unprotectedfavicon
favicon 时间:2021-05-22 阅读:()
ABrowser-BasedDistributedSystemfortheDetectionofHTTPSStrippingAttacksagainstWebPagesMarcoPrandiniandMarcoRamilliUniversit`adiBologna,DEIS,VialedelRisorgimento2,40136Bologna,Italy{marco.
prandini,marco.
ramilli}@unibo.
itAbstract.
HTTPSstrippingattacksleverageacombinationofweakcongura-tionchoicestotrickusersintoprovidingsensitivedatathroughhijackedconnec-tions.
Herewepresentabrowserextensionthathelpswebuserstodetectthiskindofintegrityandauthenticitybreaches,byextractingrelevantfeaturesfromthebrowsedpagesandcomparingthemtoreferencevaluescomingfromdiffer-entsortsoftrustedsources.
Therationalebehindtheextensionisdiscussedanditseffectivenessisdemonstratedwithsomequantitativeresults,gatheredontheprototypethathasbeenimplementedforMozillaFirefox.
Keywords:HTTPSstripping,Peer-to-peer,Browserplugin.
1IntroductionStealingsensitivedatafromusersisoneofthemostcommontargetspursuedbyattack-ersontheWeb.
Therearemanywaystolureusersintoprovidingtheirdataoverthewrongconnection,leadingtotheattacker'sserverinsteadofthelegitimateone.
Even-tually,thewidespreadusageofHTTPSseemedliketheultimateweaponagainstthiskindofhijacking.
However,theverysuccessofHTTPSbackredasmanyhigh-trafcwebsitesstaggeredunderthecomputationalloadassociatedwithservingeverypagethroughanencryptedconnection.
Thisleadsomesitestoadoptatrade-offsolution,foreseeingtheusageofHTTPSonlyfortheconnectionsinvolvingthetransmissionofsensitivedata.
However,thelackofintegrityprotectionforthepagecontainingthelinkforthesubmissionopensacrackthatanattackercanleveragetocompromisethewholetransaction.
Thispaperillustratesamethodforsolvingthisproblembasedonabrowserextension.
Inthefollowing,section2detailstheattack;section3outlinesthedesignprinciplesoftheproposedcountermeasure;section4describestheextensionimplementationasaMozillaFirefoxplugin;nallysection5drawsconclusions.
2AnalysisoftheAttackLet'sassumethecommonscenarioinwhichauseronaclienthost(CH)wantstoestab-lishasecuretransactionwithaWebserveronaserverhost(SH).
GiventhatCHandSHmustexchangedataonthenetwork,aManInTheMiddle(MITM)attackispossibleiftheattackerhost(ATH),bymeansofskillfulmanipulationofnetworkdevices,becomesagatewayforthetrafcstream.
TheattackerinterceptsthetrafcfromthesourceandD.
Gritzalis,S.
Furnell,andM.
Theoharidou(Eds.
):SEC2012,IFIPAICT376,pp.
549–554,2012.
cIFIPInternationalFederationforInformationProcessing2012550M.
PrandiniandM.
Ramilli'()(*$**#$&0122123452126552122'')-*7(8)*9-'*,-'(%&)-:+5-35-+(8(8)*+5-'(*$*#$&0122124942124942122'')-*'(0.
)7(8(8()8;"$-,((8(8>5212,352122'')-*(8((Fig.
1.
Screenshotoftheloginboxonthehomepageofabank.
Notice(a)thatthepageisservedonHTTP,(b)thegraphicssuggestingasecureloginprocess,and(c)theunderlyingHTMLcode,whichsendsdataonHTTPS,thatis,aslongasaMITMattackdoesnotmodifyit.
forwardsittothedestination(andviceversa),preservingtheillusionofCHandSHofbeingconnectedthroughanunalteredchannel,butatthesametimebeingabletomodifymessagesandinsertnewones.
Whilethisisnotacompletelytrivialfeat,therearesoundreasonstoworryaboutthispossibility,iftheattackerisonthesamenetworkofthevictimbutalsoifheisinaremotelocation,duetotheinsecuredefaultcong-urationofmanyhomeaccessrouters[5,2].
Anattacktotheprofessionally-managedinfrastructureontheserversideislesslikelytosucceed.
AnykindofMITMwouldfailiftheveryrstpageofthevisitedsiteisservedonHTTPS(andtheuserchecksitactuallyis!
),because,withsomeexceptions[1],nobodycancircumventthecryptographicauthenticationandimpersonatetherealserver.
How-ever,theinitialpageisusuallytheoneresponsibleforasignicantpartofawebsitetrafc,andoftenisthestartingpointforanavigationthroughsectionsofthesitethatdonotneedprotection.
Thus,toavoidpayingthehighpriceassociatedwithservingtherstpageonHTTPS,manysitesuseplainHTTP.
Then,ifthepagecontainsaformfortheusertoprovideidenticationdata,thesubmissionoftheformisprotectedbypointingittoaHTTPSlink,reassuringtheuseraboutthesecurityoftheprocessbymeansofgraphicalcuesortextualexplanations(Fig.
1).
However,theattackerisleftfreetobecomeaMITMbetweenCHandSHduringtherst,unprotectedexchangeofinformation.
Hecanintercepttheinitialrequest/responsebetweenCHandSH,substitutingHTTPforHTTPSineverylinkofthereturnedpagebeforeservingittoCH.
