unprotectedfavicon
favicon 时间:2021-05-22 阅读:()
ABrowser-BasedDistributedSystemfortheDetectionofHTTPSStrippingAttacksagainstWebPagesMarcoPrandiniandMarcoRamilliUniversit`adiBologna,DEIS,VialedelRisorgimento2,40136Bologna,Italy{marco.
prandini,marco.
ramilli}@unibo.
itAbstract.
HTTPSstrippingattacksleverageacombinationofweakcongura-tionchoicestotrickusersintoprovidingsensitivedatathroughhijackedconnec-tions.
Herewepresentabrowserextensionthathelpswebuserstodetectthiskindofintegrityandauthenticitybreaches,byextractingrelevantfeaturesfromthebrowsedpagesandcomparingthemtoreferencevaluescomingfromdiffer-entsortsoftrustedsources.
Therationalebehindtheextensionisdiscussedanditseffectivenessisdemonstratedwithsomequantitativeresults,gatheredontheprototypethathasbeenimplementedforMozillaFirefox.
Keywords:HTTPSstripping,Peer-to-peer,Browserplugin.
1IntroductionStealingsensitivedatafromusersisoneofthemostcommontargetspursuedbyattack-ersontheWeb.
Therearemanywaystolureusersintoprovidingtheirdataoverthewrongconnection,leadingtotheattacker'sserverinsteadofthelegitimateone.
Even-tually,thewidespreadusageofHTTPSseemedliketheultimateweaponagainstthiskindofhijacking.
However,theverysuccessofHTTPSbackredasmanyhigh-trafcwebsitesstaggeredunderthecomputationalloadassociatedwithservingeverypagethroughanencryptedconnection.
Thisleadsomesitestoadoptatrade-offsolution,foreseeingtheusageofHTTPSonlyfortheconnectionsinvolvingthetransmissionofsensitivedata.
However,thelackofintegrityprotectionforthepagecontainingthelinkforthesubmissionopensacrackthatanattackercanleveragetocompromisethewholetransaction.
Thispaperillustratesamethodforsolvingthisproblembasedonabrowserextension.
Inthefollowing,section2detailstheattack;section3outlinesthedesignprinciplesoftheproposedcountermeasure;section4describestheextensionimplementationasaMozillaFirefoxplugin;nallysection5drawsconclusions.
2AnalysisoftheAttackLet'sassumethecommonscenarioinwhichauseronaclienthost(CH)wantstoestab-lishasecuretransactionwithaWebserveronaserverhost(SH).
GiventhatCHandSHmustexchangedataonthenetwork,aManInTheMiddle(MITM)attackispossibleiftheattackerhost(ATH),bymeansofskillfulmanipulationofnetworkdevices,becomesagatewayforthetrafcstream.
TheattackerinterceptsthetrafcfromthesourceandD.
Gritzalis,S.
Furnell,andM.
Theoharidou(Eds.
):SEC2012,IFIPAICT376,pp.
549–554,2012.
cIFIPInternationalFederationforInformationProcessing2012550M.
PrandiniandM.
Ramilli'()(*$**#$&0122123452126552122'')-*7(8)*9-'*,-'(%&)-:+5-35-+(8(8)*+5-'(*$*#$&0122124942124942122'')-*'(0.
)7(8(8()8;"$-,((8(8>5212,352122'')-*(8((Fig.
1.
Screenshotoftheloginboxonthehomepageofabank.
Notice(a)thatthepageisservedonHTTP,(b)thegraphicssuggestingasecureloginprocess,and(c)theunderlyingHTMLcode,whichsendsdataonHTTPS,thatis,aslongasaMITMattackdoesnotmodifyit.
forwardsittothedestination(andviceversa),preservingtheillusionofCHandSHofbeingconnectedthroughanunalteredchannel,butatthesametimebeingabletomodifymessagesandinsertnewones.
Whilethisisnotacompletelytrivialfeat,therearesoundreasonstoworryaboutthispossibility,iftheattackerisonthesamenetworkofthevictimbutalsoifheisinaremotelocation,duetotheinsecuredefaultcong-urationofmanyhomeaccessrouters[5,2].
Anattacktotheprofessionally-managedinfrastructureontheserversideislesslikelytosucceed.
AnykindofMITMwouldfailiftheveryrstpageofthevisitedsiteisservedonHTTPS(andtheuserchecksitactuallyis!
),because,withsomeexceptions[1],nobodycancircumventthecryptographicauthenticationandimpersonatetherealserver.
How-ever,theinitialpageisusuallytheoneresponsibleforasignicantpartofawebsitetrafc,andoftenisthestartingpointforanavigationthroughsectionsofthesitethatdonotneedprotection.
Thus,toavoidpayingthehighpriceassociatedwithservingtherstpageonHTTPS,manysitesuseplainHTTP.
Then,ifthepagecontainsaformfortheusertoprovideidenticationdata,thesubmissionoftheformisprotectedbypointingittoaHTTPSlink,reassuringtheuseraboutthesecurityoftheprocessbymeansofgraphicalcuesortextualexplanations(Fig.
1).
However,theattackerisleftfreetobecomeaMITMbetweenCHandSHduringtherst,unprotectedexchangeofinformation.
Hecanintercepttheinitialrequest/responsebetweenCHandSH,substitutingHTTPforHTTPSineverylinkofthereturnedpagebeforeservingittoCH.
