Re: [TLS] Inter-protocol attacks

Antoine Delignat-Lavaud <antoine@delignat-lavaud.fr> Wed, 13 August 2014 13:01 UTC

Return-Path: <antoine@delignat-lavaud.fr>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A6D41A0095 for <tls@ietfa.amsl.com>; Wed, 13 Aug 2014 06:01:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WqR8kk__fEX3 for <tls@ietfa.amsl.com>; Wed, 13 Aug 2014 06:01:03 -0700 (PDT)
Received: from argon.maxg.info (argon.maxg.info [IPv6:2001:41d0:2:7f22::1]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 761371A0053 for <tls@ietf.org>; Wed, 13 Aug 2014 06:01:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=delignat-lavaud.fr; s=dkim; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=Fja3EBHk/2R5K1+Yu0wNsMmWTnHE//yWk3REgwOyC6A=; b=Q6RPKNbZndeME+Omxn0pcXMSZesYOaJxcpJ2aR34kdQuJZfLqu2QETNO53BFOn/b2ysO6ejr8q6IvHAAayhkR2SAd0Ox5Oyt08Gh50Hjc+EPS/5yg2icVnVLXcKtJjGZ;
Received: from localhost (authenticated.user.IP.removed [::1]) by argon.maxg.info with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (envelope-from <antoine@delignat-lavaud.fr>) id 1XHYAZ-0001Nd-54 ; Wed, 13 Aug 2014 15:00:47 +0200
Message-ID: <53EB6180.2030006@delignat-lavaud.fr>
Date: Wed, 13 Aug 2014 14:00:48 +0100
From: Antoine Delignat-Lavaud <antoine@delignat-lavaud.fr>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Martin Thomson <martin.thomson@gmail.com>
References: <CACsn0cmrtZm63ao876ryJPV1o-m2f4Mjda-H5JkH8q=Jjbc=qA@mail.gmail.com> <53E771B7.7060609@delignat-lavaud.fr> <CABkgnnXqt5+cJ=b45R7Xdm+ckZ9GFLzcj1f=aXuTEEXprtWS1w@mail.gmail.com>
In-Reply-To: <CABkgnnXqt5+cJ=b45R7Xdm+ckZ9GFLzcj1f=aXuTEEXprtWS1w@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/OCCZLNTdlbHI98o7bxH2YDpRnug
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Inter-protocol attacks
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Aug 2014 13:01:06 -0000

Le 8/11/2014 7:06 AM, Martin Thomson a écrit :
> On 10 August 2014 06:20, Antoine Delignat-Lavaud
> <antoine@delignat-lavaud.fr>; wrote:
>> Chrome introduced a very significant change to the authentication model of
>> TLS that went virtually unnoticed. In SPDY, the TLS client session cache is
>> no longer indexed by domain and port, but instead by domain set, IP and
>> port: in classic TLS, an established connection or session can only be
>> reused for the same domain, whereas in SPDY, it can be reused for any domain
>> in the certificate verified when the session was created, provided that it
>> points to the same IP as the original connection. The DNS condition is
>> obviously meaningless to a network attacker, which means that all security
>> guarantees that were previously session-specific should now be considered
>> certificate-specific.
> The behaviour you describe isn't quite correct, because - I believe -
> that it requires that the DNS resolve to the same IP (or that one of a
> set of alternative values point there).  But that's not a particularly
> important detail, DNS has never been a part of the security story for
> https.  It's a big part of http, but we all know what you get there.

Ultimately, we agree that the precise DNS condition doesn't matter. In 
HTTPS, DNS is under attacker control.

> Either way, this behaviour has been discussed at some length and was
> not found lacking in the SPDY/HTTP2 context.  Yes, HTTP/2 standardizes
> this practice.  The poor handling of Host header fields in HTTP/1.1
> means that it will probably never be advisable to do something like
> this there.
>
> As always, I caution that we have to be careful to distinguish between
> attacks on implementations and attacks on standards.  I am aware that
> there are bugs in implementations.  I'm also told that they are
> somewhat difficult to exploit.

The argument is not whether such attacks are to blame on implementation 
or specification. The question is whether behavior such as reusing a 
connection established with attacker.com to send data meant for 
google.com /should be considered an attack at all/.

This is the TLS mailing list, and the relevant problem here is the 
complete lack of any restriction in RFC 5246 and 5077 on when a session 
can be resumed. Thus, we end up in a situation where resumption is up to 
implementations to decide; because of the lack of any specification, TLS 
libraries simply hand off the decision to the application; the 
application won't know what to do (this kind of question is typically 
considered out of the scope of application protocol definitions), and 
thus let the user decide. Of course, the user is very unlikely to 
understand the security impact of session cache or name-based 
certificate settings, and this is how we end up with the kind of attacks 
I demonstrated at Black Hat.

SPDY is an interesting case, as it does specify a clear resumption 
policy (even though, I must against stress out again, this policy 
technically allows resumption between any two HTTP origins as long as 
they appear in the same certificate; thus, CVE-2014-3166 does not 
violate any TLS or HTTP specification and cannot be considered an 
implementation bug). This policy should be interpreted as an 
authorization function for TLS authentication. In a full handshake, 
there is a well-specified and widely-adopted authorization function 
defined in RFC 5280. The problem I am pointing out is that the SPDY and 
PKIX authorization functions are incompatible. Thus, TLS features that 
assume PKIX authorization, such as SNI or ChannelID, may not guarantee 
the same security properties under SPDY authorization. Similarly, 
certain PKIX extensions will also fail under SPDY authorization, most 
notably certificate pinning.

 From the TLS viewpoint, it is reasonable to consider authorization 
outside the scope of the protocol. However, for the security of TLS, 
authentication and authorization must critically be preserved by 
resumption, as it is entirely a protocol feature that currently occurs 
without any application involvement. The issue may disappear in TLS 1.3 
if resumption is removed, but in current versions, the use of different 
authorization policies for full handshakes and resumption should be 
considered a weakness, which can be exploited.

Speaking of this, I have to disagree with your claim that attacks in 
this class are difficult to exploit. It may be true if you compare these 
attacks to heartbleed or browser memory bugs. However, compared to 
BEAST, Lucky13 or triple handshake, these attacks are orders of 
magnitude more exploitable.

Best,

Antoine Delignat-Lavaud