unprotectedfavicon
favicon 时间:2021-05-22 阅读:()
ABrowser-BasedDistributedSystemfortheDetectionofHTTPSStrippingAttacksagainstWebPagesMarcoPrandiniandMarcoRamilliUniversit`adiBologna,DEIS,VialedelRisorgimento2,40136Bologna,Italy{marco.
prandini,marco.
ramilli}@unibo.
itAbstract.
HTTPSstrippingattacksleverageacombinationofweakcongura-tionchoicestotrickusersintoprovidingsensitivedatathroughhijackedconnec-tions.
Herewepresentabrowserextensionthathelpswebuserstodetectthiskindofintegrityandauthenticitybreaches,byextractingrelevantfeaturesfromthebrowsedpagesandcomparingthemtoreferencevaluescomingfromdiffer-entsortsoftrustedsources.
Therationalebehindtheextensionisdiscussedanditseffectivenessisdemonstratedwithsomequantitativeresults,gatheredontheprototypethathasbeenimplementedforMozillaFirefox.
Keywords:HTTPSstripping,Peer-to-peer,Browserplugin.
1IntroductionStealingsensitivedatafromusersisoneofthemostcommontargetspursuedbyattack-ersontheWeb.
Therearemanywaystolureusersintoprovidingtheirdataoverthewrongconnection,leadingtotheattacker'sserverinsteadofthelegitimateone.
Even-tually,thewidespreadusageofHTTPSseemedliketheultimateweaponagainstthiskindofhijacking.
However,theverysuccessofHTTPSbackredasmanyhigh-trafcwebsitesstaggeredunderthecomputationalloadassociatedwithservingeverypagethroughanencryptedconnection.
Thisleadsomesitestoadoptatrade-offsolution,foreseeingtheusageofHTTPSonlyfortheconnectionsinvolvingthetransmissionofsensitivedata.
However,thelackofintegrityprotectionforthepagecontainingthelinkforthesubmissionopensacrackthatanattackercanleveragetocompromisethewholetransaction.
Thispaperillustratesamethodforsolvingthisproblembasedonabrowserextension.
Inthefollowing,section2detailstheattack;section3outlinesthedesignprinciplesoftheproposedcountermeasure;section4describestheextensionimplementationasaMozillaFirefoxplugin;nallysection5drawsconclusions.
2AnalysisoftheAttackLet'sassumethecommonscenarioinwhichauseronaclienthost(CH)wantstoestab-lishasecuretransactionwithaWebserveronaserverhost(SH).
GiventhatCHandSHmustexchangedataonthenetwork,aManInTheMiddle(MITM)attackispossibleiftheattackerhost(ATH),bymeansofskillfulmanipulationofnetworkdevices,becomesagatewayforthetrafcstream.
TheattackerinterceptsthetrafcfromthesourceandD.
Gritzalis,S.
Furnell,andM.
Theoharidou(Eds.
):SEC2012,IFIPAICT376,pp.
549–554,2012.
cIFIPInternationalFederationforInformationProcessing2012550M.
PrandiniandM.
Ramilli'()(*$**#$&0122123452126552122'')-*7(8)*9-'*,-'(%&)-:+5-35-+(8(8)*+5-'(*$*#$&0122124942124942122'')-*'(0.
)7(8(8()8;"$-,((8(8>5212,352122'')-*(8((Fig.
1.
Screenshotoftheloginboxonthehomepageofabank.
Notice(a)thatthepageisservedonHTTP,(b)thegraphicssuggestingasecureloginprocess,and(c)theunderlyingHTMLcode,whichsendsdataonHTTPS,thatis,aslongasaMITMattackdoesnotmodifyit.
forwardsittothedestination(andviceversa),preservingtheillusionofCHandSHofbeingconnectedthroughanunalteredchannel,butatthesametimebeingabletomodifymessagesandinsertnewones.
Whilethisisnotacompletelytrivialfeat,therearesoundreasonstoworryaboutthispossibility,iftheattackerisonthesamenetworkofthevictimbutalsoifheisinaremotelocation,duetotheinsecuredefaultcong-urationofmanyhomeaccessrouters[5,2].
Anattacktotheprofessionally-managedinfrastructureontheserversideislesslikelytosucceed.
AnykindofMITMwouldfailiftheveryrstpageofthevisitedsiteisservedonHTTPS(andtheuserchecksitactuallyis!
),because,withsomeexceptions[1],nobodycancircumventthecryptographicauthenticationandimpersonatetherealserver.
How-ever,theinitialpageisusuallytheoneresponsibleforasignicantpartofawebsitetrafc,andoftenisthestartingpointforanavigationthroughsectionsofthesitethatdonotneedprotection.
Thus,toavoidpayingthehighpriceassociatedwithservingtherstpageonHTTPS,manysitesuseplainHTTP.
Then,ifthepagecontainsaformfortheusertoprovideidenticationdata,thesubmissionoftheformisprotectedbypointingittoaHTTPSlink,reassuringtheuseraboutthesecurityoftheprocessbymeansofgraphicalcuesortextualexplanations(Fig.
1).
However,theattackerisleftfreetobecomeaMITMbetweenCHandSHduringtherst,unprotectedexchangeofinformation.
Hecanintercepttheinitialrequest/responsebetweenCHandSH,substitutingHTTPforHTTPSineverylinkofthereturnedpagebeforeservingittoCH.
