Antoine Delignat-Lavaud
ABSTRACT
We investigate current deployment practices for virtual hosting, a widely used method for serving multiple HTTP and HTTPS origins from the same server, in popular content delivery networks, cloud-hosting infrastructures, and web servers. Our study uncovers a new class of HTTPS origin confusion attacks: when two virtual hosts use the same TLS certificate, or share a TLS session cache or ticket encryption key, a network attacker may cause a page from one of them to be loaded under the other's origin in a client browser. These attacks appear when HTTPS servers are configured to allow virtual host fallback from a client-requested, secure origin to some other unexpected, less-secure origin. We present evidence that such vulnerable virtual host configurations are widespread, even on the most popular and security-scrutinized websites, thus allowing a network adversary to hijack pages, or steal secure cookies and single sign-on tokens. To prevent our virtual host confusion attacks and recover the isolation guarantees that are commonly assumed in shared hosting environments, we propose fixes to web server software and advocate conservative configuration guidelines for the composition of HTTP with TLS.
- S. Landau, "Highlights from making sense of Snowden, part II: What's significant in the NSA revelations," IEEE Security & Privacy, vol. 12, pp. 62--64, 2014.Google Scholar
Cross Ref
- T. Dierks and E. Rescorla, "The Transport Layer Security Protocol Version 1.2," RFC 5246, 2008.Google Scholar
- E. Rescorla, "HTTP over TLS," RFC 2818, 2000. Google ScholarDigital Library
- K. G. Paterson, T. Ristenpart, and T. Shrimpton, "Tag size does matter: attacks and proofs for the TLS record protocol," in ASIACRYPT, 2011. Google ScholarDigital Library
- H. Krawczyk, K. G. Paterson, and H. Wee, "On the security of the TLS protocol: a systematic analysis," in CRYPTO, 2013.Google Scholar
- K. Bhargavan, C. Fournet, M. Kohlweiss, A. Pironti, and P. Strub, "Implementing TLS with verified cryptographic security," in IEEE S&P, 2013. Google ScholarDigital Library
- S. Blake-Wilson, M. Nystrom, D. Hopwood, J. Mikkelsen, and T. Wright, "Transport Layer Security (TLS) Extensions," IETF RFC 3546, 2003. Google ScholarDigital Library
- Z. Durumeric, J. Kasten, M. Bailey, and J. A. Halderman, "Analysis of the HTTPS certificate ecosystem," in IMC, Oct. 2013. Google ScholarDigital Library
- A. Delignat-Lavaud, M. Abadi, M. Birrell, I. Mironov, T. Wobber, and Y. Xie, "Web PKI: closing the gap between guidelines and practices," in NDSS, Feb 2014.Google Scholar
- I. Fette and A. Melnikov, "The WebSocket protocol," RFC 6455, 2011.Google Scholar
- M. Zalewski, "Browser Security Handbook," Web: http://code.google.com/p/browsersec/, undated.Google Scholar
- J. Grossman, XSS Attacks: Cross-site scripting exploits and defense. Syngress, 2007. Google ScholarDigital Library
- M. Belshe and R. Peon, "The SPDY protocol," IETF draft-mbelshe-httpbis-spdy-00, 2012.Google Scholar
- Akamai Technologies, "Visualizing akamai," akamai.com/html/technology/dataviz3.html, 2014.Google Scholar
- J. Liang, J. Jiang, H. Duan, K. Li, T. Wan, and J. Wu, "When HTTPS meets CDN: A case of authentication in delegated service," in IEEE S&P, 2014. Google ScholarDigital Library
- I. Sysoev and B. Mercer, "How nginx processes requests," nginx.org/docs/http/requestprocessing.html, 2012.Google Scholar
- Apache Foundation, "Virtual host documentation," http://httpd.apache.org/docs/current/vhosts/, 2014.Google Scholar
- S. Stamm, B. Sterne, and G. Markham, "Reining in the web with content security policy," in WWW, 2010. Google ScholarDigital Library
