cse 484 / cse m 584: computer security and privacy ssl/tls · ssl/tls • secure sockets layer and...
TRANSCRIPT
![Page 1: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/1.jpg)
CSE484/CSEM584:ComputerSecurityandPrivacy
SSL/TLS
Fall2016
Ada(Adam)[email protected]
ThankstoFranziRoesner,DanBoneh,DieterGollmann,DanHalperin,YoshiKohno,JohnManferdelli,JohnMitchell,VitalyShmatikov,BennetYee,andmanyothersforsampleslidesandmaterials...
![Page 2: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/2.jpg)
Wehaveallthepieces!
• SymmetricEncryption(privacy!)• MACs(integrity!)• AsymmetricCrypto(bootstrapping!)• CertificateAuthorities(authenticity!)
11/4/16 CSE484/CSEM584-Fall2016 2
![Page 3: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/3.jpg)
SSL/TLS
• SecureSocketsLayerandTransportLayerSecurity– Sameprotocol,newversion(TLSiscurrent)
• DefactostandardforInternetsecurity– “TheprimarygoaloftheTLSprotocolistoprovide
privacyanddataintegritybetweentwocommunicatingapplications”
• DeployedineveryWebbrowser;alsoVoIP,paymentsystems,distributedsystems,etc.
11/4/16 CSE484/CSEM584-Fall2016 3
![Page 4: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/4.jpg)
SSL/TLS
• TLSistypicallyusedontopofaTCPconnection
TLS
• Canbeusedoverothertransportprotocols
11/4/16 CSE484/CSEM584-Fall2016 4
![Page 5: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/5.jpg)
TLSBasics
• TLSconsistsoftwoprotocols– Familiarpatternforkeyexchangeprotocols
• Handshakeprotocol– Usepublic-keycryptographytoestablishasharedsecretkeybetweentheclientandtheserver
• Recordprotocol– Usethesecretsymmetrickeyestablishedinthehandshakeprotocoltoprotectcommunicationbetweentheclientandtheserver
11/4/16 CSE484/CSEM584-Fall2016 5
![Page 6: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/6.jpg)
BasicHandshakeProtocol
11/4/16 CSE484/CSEM584-Fall2016 6
C
ClientHello
S
Clientannounces(inplaintext):• Protocolversionitisrunning• Cryptographicalgorithmsitsupports• Fresh,randomnumber
![Page 7: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/7.jpg)
BasicHandshakeProtocol
11/4/16 CSE484/CSEM584-Fall2016 7
C
C,versionc,suitesc,Nc
ServerHello
SServerresponds(inplaintext)with:• Highestprotocolversionsupportedby
boththeclientandtheserver• Strongestcryptographicsuiteselected
fromthoseofferedbytheclient• Fresh,randomnumber
![Page 8: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/8.jpg)
BasicHandshakeProtocol
11/4/16 CSE484/CSEM584-Fall2016 8
C
versions,suites,Ns,ServerKeyExchange
SServersendsitspublic-keycertificatecontainingeitheritsRSA,orhisDiffie-Hellmanpublickey(dependingonchosencryptosuite)
C,versionc,suitesc,Nc
![Page 9: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/9.jpg)
BasicHandshakeProtocol
11/4/16 CSE484/CSEM584-Fall2016 9
C
versions,suites,Ns,certificate,“ServerHelloDone”
S
C,versionc,suitesc,Nc
ClientKeyExchange
Theclientgeneratessecretkeymaterialandsendsittotheserverencryptedwiththeserver’spublickey(ifusingRSA)
![Page 10: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/10.jpg)
BasicHandshakeProtocol
11/4/16 CSE484/CSEM584-Fall2016 10
C
versions,suites,Ns,certificate,“ServerHelloDone”
S
C,versionc,suitesc,Nc
{Secretc}PKsifusingRSA
switchtokeysderivedfromsecretc,Nc,Ns
CandSsharesecretkeymaterial(secretc)atthispoint
switchtokeysderivedfromsecretc,Nc,Ns
FinishedFinished
Recordofallsentandreceivedhandshakemessages
![Page 11: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/11.jpg)
“Core”SSL3.0Handshake(NotTLS)
11/4/16 CSE484/CSEM584-Fall2016 11
C
versions=3.0,suites,Ns,certificate,“ServerHelloDone”
S
C,versionc=3.0,suitesc,Nc
{Secretc}PKsifusingRSA
switchtokeysderivedfromsecretc,Nc,Ns
CandSsharesecretkeymaterial(secretc)atthispoint
switchtokeysderivedfromsecretc,Nc,Ns
FinishedFinished
![Page 12: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/12.jpg)
VersionRollbackAttack
11/4/16 CSE484/CSEM584-Fall2016 12
C
Versions=2.0,suites,Ns,certificate,“ServerHelloDone”
S
C,versionc=2.0,suitesc,Nc
{Secretc}PKsifusingRSA
CandSendupcommunicatingusingSSL2.0(weakerearlierversionoftheprotocolthat
doesnotinclude“Finished”messages)
ServerisfooledintothinkingheiscommunicatingwithaclientwhosupportsonlySSL2.0
![Page 13: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/13.jpg)
“Chosen-Protocol”Attacks
• Whydopeoplereleasenewversionsofsecurityprotocols?Becausetheoldversiongotbroken!