WhenthebrowseronCHrequestsadditionalcontentslinkedfromthepage,orsubmitsaform,itactuallymakesaHTTPconnectiontoATH,wheretheattackercanreadeverybyteinplaintext.
TheattackerthenrelayseveryrequesttoSHusingthecorrectprotocolspeciedintheoriginalpage,tobesureofcomplyingwiththecongurationofSH,andsendsthedecryptedresponsebacktothebrowser;possibly,afaviconrepresentingasecurelockisalsoinjected(orcraftedintothepage),givingafalseperceptionofasecureconnectiontotheclient.
Thedetailedimplementationofthisattackisdescribedin[4].
ABrowser-BasedDistributedSystemfortheDetectionofHTTPSStrippingAttacks5513TheProposedCountermeasureAllthebrowserscomewithadefaultsettingtoalertusersabouttosubmitinformationoveraninsecurechannel.
Thisisaveryeffectivecountermeasureagainstthedescribedattack.
Unfortunately,webpagesthatsubmituser-provided,harmlessinformationoveraninsecurechannelareinthemillions.
Thusmostusers,aftertherstfewfalsealarms,disablethischeck[7].
Theproposedapproachistotreatwebpageslikeanyotherkindofpotentiallyma-liciouscontent,subjectingthemtotheanalysisofasecuritymoduleverysimilartoanti-malwaresoftware,andcomparingthecontentofthepageagainstsuitableinfor-mationpatternstotryanddetectifaMITMhasmodiedit.
Therearetwokeyissuesrelatedtothisapproach,namelychoosingamethodtoextractsensiblepagefeaturesandprovidinguserswiththereferencefeaturesrepresentingauthenticpages.
Therstissuearisesbecause,nowadays,thevastmajorityofwebpagesaredynami-callygenerated.
Theyalmostinvariablyincludesectionsthatchangeeachtimetheyareserved.
Itisnecessarytocharacterizeapagebyextractingonlytheinvariantparts,butmakingsurethattheyrepresentallthecontentswhoseintegrityneedstobechecked.
Theresultshouldbeangerprintofthepage,ahashvaluethatcanbereliablycom-putedeachtimethesamepageisvisitedandcomparedtoareferencevaluecomputedovertheauthenticpage.
Then,thesecondissuecomesintoplay.
Itisnecessarytodenehowtoprovidethereferencevaluetoeveryuserwhoisvisitingapageinatrustedway.
Regardingthesecondissue,weenvisagedthreepossiblescenarios.
LocalDatabase.
Inprinciple,eachusercanbuildalocaldatabasecontainingtherefer-encevaluesforthepagesofhisinterest.
Whilethismethodhastheundeniableadvan-tageofplacingtheuserinfullcontrolofthedatabase,itexhibitsasignicantdrawback:theusermustbeabsolutelysurethatheissafefromtheMITMattackwhenhecomputesthereferencevalue.
TrustedOnlineRepository.
Iftheusersarewillingtoplacetheirtrustuponathirdpartyofsomesort,forexampleadirectory,suchasystemcanactastheauthoritativesourceforcomputinganddistributingreferencevalues.
Thisapproachsuffersfromtheusualdrawbacksassociatedwithputtingacentralentityinchargeofessentialfunctions:theentityitselfbecomesaveryvaluabletargetforattackers,whowouldbehighlyre-wardedbyasuccessfulcompromiseofitsdatabaseorevenasimplerDoSattack.
PeerExchange.
Atanygiventime,awebpageisviewedbyasetofclients.
Themorepopularthepage,themoreinterestingtargetitmakesforanattacker,andthelargertheset.
Undertheassumptionthatmasscompromiseofclientsisunlikely,itispossibletosharethereferencevaluesbetweeneveryclientthroughapeer-to-peernetwork,andtochoosethemostfrequentvalueassociatedwithagivenURLasthecorrectone.
4PrototypeWeimplementedthedescribedsolutionasabrowserpluginwhichcanwarntheuserofapossibleattack.
Theextension'sarchitectureprovidesaneasymeansofportingthecodeonmanydifferentplatforms,simplychangingthebrowser-specicinterfacetothe552M.
PrandiniandM.
Ramillicorelogic,writteninJava.
Asofnow,theSecureExtension(SecExt)pluginisavailableforMozillaFirefox,chosenforbeingthemostwidespreadopensourcebrowser,athttp://code.
google.
com/p/secureext/downloads/list,andausagedemocanbeviewedathttp://www.
youtube.
com/user/SecExt.
Thepluginarchitectureismodeledaroundthethethreebasicfunctionsoutlinedinthegeneraldescription:pagecharacterization,pageevaluation,andinformationsharing.
Thefollowingparagraphsdescribethedetailofeachphase.
4.
1PageCharacterizationWebpagesareusuallycomposedofmanydifferentsections,includingpartsthataredy-namicallygeneratedandthusdiffereachtimethepageisloaded.
Tryingtocharacterizeapagebysimplycomputingitshashwithamessagedigestalgorithmoveritswholecontentwouldcertainlyfailtoyieldasensiblereferencevalue.
Itwouldneverbethesameevenifthepageisauthentic.