- E. Hammer-Lahav, D. Recordon, and D. Hardt, "The OAuth 2.0 Authorization Protocol," IETF Draft, 2011.Google Scholar
- A. Barth, C. Jackson, and J. C. Mitchell, "Robust defenses for cross-site request forgery," in CCS, 2008. Google ScholarDigital Library
- A. Bortz, A. Barth, and A. Czeskis, "Origin cookies: session integrity for web applications," in W2SP, 2011.Google Scholar
- R. Hansen and J. Sokol, "MitM DNS rebinding SSL wildcards and XSS," http://goo.gl/23Yt9l, 2010.Google Scholar
- M. Schloesser, B. Gamble, J. Nickel, C. Guarnieri, and H. D. Moore, "Project sonar: IPv4 SSL certificates," https://scans.io/study/sonar.ssl, 2013.Google Scholar
- Alexa Internet Inc., "Top 1,000,000 sites (updated daily)," http://goo.gl/OZdT6p, 2014.Google Scholar
- S. Pai, Y. Sharma, S. Kumar, R. M. Pai, and S. Singh, "Formal verification of oauth 2.0 using alloy framework," in CSNT. IEEE, 2011. Google ScholarDigital Library
- S.-T. Sun and K. Beznosov, "The devil is in the (implementation) details: an empirical analysis of OAuth SSO systems," in CCS. ACM, 2012. Google ScholarDigital Library
- C. Bansal, K. Bhargavan, and S. Maffeis, "Discovering concrete attacks on website authorization by formal analysis," in CSF. IEEE, 2012. Google ScholarDigital Library
- D. Akhawe, A. Barth, P. Lam, J. Mitchell, and D. Song, "Towards a formal foundation of web security," in CSF, 2010, pp. 290--304. Google ScholarDigital Library
- M. Belshe, R. Peon, and M. Thomson, "Hypertext transfer protocol version 2," 2012. {Online}. Available: http://tools.ietf.org/html/draft-ietf-httpbis-http2-14Google Scholar
- A. Parsovs, "Practical issues with TLS client certificate authentication," in NDSS, 2014.Google Scholar
- M. Dietz, A. Czeskis, D. Balfanz, and D. S. Wallach, "Origin-bound certificates: a fresh approach to strong client authentication," in Usenix Security, 2012. Google ScholarDigital Library
- K. Bhargavan, A. Delignat-Lavaud, C. Fournet, A. Pironti, and P.-Y. Strub, "Triple handshakes and cookie cutters: Breaking and fixing authentication over TLS," in IEEE S&P. IEEE, 2014. Google ScholarDigital Library
- C. Evans and C. Palmer, "Certificate pinning extension for HSTS," 2011. {Online}. Available: http://tools.ietf.org/html/draft-evans-palmer-hsts-pinning-00Google Scholar
- C. Meyer and J. Schwenk, "SoK: Lessons learned from SSL/TLS attacks," in Information Security Applications, ser. LNCS. Springer, 2014, pp. 189--209. Google ScholarDigital Library
- J. Liang, J. Jiang, H. Duan, K. Li, T. Wan, and J. Wu, "When HTTPS meets CDN: A case of authentication in delegated service," in IEEE Symposium on Security & Privacy 2014 (Oakland'14). IEEE, 2014. Google ScholarDigital Library
- B. Moeller and A. Langley, "TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks," Internet Draft (v.01), 2014.Google Scholar
- R. Wang, S. Chen, and X. Wang, "Signing me onto your accounts through Facebook and Google: A traffic-guided security study of commercially deployed single-sign-on web services," in IEEE S&P, 2012. Google ScholarDigital Library
- D. Fett, R. Kusters, and G. Schmitz, "An expressive model for the web infrastructure: definition and application to the BrowserID SSO system," in IEEE S&P, 2014. Google ScholarDigital Library
- K. Bhargavan, A. Delignat-Lavaud, and S. Maffeis, "Language-based defenses against untrusted browser origins," in Usenix Security, 2013. Google ScholarDigital Library
- C. Bansal, K. Bhargavan, and S. Maffeis, "Discovering concrete attacks on website authorization by formal analysis," in CSF, 2012. Google ScholarDigital Library
