HTTPS and the Lock Icon. Dan Boneh

Similar documents
New Tricks For Defeating SSL In Practice. Moxie Marlinspike

Secure Sockets Layer

SSL/TLS: The Ugly Truth

Installing a Browser Security Certificate for PowerChute Business Edition Agent

Cleaning Encrypted Traffic

KUB Website Troubleshooting

Cookie Same Origin Policy

Astaro User Portal: Getting Software and Certificates Astaro IPsec Client: Configuring the Client...14

Gateway Apps - Security Summary SECURITY SUMMARY

Steps for Basic Configuration

MultiSite Manager. Setup Guide

SSL VPN. Virtual Appliance Installation Guide. Virtual Private Networks

Content Filtering Client Policy & Reporting Administrator s Guide

ez Agent Administrator s Guide

How To Set Up Dataprotect

State of Michigan Data Exchange Gateway. Web-Interface Users Guide

SSL Certificates 101

Frequently Asked Questions for logging in to Online Banking

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

Investment Management System. Connectivity Guide. IMS Connectivity Guide Page 1 of 11

Configuration Guide BES12. Version 12.3

NODE4 SERVICE DESK SYSTEM

Configuration Guide BES12. Version 12.1

Integrated SSL Scanning

Exchange Outlook Profile/POP/IMAP/SMTP Setup Guide

Sophos Mobile Control SaaS startup guide. Product version: 6

ACCEPT THE SECURITY CERTIFICATE FOR THE WEB FILTER

Protocol Rollback and Network Security

SOHO 6 Wireless Installation Procedure Windows 95/98/ME with Internet Explorer 5.x & 6.0

SSL and Browsers: The Pillars of Broken Security

SSL Guide. (Secure Socket Layer)

Help. F-Secure Online Backup

Cyber Security Workshop Ethical Web Hacking

Lesson 10: Attacks to the SSL Protocol

Software Version 1.0 ConnectKey TM Share to Cloud April Xerox ConnectKey Share to Cloud User / Administrator s Guide

NeoMail Guide. Neotel (Pty) Ltd

Infor Xtreme Browser References

SEZ SEZ Online Manual- DSC Signing with Java Applet. V Version 1.0 ersion 1.0

User Guide. The AMF's File Transfer Service (FTS)

TRUST Online u s e r g u i d e v e r s i o n 8. 4 O c t o b e r

BEGINNER S GUIDE TO SSL CERTIFICATES: Making the best choice when considering your online security options

Workday Mobile Security FAQ

SSL Interception Proxies. Jeff Jarmoc Sr. Security Researcher Dell SecureWorks. and Transitive Trust

Project X Mass interception of encrypted connections

Service Provider awareness Universal Apparatus

PaperCut Payment Gateway Module - RBS WorldPay Quick Start Guide

Deutsche Bank db easynet. Secure method of use of the db easynet e-banking system

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

Yottaa Site Optimizer Guide

Secure Web Appliance. SSL Intercept

Sophos Mobile Control as a Service Startup guide. Product version: 3.5

Websense Content Gateway HTTPS Configuration

How to Configure Captive Portal

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

Configuration Guide BES12. Version 12.2

User Guide FOR TOSHIBA STORAGE PLACE

Sonian Getting Started Guide October 2008

SSL: Paved With Good Intentions. Richard Moore

Configuring your client to connect to your Exchange mailbox

One Time Password Access to Any Server without Changing the Server

Contact Information. Document Number: Document Revision: SSL Proxy Deployment Guide SGOS 5.1.4

Network Security. Mobin Javed. October 5, 2011

About the Canon Mobile Scanning MEAP Application

JPMorgan Chase Treasury Workstation. Certification Setup Guide Version 2.0

Clientless SSL VPN Users

Downloading and Installing Interactive Reporting (Hyperion) Web Client

Magento Security and Vulnerabilities. Roman Stepanov

A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications. Slides by Connor Schnaith

Password Managers: Attacks and Defenses

Zed E-Commerce and WebCRM 7.5. Release Notes 11/29/2011

Web Conferencing Version 8.3 Troubleshooting Guide

User Guide. You will be presented with a login screen which will ask you for your username and password.

