Security: Network Attacks
Lecture Notes for CS 142
Spring 2012
John Ousterhout
- Additional reading for this topic: none.
- Building secure Web applications is very difficult today:
- Many opportunities for attackers
- Hard to identify all the vulnerabilities
- Even a small mistake can compromise entire application
- Modes of attack:
- Attack the connection
- Steal password
- Hijack existing connection
- Attack the server: code injection
- Attack the browser: code injection
- Directly
- Indirectly, e.g. via server
- Breach the browser, attack the client machine
- Fool the user (phishing)
- Network attacks ("man in the middle" attacks):
- Attacker has access to network communication between
browser and server.
- Passive attacks: eavesdrop on network traffic
- Active attacks:
- Inject network packets
- Modify packets
- Block packets
SSL/TLS
- Solution: use encryption to prevent eavesdropping and detect
active attacks.
- Traditional encryption (pre-Web):
- Symmetric keys (same key on both ends)
- Key distribution problem: how can we exchange keys without
meeting in person?
- Public-key encryption solves the key distribution problem
- Each principal (user, program, etc.) has two encryption keys,
one public, one secret.
- Information encrypted with one can only be decrypted with the
other.
- But, how do I find out the public key for a particular server?
- Certificate authority: well-known, trusted server that
certifies public keys.
- Certificate: a document encrypted with the private key
of a certificate authority: identifies a particular service
along with its public key.
- Service computes its keys, gives public key to certificate
authority (along with proof of identity)
- Certificate authority returns certificate for that server.
- Server can pass along this certificate to browsers.
- Browsers accept certificates from dozens of authorities.
- SSL/TLS (HTTPS):
- Protocol used for secure communication between browsers and
servers.
- Browser uses certificate to verify server's identity.
- Uses certificates and public-key encryption to pass a
secret session-specific key from browser to server.
- Why isn't HTTPS used for all Web traffic?
- Expensive: slows down Web servers.
- Breaks Web page caching
Problems with SSL/TLS
- SSL stripping:
- Common use pattern: user browses site with HTTP,
upgrades to HTTPS for checkout.
- Active network attacker interposes on communication.
- When server returns pages with HTTPS links, attacker
changes them to HTTP.
- When browser follows those links, attacker intercepts
requests, creates its own HTTPS connection to server,
and forwards requests via that.
- As a result, the attacker sees all client packets
(e.g., passwords).
- Browser provides feedback to user about whether HTTPS is
in use, but most users won't notice the difference.
- Mixed content:
- Main page loaded with HTTPS, but some internal content
loaded via HTTP (e.g. <script src="http://.../script.js">).
- Network attacker can modify content to attack
page.
- Some browsers help to notify users:
- IE7: displays dialog for user, doesn't show SSL lock.
- Firefox: displays lock icon with "!"
- Safari: no warnings
- All browsers: no warnings for unsafe Flash .swf files
- Common developer error: over-specified URLs:
<embed src="http://www.site.com/flash.swf">
<embed src="//www.site.com/flash.swf">
- "Just in time" HTTPS:
- Login page displayed with HTTP.
- Form posted with HTTPS.
- Appears secure but it isn't:
- Active attack corrupts login page (send password someplace else
during form post)
- SSL stripping during form post: nothing indicates that the
actual connection didn't use SSL
- Solution: before server returns HTML for login page, check for
HTTPS; if page fetched via HTTP, redirect to the HTTPS version.
- If a certificate is bad/unknown, browser issues warning
dialog:
- Most users can't understand, so they just click OK.
- Some browsers warn repeatedly, but users will still just
click through.
- This enables various network attacks.