WhenthebrowseronCHrequestsadditionalcontentslinkedfromthepage,orsubmitsaform,itactuallymakesaHTTPconnectiontoATH,wheretheattackercanreadeverybyteinplaintext.
TheattackerthenrelayseveryrequesttoSHusingthecorrectprotocolspeciedintheoriginalpage,tobesureofcomplyingwiththecongurationofSH,andsendsthedecryptedresponsebacktothebrowser;possibly,afaviconrepresentingasecurelockisalsoinjected(orcraftedintothepage),givingafalseperceptionofasecureconnectiontotheclient.
Thedetailedimplementationofthisattackisdescribedin[4].
ABrowser-BasedDistributedSystemfortheDetectionofHTTPSStrippingAttacks5513TheProposedCountermeasureAllthebrowserscomewithadefaultsettingtoalertusersabouttosubmitinformationoveraninsecurechannel.
Thisisaveryeffectivecountermeasureagainstthedescribedattack.
Unfortunately,webpagesthatsubmituser-provided,harmlessinformationoveraninsecurechannelareinthemillions.
Thusmostusers,aftertherstfewfalsealarms,disablethischeck[7].
Theproposedapproachistotreatwebpageslikeanyotherkindofpotentiallyma-liciouscontent,subjectingthemtotheanalysisofasecuritymoduleverysimilartoanti-malwaresoftware,andcomparingthecontentofthepageagainstsuitableinfor-mationpatternstotryanddetectifaMITMhasmodiedit.
Therearetwokeyissuesrelatedtothisapproach,namelychoosingamethodtoextractsensiblepagefeaturesandprovidinguserswiththereferencefeaturesrepresentingauthenticpages.
Therstissuearisesbecause,nowadays,thevastmajorityofwebpagesaredynami-callygenerated.
Theyalmostinvariablyincludesectionsthatchangeeachtimetheyareserved.
Itisnecessarytocharacterizeapagebyextractingonlytheinvariantparts,butmakingsurethattheyrepresentallthecontentswhoseintegrityneedstobechecked.
Theresultshouldbeangerprintofthepage,ahashvaluethatcanbereliablycom-putedeachtimethesamepageisvisitedandcomparedtoareferencevaluecomputedovertheauthenticpage.
Then,thesecondissuecomesintoplay.
Itisnecessarytodenehowtoprovidethereferencevaluetoeveryuserwhoisvisitingapageinatrustedway.
Regardingthesecondissue,weenvisagedthreepossiblescenarios.
LocalDatabase.
Inprinciple,eachusercanbuildalocaldatabasecontainingtherefer-encevaluesforthepagesofhisinterest.
Whilethismethodhastheundeniableadvan-tageofplacingtheuserinfullcontrolofthedatabase,itexhibitsasignicantdrawback:theusermustbeabsolutelysurethatheissafefromtheMITMattackwhenhecomputesthereferencevalue.
TrustedOnlineRepository.
Iftheusersarewillingtoplacetheirtrustuponathirdpartyofsomesort,forexampleadirectory,suchasystemcanactastheauthoritativesourceforcomputinganddistributingreferencevalues.
Thisapproachsuffersfromtheusualdrawbacksassociatedwithputtingacentralentityinchargeofessentialfunctions:theentityitselfbecomesaveryvaluabletargetforattackers,whowouldbehighlyre-wardedbyasuccessfulcompromiseofitsdatabaseorevenasimplerDoSattack.
PeerExchange.
Atanygiventime,awebpageisviewedbyasetofclients.
Themorepopularthepage,themoreinterestingtargetitmakesforanattacker,andthelargertheset.
Undertheassumptionthatmasscompromiseofclientsisunlikely,itispossibletosharethereferencevaluesbetweeneveryclientthroughapeer-to-peernetwork,andtochoosethemostfrequentvalueassociatedwithagivenURLasthecorrectone.
4PrototypeWeimplementedthedescribedsolutionasabrowserpluginwhichcanwarntheuserofapossibleattack.
Theextension'sarchitectureprovidesaneasymeansofportingthecodeonmanydifferentplatforms,simplychangingthebrowser-specicinterfacetothe552M.
PrandiniandM.
Ramillicorelogic,writteninJava.
Asofnow,theSecureExtension(SecExt)pluginisavailableforMozillaFirefox,chosenforbeingthemostwidespreadopensourcebrowser,athttp://code.
google.
com/p/secureext/downloads/list,andausagedemocanbeviewedathttp://www.
youtube.
com/user/SecExt.
Thepluginarchitectureismodeledaroundthethethreebasicfunctionsoutlinedinthegeneraldescription:pagecharacterization,pageevaluation,andinformationsharing.
Thefollowingparagraphsdescribethedetailofeachphase.
4.
1PageCharacterizationWebpagesareusuallycomposedofmanydifferentsections,includingpartsthataredy-namicallygeneratedandthusdiffereachtimethepageisloaded.
Tryingtocharacterizeapagebysimplycomputingitshashwithamessagedigestalgorithmoveritswholecontentwouldcertainlyfailtoyieldasensiblereferencevalue.
Itwouldneverbethesameevenifthepageisauthentic.
Theprocesswedevisedforpropercharacterizationstartsbyobservingthat,forourpurposes,theonlyimportantkindofcontentisthesetoflinkspossiblypointingtothesubmissiontargetoftheloginform,ofotherformcollectingsensitivedatafromtheuser,orpossiblyopeningsuchaforminaseparatebutcloselyrelatedspace(iframe,pop-upwindow,etc.
