Potential HTTPS attacks and how to protect against them
Half of the sites use HTTPS , and their number is steadily increasing. The protocol reduces the risk of intercepting traffic, but does not preclude attacks as such. About some of them - POODLE, BEAST, DROWN and others - and methods of protection, we will tell in our material.
/ Flickr / Sven Graeme / CC BY-SA
For the first time about the attack POODLE became known in 2014. Security vulnerability in SSL 3.0 protocol was discovered by security specialist Bodo Möller with colleagues from Google.
')
Its essence is as follows: the hacker forces the client to connect over SSL 3.0, emulating the disconnections. He then searches for special message tags in the CBC- encrypted traffic. Using a series of fake requests, an attacker can reconstruct the contents of the data of interest, such as cookies.
SSL 3.0 is an obsolete protocol. But the question of his safety is still relevant. Clients use it to avoid server compatibility issues. According to some reports, almost 7% of the 100 thousand most popular sites still support SSL 3.0 . There are also modifications POODLE, the purpose of which are more modern TLS 1.0 and TLS 1.1. This year , Zombie POODLE and GOLDENDOODLE attacks have emerged that bypass the TLS 1.2 protection (they are still associated with CBC encryption).
How to protect yourself. In the case of the original POODLE, you need to disable SSL 3.0 support. However, in this case there is a risk of getting compatibility problems. An alternative solution could be the TLS_FALLBACK_SCSV mechanism - it ensures that SSL 3.0 data will only be exchanged with old systems. Attackers will no longer be able to initiate a downgrade of the protocol version. Zombie POODLE and GOLDENDOODLE protection method - disable CBC support in TLS 1.2-based applications. The transition to TLS 1.3 will be the cardinal solution - the new version of the protocol does not use CBC encryption.
One of the very first attacks on SSL and TLS 1.0, discovered in 2011. Like POODLE, BEAST uses the features of CBC encryption. Malefactors introduce a JavaScript-agent or a Java applet on the client machine, which substitutes messages when transmitting data via TLS or SSL. Since attackers know the contents of “dummy” packets, they can use them to decrypt the initialization vector and read other messages to the server, such as cookies for authentication.
To date, BEAST is still exposed to a number of network tools : proxy servers and applications to protect local Internet gateways.
How to protect yourself. The attacker needs to regularly send requests to decrypt the data. VMware recommends shortening the duration of SSLSessionCacheTimeout from five minutes (default recommendation) to 30 seconds. This approach will complicate the implementation of plans for attackers, although it will have some negative effect on performance. In addition, you need to understand that soon the BEAST vulnerability may become a thing of the past by itself - since 2020, the largest browsers have stopped supporting TLS 1.0 and 1.1. In any case, less than 1.5% of all browser users work with these protocols.
This is a cross-protocol attack that uses bugs in the SSLv2 implementation with 40-bit RSA keys. The attacker listens on hundreds of TLS connections of the target and sends special packets to the server with SSLv2 using the same private key. Using the Bleichenbacher attack , a hacker can decipher one of about a thousand client TLS sessions.
For the first time it became known about DROWN in 2016 - then one third of servers in the world were exposed to it. To date, it has not lost its relevance. Of the 150,000 most popular sites, 2% still support SSLv2 and vulnerable encryption mechanisms.
How to protect yourself. It is necessary to install patches proposed by developers of cryptographic libraries that disable SSLv2 support. For example, two such patches were submitted for OpenSSL (in 2016, these were updates 1.0.1s and 1.0.2g). Also, updates and instructions for disabling the vulnerable protocol were published in Red Hat , Apache , Debian .
You can check if you need to update your system with the help of a special utility - it was developed by information security specialists who discovered DROWN. You can read more about recommendations related to protection against this type of attack in a post on the OpenSSL website .
One of the biggest vulnerabilities in the software is Heartbleed . She was discovered in 2014 in the OpenSSL library. At the time of the announcement of the error, the number of vulnerable websites was estimated at half a million , which is approximately 17% of the protected resources on the network.
The attack is implemented through a small module of the Heartbeat TLS extension. The TLS protocol requires data to be transmitted continuously. In the case of prolonged downtime, a break occurs and you have to reconnect. To cope with the problem, servers and clients artificially “noise” the channel ( RFC 6520, p. 5 ), transmitting a packet of random length. If it turned out to be the largest packet, then vulnerable versions of OpenSSL read the memory outside the allocated buffer. Any data could be in this area, including private encryption keys and information about other connections.
Vulnerability was present in all versions of the library between 1.0.1 and 1.0.1f inclusive, as well as in a number of OS - Ubuntu until 04/12/04, CentOS over 6.5, OpenBSD 5.3 and others. The complete list is on the site dedicated to Heartbleed . Although patches against this vulnerability were released almost immediately after its detection, the problem remains relevant to this day. Back in 2017, almost 200 thousand sites affected by Heartbleed worked .