WhenthebrowseronCHrequestsadditionalcontentslinkedfromthepage,orsubmitsaform,itactuallymakesaHTTPconnectiontoATH,wheretheattackercanreadeverybyteinplaintext.
TheattackerthenrelayseveryrequesttoSHusingthecorrectprotocolspeciedintheoriginalpage,tobesureofcomplyingwiththecongurationofSH,andsendsthedecryptedresponsebacktothebrowser;possibly,afaviconrepresentingasecurelockisalsoinjected(orcraftedintothepage),givingafalseperceptionofasecureconnectiontotheclient.
Thedetailedimplementationofthisattackisdescribedin[4].
ABrowser-BasedDistributedSystemfortheDetectionofHTTPSStrippingAttacks5513TheProposedCountermeasureAllthebrowserscomewithadefaultsettingtoalertusersabouttosubmitinformationoveraninsecurechannel.
Thisisaveryeffectivecountermeasureagainstthedescribedattack.
Unfortunately,webpagesthatsubmituser-provided,harmlessinformationoveraninsecurechannelareinthemillions.
Thusmostusers,aftertherstfewfalsealarms,disablethischeck[7].
Theproposedapproachistotreatwebpageslikeanyotherkindofpotentiallyma-liciouscontent,subjectingthemtotheanalysisofasecuritymoduleverysimilartoanti-malwaresoftware,andcomparingthecontentofthepageagainstsuitableinfor-mationpatternstotryanddetectifaMITMhasmodiedit.
Therearetwokeyissuesrelatedtothisapproach,namelychoosingamethodtoextractsensiblepagefeaturesandprovidinguserswiththereferencefeaturesrepresentingauthenticpages.
Therstissuearisesbecause,nowadays,thevastmajorityofwebpagesaredynami-callygenerated.
Theyalmostinvariablyincludesectionsthatchangeeachtimetheyareserved.
Itisnecessarytocharacterizeapagebyextractingonlytheinvariantparts,butmakingsurethattheyrepresentallthecontentswhoseintegrityneedstobechecked.
Theresultshouldbeangerprintofthepage,ahashvaluethatcanbereliablycom-putedeachtimethesamepageisvisitedandcomparedtoareferencevaluecomputedovertheauthenticpage.
Then,thesecondissuecomesintoplay.
Itisnecessarytodenehowtoprovidethereferencevaluetoeveryuserwhoisvisitingapageinatrustedway.
Regardingthesecondissue,weenvisagedthreepossiblescenarios.
LocalDatabase.
Inprinciple,eachusercanbuildalocaldatabasecontainingtherefer-encevaluesforthepagesofhisinterest.
Whilethismethodhastheundeniableadvan-tageofplacingtheuserinfullcontrolofthedatabase,itexhibitsasignicantdrawback:theusermustbeabsolutelysurethatheissafefromtheMITMattackwhenhecomputesthereferencevalue.
TrustedOnlineRepository.
Iftheusersarewillingtoplacetheirtrustuponathirdpartyofsomesort,forexampleadirectory,suchasystemcanactastheauthoritativesourceforcomputinganddistributingreferencevalues.
Thisapproachsuffersfromtheusualdrawbacksassociatedwithputtingacentralentityinchargeofessentialfunctions:theentityitselfbecomesaveryvaluabletargetforattackers,whowouldbehighlyre-wardedbyasuccessfulcompromiseofitsdatabaseorevenasimplerDoSattack.
PeerExchange.
Atanygiventime,awebpageisviewedbyasetofclients.
Themorepopularthepage,themoreinterestingtargetitmakesforanattacker,andthelargertheset.
Undertheassumptionthatmasscompromiseofclientsisunlikely,itispossibletosharethereferencevaluesbetweeneveryclientthroughapeer-to-peernetwork,andtochoosethemostfrequentvalueassociatedwithagivenURLasthecorrectone.
4PrototypeWeimplementedthedescribedsolutionasabrowserpluginwhichcanwarntheuserofapossibleattack.
Theextension'sarchitectureprovidesaneasymeansofportingthecodeonmanydifferentplatforms,simplychangingthebrowser-specicinterfacetothe552M.
PrandiniandM.
Ramillicorelogic,writteninJava.
Asofnow,theSecureExtension(SecExt)pluginisavailableforMozillaFirefox,chosenforbeingthemostwidespreadopensourcebrowser,athttp://code.
google.
com/p/secureext/downloads/list,andausagedemocanbeviewedathttp://www.
youtube.
com/user/SecExt.
Thepluginarchitectureismodeledaroundthethethreebasicfunctionsoutlinedinthegeneraldescription:pagecharacterization,pageevaluation,andinformationsharing.
Thefollowingparagraphsdescribethedetailofeachphase.
4.
1PageCharacterizationWebpagesareusuallycomposedofmanydifferentsections,includingpartsthataredy-namicallygeneratedandthusdiffereachtimethepageisloaded.
Tryingtocharacterizeapagebysimplycomputingitshashwithamessagedigestalgorithmoveritswholecontentwouldcertainlyfailtoyieldasensiblereferencevalue.
Itwouldneverbethesameevenifthepageisauthentic.
Theprocesswedevisedforpropercharacterizationstartsbyobservingthat,forourpurposes,theonlyimportantkindofcontentisthesetoflinkspossiblypointingtothesubmissiontargetoftheloginform,ofotherformcollectingsensitivedatafromtheuser,orpossiblyopeningsuchaforminaseparatebutcloselyrelatedspace(iframe,pop-upwindow,etc.