).
EverybitofthepagewhichisnotaURListhendiscarded.
Thecharacterizationprocedurethenremovestheparameters(i.
e.
anythingfollowinga""character,ifpresent,thatcouldmakethesamepagelookdifferenteachtimeitisloaded)fromeachURL.
Theirremovaldoesnotaffectthereliabilityofattackdetection,sincetheattackeraimssimplyatchanging"https"into"http".
Actually,theURLcleaningcouldbepushedevenfurtherbyremovingeverythingbuttheprotocol,hostandportelementsoftheURL,todealwithsitesthatuse"/"insteadof""tohavedynamicpagesindexedbysearchengines,butweneedfurthertestingtodecidewhetherthe(rathersmall)increaseingeneralityisworththelossofcapturedinformationornot.
Finally,thestringoriginatedbytheconcatenationofthecleanedURLsisgivenastheinputofamessagedigestalgorithm,whosecompactandxed-sizeoutputiswellsuitedtosummarizethepagecharacteristics.
Apagecanincludecodefromseparatesources,forexamplebymeansofiframecommands.
Theprocesscanhandlethispossibilityveryeasily:SecExtconsiderseachpieceofHTMLcodethatcanbereferencedbyaURLasanindependent"page".
Let'ssupposethataseparatepieceofcodeisincludedbythemainpagetohandleuserlogin.
IfthemainpageisservedonHTTP,theattackerwilltargetthelinkpointingtotheincludedcode,andtheattackwillberecognizedasamodicationtothemainpage.
IfthemainpageissecuredbyHTTPS,buttheincludedcodeisvulnerabletothestrippingattackinstead,thelatterwillbeindependentlycharacterizedandasuccessfulattackagainstitwillbeexplicitlyreported.
4.
2PageEvaluationEachtimetheuserloadsapageinthebrowser,theSecExtplugincomputesitshashvalueaccordingtotheillustratedalgorithm,thenlooksforrecordsregardingthepageABrowser-BasedDistributedSystemfortheDetectionofHTTPSStrippingAttacks553inthedatabase(whoseconstructionisdetailedinthenextsection4.
3).
Thequerycanyielddifferentoutcomes.
–Norecordsarefoundforthepage'sURL.
Nocheckcanbemadeabouttheintegritystatusofthepage.
ItispossibletoenvisageapluginenhancementwarningtheusertryingtosubmitdataonHTTPfromthiskindofunveriablepages.
Theevaluationoftheconsequencesintermsofusabilityareunderinvestigation.
–ThehashofthecurrentpagematchesthevaluemostfrequentlyassociatedwithitsURLinthedatabase.
SecExtdeducesthatmostlikelythebrowsedpagehasnotbeencompromisedthroughanHTTPSstrippingattack.
–ThehashofthecurrentpagedoesnotmatchthevaluemostfrequentlyassociatedwithitsURLinthedatabase.
Thecurrentpagethenhasadifferentcontentfromtheversionmostcommonlyseenindifferenttimesorplaces.
Thepluginalertstheuserbyvisualizingawarningmessageonthescreen.
Beforetheusercaninteractwiththebrowsedpageheneedstoconrmthewarningmessage.
Thenitisuptotheuserbrowsingthepageornot,possiblyafterin-deepvericationoftheunderlyingcode.
4.
3InformationSharingSecExtcanbuildthedatabaseofhashvaluesbycompositionoftwodifferentpartialsources:alocaldatabase,containingonlyhashescomputedbythelocalsystem,andaglobaldatabase,whichisitselfacollationofthelocaldatabasessharedbyotherusersoveraP2Pnetwork.
ThesumofthesepartsallowsSecExttoleveragebothlocalknowl-edge,possiblygatheredinacontrolledenvironmentwheretheusercancondentlyas-sumetobesafefromMITMattacks,andthesamekindofknowledgegatheredbyuserswhorunSecExtaswell.
Inthelattercase,weclaimthatalargeenoughuserbasewillleadtothepopulationofaglobaldatabasecontainingastrikingmajorityofhashvaluescomputedoverpageswhichhavenotbeentamperedwith.
TheP2PnetworkruninSecExtisbaseduponaJavaimplementationoftheChordprotocol[6],chosenforthisrstprototypeforitssimplicity.
TheChorddaemonrunsinabackgroundprocesstokeepthecommunicationwithpeersactiveindependentlyofthepluginactivations.
Chordexploitsadistributedhashtabletostorekey-valuepairsbyassigningkeystodifferentcomputers(knownas"nodes");anodewillstorethevaluesforallthekeysforwhichitisresponsible.
Chordspecieshowkeysareassignedtonodes,andhowanodecandiscoverthevalueforagivenkeybyrstlocatingthenoderesponsibleforthatkey.
Insimplerterms,Chordletstheconnectednodestocollectivelybuildavirtualsharedfolder.
Everypeersharesitslocaldatabaseasale,placedinthevirtualfolder,namedbyauniquenodeidentier.
Thelecangetactuallycopiedonotherpeerswhentheycomeonlineandsearchfornewresources.
Thevirtualglobaldatabasethatisthecollationofallthelocaldatabasesisthenmateriallyrepresentedbyahighlyavailablecollectionofles,andtheloadtoaccessitisspreadamongthepeers.