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

A Study of What Really Breaks SSL HITB Amsterdam 2011

Outlook Profile Setup Guide Exchange 2010 Quick Start and Detailed Instructions

Enterprise Remote Control 5.6 Manual

Smart Card Authentication. Administrator's Guide

USG40HE Content Filter Customization

Michael Coates michael-coates.blogspot.com

SafeGuard Enterprise Web Helpdesk. Product version: 6 Document date: February 2012

SafeGuard Enterprise Web Helpdesk. Product version: 6.1

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

How to configure SSL proxying in Zorp 3 F5

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

Blue Coat Security First Steps Solution for Integrating Authentication

Ref: U.S. Department of Commerce IT Security Program Policy and Minimum Implementation Standards, revised 30 June 2005.

Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience

SonicOS Enhanced Release Notes TZ 180 Series and TZ 190 Series SonicWALL, Inc. Firmware Release: August 28, 2007

SSL BEST PRACTICES OVERVIEW

How do I set up a branch office VPN tunnel with the Management Server?

Active Directory 2008 Implementation Guide Version 6.3

Application Note Configuring Department of Defense Common Access Card Authentication on McAfee. Firewall Enterprise

Massey University Wireless Network Client Configuration Mac OS X

ArcGIS Server Security Threats & Best Practices David Cordes Michael Young

MadCap Software. Upgrading Guide. Pulse

2 Downloading Access Manager 3.1 SP4 IR1

Network Monitoring with SNMP

SSL VPN Technology White Paper

Deploying Layered Security. What is Layered Security?

Chapter 8 Advanced Configuration

Transcription:

HTTPS and the Lock Icon Dan Boneh

Goals for this lecture Brief overview of HTTPS: How the SSL/TLS protocol works (very briefly) How to use HTTPS Integrating HTTPS into the browser Lots of user interface problems to watch for

Threat Model: Network Attacker Network Attacker: Controls network infrastructure: Routers, DNS Passive attacker: only eavesdrops on net traffic Active attacker: eavesdrops, injects, blocks, and modifies packets Examples: Wireless network at Internet Café Internet access at hotels (untrusted ISP)

SSL/TLS overview Public-key encryption: Alice Bob m Enc c c Dec m PK Bob SK Bob Bob generates (SK Bob, PK Bob ) Alice: using PK Bob encrypts messages and only Bob can decrypt

Certificates How does Alice (browser) obtain PK Bob? Browser Alice Server Bob CA PK CA choose (SK,PK) PK CA PK and proof I am Bob issue Cert with SK CA : check proof SK CA verify Cert Bob s key is PK Bob s key is PK Bob uses Cert for an extended period (e.g. one year)

Important fields: Certificates: example

Certificates on the web Subject s CommonName can be: An explicit name, e.g. cs.stanford.edu, or A name with a wildcard character, e.g. *.stanford.edu or cs*.stanford.edu matching rules: IE7: * must occur in leftmost component, does not match. example: *.a.com matches x.a.com but not y.x.a.com FF3: * matches anything

Certificate Authorities Browsers accept certificates from a large number of CAs

Brief overview of SSL/TLS browser client-hello server-hello + server-cert (PK) server cert SK rand. k key exchange (several options) client-key-exchange: E(PK, k) k Finished HTTP data encrypted with KDF(k) Most common: server authentication only

Integrating SSL/TLS with HTTP HTTPS Two complications Web proxies solution: browser sends CONNECT domain-name before client-hello (dropped by proxy) Virtual hosting: two sites hosted at same IP address. solution in TLS 1.1 (RFC 4366) corporate network client_hello_extension: server_name=cnn.com web proxy client-hello server-cert??? web server web server cert CNN cert FOX implemented in FF2 and IE7 (vista)

Why is HTTPS not used for all web traffic? Slows down web servers Breaks Internet caching ISPs cannot cache HTTPS traffic Results in increased traffic at web site Incompatible with virtual hosting (older browsers)

HTTPS in the Browser

The lock icon: SSL indicator Intended goal: Provide user with identity of page origin Indicate to user that page contents were not viewed or modified by a network attacker In reality: Origin ID is not always helpful example: Stanford HR is hosted at BenefitsCenter.com Many other problems (next few slides)

When is the (basic) lock icon displayed All elements on the page fetched using HTTPS (with some exceptions) For all elements: HTTPS cert issued by a CA trusted by browser HTTPS cert is valid (e.g. not expired) CommonName in cert matches domain in URL

The lock UI: help users authenticate site IE7:

The lock UI: help users authenticate site Firefox 3: (no SSL) (SSL)

The lock UI: help users authenticate site Firefox 3: clicking on bottom lock icon gives

The lock UI: Extended Validation (EV) Certs Harder to obtain than regular certs requires human lawyer at CA to approve cert request Designed for banks and large e-commerce sites Helps block semantic attacks : www.bankofthevvest.com

HTTPS and login pages: incorrect version Users often land on login page over HTTP: Type site s HTTP URL into address bar, or Google links to the HTTP page View source: <form method="post" action="https://onlineservices.wachovia.com/..."