Theprocesswedevisedforpropercharacterizationstartsbyobservingthat,forourpurposes,theonlyimportantkindofcontentisthesetoflinkspossiblypointingtothesubmissiontargetoftheloginform,ofotherformcollectingsensitivedatafromtheuser,orpossiblyopeningsuchaforminaseparatebutcloselyrelatedspace(iframe,pop-upwindow,etc.
).
EverybitofthepagewhichisnotaURListhendiscarded.
Thecharacterizationprocedurethenremovestheparameters(i.
e.
anythingfollowinga""character,ifpresent,thatcouldmakethesamepagelookdifferenteachtimeitisloaded)fromeachURL.
Theirremovaldoesnotaffectthereliabilityofattackdetection,sincetheattackeraimssimplyatchanging"https"into"http".
Actually,theURLcleaningcouldbepushedevenfurtherbyremovingeverythingbuttheprotocol,hostandportelementsoftheURL,todealwithsitesthatuse"/"insteadof""tohavedynamicpagesindexedbysearchengines,butweneedfurthertestingtodecidewhetherthe(rathersmall)increaseingeneralityisworththelossofcapturedinformationornot.
Finally,thestringoriginatedbytheconcatenationofthecleanedURLsisgivenastheinputofamessagedigestalgorithm,whosecompactandxed-sizeoutputiswellsuitedtosummarizethepagecharacteristics.
Apagecanincludecodefromseparatesources,forexamplebymeansofiframecommands.
Theprocesscanhandlethispossibilityveryeasily:SecExtconsiderseachpieceofHTMLcodethatcanbereferencedbyaURLasanindependent"page".
Let'ssupposethataseparatepieceofcodeisincludedbythemainpagetohandleuserlogin.
IfthemainpageisservedonHTTP,theattackerwilltargetthelinkpointingtotheincludedcode,andtheattackwillberecognizedasamodicationtothemainpage.
IfthemainpageissecuredbyHTTPS,buttheincludedcodeisvulnerabletothestrippingattackinstead,thelatterwillbeindependentlycharacterizedandasuccessfulattackagainstitwillbeexplicitlyreported.
4.
2PageEvaluationEachtimetheuserloadsapageinthebrowser,theSecExtplugincomputesitshashvalueaccordingtotheillustratedalgorithm,thenlooksforrecordsregardingthepageABrowser-BasedDistributedSystemfortheDetectionofHTTPSStrippingAttacks553inthedatabase(whoseconstructionisdetailedinthenextsection4.
3).
Thequerycanyielddifferentoutcomes.
–Norecordsarefoundforthepage'sURL.
Nocheckcanbemadeabouttheintegritystatusofthepage.
ItispossibletoenvisageapluginenhancementwarningtheusertryingtosubmitdataonHTTPfromthiskindofunveriablepages.
Theevaluationoftheconsequencesintermsofusabilityareunderinvestigation.
–ThehashofthecurrentpagematchesthevaluemostfrequentlyassociatedwithitsURLinthedatabase.
SecExtdeducesthatmostlikelythebrowsedpagehasnotbeencompromisedthroughanHTTPSstrippingattack.
–ThehashofthecurrentpagedoesnotmatchthevaluemostfrequentlyassociatedwithitsURLinthedatabase.
Thecurrentpagethenhasadifferentcontentfromtheversionmostcommonlyseenindifferenttimesorplaces.
Thepluginalertstheuserbyvisualizingawarningmessageonthescreen.
Beforetheusercaninteractwiththebrowsedpageheneedstoconrmthewarningmessage.
Thenitisuptotheuserbrowsingthepageornot,possiblyafterin-deepvericationoftheunderlyingcode.
4.
3InformationSharingSecExtcanbuildthedatabaseofhashvaluesbycompositionoftwodifferentpartialsources:alocaldatabase,containingonlyhashescomputedbythelocalsystem,andaglobaldatabase,whichisitselfacollationofthelocaldatabasessharedbyotherusersoveraP2Pnetwork.
ThesumofthesepartsallowsSecExttoleveragebothlocalknowl-edge,possiblygatheredinacontrolledenvironmentwheretheusercancondentlyas-sumetobesafefromMITMattacks,andthesamekindofknowledgegatheredbyuserswhorunSecExtaswell.
Inthelattercase,weclaimthatalargeenoughuserbasewillleadtothepopulationofaglobaldatabasecontainingastrikingmajorityofhashvaluescomputedoverpageswhichhavenotbeentamperedwith.
TheP2PnetworkruninSecExtisbaseduponaJavaimplementationoftheChordprotocol[6],chosenforthisrstprototypeforitssimplicity.
TheChorddaemonrunsinabackgroundprocesstokeepthecommunicationwithpeersactiveindependentlyofthepluginactivations.
Chordexploitsadistributedhashtabletostorekey-valuepairsbyassigningkeystodifferentcomputers(knownas"nodes");anodewillstorethevaluesforallthekeysforwhichitisresponsible.
Chordspecieshowkeysareassignedtonodes,andhowanodecandiscoverthevalueforagivenkeybyrstlocatingthenoderesponsibleforthatkey.
Insimplerterms,Chordletstheconnectednodestocollectivelybuildavirtualsharedfolder.
Everypeersharesitslocaldatabaseasale,placedinthevirtualfolder,namedbyauniquenodeidentier.
Thelecangetactuallycopiedonotherpeerswhentheycomeonlineandsearchfornewresources.