).
EverybitofthepagewhichisnotaURListhendiscarded.
Thecharacterizationprocedurethenremovestheparameters(i.
e.
anythingfollowinga""character,ifpresent,thatcouldmakethesamepagelookdifferenteachtimeitisloaded)fromeachURL.
Theirremovaldoesnotaffectthereliabilityofattackdetection,sincetheattackeraimssimplyatchanging"https"into"http".
Actually,theURLcleaningcouldbepushedevenfurtherbyremovingeverythingbuttheprotocol,hostandportelementsoftheURL,todealwithsitesthatuse"/"insteadof""tohavedynamicpagesindexedbysearchengines,butweneedfurthertestingtodecidewhetherthe(rathersmall)increaseingeneralityisworththelossofcapturedinformationornot.
Finally,thestringoriginatedbytheconcatenationofthecleanedURLsisgivenastheinputofamessagedigestalgorithm,whosecompactandxed-sizeoutputiswellsuitedtosummarizethepagecharacteristics.
Apagecanincludecodefromseparatesources,forexamplebymeansofiframecommands.
Theprocesscanhandlethispossibilityveryeasily:SecExtconsiderseachpieceofHTMLcodethatcanbereferencedbyaURLasanindependent"page".
Let'ssupposethataseparatepieceofcodeisincludedbythemainpagetohandleuserlogin.
IfthemainpageisservedonHTTP,theattackerwilltargetthelinkpointingtotheincludedcode,andtheattackwillberecognizedasamodicationtothemainpage.
IfthemainpageissecuredbyHTTPS,buttheincludedcodeisvulnerabletothestrippingattackinstead,thelatterwillbeindependentlycharacterizedandasuccessfulattackagainstitwillbeexplicitlyreported.
4.
2PageEvaluationEachtimetheuserloadsapageinthebrowser,theSecExtplugincomputesitshashvalueaccordingtotheillustratedalgorithm,thenlooksforrecordsregardingthepageABrowser-BasedDistributedSystemfortheDetectionofHTTPSStrippingAttacks553inthedatabase(whoseconstructionisdetailedinthenextsection4.
3).
Thequerycanyielddifferentoutcomes.
–Norecordsarefoundforthepage'sURL.
Nocheckcanbemadeabouttheintegritystatusofthepage.
ItispossibletoenvisageapluginenhancementwarningtheusertryingtosubmitdataonHTTPfromthiskindofunveriablepages.
Theevaluationoftheconsequencesintermsofusabilityareunderinvestigation.
–ThehashofthecurrentpagematchesthevaluemostfrequentlyassociatedwithitsURLinthedatabase.
SecExtdeducesthatmostlikelythebrowsedpagehasnotbeencompromisedthroughanHTTPSstrippingattack.
–ThehashofthecurrentpagedoesnotmatchthevaluemostfrequentlyassociatedwithitsURLinthedatabase.
Thecurrentpagethenhasadifferentcontentfromtheversionmostcommonlyseenindifferenttimesorplaces.
Thepluginalertstheuserbyvisualizingawarningmessageonthescreen.
Beforetheusercaninteractwiththebrowsedpageheneedstoconrmthewarningmessage.
Thenitisuptotheuserbrowsingthepageornot,possiblyafterin-deepvericationoftheunderlyingcode.
4.
3InformationSharingSecExtcanbuildthedatabaseofhashvaluesbycompositionoftwodifferentpartialsources:alocaldatabase,containingonlyhashescomputedbythelocalsystem,andaglobaldatabase,whichisitselfacollationofthelocaldatabasessharedbyotherusersoveraP2Pnetwork.
ThesumofthesepartsallowsSecExttoleveragebothlocalknowl-edge,possiblygatheredinacontrolledenvironmentwheretheusercancondentlyas-sumetobesafefromMITMattacks,andthesamekindofknowledgegatheredbyuserswhorunSecExtaswell.
Inthelattercase,weclaimthatalargeenoughuserbasewillleadtothepopulationofaglobaldatabasecontainingastrikingmajorityofhashvaluescomputedoverpageswhichhavenotbeentamperedwith.
TheP2PnetworkruninSecExtisbaseduponaJavaimplementationoftheChordprotocol[6],chosenforthisrstprototypeforitssimplicity.
TheChorddaemonrunsinabackgroundprocesstokeepthecommunicationwithpeersactiveindependentlyofthepluginactivations.
Chordexploitsadistributedhashtabletostorekey-valuepairsbyassigningkeystodifferentcomputers(knownas"nodes");anodewillstorethevaluesforallthekeysforwhichitisresponsible.
Chordspecieshowkeysareassignedtonodes,andhowanodecandiscoverthevalueforagivenkeybyrstlocatingthenoderesponsibleforthatkey.
Insimplerterms,Chordletstheconnectednodestocollectivelybuildavirtualsharedfolder.
Everypeersharesitslocaldatabaseasale,placedinthevirtualfolder,namedbyauniquenodeidentier.
Thelecangetactuallycopiedonotherpeerswhentheycomeonlineandsearchfornewresources.
Thevirtualglobaldatabasethatisthecollationofallthelocaldatabasesisthenmateriallyrepresentedbyahighlyavailablecollectionofles,andtheloadtoaccessitisspreadamongthepeers.