4.
4ExperimentalValidationWetestedtheSecExtplugineffectivenessinalabenvironment.
Theresults,whichcannotbedetailedhereforspaceconstraints,showedsatisfactorydetectionratesanda554M.
PrandiniandM.
Ramillilimitedamountoffalsepositives.
Anaccuratejudgmentofoursolution,however,mustwaituntilsomelimitationsregardingthesecurityoftheP2Pexchangearesolvedandareal-world,widertestingcampaigncanberolledout.
5ConclusionsandFutureWorkWesurveyedalargesetofwebsitesbelongingmainlytonancialinstitutions,whichareparticularlyinterestingforfraudsterslookingforusercredentialstosteal,andfoundasignicantfractionofthemvulnerabletotheHTTPSstrippingattack.
Sinceuserscannotforcewebmasterstoxtheproblemwhereitshouldbexed,weproposedaclient-side,anti-malware-styleapproachtothedetectionoftheattack.
Itleveragesthedistributedknowledgeofapotentiallylargecommunityofuserstoidentifymodiedpageseveniftheuserhasnevervisitedthembefore,exploitingpeer-to-peerarchitec-turestospreadknowledgeofthereferencevaluesrepresentingunalteredpageswithoutresortingtoatrustedthirdparty.
WeimplementedthecountermeasureasapluginforMozillaFirefox,andveriedthepracticalfeasibilityandcorrectnessofallitsbasicprinciples.
Thepluginwasabletocorrectlycharacterizethepagesusedfortesting,tak-ingintoaccountalltherelevantdataforevaluatingitsintegritybutavoidingtoincludevariablepartsthatcouldtriggerfalsepositives.
Currently,weareworkingtoachievehighercommunicationsefciencyandbetterhandlingofupdatesthroughnergran-ularity,whereasforthisrstprototypeweimplementedtheknowledgesharingasadistributionofthewholereferencevaluesdatabaseontheP2Pnetwork.
Wearealsoex-tendingSecExttowardsamorecomprehensivearchitecture,tobeabletoeasily"hook"differentcode-analysismodulesintothecorelogic,timelyaddingnewdetectioncapa-bilitieswhennewthreatsappear.
References1.
Dhamija,R.
,Tygar,J.
D.
,Hearst,M.
:Whyphishingworks.
In:ProceedingsoftheSIGCHIConferenceonHumanFactorsinComputingSystems,CHI2006,pp.
581–590.
ACM,NewYork(2006)2.
Heffner,C.
:Howtohackmillionsofrouters.
In:BlackHatConference2010(2010)3.
Nikiforakis,N.
,Younan,Y.
,Joosen,W.
:HProxy:Client-SideDetectionofSSLStrippingAttacks.
In:Kreibich,C.
,Jahnke,M.
(eds.
)DIMVA2010.
LNCS,vol.
6201,pp.
200–218.
Springer,Heidelberg(2010),doi:10.
1007/978-3-642-14215-4124.
Prandini,M.
,Ramilli,M.
,Cerroni,W.
,Callegati,F.
:SplittingtheHTTPSstreamtoattacksecurewebconnections.
IEEESecurityandPrivacy8,80–84(2010)5.
Stamm,S.
,Ramzan,Z.
,Jakobsson,M.
:Drive-ByPharming.
In:Qing,S.
,Imai,H.
,Wang,G.
(eds.
)ICICS2007.
LNCS,vol.
4861,pp.
495–506.
Springer,Heidelberg(2007),10.
1007/978-3-540-77048-0386.
Stoica,I.
,Morris,R.
,Karger,D.
,Kaashoek,M.
F.
,Balakrishnan,H.
:Chord:Ascalablepeer-to-peerlookupserviceforinternetapplications.
SIGCOMMComput.
Commun.
Rev.
31,149–160(2001)7.
Sunshine,J.
,Egelman,S.
,Almuhimedi,H.
,Atri,N.
,Cranor,L.
F.
:Cryingwolf:anempiri-calstudyofSSLwarningeffectiveness.
In:Proceedingsofthe18thConferenceonUSENIXSecuritySymposium,SSYM2009,pp.
399–416.
USENIXAssociation,Berkeley(2009)
prandini,marco.
ramilli}@unibo.
itAbstract.
HTTPSstrippingattacksleverageacombinationofweakcongura-tionchoicestotrickusersintoprovidingsensitivedatathroughhijackedconnec-tions.
Herewepresentabrowserextensionthathelpswebuserstodetectthiskindofintegrityandauthenticitybreaches,byextractingrelevantfeaturesfromthebrowsedpagesandcomparingthemtoreferencevaluescomingfromdiffer-entsortsoftrustedsources.
Therationalebehindtheextensionisdiscussedanditseffectivenessisdemonstratedwithsomequantitativeresults,gatheredontheprototypethathasbeenimplementedforMozillaFirefox.
Keywords:HTTPSstripping,Peer-to-peer,Browserplugin.
1IntroductionStealingsensitivedatafromusersisoneofthemostcommontargetspursuedbyattack-ersontheWeb.
Therearemanywaystolureusersintoprovidingtheirdataoverthewrongconnection,leadingtotheattacker'sserverinsteadofthelegitimateone.
Even-tually,thewidespreadusageofHTTPSseemedliketheultimateweaponagainstthiskindofhijacking.