Thevirtualglobaldatabasethatisthecollationofallthelocaldatabasesisthenmateriallyrepresentedbyahighlyavailablecollectionofles,andtheloadtoaccessitisspreadamongthepeers.
4.
4ExperimentalValidationWetestedtheSecExtplugineffectivenessinalabenvironment.
Theresults,whichcannotbedetailedhereforspaceconstraints,showedsatisfactorydetectionratesanda554M.
PrandiniandM.
Ramillilimitedamountoffalsepositives.
Anaccuratejudgmentofoursolution,however,mustwaituntilsomelimitationsregardingthesecurityoftheP2Pexchangearesolvedandareal-world,widertestingcampaigncanberolledout.
5ConclusionsandFutureWorkWesurveyedalargesetofwebsitesbelongingmainlytonancialinstitutions,whichareparticularlyinterestingforfraudsterslookingforusercredentialstosteal,andfoundasignicantfractionofthemvulnerabletotheHTTPSstrippingattack.
Sinceuserscannotforcewebmasterstoxtheproblemwhereitshouldbexed,weproposedaclient-side,anti-malware-styleapproachtothedetectionoftheattack.
Itleveragesthedistributedknowledgeofapotentiallylargecommunityofuserstoidentifymodiedpageseveniftheuserhasnevervisitedthembefore,exploitingpeer-to-peerarchitec-turestospreadknowledgeofthereferencevaluesrepresentingunalteredpageswithoutresortingtoatrustedthirdparty.
WeimplementedthecountermeasureasapluginforMozillaFirefox,andveriedthepracticalfeasibilityandcorrectnessofallitsbasicprinciples.
Thepluginwasabletocorrectlycharacterizethepagesusedfortesting,tak-ingintoaccountalltherelevantdataforevaluatingitsintegritybutavoidingtoincludevariablepartsthatcouldtriggerfalsepositives.
Currently,weareworkingtoachievehighercommunicationsefciencyandbetterhandlingofupdatesthroughnergran-ularity,whereasforthisrstprototypeweimplementedtheknowledgesharingasadistributionofthewholereferencevaluesdatabaseontheP2Pnetwork.
Wearealsoex-tendingSecExttowardsamorecomprehensivearchitecture,tobeabletoeasily"hook"differentcode-analysismodulesintothecorelogic,timelyaddingnewdetectioncapa-bilitieswhennewthreatsappear.
References1.
Dhamija,R.
,Tygar,J.
D.
,Hearst,M.
:Whyphishingworks.
In:ProceedingsoftheSIGCHIConferenceonHumanFactorsinComputingSystems,CHI2006,pp.
581–590.
ACM,NewYork(2006)2.
Heffner,C.
:Howtohackmillionsofrouters.
In:BlackHatConference2010(2010)3.
Nikiforakis,N.
,Younan,Y.
,Joosen,W.
:HProxy:Client-SideDetectionofSSLStrippingAttacks.
In:Kreibich,C.
,Jahnke,M.
(eds.
)DIMVA2010.
LNCS,vol.
6201,pp.
200–218.
Springer,Heidelberg(2010),doi:10.
1007/978-3-642-14215-4124.
Prandini,M.
,Ramilli,M.
,Cerroni,W.
,Callegati,F.
:SplittingtheHTTPSstreamtoattacksecurewebconnections.
IEEESecurityandPrivacy8,80–84(2010)5.
Stamm,S.
,Ramzan,Z.
,Jakobsson,M.
:Drive-ByPharming.
In:Qing,S.
,Imai,H.
,Wang,G.
(eds.
)ICICS2007.
LNCS,vol.
4861,pp.
495–506.
Springer,Heidelberg(2007),10.
1007/978-3-540-77048-0386.
Stoica,I.
,Morris,R.
,Karger,D.
,Kaashoek,M.
F.
,Balakrishnan,H.
:Chord:Ascalablepeer-to-peerlookupserviceforinternetapplications.
SIGCOMMComput.
Commun.
Rev.
31,149–160(2001)7.
Sunshine,J.
,Egelman,S.
,Almuhimedi,H.
,Atri,N.
,Cranor,L.
F.
:Cryingwolf:anempiri-calstudyofSSLwarningeffectiveness.
In:Proceedingsofthe18thConferenceonUSENIXSecuritySymposium,SSYM2009,pp.
399–416.
USENIXAssociation,Berkeley(2009)
prandini,marco.
ramilli}@unibo.
itAbstract.
HTTPSstrippingattacksleverageacombinationofweakcongura-tionchoicestotrickusersintoprovidingsensitivedatathroughhijackedconnec-tions.
Herewepresentabrowserextensionthathelpswebuserstodetectthiskindofintegrityandauthenticitybreaches,byextractingrelevantfeaturesfromthebrowsedpagesandcomparingthemtoreferencevaluescomingfromdiffer-entsortsoftrustedsources.
Therationalebehindtheextensionisdiscussedanditseffectivenessisdemonstratedwithsomequantitativeresults,gatheredontheprototypethathasbeenimplementedforMozillaFirefox.
Keywords:HTTPSstripping,Peer-to-peer,Browserplugin.
1IntroductionStealingsensitivedatafromusersisoneofthemostcommontargetspursuedbyattack-ersontheWeb.
Therearemanywaystolureusersintoprovidingtheirdataoverthewrongconnection,leadingtotheattacker'sserverinsteadofthelegitimateone.