• Newversionmustbebackward-compatible– Noteverybodyupgradesrightaway
• Attackercanfoolsomeoneintousingtheold,brokenversionandexploitknownvulnerability– Similar:foolvictimintousingweakcryptoalgorithms
• Defenseishard:mustauthenticateversioninearlydesigns• Manyprotocolshavehad“versionrollback”attacks
– SSL,SSH,GSM(cellphones)
11/4/16 CSE484/CSEM584-Fall2016 13
![Page 14: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/14.jpg)
VersionCheckinSSL3.0
11/4/16 CSE484/CSEM584-Fall2016 14
C
versions=3.0,suites,Ns,certificateforPKs,“ServerHelloDone”
S
C,versionc=3.0,suitesc,Nc
{versionc,secretc}PKs
CandSsharesecretkeymaterialsecretcatthispoint
“Embed”versionnumberintosecret
CheckthatreceivedversionisequaltotheversioninClientHello
switchtokeyderivedfromsecretc,Nc,Ns
switchtokeyderivedfromsecretc,Nc,Ns
![Page 15: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/15.jpg)
Network
WebSecurity!BigPicture:BrowserandNetwork
11/4/16 CSE484/CSEM584-Fall2016 15
Browser
OS
Hardware
websiterequest
reply
ThebrowserrendersorexecutesarbitraryHTML,CSS,andJavascriptsendbyhostsontheInternet.
![Page 16: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/16.jpg)
WhereDoestheAttackerLive?
11/4/16 CSE484/CSEM584-Fall2016 16
Network
Browser
OS
Hardware
websiterequest
replyWeb
attacker
Networkattacker
Malwareattacker
![Page 17: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/17.jpg)
AllofTheseShouldBeSafe
• Safetovisitanevilwebsite
• Safetovisittwopagesatthesametime
• Safedelegation
11/4/16 CSE484/CSEM584-Fall2016 17
![Page 18: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/18.jpg)
BuildingBlocksoftheWeb(andWebSecurity)
• HTTP(S)• Cookies
11/4/16 CSE484/CSEM584-Fall2016 18
![Page 19: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/19.jpg)
HTTP:HyperTextTransferProtocol
• Applicationlayerprotocolusedbybrowsersandwebservers
• Statelessrequest/responseprotocol– Eachrequestisindependentofpreviousrequests
– Statelessnesshasasignificantimpactondesignandimplementationofapplications
11/4/16 CSE484/CSEM584-Fall2016 19
![Page 20: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/20.jpg)
HTTPRequest
11/4/16 CSE484/CSEM584-Fall2016 20
GET /default.asp HTTP/1.0 Accept: image/gif, image/x-bitmap, image/jpeg, */* Accept-Language: en User-Agent: Mozilla/1.22 (compatible; MSIE 2.0; Windows 95) Connection: Keep-Alive If-Modified-Since: Sunday, 17-Apr-96 04:32:58 GMT
Method File HTTP version Headers
Data – none for GET Blank line
![Page 21: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/21.jpg)
HTTPResponse
11/4/16 CSE484/CSEM584-Fall2016 21
HTTP/1.0 200 OK Date: Sun, 21 Apr 1996 02:20:42 GMT Server: Microsoft-Internet-Information-Server/5.0 Connection: keep-alive Content-Type: text/html Last-Modified: Thu, 18 Apr 1996 17:39:05 GMT Content-Length: 2543 <HTML> Some data... blah, blah, blah </HTML>
HTTP version Status code Reason phrase Headers
Data
![Page 22: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/22.jpg)
HTTPVerbs
• HTTPdeclaresanumberof“verbs”thatclientscanusetorequestorprovideinformation– GETasksforaresource– POSTsendsinformation– HEADgetsmetadata(headers)foraresource
– Also:PUT,DELETE,TRACE,OPTIONS,CONNECT,PATCH
11/4/16 CSE484/CSEM584-Fall2016 22
![Page 23: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/23.jpg)
HTTPResources
• URLstandsforUniformResourceLocator• Specifiesthelocationofaresourceonanetwork–whatserverisiton,whereisitonthatserver?