4.
4ExperimentalValidationWetestedtheSecExtplugineffectivenessinalabenvironment.
Theresults,whichcannotbedetailedhereforspaceconstraints,showedsatisfactorydetectionratesanda554M.
PrandiniandM.
Ramillilimitedamountoffalsepositives.
Anaccuratejudgmentofoursolution,however,mustwaituntilsomelimitationsregardingthesecurityoftheP2Pexchangearesolvedandareal-world,widertestingcampaigncanberolledout.
5ConclusionsandFutureWorkWesurveyedalargesetofwebsitesbelongingmainlytonancialinstitutions,whichareparticularlyinterestingforfraudsterslookingforusercredentialstosteal,andfoundasignicantfractionofthemvulnerabletotheHTTPSstrippingattack.
Sinceuserscannotforcewebmasterstoxtheproblemwhereitshouldbexed,weproposedaclient-side,anti-malware-styleapproachtothedetectionoftheattack.
Itleveragesthedistributedknowledgeofapotentiallylargecommunityofuserstoidentifymodiedpageseveniftheuserhasnevervisitedthembefore,exploitingpeer-to-peerarchitec-turestospreadknowledgeofthereferencevaluesrepresentingunalteredpageswithoutresortingtoatrustedthirdparty.
WeimplementedthecountermeasureasapluginforMozillaFirefox,andveriedthepracticalfeasibilityandcorrectnessofallitsbasicprinciples.
Thepluginwasabletocorrectlycharacterizethepagesusedfortesting,tak-ingintoaccountalltherelevantdataforevaluatingitsintegritybutavoidingtoincludevariablepartsthatcouldtriggerfalsepositives.
Currently,weareworkingtoachievehighercommunicationsefciencyandbetterhandlingofupdatesthroughnergran-ularity,whereasforthisrstprototypeweimplementedtheknowledgesharingasadistributionofthewholereferencevaluesdatabaseontheP2Pnetwork.
Wearealsoex-tendingSecExttowardsamorecomprehensivearchitecture,tobeabletoeasily"hook"differentcode-analysismodulesintothecorelogic,timelyaddingnewdetectioncapa-bilitieswhennewthreatsappear.
References1.
Dhamija,R.
,Tygar,J.
D.
,Hearst,M.
:Whyphishingworks.
In:ProceedingsoftheSIGCHIConferenceonHumanFactorsinComputingSystems,CHI2006,pp.
581–590.
ACM,NewYork(2006)2.
Heffner,C.
:Howtohackmillionsofrouters.
In:BlackHatConference2010(2010)3.
Nikiforakis,N.
,Younan,Y.
,Joosen,W.
:HProxy:Client-SideDetectionofSSLStrippingAttacks.
In:Kreibich,C.
,Jahnke,M.
(eds.
)DIMVA2010.
LNCS,vol.
6201,pp.
200–218.
Springer,Heidelberg(2010),doi:10.
1007/978-3-642-14215-4124.
Prandini,M.
,Ramilli,M.
,Cerroni,W.
,Callegati,F.
:SplittingtheHTTPSstreamtoattacksecurewebconnections.
IEEESecurityandPrivacy8,80–84(2010)5.
Stamm,S.
,Ramzan,Z.
,Jakobsson,M.
:Drive-ByPharming.
In:Qing,S.
,Imai,H.
,Wang,G.
(eds.
)ICICS2007.
LNCS,vol.
4861,pp.
495–506.
Springer,Heidelberg(2007),10.
1007/978-3-540-77048-0386.
Stoica,I.
,Morris,R.
,Karger,D.
,Kaashoek,M.
F.
,Balakrishnan,H.
:Chord:Ascalablepeer-to-peerlookupserviceforinternetapplications.
SIGCOMMComput.
Commun.
Rev.
31,149–160(2001)7.
Sunshine,J.
,Egelman,S.
,Almuhimedi,H.
,Atri,N.
,Cranor,L.
F.
:Cryingwolf:anempiri-calstudyofSSLwarningeffectiveness.
In:Proceedingsofthe18thConferenceonUSENIXSecuritySymposium,SSYM2009,pp.
399–416.
USENIXAssociation,Berkeley(2009)
prandini,marco.
ramilli}@unibo.
itAbstract.
HTTPSstrippingattacksleverageacombinationofweakcongura-tionchoicestotrickusersintoprovidingsensitivedatathroughhijackedconnec-tions.
Herewepresentabrowserextensionthathelpswebuserstodetectthiskindofintegrityandauthenticitybreaches,byextractingrelevantfeaturesfromthebrowsedpagesandcomparingthemtoreferencevaluescomingfromdiffer-entsortsoftrustedsources.
Therationalebehindtheextensionisdiscussedanditseffectivenessisdemonstratedwithsomequantitativeresults,gatheredontheprototypethathasbeenimplementedforMozillaFirefox.
Keywords:HTTPSstripping,Peer-to-peer,Browserplugin.
1IntroductionStealingsensitivedatafromusersisoneofthemostcommontargetspursuedbyattack-ersontheWeb.
Therearemanywaystolureusersintoprovidingtheirdataoverthewrongconnection,leadingtotheattacker'sserverinsteadofthelegitimateone.
Even-tually,thewidespreadusageofHTTPSseemedliketheultimateweaponagainstthiskindofhijacking.