How to protect yourself. You need to update OpenSSL to version 1.0.1g or higher. You can also disable Heartbeat requests manually using the DOPENSSL_NO_HEARTBEATS option. After the upgrade, security specialists recommend reissuing SSL certificates. Replacement is needed in case the data on the encryption keys still came to the hackers.
A managed node is installed between the user and the server with a legitimate SSL certificate that actively intercepts traffic. This node impersonates itself as a legitimate server, presenting a valid certificate, and it becomes possible to conduct a MITM attack.
According to a study by teams from Mozilla, Google and a number of universities, about 11% of secure connections on the network are “tapped”. This is the result of installing suspicious root certificates on users' computers.
How to protect yourself. Use the services of reliable SSL providers . You can check the "quality" of certificates using the Certificate Transparency (CT) service. Cloud providers can also help with the detection of “wiretapping” - today, some large companies offer specialized tools for monitoring TLS connections.
Another way to protect will be the new ACME standard , which automates the acquisition of SSL certificates. At the same time, he will add additional mechanisms to verify the owner of the site. We wrote more about him in one of our previous materials .
/ Flickr / Yuri Samoilov / CC BY
Despite a number of vulnerabilities, IT giants and security experts are confident in the future of the protocol. For the active introduction of HTTPS advocates the creator of WWW Tim Berners-Lee. According to him, over time, TLS will become more secure, which will significantly increase the security of connections. Berners-Lee even suggested that in the future client certificates will appear to authenticate the individual. They will help improve the protection of servers against intruders.
It is also planned to develop SSL / TLS technology using machine learning - smart algorithms will be responsible for filtering malicious traffic. In HTTPS connections, administrators do not have the ability to find out the contents of encrypted messages - including detecting requests from malicious software. Even today, neural networks are capable of filtering potentially dangerous packets with an accuracy of 90%. ( slide 23 presentations ).
Attacks on HTTPS are mostly not related to problems in the protocol itself, but with support for outdated encryption mechanisms. The IT industry is beginning to gradually abandon the protocols of the previous generation and offers new tools for finding vulnerabilities. In the future, these tools will become more intelligent.
/ Flickr / Sven Graeme / CC BY-SA
Food
For the first time about the attack POODLE became known in 2014. Security vulnerability in SSL 3.0 protocol was discovered by security specialist Bodo Möller with colleagues from Google.
')
Its essence is as follows: the hacker forces the client to connect over SSL 3.0, emulating the disconnections. He then searches for special message tags in the CBC- encrypted traffic. Using a series of fake requests, an attacker can reconstruct the contents of the data of interest, such as cookies.
SSL 3.0 is an obsolete protocol. But the question of his safety is still relevant. Clients use it to avoid server compatibility issues. According to some reports, almost 7% of the 100 thousand most popular sites still support SSL 3.0 . There are also modifications POODLE, the purpose of which are more modern TLS 1.0 and TLS 1.1. This year , Zombie POODLE and GOLDENDOODLE attacks have emerged that bypass the TLS 1.2 protection (they are still associated with CBC encryption).
How to protect yourself. In the case of the original POODLE, you need to disable SSL 3.0 support. However, in this case there is a risk of getting compatibility problems. An alternative solution could be the TLS_FALLBACK_SCSV mechanism - it ensures that SSL 3.0 data will only be exchanged with old systems. Attackers will no longer be able to initiate a downgrade of the protocol version. Zombie POODLE and GOLDENDOODLE protection method - disable CBC support in TLS 1.2-based applications. The transition to TLS 1.3 will be the cardinal solution - the new version of the protocol does not use CBC encryption.
BEAST
One of the very first attacks on SSL and TLS 1.0, discovered in 2011. Like POODLE, BEAST uses the features of CBC encryption. Malefactors introduce a JavaScript-agent or a Java applet on the client machine, which substitutes messages when transmitting data via TLS or SSL. Since attackers know the contents of “dummy” packets, they can use them to decrypt the initialization vector and read other messages to the server, such as cookies for authentication.
To date, BEAST is still exposed to a number of network tools : proxy servers and applications to protect local Internet gateways.
How to protect yourself. The attacker needs to regularly send requests to decrypt the data. VMware recommends shortening the duration of SSLSessionCacheTimeout from five minutes (default recommendation) to 30 seconds. This approach will complicate the implementation of plans for attackers, although it will have some negative effect on performance. In addition, you need to understand that soon the BEAST vulnerability may become a thing of the past by itself - since 2020, the largest browsers have stopped supporting TLS 1.0 and 1.1. In any case, less than 1.5% of all browser users work with these protocols.