However,theverysuccessofHTTPSbackredasmanyhigh-trafcwebsitesstaggeredunderthecomputationalloadassociatedwithservingeverypagethroughanencryptedconnection.
Thisleadsomesitestoadoptatrade-offsolution,foreseeingtheusageofHTTPSonlyfortheconnectionsinvolvingthetransmissionofsensitivedata.
However,thelackofintegrityprotectionforthepagecontainingthelinkforthesubmissionopensacrackthatanattackercanleveragetocompromisethewholetransaction.
Thispaperillustratesamethodforsolvingthisproblembasedonabrowserextension.
Inthefollowing,section2detailstheattack;section3outlinesthedesignprinciplesoftheproposedcountermeasure;section4describestheextensionimplementationasaMozillaFirefoxplugin;nallysection5drawsconclusions.
2AnalysisoftheAttackLet'sassumethecommonscenarioinwhichauseronaclienthost(CH)wantstoestab-lishasecuretransactionwithaWebserveronaserverhost(SH).
GiventhatCHandSHmustexchangedataonthenetwork,aManInTheMiddle(MITM)attackispossibleiftheattackerhost(ATH),bymeansofskillfulmanipulationofnetworkdevices,becomesagatewayforthetrafcstream.
TheattackerinterceptsthetrafcfromthesourceandD.
Gritzalis,S.
Furnell,andM.
Theoharidou(Eds.
):SEC2012,IFIPAICT376,pp.
549–554,2012.
cIFIPInternationalFederationforInformationProcessing2012550M.
PrandiniandM.
Ramilli'()(*$**#$&0122123452126552122'')-*7(8)*9-'*,-'(%&)-:+5-35-+(8(8)*+5-'(*$*#$&0122124942124942122'')-*'(0.
)7(8(8()8;"$-,((8(8>5212,352122'')-*(8((Fig.
1.
Screenshotoftheloginboxonthehomepageofabank.
Notice(a)thatthepageisservedonHTTP,(b)thegraphicssuggestingasecureloginprocess,and(c)theunderlyingHTMLcode,whichsendsdataonHTTPS,thatis,aslongasaMITMattackdoesnotmodifyit.
forwardsittothedestination(andviceversa),preservingtheillusionofCHandSHofbeingconnectedthroughanunalteredchannel,butatthesametimebeingabletomodifymessagesandinsertnewones.
Whilethisisnotacompletelytrivialfeat,therearesoundreasonstoworryaboutthispossibility,iftheattackerisonthesamenetworkofthevictimbutalsoifheisinaremotelocation,duetotheinsecuredefaultcong-urationofmanyhomeaccessrouters[5,2].
Anattacktotheprofessionally-managedinfrastructureontheserversideislesslikelytosucceed.
AnykindofMITMwouldfailiftheveryrstpageofthevisitedsiteisservedonHTTPS(andtheuserchecksitactuallyis!
),because,withsomeexceptions[1],nobodycancircumventthecryptographicauthenticationandimpersonatetherealserver.
How-ever,theinitialpageisusuallytheoneresponsibleforasignicantpartofawebsitetrafc,andoftenisthestartingpointforanavigationthroughsectionsofthesitethatdonotneedprotection.
Thus,toavoidpayingthehighpriceassociatedwithservingtherstpageonHTTPS,manysitesuseplainHTTP.
Then,ifthepagecontainsaformfortheusertoprovideidenticationdata,thesubmissionoftheformisprotectedbypointingittoaHTTPSlink,reassuringtheuseraboutthesecurityoftheprocessbymeansofgraphicalcuesortextualexplanations(Fig.
1).
However,theattackerisleftfreetobecomeaMITMbetweenCHandSHduringtherst,unprotectedexchangeofinformation.
Hecanintercepttheinitialrequest/responsebetweenCHandSH,substitutingHTTPforHTTPSineverylinkofthereturnedpagebeforeservingittoCH.
WhenthebrowseronCHrequestsadditionalcontentslinkedfromthepage,orsubmitsaform,itactuallymakesaHTTPconnectiontoATH,wheretheattackercanreadeverybyteinplaintext.
TheattackerthenrelayseveryrequesttoSHusingthecorrectprotocolspeciedintheoriginalpage,tobesureofcomplyingwiththecongurationofSH,andsendsthedecryptedresponsebacktothebrowser;possibly,afaviconrepresentingasecurelockisalsoinjected(orcraftedintothepage),givingafalseperceptionofasecureconnectiontotheclient.
Thedetailedimplementationofthisattackisdescribedin[4].
ABrowser-BasedDistributedSystemfortheDetectionofHTTPSStrippingAttacks5513TheProposedCountermeasureAllthebrowserscomewithadefaultsettingtoalertusersabouttosubmitinformationoveraninsecurechannel.
Thisisaveryeffectivecountermeasureagainstthedescribedattack.
Unfortunately,webpagesthatsubmituser-provided,harmlessinformationoveraninsecurechannelareinthemillions.
Thusmostusers,aftertherstfewfalsealarms,disablethischeck[7].
Theproposedapproachistotreatwebpageslikeanyotherkindofpotentiallyma-liciouscontent,subjectingthemtotheanalysisofasecuritymoduleverysimilartoanti-malwaresoftware,andcomparingthecontentofthepageagainstsuitableinfor-mationpatternstotryanddetectifaMITMhasmodiedit.