Even-tually,thewidespreadusageofHTTPSseemedliketheultimateweaponagainstthiskindofhijacking.
However,theverysuccessofHTTPSbackredasmanyhigh-trafcwebsitesstaggeredunderthecomputationalloadassociatedwithservingeverypagethroughanencryptedconnection.
Thisleadsomesitestoadoptatrade-offsolution,foreseeingtheusageofHTTPSonlyfortheconnectionsinvolvingthetransmissionofsensitivedata.
However,thelackofintegrityprotectionforthepagecontainingthelinkforthesubmissionopensacrackthatanattackercanleveragetocompromisethewholetransaction.
Thispaperillustratesamethodforsolvingthisproblembasedonabrowserextension.
Inthefollowing,section2detailstheattack;section3outlinesthedesignprinciplesoftheproposedcountermeasure;section4describestheextensionimplementationasaMozillaFirefoxplugin;nallysection5drawsconclusions.
2AnalysisoftheAttackLet'sassumethecommonscenarioinwhichauseronaclienthost(CH)wantstoestab-lishasecuretransactionwithaWebserveronaserverhost(SH).
GiventhatCHandSHmustexchangedataonthenetwork,aManInTheMiddle(MITM)attackispossibleiftheattackerhost(ATH),bymeansofskillfulmanipulationofnetworkdevices,becomesagatewayforthetrafcstream.
TheattackerinterceptsthetrafcfromthesourceandD.
Gritzalis,S.
Furnell,andM.
Theoharidou(Eds.
):SEC2012,IFIPAICT376,pp.
549–554,2012.
cIFIPInternationalFederationforInformationProcessing2012550M.
PrandiniandM.
Ramilli'()(*$**#$&0122123452126552122'')-*7(8)*9-'*,-'(%&)-:+5-35-+(8(8)*+5-'(*$*#$&0122124942124942122'')-*'(0.
)7(8(8()8;"$-,((8(8>5212,352122'')-*(8((Fig.
1.
Screenshotoftheloginboxonthehomepageofabank.
Notice(a)thatthepageisservedonHTTP,(b)thegraphicssuggestingasecureloginprocess,and(c)theunderlyingHTMLcode,whichsendsdataonHTTPS,thatis,aslongasaMITMattackdoesnotmodifyit.
forwardsittothedestination(andviceversa),preservingtheillusionofCHandSHofbeingconnectedthroughanunalteredchannel,butatthesametimebeingabletomodifymessagesandinsertnewones.
Whilethisisnotacompletelytrivialfeat,therearesoundreasonstoworryaboutthispossibility,iftheattackerisonthesamenetworkofthevictimbutalsoifheisinaremotelocation,duetotheinsecuredefaultcong-urationofmanyhomeaccessrouters[5,2].
Anattacktotheprofessionally-managedinfrastructureontheserversideislesslikelytosucceed.
AnykindofMITMwouldfailiftheveryrstpageofthevisitedsiteisservedonHTTPS(andtheuserchecksitactuallyis!
),because,withsomeexceptions[1],nobodycancircumventthecryptographicauthenticationandimpersonatetherealserver.
How-ever,theinitialpageisusuallytheoneresponsibleforasignicantpartofawebsitetrafc,andoftenisthestartingpointforanavigationthroughsectionsofthesitethatdonotneedprotection.
Thus,toavoidpayingthehighpriceassociatedwithservingtherstpageonHTTPS,manysitesuseplainHTTP.
Then,ifthepagecontainsaformfortheusertoprovideidenticationdata,thesubmissionoftheformisprotectedbypointingittoaHTTPSlink,reassuringtheuseraboutthesecurityoftheprocessbymeansofgraphicalcuesortextualexplanations(Fig.
1).
However,theattackerisleftfreetobecomeaMITMbetweenCHandSHduringtherst,unprotectedexchangeofinformation.
Hecanintercepttheinitialrequest/responsebetweenCHandSH,substitutingHTTPforHTTPSineverylinkofthereturnedpagebeforeservingittoCH.
WhenthebrowseronCHrequestsadditionalcontentslinkedfromthepage,orsubmitsaform,itactuallymakesaHTTPconnectiontoATH,wheretheattackercanreadeverybyteinplaintext.
TheattackerthenrelayseveryrequesttoSHusingthecorrectprotocolspeciedintheoriginalpage,tobesureofcomplyingwiththecongurationofSH,andsendsthedecryptedresponsebacktothebrowser;possibly,afaviconrepresentingasecurelockisalsoinjected(orcraftedintothepage),givingafalseperceptionofasecureconnectiontotheclient.
Thedetailedimplementationofthisattackisdescribedin[4].
ABrowser-BasedDistributedSystemfortheDetectionofHTTPSStrippingAttacks5513TheProposedCountermeasureAllthebrowserscomewithadefaultsettingtoalertusersabouttosubmitinformationoveraninsecurechannel.
Thisisaveryeffectivecountermeasureagainstthedescribedattack.
Unfortunately,webpagesthatsubmituser-provided,harmlessinformationoveraninsecurechannelareinthemillions.
Thusmostusers,aftertherstfewfalsealarms,disablethischeck[7].
Theproposedapproachistotreatwebpageslikeanyotherkindofpotentiallyma-liciouscontent,subjectingthemtotheanalysisofasecuritymoduleverysimilartoanti-malwaresoftware,andcomparingthecontentofthepageagainstsuitableinfor-mationpatternstotryanddetectifaMITMhasmodiedit.