• ResourcescouldincludeHTMLpages,images,data,etc.
11/4/16 CSE484/CSEM584-Fall2016 23
![Page 24: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/24.jpg)
HTTPVerbs
• HTTPdeclaresanumberof“verbs”thatclientscanusetorequestorprovideinformation– GETasksforaresource– POSTsendsinformation– HEADgetsmetadata(headers)foraresource
– Also:PUT,DELETE,TRACE,OPTIONS,CONNECT,PATCH
11/4/16 CSE484/CSEM584-Fall2016 24
![Page 25: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/25.jpg)
HTTPVerbs
• HTTPdeclaresanumberof“verbs”thatclientscanusetorequestorprovideinformation– GETasksforaresource(Givemethisimage)– POSTsendsinformation– HEADgetsmetadata(headers)foraresource
– Also:PUT,DELETE,TRACE,OPTIONS,CONNECT,PATCH
11/4/16 CSE484/CSEM584-Fall2016 25
![Page 26: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/26.jpg)
HTTPVerbs
• HTTPdeclaresanumberof“verbs”thatclientscanusetorequestorprovideinformation– GETasksforaresource(Givemethisimage)– POSTsendsinformation(Iwanttologin)– HEADgetsmetadata(headers)foraresource
– Also:PUT,DELETE,TRACE,OPTIONS,CONNECT,PATCH
11/4/16 CSE484/CSEM584-Fall2016 26
![Page 27: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/27.jpg)
HTTP:HyperTextTransferProtocol
• Applicationlayerprotocolusedbybrowsersandwebservers
• Statelessrequest/responseprotocol– Eachrequestisindependentofpreviousrequests
– Statelessnesshasasignificantimpactondesignandimplementationofapplications
11/4/16 CSE484/CSEM584-Fall2016 27
![Page 28: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/28.jpg)
Cookies–StatefulnessforHTTP
11/4/16 CSE484/CSEM584-Fall2016 28
Acookieisafilecreatedbyawebsitetostoreinformationinthebrowser
BrowserServer
POSTlogin.cgiusernameandpwd
BrowserServer
GETrestricted.html
Cookie:userID=Alice
HTTPisastatelessprotocol;cookiesaddstate
HTTPHeader:Set-cookie: userID=Alice;
![Page 29: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/29.jpg)
CookieFormat
• CookiesarejustKEY=VALUEpairs,e.g.,– language=ENGLISH – userID=Alice – sessionID= 8113d906-62e8-49e1-80e1-65805cb51cab
– adID= 9c740c60-8d88-4da6-bb83-041e95c1efac
11/4/16 CSE484/CSEM584-Fall2016 29
![Page 30: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/30.jpg)
Cookies–StatefulnessforHTTP
11/4/16 CSE484/CSEM584-Fall2016 30
Acookieisafilecreatedbyawebsitetostoreinformationinthebrowser
BrowserServer
POSTlogin.cgiusernameandpwd
BrowserServer
GETrestricted.html
Cookie:NAME=VALUE
HTTPisastatelessprotocol;cookiesaddstate
Ifexpires=NULL,thissessiononly
HTTPHeader:Set-cookie: NAME=VALUE;
domain=(whocanread);expires=(whenexpires);secure=(sendonlyoverHTTPS)
![Page 31: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/31.jpg)
WhatAreCookieUsedFor?
• Personalization– Websiteremembersvisitorpreferences– language=ENGLISH
• Authentication– Thecookie“proves”clientisloggedin– sessionID=8113d906-62e8...