Therearetwokeyissuesrelatedtothisapproach,namelychoosingamethodtoextractsensiblepagefeaturesandprovidinguserswiththereferencefeaturesrepresentingauthenticpages.
Therstissuearisesbecause,nowadays,thevastmajorityofwebpagesaredynami-callygenerated.
Theyalmostinvariablyincludesectionsthatchangeeachtimetheyareserved.
Itisnecessarytocharacterizeapagebyextractingonlytheinvariantparts,butmakingsurethattheyrepresentallthecontentswhoseintegrityneedstobechecked.
Theresultshouldbeangerprintofthepage,ahashvaluethatcanbereliablycom-putedeachtimethesamepageisvisitedandcomparedtoareferencevaluecomputedovertheauthenticpage.
Then,thesecondissuecomesintoplay.
Itisnecessarytodenehowtoprovidethereferencevaluetoeveryuserwhoisvisitingapageinatrustedway.
Regardingthesecondissue,weenvisagedthreepossiblescenarios.
LocalDatabase.
Inprinciple,eachusercanbuildalocaldatabasecontainingtherefer-encevaluesforthepagesofhisinterest.
Whilethismethodhastheundeniableadvan-tageofplacingtheuserinfullcontrolofthedatabase,itexhibitsasignicantdrawback:theusermustbeabsolutelysurethatheissafefromtheMITMattackwhenhecomputesthereferencevalue.
TrustedOnlineRepository.
Iftheusersarewillingtoplacetheirtrustuponathirdpartyofsomesort,forexampleadirectory,suchasystemcanactastheauthoritativesourceforcomputinganddistributingreferencevalues.
Thisapproachsuffersfromtheusualdrawbacksassociatedwithputtingacentralentityinchargeofessentialfunctions:theentityitselfbecomesaveryvaluabletargetforattackers,whowouldbehighlyre-wardedbyasuccessfulcompromiseofitsdatabaseorevenasimplerDoSattack.
PeerExchange.
Atanygiventime,awebpageisviewedbyasetofclients.
Themorepopularthepage,themoreinterestingtargetitmakesforanattacker,andthelargertheset.
Undertheassumptionthatmasscompromiseofclientsisunlikely,itispossibletosharethereferencevaluesbetweeneveryclientthroughapeer-to-peernetwork,andtochoosethemostfrequentvalueassociatedwithagivenURLasthecorrectone.
4PrototypeWeimplementedthedescribedsolutionasabrowserpluginwhichcanwarntheuserofapossibleattack.
Theextension'sarchitectureprovidesaneasymeansofportingthecodeonmanydifferentplatforms,simplychangingthebrowser-specicinterfacetothe552M.
PrandiniandM.
Ramillicorelogic,writteninJava.
Asofnow,theSecureExtension(SecExt)pluginisavailableforMozillaFirefox,chosenforbeingthemostwidespreadopensourcebrowser,athttp://code.
google.
com/p/secureext/downloads/list,andausagedemocanbeviewedathttp://www.
youtube.
com/user/SecExt.
Thepluginarchitectureismodeledaroundthethethreebasicfunctionsoutlinedinthegeneraldescription:pagecharacterization,pageevaluation,andinformationsharing.
Thefollowingparagraphsdescribethedetailofeachphase.
4.
1PageCharacterizationWebpagesareusuallycomposedofmanydifferentsections,includingpartsthataredy-namicallygeneratedandthusdiffereachtimethepageisloaded.
Tryingtocharacterizeapagebysimplycomputingitshashwithamessagedigestalgorithmoveritswholecontentwouldcertainlyfailtoyieldasensiblereferencevalue.
Itwouldneverbethesameevenifthepageisauthentic.
Theprocesswedevisedforpropercharacterizationstartsbyobservingthat,forourpurposes,theonlyimportantkindofcontentisthesetoflinkspossiblypointingtothesubmissiontargetoftheloginform,ofotherformcollectingsensitivedatafromtheuser,orpossiblyopeningsuchaforminaseparatebutcloselyrelatedspace(iframe,pop-upwindow,etc.
).
EverybitofthepagewhichisnotaURListhendiscarded.
Thecharacterizationprocedurethenremovestheparameters(i.
e.
anythingfollowinga""character,ifpresent,thatcouldmakethesamepagelookdifferenteachtimeitisloaded)fromeachURL.
Theirremovaldoesnotaffectthereliabilityofattackdetection,sincetheattackeraimssimplyatchanging"https"into"http".
Actually,theURLcleaningcouldbepushedevenfurtherbyremovingeverythingbuttheprotocol,hostandportelementsoftheURL,todealwithsitesthatuse"/"insteadof""tohavedynamicpagesindexedbysearchengines,butweneedfurthertestingtodecidewhetherthe(rathersmall)increaseingeneralityisworththelossofcapturedinformationornot.
Finally,thestringoriginatedbytheconcatenationofthecleanedURLsisgivenastheinputofamessagedigestalgorithm,whosecompactandxed-sizeoutputiswellsuitedtosummarizethepagecharacteristics.
Apagecanincludecodefromseparatesources,forexamplebymeansofiframecommands.
Theprocesscanhandlethispossibilityveryeasily:SecExtconsiderseachpieceofHTMLcodethatcanbereferencedbyaURLasanindependent"page".
