Re: [TLS] Inter-protocol attacks

Antoine Delignat-Lavaud <antoine@delignat-lavaud.fr> Fri, 15 August 2014 08:45 UTC

Return-Path: <antoine@delignat-lavaud.fr>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1B461A0972 for <tls@ietfa.amsl.com>; Fri, 15 Aug 2014 01:45:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J_P9tv2YXL8M for <tls@ietfa.amsl.com>; Fri, 15 Aug 2014 01:45:20 -0700 (PDT)
Received: from argon.maxg.info (argon.maxg.info [IPv6:2001:41d0:2:7f22::1]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 624781A092B for <tls@ietf.org>; Fri, 15 Aug 2014 01:45:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=delignat-lavaud.fr; s=dkim; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=yqIqVpnI8HBU+sipJTgpzVm8znXXmJ8hJ0vnoTdH+P0=; b=PmDYl7Wo075q94jmmFBNx6tg5RZSQNUaeXCDx6QKRpIdBEYew38JMYOozibz6EE8L9/GbAEtB4Sl09yKCRcE5COFTO+dygIA4QmbXRTnXbWP3FxrHzFBYOW6VER/SEIQ;
Received: from localhost (authenticated.user.IP.removed [::1]) by argon.maxg.info with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (envelope-from <antoine@delignat-lavaud.fr>) id 1XID8B-0001yC-2u ; Fri, 15 Aug 2014 10:45:03 +0200
Message-ID: <53EDC889.5030704@delignat-lavaud.fr>
Date: Fri, 15 Aug 2014 09:44:57 +0100
From: Antoine Delignat-Lavaud <antoine@delignat-lavaud.fr>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: mrex@sap.com, Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
References: <20140815015630.D29521AE0D@ld9781.wdf.sap.corp>
In-Reply-To: <20140815015630.D29521AE0D@ld9781.wdf.sap.corp>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/3qZvYxnNqK6BMvE--wKot5_mK2o
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Inter-protocol attacks
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Aug 2014 08:45:24 -0000

Le 8/15/2014 2:56 AM, Martin Rex a écrit :
> But I still fail to see how session resumption would aggravate
> any bogosities performed by applications as long as the servers
> certificates on both handshakes (resumption an full)
> will properly *PASS* the usual server endpoint identification checks,
> which is what has been asserted.

As I explained before, the reason why it is the case is because TLS 
authorization is not context free: it depends on the application context.

In HTTP, application context boils down to origin, because the same 
origin policy is the only security context that makes sense in a browser.

Any TLS authorization for the Web that uses a context broader than 
origin is going to be a source of attack. This applies to both server 
and client. The problem with resumption is that unlike full handshakes, 
it uses implicit authorization. This can be easily blamed on protocol 
implementations, but TLS could have made resumption authorization more 
explicit.

On the server side, most web servers use a very simple authorization 
policy, which is basically "return true" regardless of the context. This 
is bad, because there are many reasons why a server would want to reject 
certain resumption requests, in particular when the application context 
(domain / SNI) of the resumption is different from the one in the 
initial connection. For instance, if the session being resumed is user 
authenticated, the server may want to use a different CA on the domain 
of the resumption, or an anonymous session. It may also prefer to use 
another certificate (such as an extended validation one) for this domain 
(even though the initial one may also work, say because it has a 
wildcard), or a different cipher, or avoid using the same Channel ID, or 
many other reasons. The new domain of the resumption may not be handled 
by the server (in fact, if the server uses multiple certificates, or a 
shared ticket key, it can even be that the requested domain is not in 
the certificate of the original session), in which case authorizing the 
resumption is guaranteed to break the same origin policy. These are all 
real attacks that can be found against top websites (see https://bh.ht.vc).

On the client side, clients typically use a resumption policy based on 
the domain associated with the session. This works great for HTTPS 
because protocol+domain is almost as good as origin (port being part of 
origin is a mistake). However, SPDY uses a resumption policy that 
assumes that authorization of the initial connection extends to other 
domains in the certificate. This is not the case: the original 
authorization was granted in a different application context, and it is 
in fact necessary to re-authorize the connection in the new context. See 
http://youtu.be/7zNWKTDs99g for a concrete exploit.

Overall, I am well aware that little can be done in the TLS protocol to 
solve the shortcomings of application authorization. Since SNI provides 
a good application context indication even outside HTTPS, the change 
that I was initially proposing to OpenSSL and Nginx several months ago 
was to enforce that the SNI may not change when a session is resumed. 
However, this restriction is not compatible with SPDY, and almost all 
servers continue to accept resumption with a different SNI currently.

Best,

Antoine Delignat-Lavaud