HTTPS and login pages: guidelines General guideline: Response to http://login.site.com should be Redirect: https://login.site.com

Problems with HTTPS and the Lock Icon

Problems with HTTPS and the Lock Icon 1. Upgrade from HTTP to HTTPS 2. Semantic attacks on certs 3. Invalid certs 4. Mixed content HTTP and HTTPS on the same page 5. Origin contamination Weak HTTPS page contaminates stronger HTTPS page

1. HTTP HTTPS upgrade Common use pattern: browse site over HTTP; move to HTTPS for checkout connect to bank over HTTP; move to HTTPS for login Easy attack: prevent the upgrade (ssl_strip) [Moxie 08] HTTP SSL attacker web server <a href=https:// > <a href=http:// > Location: https://... Location: http://... (redirect) <form action=https:// > <form action=http:// >

Tricks and Details Tricks: drop-in a clever fav icon Details: Erase existing session and force user to login: ssl_strip injects Set-cookie headers to delete existing session cookies in browser. Number of users who detected HTTP downgrade: 0

2. Semantic attacks on certs International domains: xyz.cn Rendered using international character set Observation: chinese character set contains chars that look like / and? and. and = Attack: buy domain cert for *.badguy.cn setup domain called: www.bank.com/accounts/login.php?q=me.baguy.cn note: single cert *.badguy.cn works for all sites Extended validation (EV) certs may help defeat this

[Moxie 08]

3. Invalid certs Examples of invalid certificates: expired: current-date > date-in-cert CommonName in cert does not match domain in URL unknown CA (e.g. self signed certs) Small sites may not want to pay for cert Users often ignore warning: Is it a misconfiguration or an attack? User can t tell. Accepting invalid cert enables man-in-middle attacks (see http://crypto.stanford.edu/ssl-mitm )

Man in the middle attack using invalid certs GET https://bank.com BadguyCert BankCert ClientHello attacker ClientHello bank bad cert warning! ServerCert (Badguy) SSL key exchange ServerCert (Bank) SSL key exchange k 1 k 1 k 2 k 2 HTTP data enc with k 1 HTTP data enc with k 2 Attacker proxies data between user and bank. Sees all traffic and can modify data at will.

Firefox: Invalid cert dialog Firefox 3.0: Four clicks to get firefox to accept cert page is displayed with full HTTPS indicators

IE: invalid cert URL bar

4. Mixed Content: HTTP and HTTPS Page loads over HTTPS, but contains content over HTTP (e.g. <script src= http://.../script.js> ) IE7: displays mixed-content dialog and no SSL lock Firefox 3.0: displays `! over lock icon (no dialog by default) Both browsers: Flash swf file over HTTP does not trigger warning!! note: Flash can script the embedding page Safari: does not attempt to detect mixed content

Mixed Content: HTTP and HTTPS IE7: silly dialogs No SSL lock in address bar:

Mixed Content: HTTP and HTTPS Firefox 3.0: No SSL indicator in address bar Clicking on bottom lock gives:

Mixed content and network attacks banks: after login all content served over HTTPS Developer error: somewhere on bank site write <embed src=http://www.site.com/flash.swf> Active network attacker can now hijack session Better way to include content: <embed src=//www.site.com/flash.swf> served over the same protocol as embedding page

An Example From an Online Bank var so = new SWFObject("http://mfasa.chase.com/auth/device.swf",... network attacker can modify SWF file and hijack session (the site has been fixed)

5. Origin Contamination: an example safelock: removes lock from top page after loading bottom page

Final note: the status Bar Trivially spoofable <a href= http://www.paypal.com/ onclick= this.href = http://www.evil.com/ ; > PayPal</a>

THE END

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information