Let'ssupposethataseparatepieceofcodeisincludedbythemainpagetohandleuserlogin.
IfthemainpageisservedonHTTP,theattackerwilltargetthelinkpointingtotheincludedcode,andtheattackwillberecognizedasamodicationtothemainpage.
IfthemainpageissecuredbyHTTPS,buttheincludedcodeisvulnerabletothestrippingattackinstead,thelatterwillbeindependentlycharacterizedandasuccessfulattackagainstitwillbeexplicitlyreported.
4.
2PageEvaluationEachtimetheuserloadsapageinthebrowser,theSecExtplugincomputesitshashvalueaccordingtotheillustratedalgorithm,thenlooksforrecordsregardingthepageABrowser-BasedDistributedSystemfortheDetectionofHTTPSStrippingAttacks553inthedatabase(whoseconstructionisdetailedinthenextsection4.
3).
Thequerycanyielddifferentoutcomes.
–Norecordsarefoundforthepage'sURL.
Nocheckcanbemadeabouttheintegritystatusofthepage.
ItispossibletoenvisageapluginenhancementwarningtheusertryingtosubmitdataonHTTPfromthiskindofunveriablepages.
Theevaluationoftheconsequencesintermsofusabilityareunderinvestigation.
–ThehashofthecurrentpagematchesthevaluemostfrequentlyassociatedwithitsURLinthedatabase.
SecExtdeducesthatmostlikelythebrowsedpagehasnotbeencompromisedthroughanHTTPSstrippingattack.
–ThehashofthecurrentpagedoesnotmatchthevaluemostfrequentlyassociatedwithitsURLinthedatabase.
Thecurrentpagethenhasadifferentcontentfromtheversionmostcommonlyseenindifferenttimesorplaces.
Thepluginalertstheuserbyvisualizingawarningmessageonthescreen.
Beforetheusercaninteractwiththebrowsedpageheneedstoconrmthewarningmessage.
Thenitisuptotheuserbrowsingthepageornot,possiblyafterin-deepvericationoftheunderlyingcode.
4.
3InformationSharingSecExtcanbuildthedatabaseofhashvaluesbycompositionoftwodifferentpartialsources:alocaldatabase,containingonlyhashescomputedbythelocalsystem,andaglobaldatabase,whichisitselfacollationofthelocaldatabasessharedbyotherusersoveraP2Pnetwork.
ThesumofthesepartsallowsSecExttoleveragebothlocalknowl-edge,possiblygatheredinacontrolledenvironmentwheretheusercancondentlyas-sumetobesafefromMITMattacks,andthesamekindofknowledgegatheredbyuserswhorunSecExtaswell.
Inthelattercase,weclaimthatalargeenoughuserbasewillleadtothepopulationofaglobaldatabasecontainingastrikingmajorityofhashvaluescomputedoverpageswhichhavenotbeentamperedwith.
TheP2PnetworkruninSecExtisbaseduponaJavaimplementationoftheChordprotocol[6],chosenforthisrstprototypeforitssimplicity.
TheChorddaemonrunsinabackgroundprocesstokeepthecommunicationwithpeersactiveindependentlyofthepluginactivations.
Chordexploitsadistributedhashtabletostorekey-valuepairsbyassigningkeystodifferentcomputers(knownas"nodes");anodewillstorethevaluesforallthekeysforwhichitisresponsible.
Chordspecieshowkeysareassignedtonodes,andhowanodecandiscoverthevalueforagivenkeybyrstlocatingthenoderesponsibleforthatkey.
Insimplerterms,Chordletstheconnectednodestocollectivelybuildavirtualsharedfolder.
Everypeersharesitslocaldatabaseasale,placedinthevirtualfolder,namedbyauniquenodeidentier.
Thelecangetactuallycopiedonotherpeerswhentheycomeonlineandsearchfornewresources.
Thevirtualglobaldatabasethatisthecollationofallthelocaldatabasesisthenmateriallyrepresentedbyahighlyavailablecollectionofles,andtheloadtoaccessitisspreadamongthepeers.
4.
4ExperimentalValidationWetestedtheSecExtplugineffectivenessinalabenvironment.
Theresults,whichcannotbedetailedhereforspaceconstraints,showedsatisfactorydetectionratesanda554M.
PrandiniandM.
Ramillilimitedamountoffalsepositives.
Anaccuratejudgmentofoursolution,however,mustwaituntilsomelimitationsregardingthesecurityoftheP2Pexchangearesolvedandareal-world,widertestingcampaigncanberolledout.
5ConclusionsandFutureWorkWesurveyedalargesetofwebsitesbelongingmainlytonancialinstitutions,whichareparticularlyinterestingforfraudsterslookingforusercredentialstosteal,andfoundasignicantfractionofthemvulnerabletotheHTTPSstrippingattack.
Sinceuserscannotforcewebmasterstoxtheproblemwhereitshouldbexed,weproposedaclient-side,anti-malware-styleapproachtothedetectionoftheattack.
Itleveragesthedistributedknowledgeofapotentiallylargecommunityofuserstoidentifymodiedpageseveniftheuserhasnevervisitedthembefore,exploitingpeer-to-peerarchitec-turestospreadknowledgeofthereferencevaluesrepresentingunalteredpageswithoutresortingtoatrustedthirdparty.
WeimplementedthecountermeasureasapluginforMozillaFirefox,andveriedthepracticalfeasibilityandcorrectnessofallitsbasicprinciples.
