Re: [http-state] cake and session stealing
Adam Barth <ietf@adambarth.com> Tue, 27 July 2010 08:41 UTC
Return-Path: <ietf@adambarth.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 401983A6A47 for <http-state@core3.amsl.com>; Tue, 27 Jul 2010 01:41:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.722
X-Spam-Level:
X-Spam-Status: No, score=-1.722 tagged_above=-999 required=5 tests=[AWL=0.255, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9fRaEWRquZXK for <http-state@core3.amsl.com>; Tue, 27 Jul 2010 01:41:22 -0700 (PDT)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by core3.amsl.com (Postfix) with ESMTP id 68B693A6A91 for <http-state@ietf.org>; Tue, 27 Jul 2010 01:41:22 -0700 (PDT)
Received: by gyg8 with SMTP id 8so1401694gyg.31 for <http-state@ietf.org>; Tue, 27 Jul 2010 01:41:44 -0700 (PDT)
Received: by 10.101.189.33 with SMTP id r33mr2118998anp.123.1280220103766; Tue, 27 Jul 2010 01:41:43 -0700 (PDT)
Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by mx.google.com with ESMTPS id r7sm8281933anb.15.2010.07.27.01.41.43 (version=SSLv3 cipher=RC4-MD5); Tue, 27 Jul 2010 01:41:43 -0700 (PDT)
Received: by yxj4 with SMTP id 4so453799yxj.31 for <http-state@ietf.org>; Tue, 27 Jul 2010 01:41:42 -0700 (PDT)
Received: by 10.101.171.39 with SMTP id y39mr9046909ano.259.1280220102637; Tue, 27 Jul 2010 01:41:42 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.231.79.85 with HTTP; Tue, 27 Jul 2010 01:41:18 -0700 (PDT)
In-Reply-To: <8B0A9FCBB9832F43971E38010638454F03EB77373E@SISPE7MB1.commscope.com>
References: <8B0A9FCBB9832F43971E38010638454F03EB773659@SISPE7MB1.commscope.com> <AANLkTi=2y+EDtyer3vn-eX8j-ao0U9jGnS-PDirqSojB@mail.gmail.com> <8B0A9FCBB9832F43971E38010638454F03EB773720@SISPE7MB1.commscope.com> <AANLkTikB-Xn-t-_0pHoY+9eWZueAUyXLfnd5cF=mJO9G@mail.gmail.com> <8B0A9FCBB9832F43971E38010638454F03EB77373E@SISPE7MB1.commscope.com>
From: Adam Barth <ietf@adambarth.com>
Date: Tue, 27 Jul 2010 10:41:18 +0200
Message-ID: <AANLkTimEMK2O5ZMR1HR3gRTX6H8bwmifKVQ4FvPQxotu@mail.gmail.com>
To: "Thomson, Martin" <Martin.Thomson@andrew.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: "http-state@ietf.org" <http-state@ietf.org>
Subject: Re: [http-state] cake and session stealing
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jul 2010 08:41:25 -0000
On Tue, Jul 27, 2010 at 10:27 AM, Thomson, Martin <Martin.Thomson@andrew.com> wrote: >> > That's where my concern arose. An attacker that is playing MITM can >> simply use their own cake. Are we basically looking for something with >> basically "leap of faith" characteristics? >> >> There's no leap of faith. How does the MITM alter the cake in the TLS >> tunnel? > > We were talking about the step from unsecured TCP to TLS. The problem was that state accumulated prior to this step is attributed to the client. There is no insecure step from TCP to TLS. > Cake ensures that the same client can be identified. > > If you have a MITM, then you can do this: > > Accept the client cake C and forward their requests on using a different cake F. State A is established against cake F. > > In parallel, establish desired state against cake C. Then when the client hops to a secured connection, they start using your desired state. There's a separate cake for every origin. In particular, there's a separate cake for http://bank.com and https://bank.com. There is no way for the attacker to learn or overwrite the cake for https://bank.com. That means whatever stateful interaction the user has with the server on https://bank.com is protected from the attacker. Of course, the attacker can have their own stateful interaction with https://bank.com, but that will be with their own cake and won't interfere with the user's interaction with https://bank.com. > The only solution I see to this is to treat anything that comes in on an unsecured connection as suspect. Online shopping services do this - you build a cart, but they confirm again on the secured part (sometimes several times). If a site uses http, there's nothing we can do to protect them from a MITM attacker. We're interested in protecting https sites from MITM attackers. Adam
- [http-state] cake and session stealing Thomson, Martin
- Re: [http-state] cake and session stealing Adam Barth
- Re: [http-state] cake and session stealing Thomson, Martin
- Re: [http-state] cake and session stealing Adam Barth
- Re: [http-state] cake and session stealing Thomson, Martin
- Re: [http-state] cake and session stealing Adam Barth
- Re: [http-state] cake and session stealing Thomson, Martin
- Re: [http-state] cake and session stealing Adam Barth
- Re: [http-state] cake and session stealing Thomson, Martin
- Re: [http-state] cake and session stealing Adam Barth