However,theverysuccessofHTTPSbackredasmanyhigh-trafcwebsitesstaggeredunderthecomputationalloadassociatedwithservingeverypagethroughanencryptedconnection.
Thisleadsomesitestoadoptatrade-offsolution,foreseeingtheusageofHTTPSonlyfortheconnectionsinvolvingthetransmissionofsensitivedata.
However,thelackofintegrityprotectionforthepagecontainingthelinkforthesubmissionopensacrackthatanattackercanleveragetocompromisethewholetransaction.
Thispaperillustratesamethodforsolvingthisproblembasedonabrowserextension.
Inthefollowing,section2detailstheattack;section3outlinesthedesignprinciplesoftheproposedcountermeasure;section4describestheextensionimplementationasaMozillaFirefoxplugin;nallysection5drawsconclusions.
2AnalysisoftheAttackLet'sassumethecommonscenarioinwhichauseronaclienthost(CH)wantstoestab-lishasecuretransactionwithaWebserveronaserverhost(SH).
GiventhatCHandSHmustexchangedataonthenetwork,aManInTheMiddle(MITM)attackispossibleiftheattackerhost(ATH),bymeansofskillfulmanipulationofnetworkdevices,becomesagatewayforthetrafcstream.
TheattackerinterceptsthetrafcfromthesourceandD.
Gritzalis,S.
Furnell,andM.
Theoharidou(Eds.
):SEC2012,IFIPAICT376,pp.
549–554,2012.
cIFIPInternationalFederationforInformationProcessing2012550M.
PrandiniandM.
Ramilli'()(*$**#$&0122123452126552122'')-*7(8)*9-'*,-'(%&)-:+5-35-+(8(8)*+5-'(*$*#$&0122124942124942122'')-*'(0.
)7(8(8()8;"$-,((8(8>5212,352122'')-*(8((Fig.
1.
Screenshotoftheloginboxonthehomepageofabank.
Notice(a)thatthepageisservedonHTTP,(b)thegraphicssuggestingasecureloginprocess,and(c)theunderlyingHTMLcode,whichsendsdataonHTTPS,thatis,aslongasaMITMattackdoesnotmodifyit.
forwardsittothedestination(andviceversa),preservingtheillusionofCHandSHofbeingconnectedthroughanunalteredchannel,butatthesametimebeingabletomodifymessagesandinsertnewones.
Whilethisisnotacompletelytrivialfeat,therearesoundreasonstoworryaboutthispossibility,iftheattackerisonthesamenetworkofthevictimbutalsoifheisinaremotelocation,duetotheinsecuredefaultcong-urationofmanyhomeaccessrouters[5,2].
Anattacktotheprofessionally-managedinfrastructureontheserversideislesslikelytosucceed.
AnykindofMITMwouldfailiftheveryrstpageofthevisitedsiteisservedonHTTPS(andtheuserchecksitactuallyis!
),because,withsomeexceptions[1],nobodycancircumventthecryptographicauthenticationandimpersonatetherealserver.
How-ever,theinitialpageisusuallytheoneresponsibleforasignicantpartofawebsitetrafc,andoftenisthestartingpointforanavigationthroughsectionsofthesitethatdonotneedprotection.
Thus,toavoidpayingthehighpriceassociatedwithservingtherstpageonHTTPS,manysitesuseplainHTTP.
Then,ifthepagecontainsaformfortheusertoprovideidenticationdata,thesubmissionoftheformisprotectedbypointingittoaHTTPSlink,reassuringtheuseraboutthesecurityoftheprocessbymeansofgraphicalcuesortextualexplanations(Fig.
1).
However,theattackerisleftfreetobecomeaMITMbetweenCHandSHduringtherst,unprotectedexchangeofinformation.
Hecanintercepttheinitialrequest/responsebetweenCHandSH,substitutingHTTPforHTTPSineverylinkofthereturnedpagebeforeservingittoCH.
WhenthebrowseronCHrequestsadditionalcontentslinkedfromthepage,orsubmitsaform,itactuallymakesaHTTPconnectiontoATH,wheretheattackercanreadeverybyteinplaintext.
TheattackerthenrelayseveryrequesttoSHusingthecorrectprotocolspeciedintheoriginalpage,tobesureofcomplyingwiththecongurationofSH,andsendsthedecryptedresponsebacktothebrowser;possibly,afaviconrepresentingasecurelockisalsoinjected(orcraftedintothepage),givingafalseperceptionofasecureconnectiontotheclient.
Thedetailedimplementationofthisattackisdescribedin[4].
ABrowser-BasedDistributedSystemfortheDetectionofHTTPSStrippingAttacks5513TheProposedCountermeasureAllthebrowserscomewithadefaultsettingtoalertusersabouttosubmitinformationoveraninsecurechannel.
Thisisaveryeffectivecountermeasureagainstthedescribedattack.
Unfortunately,webpagesthatsubmituser-provided,harmlessinformationoveraninsecurechannelareinthemillions.
Thusmostusers,aftertherstfewfalsealarms,disablethischeck[7].
Theproposedapproachistotreatwebpageslikeanyotherkindofpotentiallyma-liciouscontent,subjectingthemtotheanalysisofasecuritymoduleverysimilartoanti-malwaresoftware,andcomparingthecontentofthepageagainstsuitableinfor-mationpatternstotryanddetectifaMITMhasmodiedit.