Thepluginwasabletocorrectlycharacterizethepagesusedfortesting,tak-ingintoaccountalltherelevantdataforevaluatingitsintegritybutavoidingtoincludevariablepartsthatcouldtriggerfalsepositives.
Currently,weareworkingtoachievehighercommunicationsefciencyandbetterhandlingofupdatesthroughnergran-ularity,whereasforthisrstprototypeweimplementedtheknowledgesharingasadistributionofthewholereferencevaluesdatabaseontheP2Pnetwork.
Wearealsoex-tendingSecExttowardsamorecomprehensivearchitecture,tobeabletoeasily"hook"differentcode-analysismodulesintothecorelogic,timelyaddingnewdetectioncapa-bilitieswhennewthreatsappear.
References1.
Dhamija,R.
,Tygar,J.
D.
,Hearst,M.
:Whyphishingworks.
In:ProceedingsoftheSIGCHIConferenceonHumanFactorsinComputingSystems,CHI2006,pp.
581–590.
ACM,NewYork(2006)2.
Heffner,C.
:Howtohackmillionsofrouters.
In:BlackHatConference2010(2010)3.
Nikiforakis,N.
,Younan,Y.
,Joosen,W.
:HProxy:Client-SideDetectionofSSLStrippingAttacks.
In:Kreibich,C.
,Jahnke,M.
(eds.
)DIMVA2010.
LNCS,vol.
6201,pp.
200–218.
Springer,Heidelberg(2010),doi:10.
1007/978-3-642-14215-4124.
Prandini,M.
,Ramilli,M.
,Cerroni,W.
,Callegati,F.
:SplittingtheHTTPSstreamtoattacksecurewebconnections.
IEEESecurityandPrivacy8,80–84(2010)5.
Stamm,S.
,Ramzan,Z.
,Jakobsson,M.
:Drive-ByPharming.
In:Qing,S.
,Imai,H.
,Wang,G.
(eds.
)ICICS2007.
LNCS,vol.
4861,pp.
495–506.
Springer,Heidelberg(2007),10.
1007/978-3-540-77048-0386.
Stoica,I.
,Morris,R.
,Karger,D.
,Kaashoek,M.
F.
,Balakrishnan,H.
:Chord:Ascalablepeer-to-peerlookupserviceforinternetapplications.
SIGCOMMComput.
Commun.
Rev.
31,149–160(2001)7.
Sunshine,J.
,Egelman,S.
,Almuhimedi,H.
,Atri,N.
,Cranor,L.
F.
:Cryingwolf:anempiri-calstudyofSSLwarningeffectiveness.
In:Proceedingsofthe18thConferenceonUSENIXSecuritySymposium,SSYM2009,pp.
399–416.
USENIXAssociation,Berkeley(2009)
- unprotectedfavicon相关文档
- fontsfavicon
- C0favicon
- 日志favicon
- Scoresheetfavicon
- N°d'ordre:2014‐25‐TH
- passedfavicon
搬瓦工VPS:高端线路,助力企业运营,10Gbps美国 cn2 gia,1Gbps香港cn2 gia,10Gbps日本软银
搬瓦工vps(bandwagonhost)现在面向中国大陆有3条顶级线路:美国 cn2 gia,香港 cn2 gia,日本软银(softbank)。详细带宽是:美国cn2 gia、日本软银,都是2.5Gbps~10Gbps带宽,香港 cn2 gia为1Gbps带宽,搬瓦工是目前为止,全球所有提供这三种带宽的VPS(云服务器)商家里面带宽最大的,成本最高的,没有第二家了! 官方网站:https...
易探云美国云服务器评测,主机低至33元/月,336元/年
美国服务器哪家平台好?美国服务器无需备案,即开即用,上线快。美国服务器多数带防御,且有时候项目运营的时候,防御能力是用户考虑的重点,特别是网站容易受到攻击的行业。现在有那么多美国一年服务器,哪家的美国云服务器好呢?美国服务器用哪家好?这里推荐易探云,有美国BGP、美国CN2、美国高防、美国GIA等云服务器,线路优化的不错。易探云刚好就是做香港及美国云服务器的主要商家之一,我们来看一下易探云美国云服...
香港九龙湾(27元) 2核2G 20元 香港沙田
弘速云是创建于2021年的品牌,运营该品牌的公司HOSU LIMITED(中文名称弘速科技有限公司)公司成立于2021年国内公司注册于2019年。HOSU LIMITED主要从事出售香港VPS、美国VPS、香港独立服务器、香港站群服务器等,目前在售VPS线路有CN2+BGP、CN2 GIA,该公司旗下产品均采用KVM虚拟化架构。可联系商家代安装iso系统。国庆活动 优惠码:hosu10-1产品介绍...
favicon为你推荐
-
搜狗高速浏览器中南财经政法大学知识产权研究中心支持ipad流量支付宝支持ipad重庆网通重庆网通上网资费目前是多少? 小区宽带接入类型的勒索病毒win7补丁我的电脑是windows7系统,为什么打不了针对勒索病毒的补丁(杀毒软件显x-router思科路由器有线端无法上网,而无线段却可以,用的是PPPOE拨号上网,一开始两种方法都不可以,检查宽fusionchartsfusioncharts怎么生成图片至excel重庆电信宽带管家中国电信电脑管家是什么?怎么样?