlyfailtoyieldasensiblereferencevalue.
Itwouldneverbethesameevenifthepageisauthentic.
Theprocesswedevisedforpropercharacterizationstartsbyobservingthat,forourpurposes,theonlyimportantkindofcontentisthesetoflinkspossiblypointingtothesubmissiontargetoftheloginform,ofotherformcollectingsensitivedatafromtheuser,orpossiblyopeningsuchaforminaseparatebutcloselyrelatedspace(iframe,pop-upwindow,etc.
).
EverybitofthepagewhichisnotaURListhendiscarded.
Thecharacterizationprocedurethenremovestheparameters(i.
e.
anythingfollowinga""character,ifpresent,thatcouldmakethesamepagelookdifferenteachtimeitisloaded)fromeachURL.
Theirremovaldoesnotaffectthereliabilityofattackdetection,sincetheattackeraimssimplyatchanging"https"into"http".
Actually,theURLcleaningcouldbepushedevenfurtherbyremovingeverythingbuttheprotocol,hostandportelementsoftheURL,todealwithsitesthatuse"/"insteadof""tohavedynamicpagesindexedbysearchengines,butweneedfurthertestingtodecidewhetherthe(rathersmall)increaseingeneralityisworththelossofcapturedinformationornot.
Finally,thestringoriginatedbytheconcatenationofthecleanedURLsisgivenastheinputofamessagedigestalgorithm,whosecompactandxed-sizeoutputiswellsuitedtosummarizethepagecharacteristics.
Apagecanincludecodefromseparatesources,forexamplebymeansofiframecommands.
Theprocesscanhandlethispossibilityveryeasily:SecExtconsiderseachpieceofHTMLcodethatcanbereferencedbyaURLasanindependent"page".
Let'ssupposethataseparatepieceofcodeisincludedbythemainpagetohandleuserlogin.
IfthemainpageisservedonHTTP,theattackerwilltargetthelinkpointingtotheincludedcode,andtheattackwillberecognizedasamodicationtothemainpage.
IfthemainpageissecuredbyHTTPS,buttheincludedcodeisvulnerabletothestrippingattackinstead,thelatterwillbeindependentlycharacterizedandasuccessfulattackagainstitwillbeexplicitlyreported.
4.
2PageEvaluationEachtimetheuserloadsapageinthebrowser,theSecExtplugincomputesitshashvalueaccordingtotheillustratedalgorithm,thenlooksforrecordsregardingthepageABrowser-BasedDistributedSystemfortheDetectionofHTTPSStrippingAttacks553inthedatabase(whoseconstructionisdetailedinthenextsection4.
3).
Thequerycanyielddifferentoutcomes.
–Norecordsarefoundforthepage'sURL.
Nocheckcanbemadeabouttheintegritystatusofthepage.
ItispossibletoenvisageapluginenhancementwarningtheusertryingtosubmitdataonHTTPfromthiskindofunveriablepages.
Theevaluationoftheconsequencesintermsofusabilityareunderinvestigation.
–ThehashofthecurrentpagematchesthevaluemostfrequentlyassociatedwithitsURLinthedatabase.
SecExtdeducesthatmostlikelythebrowsedpagehasnotbeencompromisedthroughanHTTPSstrippingattack.
–ThehashofthecurrentpagedoesnotmatchthevaluemostfrequentlyassociatedwithitsURLinthedatabase.
Thecurrentpagethenhasadifferentcontentfromtheversionmostcommonlyseenindifferenttimesorplaces.
Thepluginalertstheuserbyvisualizingawarningmessageonthescreen.
Beforetheusercaninteractwiththebrowsedpageheneedstoconrmthewarningmessage.
Thenitisuptotheuserbrowsingthepageornot,possiblyafterin-deepvericationoftheunderlyingcode.
4.
3InformationSharingSecExtcanbuildthedatabaseofhashvaluesbycompositionoftwodifferentpartialsources:alocaldatabase,containingonlyhashescomputedbythelocalsystem,andaglobaldatabase,whichisitselfacollationofthelocaldatabasessharedbyotherusersoveraP2Pnetwork.