Therearetwokeyissuesrelatedtothisapproach,namelychoosingamethodtoextractsensiblepagefeaturesandprovidinguserswiththereferencefeaturesrepresentingauthenticpages.
Therstissuearisesbecause,nowadays,thevastmajorityofwebpagesaredynami-callygenerated.
Theyalmostinvariablyincludesectionsthatchangeeachtimetheyareserved.
Itisnecessarytocharacterizeapagebyextractingonlytheinvariantparts,butmakingsurethattheyrepresentallthecontentswhoseintegrityneedstobechecked.
Theresultshouldbeangerprintofthepage,ahashvaluethatcanbereliablycom-putedeachtimethesamepageisvisitedandcomparedtoareferencevaluecomputedovertheauthenticpage.
Then,thesecondissuecomesintoplay.
Itisnecessarytodenehowtoprovidethereferencevaluetoeveryuserwhoisvisitingapageinatrustedway.
Regardingthesecondissue,weenvisagedthreepossiblescenarios.
LocalDatabase.
Inprinciple,eachusercanbuildalocaldatabasecontainingtherefer-encevaluesforthepagesofhisinterest.
Whilethismethodhastheundeniableadvan-tageofplacingtheuserinfullcontrolofthedatabase,itexhibitsasignicantdrawback:theusermustbeabsolutelysurethatheissafefromtheMITMattackwhenhecomputesthereferencevalue.
TrustedOnlineRepository.
Iftheusersarewillingtoplacetheirtrustuponathirdpartyofsomesort,forexampleadirectory,suchasystemcanactastheauthoritativesourceforcomputinganddistributingreferencevalues.
Thisapproachsuffersfromtheusualdrawbacksassociatedwithputtingacentralentityinchargeofessentialfunctions:theentityitselfbecomesaveryvaluabletargetforattackers,whowouldbehighlyre-wardedbyasuccessfulcompromiseofitsdatabaseorevenasimplerDoSattack.
PeerExchange.
Atanygiventime,awebpageisviewedbyasetofclients.
Themorepopularthepage,themoreinterestingtargetitmakesforanattacker,andthelargertheset.
Undertheassumptionthatmasscompromiseofclientsisunlikely,itispossibletosharethereferencevaluesbetweeneveryclientthroughapeer-to-peernetwork,andtochoosethemostfrequentvalueassociatedwithagivenURLasthecorrectone.
4PrototypeWeimplementedthedescribedsolutionasabrowserpluginwhichcanwarntheuserofapossibleattack.
Theextension'sarchitectureprovidesaneasymeansofportingthecodeonmanydifferentplatforms,simplychangingthebrowser-specicinterfacetothe552M.
PrandiniandM.
Ramillicorelogic,writteninJava.
Asofnow,theSecureExtension(SecExt)pluginisavailableforMozillaFirefox,chosenforbeingthemostwidespreadopensourcebrowser,athttp://code.
google.
com/p/secureext/downloads/list,andausagedemocanbeviewedathttp://www.
youtube.
com/user/SecExt.
Thepluginarchitectureismodeledaroundthethethreebasicfunctionsoutlinedinthegeneraldescription:pagecharacterization,pageevaluation,andinformationsharing.
Thefollowingparagraphsdescribethedetailofeachphase.
4.
1PageCharacterizationWebpagesareusuallycomposedofmanydifferentsections,includingpartsthataredy-namicallygeneratedandthusdiffereachtimethepageisloaded.
Tryingtocharacterizeapagebysimplycomputingitshashwithamessagedigestalgorithmoveritswholecontentwouldcertainlyfailtoyieldasensiblereferencevalue.
Itwouldneverbethesameevenifthepageisauthentic.
Theprocesswedevisedforpropercharacterizationstartsbyobservingthat,forourpurposes,theonlyimportantkindofcontentisthesetoflinkspossiblypointingtothesubmissiontargetoftheloginform,ofotherformcollectingsensitivedatafromtheuser,orpossiblyopeningsuchaforminaseparatebutcloselyrelatedspace(iframe,pop-upwindow,etc.
).
EverybitofthepagewhichisnotaURListhendiscarded.
Thecharacterizationprocedurethenremovestheparameters(i.
e.
anythingfollowinga""character,ifpresent,thatcouldmakethesamepagelookdifferenteachtimeitisloaded)fromeachURL.
Theirremovaldoesnotaffectthereliabilityofattackdetection,sincetheattackeraimssimplyatchanging"https"into"http".
Actually,theURLcleaningcouldbepushedevenfurtherbyremovingeverythingbuttheprotocol,hostandportelementsoftheURL,todealwithsitesthatuse"/"insteadof""tohavedynamicpagesindexedbysearchengines,butweneedfurthertestingtodecidewhetherthe(rathersmall)increaseingeneralityisworththelossofcapturedinformationornot.
Finally,thestringoriginatedbytheconcatenationofthecleanedURLsisgivenastheinputofamessagedigestalgorithm,whosecompactandxed-sizeoutputiswellsuitedtosummarizethepagecharacteristics.
Apagecanincludecodefromseparatesources,forexamplebymeansofiframecommands.
Theprocesscanhandlethispossibilityveryeasily:SecExtconsiderseachpieceofHTMLcodethatcanbereferencedbyaURLasanindependent"page".