- M. Marlinspike, "More tricks for defeating SSL in practice," Black Hat USA, 2009.Google Scholar
- J. Hodges, C. Jackson, and A. Barth, "HTTP Strict Transport Security (HSTS)," IETF RFC 6797, 2012.Google Scholar
- J. Selvi, "Bypassing http strict transport security."Google Scholar
- C. Jackson, A. Barth, A. Bortz, W. Shao, and D. Boneh, "Protecting browsers from DNS rebinding attacks," TWEB, vol. 3, no. 1, 2009. Google ScholarDigital Library
- S. Son and V. Shmatikov, "The hitchhiker's guide to DNS cache poisoning," in SecureComm, 2010.Google Scholar
- D. Dagon, M. Antonakakis, P. Vixie, T. Jinmei, and W. Lee, "Increased DNS forgery resistance by 0x20-bit encoding: security via leet queries," in CCS, 2008. Google ScholarDigital Library
- N. Karapanos and S. Capkun, "On the effective prevention of TLS man-in-the-middle attacks in web applications," in Usenix Security, 2014. Google ScholarDigital Library
- C. Soghoian and S. Stamm, "Certified lies: setecting and defeating government interception attacks against SSL," in FC, 2012. Google ScholarDigital Library
- C. Karlof, U. Shankar, J. D. Tygar, and D. Wagner, "Dynamic pharming attacks and locked same-origin policies for web browsers," in CCS, 2007. Google ScholarDigital Library
- M. Georgiev, S. Iyengar, S. Jana, R. Anubhai, D. Boneh, and V. Shmatikov, "The most dangerous code in the world: validating SSL certificates in non-browser software," in ACM CCS, 2012. Google ScholarDigital Library
- D. Akhawe, B. Amann, M. Vallentin, and R. Sommer, "Here's my cert, so trust me, maybe? understanding TLS errors on the web," in WWW, 2013. Google ScholarDigital Library
- T. Duong and J. Rizzo, "Here come the XOR ninjas," White paper, Netifera, 2011.Google Scholar
- J. Rizzo and T. Duong, "The CRIME attack," in EKOparty Security Conference, vol. 2012, 2012.Google Scholar
- B. Beurdouche, K. Bhargavan, A. Delignat-Lavaud, C. Fournet, M. Kohlweiss, A. Pironti, P.-Y. Strub, and J. K. Zinzindohoue, "A messy state of the union: taming the composite state machines of TLS," in IEEE S&P, 2015.Google Scholar
- B. Laurie, "Certificate transparency," Commun. ACM, vol. 57, no. 10, 2014. Google ScholarDigital Library
- D. Basin, C. Cremers, T. H.-J. Kim, A. Perrig, R. Sasse, and P. Szalachowski, "ARPKI: Attack resilient public-key infrastructure," in CCS, 2014. Google ScholarDigital Library
Index Terms
- Network-based Origin Confusion Attacks against HTTPS Virtual Hosting
Recommendations
Talking with Familiar Strangers: An Empirical Study on HTTPS Context Confusion Attacks
CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications SecurityHTTPS is principally designed for secure end-to-end communication, which adds confidentiality and integrity to sensitive data transmission. While several man-in-the-middle attacks (e.g., SSL Stripping) are available to break the secured connections, ...
HTTPS: a Phishing Attack in a Network
ICICM '17: Proceedings of the 7th International Conference on Information Communication and ManagementIn this paper, we discuss the possibility of finding phishing attacks even in cases where the victim sees in their web browser, the same URL as the legitimate website with the padlock and the HTTPS certificate. This attack is not easy to detect due to ...
Man-in-the-Middle Attack to the HTTPS Protocol
As defenders, it is extremely dangerous to be ignorant of how attackers can disrupt our systems. Without a good understanding of the relative ease of certain attacks, it's easy to adopt poor policies and procedures. A good example of this is the ...
Comments