Therearetwokeyissuesrelatedtothisapproach,namelychoosingamethodtoextractsensiblepagefeaturesandprovidinguserswiththereferencefeaturesrepresentingauthenticpages.
Therstissuearisesbecause,nowadays,thevastmajorityofwebpagesaredynami-callygenerated.
Theyalmostinvariablyincludesectionsthatchangeeachtimetheyareserved.
Itisnecessarytocharacterizeapagebyextractingonlytheinvariantparts,butmakingsurethattheyrepresentallthecontentswhoseintegrityneedstobechecked.
Theresultshouldbeangerprintofthepage,ahashvaluethatcanbereliablycom-putedeachtimethesamepageisvisitedandcomparedtoareferencevaluecomputedovertheauthenticpage.
Then,thesecondissuecomesintoplay.
Itisnecessarytodenehowtoprovidethereferencevaluetoeveryuserwhoisvisitingapageinatrustedway.
Regardingthesecondissue,weenvisagedthreepossiblescenarios.
LocalDatabase.
Inprinciple,eachusercanbuildalocaldatabasecontainingtherefer-encevaluesforthepagesofhisinterest.
Whilethismethodhastheundeniableadvan-tageofplacingtheuserinfullcontrolofthedatabase,itexhibitsasignicantdrawback:theusermustbeabsolutelysurethatheissafefromtheMITMattackwhenhecomputesthereferencevalue.
TrustedOnlineRepository.
Iftheusersarewillingtoplacetheirtrustuponathirdpartyofsomesort,forexampleadirectory,suchasystemcanactastheauthoritativesourceforcomputinganddistributingreferencevalues.
Thisapproachsuffersfromtheusualdrawbacksassociatedwithputtingacentralentityinchargeofessentialfunctions:theentityitselfbecomesaveryvaluabletargetforattackers,whowouldbehighlyre-wardedbyasuccessfulcompromiseofitsdatabaseorevenasimplerDoSattack.
PeerExchange.
Atanygiventime,awebpageisviewedbyasetofclients.
Themorepopularthepage,themoreinterestingtargetitmakesforanattacker,andthelargertheset.
Undertheassumptionthatmasscompromiseofclientsisunlikely,itispossibletosharethereferencevaluesbetweeneveryclientthroughapeer-to-peernetwork,andtochoosethemostfrequentvalueassociatedwithagivenURLasthecorrectone.
4PrototypeWeimplementedthedescribedsolutionasabrowserpluginwhichcanwarntheuserofapossibleattack.
Theextension'sarchitectureprovidesaneasymeansofportingthecodeonmanydifferentplatforms,simplychangingthebrowser-specicinterfacetothe552M.
PrandiniandM.
Ramillicorelogic,writteninJava.
Asofnow,theSecureExtension(SecExt)pluginisavailableforMozillaFirefox,chosenforbeingthemostwidespreadopensourcebrowser,athttp://code.
google.
com/p/secureext/downloads/list,andausagedemocanbeviewedathttp://www.
youtube.
com/user/SecExt.
Thepluginarchitectureismodeledaroundthethethreebasicfunctionsoutlinedinthegeneraldescription:pagecharacterization,pageevaluation,andinformationsharing.
Thefollowingparagraphsdescribethedetailofeachphase.
4.
1PageCharacterizationWebpagesareusuallycomposedofmanydifferentsections,includingpartsthataredy-namicallygeneratedandthusdiffereachtimethepageisloaded.
Tryingtocharacterizeapagebysimplycomputingitshashwithamessagedigestalgorithmoveritswholecontentwouldcertainlyfailtoyieldasensiblereferencevalue.
Itwouldneverbethesameevenifthepageisauthentic.
Theprocesswedevisedforpropercharacterizationstartsbyobservingthat,forourpurposes,theonlyimportantkindofcontentisthesetoflinkspossiblypointingtothesubmissiontargetoftheloginform,ofotherformcollectingsensitivedatafromtheuser,orpossiblyopeningsuchaforminaseparatebutcloselyrelatedspace(iframe,pop-upwindow,etc.
).
EverybitofthepagewhichisnotaURListhendiscarded.
Thecharacterizationprocedurethenremovestheparameters(i.
e.
anythingfollowinga""character,ifpresent,thatcouldmakethesamepagelookdifferenteachtimeitisloaded)fromeachURL.
Theirremovaldoesnotaffectthereliabilityofattackdetection,sincetheattackeraimssimplyatchanging"https"into"http".
Actually,theURLcleaningcouldbepushedevenfurtherbyremovingeverythingbuttheprotocol,hostandportelementsoftheURL,todealwithsitesthatuse"/"insteadof""tohavedynamicpagesindexedbysearchengines,butweneedfurthertestingtodecidewhetherthe(rathersmall)increaseingeneralityisworththelossofcapturedinformationornot.
Finally,thestringoriginatedbytheconcatenationofthecleanedURLsisgivenastheinputofamessagedigestalgorithm,whosecompactandxed-sizeoutputiswellsuitedtosummarizethepagecharacteristics.
Apagecanincludecodefromseparatesources,forexamplebymeansofiframecommands.
Theprocesscanhandlethispossibilityveryeasily:SecExtconsiderseachpieceofHTMLcodethatcanbereferencedbyaURLasanindependent"page".