Let'ssupposethataseparatepieceofcodeisincludedbythemainpagetohandleuserlogin.
IfthemainpageisservedonHTTP,theattackerwilltargetthelinkpointingtotheincludedcode,andtheattackwillberecognizedasamodicationtothemainpage.
IfthemainpageissecuredbyHTTPS,buttheincludedcodeisvulnerabletothestrippingattackinstead,thelatterwillbeindependentlycharacterizedandasuccessfulattackagainstitwillbeexplicitlyreported.
4.
2PageEvaluationEachtimetheuserloadsapageinthebrowser,theSecExtplugincomputesitshashvalueaccordingtotheillustratedalgorithm,thenlooksforrecordsregardingthepageABrowser-BasedDistributedSystemfortheDetectionofHTTPSStrippingAttacks553inthedatabase(whoseconstructionisdetailedinthenextsection4.
3).
Thequerycanyielddifferentoutcomes.
–Norecordsarefoundforthepage'sURL.
Nocheckcanbemadeabouttheintegritystatusofthepage.
ItispossibletoenvisageapluginenhancementwarningtheusertryingtosubmitdataonHTTPfromthiskindofunveriablepages.
Theevaluationoftheconsequencesintermsofusabilityareunderinvestigation.
–ThehashofthecurrentpagematchesthevaluemostfrequentlyassociatedwithitsURLinthedatabase.
SecExtdeducesthatmostlikelythebrowsedpagehasnotbeencompromisedthroughanHTTPSstrippingattack.
–ThehashofthecurrentpagedoesnotmatchthevaluemostfrequentlyassociatedwithitsURLinthedatabase.
Thecurrentpagethenhasadifferentcontentfromtheversionmostcommonlyseenindifferenttimesorplaces.
Thepluginalertstheuserbyvisualizingawarningmessageonthescreen.
Beforetheusercaninteractwiththebrowsedpageheneedstoconrmthewarningmessage.
Thenitisuptotheuserbrowsingthepageornot,possiblyafterin-deepvericationoftheunderlyingcode.
4.
3InformationSharingSecExtcanbuildthedatabaseofhashvaluesbycompositionoftwodifferentpartialsources:alocaldatabase,containingonlyhashescomputedbythelocalsystem,andaglobaldatabase,whichisitselfacollationofthelocaldatabasessharedbyotherusersoveraP2Pnetwork.
ThesumofthesepartsallowsSecExttoleveragebothlocalknowl-edge,possiblygatheredinacontrolledenvironmentwheretheusercancondentlyas-sumetobesafefromMITMattacks,andthesamekindofknowledgegatheredbyuserswhorunSecExtaswell.
Inthelattercase,weclaimthatalargeenoughuserbasewillleadtothepopulationofaglobaldatabasecontainingastrikingmajorityofhashvaluescomputedoverpageswhichhavenotbeentamperedwith.
TheP2PnetworkruninSecExtisbaseduponaJavaimplementationoftheChordprotocol[6],chosenforthisrstprototypeforitssimplicity.
TheChorddaemonrunsinabackgroundprocesstokeepthecommunicationwithpeersactiveindependentlyofthepluginactivations.
Chordexploitsadistributedhashtabletostorekey-valuepairsbyassigningkeystodifferentcomputers(knownas"nodes");anodewillstorethevaluesforallthekeysforwhichitisresponsible.
Chordspecieshowkeysareassignedtonodes,andhowanodecandiscoverthevalueforagivenkeybyrstlocatingthenoderesponsibleforthatkey.
Insimplerterms,Chordletstheconnectednodestocollectivelybuildavirtualsharedfolder.
Everypeersharesitslocaldatabaseasale,placedinthevirtualfolder,namedbyauniquenodeidentier.
Thelecangetactuallycopiedonotherpeerswhentheycomeonlineandsearchfornewresources.
Thevirtualglobaldatabasethatisthecollationofallthelocaldatabasesisthenmateriallyrepresentedbyahighlyavailablecollectionofles,andtheloadtoaccessitisspreadamongthepeers.
4.
4ExperimentalValidationWetestedtheSecExtplugineffectivenessinalabenvironment.
Theresults,whichcannotbedetailedhereforspaceconstraints,showedsatisfactorydetectionratesanda554M.
PrandiniandM.
Ramillilimitedamountoffalsepositives.
Anaccuratejudgmentofoursolution,however,mustwaituntilsomelimitationsregardingthesecurityoftheP2Pexchangearesolvedandareal-world,widertestingcampaigncanberolledout.
5ConclusionsandFutureWorkWesurveyedalargesetofwebsitesbelongingmainlytonancialinstitutions,whichareparticularlyinterestingforfraudsterslookingforusercredentialstosteal,andfoundasignicantfractionofthemvulnerabletotheHTTPSstrippingattack.
Sinceuserscannotforcewebmasterstoxtheproblemwhereitshouldbexed,weproposedaclient-side,anti-malware-styleapproachtothedetectionoftheattack.
Itleveragesthedistributedknowledgeofapotentiallylargecommunityofuserstoidentifymodiedpageseveniftheuserhasnevervisitedthembefore,exploitingpeer-to-peerarchitec-turestospreadknowledgeofthereferencevaluesrepresentingunalteredpageswithoutresortingtoatrustedthirdparty.