DROWN
This is a cross-protocol attack that uses bugs in the SSLv2 implementation with 40-bit RSA keys. The attacker listens on hundreds of TLS connections of the target and sends special packets to the server with SSLv2 using the same private key. Using the Bleichenbacher attack , a hacker can decipher one of about a thousand client TLS sessions.
For the first time it became known about DROWN in 2016 - then one third of servers in the world were exposed to it. To date, it has not lost its relevance. Of the 150,000 most popular sites, 2% still support SSLv2 and vulnerable encryption mechanisms.
How to protect yourself. It is necessary to install patches proposed by developers of cryptographic libraries that disable SSLv2 support. For example, two such patches were submitted for OpenSSL (in 2016, these were updates 1.0.1s and 1.0.2g). Also, updates and instructions for disabling the vulnerable protocol were published in Red Hat , Apache , Debian .
“A resource may be vulnerable to DROWN if its keys are used by a third-party server with SSLv2, for example, a mail server,” said Sergey Belkin, head of the development department at IaaS provider 1cloud.ru . - This situation occurs if several servers use a shared SSL certificate. In this case, disable SSLv2 support on all machines. ”
You can check if you need to update your system with the help of a special utility - it was developed by information security specialists who discovered DROWN. You can read more about recommendations related to protection against this type of attack in a post on the OpenSSL website .
Heartbleed
One of the biggest vulnerabilities in the software is Heartbleed . She was discovered in 2014 in the OpenSSL library. At the time of the announcement of the error, the number of vulnerable websites was estimated at half a million , which is approximately 17% of the protected resources on the network.
The attack is implemented through a small module of the Heartbeat TLS extension. The TLS protocol requires data to be transmitted continuously. In the case of prolonged downtime, a break occurs and you have to reconnect. To cope with the problem, servers and clients artificially “noise” the channel ( RFC 6520, p. 5 ), transmitting a packet of random length. If it turned out to be the largest packet, then vulnerable versions of OpenSSL read the memory outside the allocated buffer. Any data could be in this area, including private encryption keys and information about other connections.
Vulnerability was present in all versions of the library between 1.0.1 and 1.0.1f inclusive, as well as in a number of OS - Ubuntu until 04/12/04, CentOS over 6.5, OpenBSD 5.3 and others. The complete list is on the site dedicated to Heartbleed . Although patches against this vulnerability were released almost immediately after its detection, the problem remains relevant to this day. Back in 2017, almost 200 thousand sites affected by Heartbleed worked .
How to protect yourself. You need to update OpenSSL to version 1.0.1g or higher. You can also disable Heartbeat requests manually using the DOPENSSL_NO_HEARTBEATS option. After the upgrade, security specialists recommend reissuing SSL certificates. Replacement is needed in case the data on the encryption keys still came to the hackers.
Certificate substitution
A managed node is installed between the user and the server with a legitimate SSL certificate that actively intercepts traffic. This node impersonates itself as a legitimate server, presenting a valid certificate, and it becomes possible to conduct a MITM attack.
According to a study by teams from Mozilla, Google and a number of universities, about 11% of secure connections on the network are “tapped”. This is the result of installing suspicious root certificates on users' computers.
How to protect yourself. Use the services of reliable SSL providers . You can check the "quality" of certificates using the Certificate Transparency (CT) service. Cloud providers can also help with the detection of “wiretapping” - today, some large companies offer specialized tools for monitoring TLS connections.
Another way to protect will be the new ACME standard , which automates the acquisition of SSL certificates. At the same time, he will add additional mechanisms to verify the owner of the site. We wrote more about him in one of our previous materials .
/ Flickr / Yuri Samoilov / CC BY
HTTPS Perspectives
Despite a number of vulnerabilities, IT giants and security experts are confident in the future of the protocol. For the active introduction of HTTPS advocates the creator of WWW Tim Berners-Lee. According to him, over time, TLS will become more secure, which will significantly increase the security of connections. Berners-Lee even suggested that in the future client certificates will appear to authenticate the individual. They will help improve the protection of servers against intruders.
It is also planned to develop SSL / TLS technology using machine learning - smart algorithms will be responsible for filtering malicious traffic. In HTTPS connections, administrators do not have the ability to find out the contents of encrypted messages - including detecting requests from malicious software. Even today, neural networks are capable of filtering potentially dangerous packets with an accuracy of 90%. ( slide 23 presentations ).
findings
Attacks on HTTPS are mostly not related to problems in the protocol itself, but with support for outdated encryption mechanisms. The IT industry is beginning to gradually abandon the protocols of the previous generation and offers new tools for finding vulnerabilities. In the future, these tools will become more intelligent.
Additional links on the topic:
Source: https://habr.com/ru/post/449866/
All Articles