ThesumofthesepartsallowsSecExttoleveragebothlocalknowl-edge,possiblygatheredinacontrolledenvironmentwheretheusercancondentlyas-sumetobesafefromMITMattacks,andthesamekindofknowledgegatheredbyuserswhorunSecExtaswell.
Inthelattercase,weclaimthatalargeenoughuserbasewillleadtothepopulationofaglobaldatabasecontainingastrikingmajorityofhashvaluescomputedoverpageswhichhavenotbeentamperedwith.
TheP2PnetworkruninSecExtisbaseduponaJavaimplementationoftheChordprotocol[6],chosenforthisrstprototypeforitssimplicity.
TheChorddaemonrunsinabackgroundprocesstokeepthecommunicationwithpeersactiveindependentlyofthepluginactivations.
Chordexploitsadistributedhashtabletostorekey-valuepairsbyassigningkeystodifferentcomputers(knownas"nodes");anodewillstorethevaluesforallthekeysforwhichitisresponsible.
Chordspecieshowkeysareassignedtonodes,andhowanodecandiscoverthevalueforagivenkeybyrstlocatingthenoderesponsibleforthatkey.
Insimplerterms,Chordletstheconnectednodestocollectivelybuildavirtualsharedfolder.
Everypeersharesitslocaldatabaseasale,placedinthevirtualfolder,namedbyauniquenodeidentier.
Thelecangetactuallycopiedonotherpeerswhentheycomeonlineandsearchfornewresources.
Thevirtualglobaldatabasethatisthecollationofallthelocaldatabasesisthenmateriallyrepresentedbyahighlyavailablecollectionofles,andtheloadtoaccessitisspreadamongthepeers.
4.
4ExperimentalValidationWetestedtheSecExtplugineffectivenessinalabenvironment.
Theresults,whichcannotbedetailedhereforspaceconstraints,showedsatisfactorydetectionratesanda554M.
PrandiniandM.
Ramillilimitedamountoffalsepositives.
Anaccuratejudgmentofoursolution,however,mustwaituntilsomelimitationsregardingthesecurityoftheP2Pexchangearesolvedandareal-world,widertestingcampaigncanberolledout.
5ConclusionsandFutureWorkWesurveyedalargesetofwebsitesbelongingmainlytonancialinstitutions,whichareparticularlyinterestingforfraudsterslookingforusercredentialstosteal,andfoundasignicantfractionofthemvulnerabletotheHTTPSstrippingattack.
Sinceuserscannotforcewebmasterstoxtheproblemwhereitshouldbexed,weproposedaclient-side,anti-malware-styleapproachtothedetectionoftheattack.
Itleveragesthedistributedknowledgeofapotentiallylargecommunityofuserstoidentifymodiedpageseveniftheuserhasnevervisitedthembefore,exploitingpeer-to-peerarchitec-turestospreadknowledgeofthereferencevaluesrepresentingunalteredpageswithoutresortingtoatrustedthirdparty.
WeimplementedthecountermeasureasapluginforMozillaFirefox,andveriedthepracticalfeasibilityandcorrectnessofallitsbasicprinciples.
Thepluginwasabletocorrectlycharacterizethepagesusedfortesting,tak-ingintoaccountalltherelevantdataforevaluatingitsintegritybutavoidingtoincludevariablepartsthatcouldtriggerfalsepositives.
Currently,weareworkingtoachievehighercommunicationsefciencyandbetterhandlingofupdatesthroughnergran-ularity,whereasforthisrstprototypeweimplementedtheknowledgesharingasadistributionofthewholereferencevaluesdatabaseontheP2Pnetwork.
Wearealsoex-tendingSecExttowardsamorecomprehensivearchitecture,tobeabletoeasily"hook"differentcode-analysismodulesintothecorelogic,timelyaddingnewdetectioncapa-bilitieswhennewthreatsappear.
References1.
Dhamija,R.
,Tygar,J.
D.
,Hearst,M.
:Whyphishingworks.
In:ProceedingsoftheSIGCHIConferenceonHumanFactorsinComputingSystems,CHI2006,pp.
581–590.
ACM,NewYork(2006)2.
Heffner,C.
:Howtohackmillionsofrouters.