WeimplementedthecountermeasureasapluginforMozillaFirefox,andveriedthepracticalfeasibilityandcorrectnessofallitsbasicprinciples.
Thepluginwasabletocorrectlycharacterizethepagesusedfortesting,tak-ingintoaccountalltherelevantdataforevaluatingitsintegritybutavoidingtoincludevariablepartsthatcouldtriggerfalsepositives.
Currently,weareworkingtoachievehighercommunicationsefciencyandbetterhandlingofupdatesthroughnergran-ularity,whereasforthisrstprototypeweimplementedtheknowledgesharingasadistributionofthewholereferencevaluesdatabaseontheP2Pnetwork.
Wearealsoex-tendingSecExttowardsamorecomprehensivearchitecture,tobeabletoeasily"hook"differentcode-analysismodulesintothecorelogic,timelyaddingnewdetectioncapa-bilitieswhennewthreatsappear.
References1.
Dhamija,R.
,Tygar,J.
D.
,Hearst,M.
:Whyphishingworks.
In:ProceedingsoftheSIGCHIConferenceonHumanFactorsinComputingSystems,CHI2006,pp.
581–590.
ACM,NewYork(2006)2.
Heffner,C.
:Howtohackmillionsofrouters.
In:BlackHatConference2010(2010)3.
Nikiforakis,N.
,Younan,Y.
,Joosen,W.
:HProxy:Client-SideDetectionofSSLStrippingAttacks.
In:Kreibich,C.
,Jahnke,M.
(eds.
)DIMVA2010.
LNCS,vol.
6201,pp.
200–218.
Springer,Heidelberg(2010),doi:10.
1007/978-3-642-14215-4124.
Prandini,M.
,Ramilli,M.
,Cerroni,W.
,Callegati,F.
:SplittingtheHTTPSstreamtoattacksecurewebconnections.
IEEESecurityandPrivacy8,80–84(2010)5.
Stamm,S.
,Ramzan,Z.
,Jakobsson,M.
:Drive-ByPharming.
In:Qing,S.
,Imai,H.
,Wang,G.
(eds.
)ICICS2007.
LNCS,vol.
4861,pp.
495–506.
Springer,Heidelberg(2007),10.
1007/978-3-540-77048-0386.
Stoica,I.
,Morris,R.
,Karger,D.
,Kaashoek,M.
F.
,Balakrishnan,H.
:Chord:Ascalablepeer-to-peerlookupserviceforinternetapplications.
SIGCOMMComput.
Commun.
Rev.
31,149–160(2001)7.
Sunshine,J.
,Egelman,S.
,Almuhimedi,H.
,Atri,N.
,Cranor,L.
F.
:Cryingwolf:anempiri-calstudyofSSLwarningeffectiveness.
In:Proceedingsofthe18thConferenceonUSENIXSecuritySymposium,SSYM2009,pp.
399–416.
USENIXAssociation,Berkeley(2009)
- unprotectedfavicon相关文档
- fontsfavicon
- C0favicon
- 日志favicon
- Scoresheetfavicon
- N°d'ordre:2014‐25‐TH
- passedfavicon
hostkvm:美国VPS,三网强制CU-VIP线路,$5/月,1G内存/1核/15gSSD/500g流量
hostkvm在2021年3月新上线洛杉矶新VPS业务,强制三网接入中国联通优化线路,是当前中美之间性价比最高、最火热的线路之一,性价比高、速度非常好,接近联通AS9929和电信AS4809的效果,带宽充裕,晚高峰也不爆炸。 官方网站:https://hostkvm.com 全场优惠码:2021(全场通用八折,终身码,长期) 美国 US-Plan0【三网联通优化线路】 内存:1G CPU:...
老薛主机入门建站月付34/月,年付345元,半价香港VPS主机
老薛主机怎么样?老薛主机这个商家有存在有一些年头。如果没有记错的话,早年老薛主机是做虚拟主机业务的,还算不错在异常激烈的市场中生存到现在,应该算是在众多商家中早期积累到一定的用户群的,主打小众个人网站业务所以能持续到现在。这不,站长看到商家有在进行夏季促销,比如我们很多网友可能有需要的香港vps主机季度及以上可以半价优惠,如果有在选择不同主机商的香港机房的可以看看老薛主机商家的香港vps。点击进入...
Megalayer美国独立服务器新用户首月优惠350元(30M优化不限流量)
Megalayer 商家在开始看到有提供香港服务器、香港站群服务器的时候有介绍过,后来就一直没有怎么关注。但是前几天有看到网友使用到他们家的美国独立服务器问其如何的,但是我没有使用过就不好评论,这不前几天也有介绍到Megalayer美国独立服务器。以及我们也有看到商家有提供美国站群服务器和美国大带宽服务器产品,可选30M不限制流量CN2优化线路,以及100M不限制流量国际带宽线路。新年元旦后,Me...
favicon为你推荐
-
Ladenchrome深圳市富满电子集团股份有限公司Vater壶腹癌是壶腹周围恶性肿瘤中第二常见的疾支持ipad您的iphone特斯拉苹果5netbios端口netbios ssn是什么意思?win7关闭445端口win7系统怎么关闭445和135这两个端口ipad如何上网iPad怎么上网?请高手指点phpecho为什么在PHP中使用echo FALSE;什么也输出不了?应该如何输出FALSE?谢谢!