• Tracking– Followtheuserfromsitetosite;– adID=9c740c60-8d88…
11/4/16 CSE484/CSEM584-Fall2016 31
![Page 32: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/32.jpg)
GoalsofWebSecurity
• SafelybrowsetheWeb– Amaliciouswebsitecannotstealinformationfromor
modifylegitimatesitesorotherwiseharmtheuser…– …evenifvisitedconcurrentlywithalegitimatesite--in
aseparatebrowserwindow,tab,oreveniframeonthesamewebpage
• SupportsecureWebapplications– ApplicationsdeliveredovertheWebshouldhavethe
samesecuritypropertieswerequireforstandaloneapplications
11/4/16 CSE484/CSEM584-Fall2016 32
![Page 33: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/33.jpg)
AllofTheseShouldBeSafe
• Safetovisitanevilwebsite
• Safetovisittwopagesatthesametime
• Safedelegation
11/4/16 CSE484/CSEM584-Fall2016 33
![Page 34: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/34.jpg)
TwoSidesofWebSecurity
• Webbrowser– ResponsibleforsecurelyconfiningWebcontentpresentedbyvisitedwebsites
• Webapplications– Onlinemerchants,banks,blogs,GoogleApps…– Mixofserver-sideandclient-sidecode
• Server-sidecodewritteninPHP,Ruby,ASP,JSP…runsontheWebserver
• Client-sidecodewritteninJavaScript…runsintheWebbrowser
– Manypotentialbugs:XSS,XSRF,SQLinjection
11/4/16 CSE484/CSEM584-Fall2016 34
![Page 35: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/35.jpg)
WhereDoestheAttackerLive?
11/4/16 CSE484/CSEM584-Fall2016 35
Network
Browser
OS
Hardware
websiterequest
replyWeb
attacker
Networkattacker
Malwareattacker
Attackermaycontrol1ormoredomainsorwebsites
AttackergetstorunJavascriptandHTMLcodeinthebrowser
Attackercanmakemaliciousrequeststowebservers–canevenuseHTML/JStomakethoserequestsFromusers’browsers!
![Page 36: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/36.jpg)
WebAttacker
• Controlsamaliciouswebsite(attacker.com)– CanobtainanTLScertificateforattacker.com
• Uservisitsattacker.com–why?– Phishingemail,enticingcontent,searchresults,placedbyanadnetwork,blindluck…
– Or,attacker.comisembeddedonanotherpage–loadingthefriendlypageloadscontentfromattacker.com
11/4/16 CSE484/CSEM584-Fall2016 36
![Page 37: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/37.jpg)
WebAttacker
11/4/16 CSE484/CSEM584-Fall2016 37
www.attacker.com
![Page 38: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/38.jpg)
Javascript,or,SoftwareSecurityfortheWeb! <html> … <p> The script on this page is totally trustworthy <script>
doSomethingEvil() </script> … </html>
11/4/16 CSE484/CSEM584-Fall2016 38
Browserreceivescontent,displaysHTMLandexecutesscripts
Apotentiallymaliciouswebpagegetstoexecutesomecodeonuser’smachine!
www.attacker.com
![Page 39: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/39.jpg)
BrowserSandbox
• Goal:safelyexecuteJavaScriptcodeprovidedbyawebsite– No/limitedaccesstoOS/network/filesystem/browserdata.
– Nobufferoverflows,nowaytoexecutearbitrarynativecode,processisolationbetweentabs
– Attackershouldn’tbeabletoaccessdatafromothertabsorbrowserwindows
– attacker.comshouldn’tbeabletoaccessdatafrombank.com,evenifyou’reloggedin
11/4/16 CSE484/CSEM584-Fall2016 39
![Page 40: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/40.jpg)
AStrawpersonAttack
www.attacker.com
www.bank.com(e.g.,
balance:$500)
www.attacker.com(theparent)cannotaccessHTMLelementsin
theiframe(andviceversa).
11/4/16 CSE484/CSEM584-Fall2016 40
![Page 41: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/41.jpg)
Same-OriginPolicy:DOM
OnlycodefromsameorigincanaccessHTMLelementsonanothersite(orinaniframe).
www.example.com
www.example.com/iframe.html
www.evil.com
www.example.com/iframe.html
www.example.com(theparent)canaccessHTMLelementsintheiframe
(andviceversa).
www.evil.com(theparent)cannotaccessHTMLelementsintheiframe
(andviceversa).11/4/16 CSE484/CSEM584-Fall2016 41
![Page 42: CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS · SSL/TLS • Secure Sockets Layer and Transport Layer Security – Same protocol, new version (TLS is current) • De](https://reader036.vdocuments.mx/reader036/viewer/2022062508/6026685e60de077dc2178dd1/html5/thumbnails/42.jpg)
Same-OriginPolicy
Websiteorigin=(scheme,domain,port)
[ExamplethankstoWikipedia.]11/4/16 CSE484/CSEM584-Fall2016 42