In:BlackHatConference2010(2010)3.
Nikiforakis,N.
,Younan,Y.
,Joosen,W.
:HProxy:Client-SideDetectionofSSLStrippingAttacks.
In:Kreibich,C.
,Jahnke,M.
(eds.
)DIMVA2010.
LNCS,vol.
6201,pp.
200–218.
Springer,Heidelberg(2010),doi:10.
1007/978-3-642-14215-4124.
Prandini,M.
,Ramilli,M.
,Cerroni,W.
,Callegati,F.
:SplittingtheHTTPSstreamtoattacksecurewebconnections.
IEEESecurityandPrivacy8,80–84(2010)5.
Stamm,S.
,Ramzan,Z.
,Jakobsson,M.
:Drive-ByPharming.
In:Qing,S.
,Imai,H.
,Wang,G.
(eds.
)ICICS2007.
LNCS,vol.
4861,pp.
495–506.
Springer,Heidelberg(2007),10.
1007/978-3-540-77048-0386.
Stoica,I.
,Morris,R.
,Karger,D.
,Kaashoek,M.
F.
,Balakrishnan,H.
:Chord:Ascalablepeer-to-peerlookupserviceforinternetapplications.
SIGCOMMComput.
Commun.
Rev.
31,149–160(2001)7.
Sunshine,J.
,Egelman,S.
,Almuhimedi,H.
,Atri,N.
,Cranor,L.
F.
:Cryingwolf:anempiri-calstudyofSSLwarningeffectiveness.
In:Proceedingsofthe18thConferenceonUSENIXSecuritySymposium,SSYM2009,pp.
399–416.
USENIXAssociation,Berkeley(2009)
- unprotectedfavicon相关文档
- fontsfavicon
- C0favicon
- 日志favicon
- Scoresheetfavicon
- N°d'ordre:2014‐25‐TH
- passedfavicon
10gbiz首月半价月付2.36美元,香港/洛杉矶VPS、硅谷独立服务器/站群服务器
收到10gbiz发来的7月份优惠方案,中国香港、美国洛杉矶机房VPS主机4折优惠码,优惠后洛杉矶VPS月付2.36美元起,香港VPS月付2.75美元起。这是一家2020年成立的主机商,提供的产品包括独立服务器租用和VPS主机等,数据中心在美国洛杉矶、圣何塞和中国香港。商家VPS主机基于KVM架构,支持使用PayPal或者支付宝付款。洛杉矶VPS架构CPU内存硬盘带宽系统价格单核512MB10GB1...
捷锐数据399/年、60元/季 ,香港CN2云服务器 4H4G10M
捷锐数据官网商家介绍捷锐数据怎么样?捷锐数据好不好?捷锐数据是成立于2018年一家国人IDC商家,早期其主营虚拟主机CDN,现在主要有香港云服、国内物理机、腾讯轻量云代理、阿里轻量云代理,自营香港为CN2+BGP线路,采用KVM虚拟化而且单IP提供10G流量清洗并且免费配备天机盾可达到屏蔽UDP以及无视CC效果。这次捷锐数据给大家带来的活动是香港云促销,总共放量40台点击进入捷锐数据官网优惠活动内...
Krypt($120/年),2vCPU/2GB/60GB SSD/3TB
Krypt这两天发布了ION平台9月份优惠信息,提供一款特选套餐年付120美元(原价$162/年),开设在洛杉矶或者圣何塞机房,支持Windows或者Linux操作系统。ion.kryptcloud.com是Krypt机房上线的云主机平台,主要提供基于KVM架构云主机产品,相对于KT主站云服务器要便宜很多,产品可选洛杉矶、圣何塞或者新加坡等地机房。洛杉矶机房CPU:2 cores内存:2GB硬盘:...
favicon为你推荐
-
评标杀毒软件免费下载"2018年中文图书第5期新书通报",,,,,支持ipad支持ipadexportingjava尺寸(mm)操作區域手控win7telnet怎样在win7下打开telnet 命令canvas2动漫cv井口裕香,都有哪些作品?联通版iphone4s苹果4s怎么分移动版联通版电信版?icloudiphone没开启icloud的iphone怎么用find my iphone找回