Let'ssupposethataseparatepieceofcodeisincludedbythemainpagetohandleuserlogin.
IfthemainpageisservedonHTTP,theattackerwilltargetthelinkpointingtotheincludedcode,andtheattackwillberecognizedasamodicationtothemainpage.
IfthemainpageissecuredbyHTTPS,buttheincludedcodeisvulnerabletothestrippingattackinstead,thelatterwillbeindependentlycharacterizedandasuccessfulattackagainstitwillbeexplicitlyreported.
4.
2PageEvaluationEachtimetheuserloadsapageinthebrowser,theSecExtplugincomputesitshashvalueaccordingtotheillustratedalgorithm,thenlooksforrecordsregardingthepageABrowser-BasedDistributedSystemfortheDetectionofHTTPSStrippingAttacks553inthedatabase(whoseconstructionisdetailedinthenextsection4.
3).
Thequerycanyielddifferentoutcomes.
–Norecordsarefoundforthepage'sURL.
Nocheckcanbemadeabouttheintegritystatusofthepage.
ItispossibletoenvisageapluginenhancementwarningtheusertryingtosubmitdataonHTTPfromthiskindofunveriablepages.
Theevaluationoftheconsequencesintermsofusabilityareunderinvestigation.
–ThehashofthecurrentpagematchesthevaluemostfrequentlyassociatedwithitsURLinthedatabase.
SecExtdeducesthatmostlikelythebrowsedpagehasnotbeencompromisedthroughanHTTPSstrippingattack.
–ThehashofthecurrentpagedoesnotmatchthevaluemostfrequentlyassociatedwithitsURLinthedatabase.
Thecurrentpagethenhasadifferentcontentfromtheversionmostcommonlyseenindifferenttimesorplaces.
Thepluginalertstheuserbyvisualizingawarningmessageonthescreen.
Beforetheusercaninteractwiththebrowsedpageheneedstoconrmthewarningmessage.
Thenitisuptotheuserbrowsingthepageornot,possiblyafterin-deepvericationoftheunderlyingcode.
4.
3InformationSharingSecExtcanbuildthedatabaseofhashvaluesbycompositionoftwodifferentpartialsources:alocaldatabase,containingonlyhashescomputedbythelocalsystem,andaglobaldatabase,whichisitselfacollationofthelocaldatabasessharedbyotherusersoveraP2Pnetwork.
ThesumofthesepartsallowsSecExttoleveragebothlocalknowl-edge,possiblygatheredinacontrolledenvironmentwheretheusercancondentlyas-sumetobesafefromMITMattacks,andthesamekindofknowledgegatheredbyuserswhorunSecExtaswell.
Inthelattercase,weclaimthatalargeenoughuserbasewillleadtothepopulationofaglobaldatabasecontainingastrikingmajorityofhashvaluescomputedoverpageswhichhavenotbeentamperedwith.
TheP2PnetworkruninSecExtisbaseduponaJavaimplementationoftheChordprotocol[6],chosenforthisrstprototypeforitssimplicity.
TheChorddaemonrunsinabackgroundprocesstokeepthecommunicationwithpeersactiveindependentlyofthepluginactivations.
Chordexploitsadistributedhashtabletostorekey-valuepairsbyassigningkeystodifferentcomputers(knownas"nodes");anodewillstorethevaluesforallthekeysforwhichitisresponsible.
Chordspecieshowkeysareassignedtonodes,andhowanodecandiscoverthevalueforagivenkeybyrstlocatingthenoderesponsibleforthatkey.
Insimplerterms,Chordletstheconnectednodestocollectivelybuildavirtualsharedfolder.
Everypeersharesitslocaldatabaseasale,placedinthevirtualfolder,namedbyauniquenodeidentier.
Thelecangetactuallycopiedonotherpeerswhentheycomeonlineandsearchfornewresources.
Thevirtualglobaldatabasethatisthecollationofallthelocaldatabasesisthenmateriallyrepresentedbyahighlyavailablecollectionofles,andtheloadtoaccessitisspreadamongthepeers.
4.
4ExperimentalValidationWetestedtheSecExtplugineffectivenessinalabenvironment.
Theresults,whichcannotbedetailedhereforspaceconstraints,showedsatisfactorydetectionratesanda554M.
PrandiniandM.
Ramillilimitedamountoffalsepositives.
Anaccuratejudgmentofoursolution,however,mustwaituntilsomelimitationsregardingthesecurityoftheP2Pexchangearesolvedandareal-world,widertestingcampaigncanberolledout.
5ConclusionsandFutureWorkWesurveyedalargesetofwebsitesbelongingmainlytonancialinstitutions,whichareparticularlyinterestingforfraudsterslookingforusercredentialstosteal,andfoundasignicantfractionofthemvulnerabletotheHTTPSstrippingattack.
Sinceuserscannotforcewebmasterstoxtheproblemwhereitshouldbexed,weproposedaclient-side,anti-malware-styleapproachtothedetectionoftheattack.
Itleveragesthedistributedknowledgeofapotentiallylargecommunityofuserstoidentifymodiedpageseveniftheuserhasnevervisitedthembefore,exploitingpeer-to-peerarchitec-turestospreadknowledgeofthereferencevaluesrepresentingunalteredpageswithoutresortingtoatrustedthirdparty.
WeimplementedthecountermeasureasapluginforMozillaFirefox,andveriedthepracticalfeasibilityandcorrectnessofallitsbasicprinciples.
Thepluginwasabletocorrectlycharacterizethepagesusedfortesting,tak-ingintoaccountalltherelevantdataforevaluatingitsintegritybutavoidingtoincludevariablepartsthatcouldtriggerfalsepositives.
Currently,weareworkingtoachievehighercommunicationsefciencyandbetterhandlingofupdatesthroughnergran-ularity,whereasforthisrstprototypeweimplementedtheknowledgesharingasadistributionofthewholereferencevaluesdatabaseontheP2Pnetwork.
Wearealsoex-tendingSecExttowardsamorecomprehensivearchitecture,tobeabletoeasily"hook"differentcode-analysismodulesintothecorelogic,timelyaddingnewdetectioncapa-bilitieswhennewthreatsappear.
References1.
Dhamija,R.
,Tygar,J.
D.
,Hearst,M.
:Whyphishingworks.
In:ProceedingsoftheSIGCHIConferenceonHumanFactorsinComputingSystems,CHI2006,pp.
581–590.
ACM,NewYork(2006)2.
Heffner,C.
:Howtohackmillionsofrouters.
In:BlackHatConference2010(2010)3.
Nikiforakis,N.
,Younan,Y.
,Joosen,W.
:HProxy:Client-SideDetectionofSSLStrippingAttacks.
In:Kreibich,C.
,Jahnke,M.
(eds.
)DIMVA2010.
LNCS,vol.
6201,pp.
200–218.
Springer,Heidelberg(2010),doi:10.
1007/978-3-642-14215-4124.
Prandini,M.
,Ramilli,M.
,Cerroni,W.
,Callegati,F.
:SplittingtheHTTPSstreamtoattacksecurewebconnections.
IEEESecurityandPrivacy8,80–84(2010)5.
Stamm,S.
,Ramzan,Z.
,Jakobsson,M.
:Drive-ByPharming.
In:Qing,S.
,Imai,H.
,Wang,G.
(eds.
)ICICS2007.
LNCS,vol.
4861,pp.
495–506.
Springer,Heidelberg(2007),10.
1007/978-3-540-77048-0386.
Stoica,I.
,Morris,R.
,Karger,D.
,Kaashoek,M.
F.
,Balakrishnan,H.
:Chord:Ascalablepeer-to-peerlookupserviceforinternetapplications.
SIGCOMMComput.
Commun.
Rev.
31,149–160(2001)7.
Sunshine,J.
,Egelman,S.
,Almuhimedi,H.
,Atri,N.
,Cranor,L.
F.
:Cryingwolf:anempiri-calstudyofSSLwarningeffectiveness.
In:Proceedingsofthe18thConferenceonUSENIXSecuritySymposium,SSYM2009,pp.
399–416.
USENIXAssociation,Berkeley(2009)
- unprotectedfavicon相关文档
- fontsfavicon
- C0favicon
- 日志favicon
- Scoresheetfavicon
- N°d'ordre:2014‐25‐TH
- passedfavicon
IMIDC日本多IP服务器$88/月起,E3-123x/16GB/512G SSD/30M带宽
IMIDC是一家香港本土运营商,商家名为彩虹数据(Rainbow Cloud),全线产品自营,自有IP网络资源等,提供的产品包括VPS主机、独立服务器、站群独立服务器等,数据中心区域包括香港、日本、台湾、美国和南非等地机房,CN2网络直连到中国大陆。目前主机商针对日本独立服务器做促销活动,而且提供/28 IPv4,国内直连带宽优惠后每月仅88美元起。JP Multiple IP Customize...
轻云互联22元/月,美国硅谷、圣何塞CN2GIA云服务器,香港沙田cn2建站vps仅25元/月
轻云互联怎么样?轻云互联,广州轻云网络科技有限公司旗下品牌,2018年5月成立以来,轻云互联以性价比的价格一直为提供个人,中大小型企业/团队云上解决方案。本次轻云互联送上的是美国圣何塞cn2 vps(免费50G集群防御)及香港沙田cn2 vps(免费10G集群防御)促销活动,促销产品均为cn2直连中国大陆线路、采用kvm虚拟技术架构及静态内存。目前,轻云互联推出美国硅谷、圣何塞CN2GIA云服务器...
美国cera机房 2核4G 19.9元/月 宿主机 E5 2696v2x2 512G
美国特价云服务器 2核4G 19.9元杭州王小玉网络科技有限公司成立于2020是拥有IDC ISP资质的正规公司,这次推荐的美国云服务器也是商家主打产品,有点在于稳定 速度 数据安全。企业级数据安全保障,支持异地灾备,数据安全系数达到了100%安全级别,是国内唯一一家美国云服务器拥有这个安全级别的商家。E5 2696v2x2 2核 4G内存 20G系统盘 10G数据盘 20M带宽 100G流量 1...
favicon为你推荐
-
languenod32投标迅雷恶意win7支持ipadxp如何关闭445端口Windows XP 怎么关闭445端口,我是电脑小白,求各位讲详细点ipad连不上wifi苹果ipad突然连不上网了,是怎么回事?网络是好的,手机能上网。ipad上网为什么ipad网速特别慢x-routerx-0.4x等于多少?google统计google分析里的数据包括搜索引擎爬虫的数据吗?Google中文专题交流ios10.0.3苹果10.03系统怎么样