Possible attacks on HTTPS and how to defend against them

SSL Vulnerability

Half of the sites use HTTPS, and their number is constantly increasing. The protocol reduces the risk of traffic interception, but does not exclude attack attempts. About some of them (POODLE, BEAST, DROWN and others) and methods of protection, we will tell in our material.

Table of Contents

Poodle attack

POODLE

For the first time, the POODLE attack was known in 2014. Security specialist Bodo Möller discovered a vulnerability in the SSL 3.0 protocol with colleagues at Google.

Its essence is as follows: a hacker forces the client to make an SSL 3.0 connection, emulating disconnected communications. Then it looks for special message labels on traffic encrypted in CBC mode. Through a series of false queries, an attacker can reconstruct the content of the data that interests them, such as cookies.

SSL 3.0 is an outdated protocol. But the question of his safety remains relevant. Clients use it to avoid server compatibility issues. According to some reports, almost 7% of the 100,000 popular sites still support SSL 3.0. There are also modifications to POODLE, the purpose of which is more modern TLS 1.0 and TLS 1.1. This year, new Zombie POODLE and GOLDENDOODLE attacks appeared that bypass TLS 1.2 protection (they are still associated with CBC encryption).

How to protect yourself In the case of the original POODLE, you must disable SSL 3.0 support. However, in this case, there is a risk of compatibility issues. An alternative solution may be the TLS_FALLBACK_SCSV mechanism: it ensures that data exchange via SSL 3.0 will take place only with older systems. Attackers will no longer be able to initiate a protocol downgrade. One way to protect yourself against Zombie POODLE and GOLDENDOODLE is to disable CBC support in TLS 1.2 based applications. The fundamental decision will be the transition to TLS 1.3: the new version of the protocol does not use CBC encryption.

SSL-Beast-Attack

BEAST

One of the first attacks on SSL and TLS 1.0, discovered in 2011. Like POODLE, BEAST uses CBC encryption functions. Attackers deploy a JavaScript agent or Java applet on the client machine that spoofs messages by transmitting data over TLS or SSL. Because attackers know the contents of “fake” packets, they can use them to decrypt the initialization vector and read other messages to the server, such as cookies for authentication.

To date, various network tools remain vulnerable to BEAST vulnerabilities – proxy servers and applications to protect local Internet gateways.

How to protect yourself The attacker must send requests regularly to decrypt the data. In VMware, we recommend reducing the duration of the SSLSessionCacheTimeout: from five minutes (default recommendation) to 30 seconds. This approach will complicate the implementation of plans for attackers, although it will have a negative effect on productivity. Also, you need to understand that the BEAST vulnerability may soon become something of its own: Since 2020, larger browsers have stopped supporting TLS 1.0 and 1.1. In any case, less than 1.5% of all browser users work with these protocols.

DROWN Attack

Drown

This is a cross protocol attack that uses errors in the SSLv2 implementation with 40-bit RSA keys. An attacker listens for hundreds of TLS connections from a target and sends special packets to a server with SSLv2 using the same private key. Using the Bleichenbacher attack, a hacker can decrypt one of the thousands of TLS client sessions.

DROWN was first unveiled in 2016, then a third of the world’s servers were exposed to it. To date, it has not lost relevance. Of the 150,000 most popular sites, 2% still support SSLv2 and vulnerable encryption mechanisms.

How to protect yourself You need to install patches proposed by developers of cryptographic libraries that disable SSLv2 support. For example, two such patches were introduced for OpenSSL (in 2016 they were updates 1.0.1s and 1.0.2g). Also, updates and instructions to disable the vulnerable protocol have been released in Red Hat, Apache, Debian.

“A resource may be vulnerable to DROWN if its keys are used by a third-party server with SSLv2, for example a mail server,” said Sergey Belkin, head of development department for IaaS provider 1cloud.ru. – This situation occurs if several servers use a common SSL certificate. In this case, disable SSLv2 support on all machines. “

You can check if you need to update your system using a special utility: it was developed by information security experts who discovered DROWN. You can read more about the recommendations related to protection against this type of attack in a post on the OpenSSL website.

heartbleed-Vulnerability

Heartbleed

One of the biggest vulnerabilities in software is Heartbleed. It was discovered in 2014 in the OpenSSL library. At the time of the error announcement, the number of vulnerable websites was estimated at half a million, approximately 17% of the protected resources on the network.

The attack is implemented through the small Heartbeat TLS extension module. The TLS protocol requires that data be transmitted continuously. In the event of prolonged downtime, an outage occurs and the connection must be reestablished. To address the problem, servers and clients artificially “make noise” on the channel (RFC 6520, p. 5), passing a packet of random length. If it turned out to be the largest package, then vulnerable versions of OpenSSL read memory out of the allocated buffer. Any information could be in this area, including private encryption keys and information about other connections.

The vulnerability was present in all versions of the library between 1.0.1 and 1.0.1f inclusive, as well as in several operating systems: Ubuntu up to 12.04.4, CentOS before 6.5, OpenBSD 5.3 and others. A complete list is on the Heartbleed website. Although patches against this vulnerability were released almost immediately after its discovery, the problem remains relevant to this day. In 2017, Heartbleed affected nearly 200,000 sites.

How to protect yourself You need to update OpenSSLto version 1.0.1g or higher. You can also manually disable Heartbeat requests using the DOPENSSL_NO_HEARTBEATS option. After the upgrade, information security experts recommend reissuing SSL certificates. A replacement is needed in case the data from the encryption keys still reaches the hackers.

Certificate spoofing

Certificate spoofing

A managed node is installed between the user and the server with a legitimate SSL certificate that actively intercepts traffic. This node pretends to be a legitimate server, presenting a valid certificate, and it is possible to carry out an MITM attack.

According to a study carried out by teams from Mozilla, Google and various universities, approximately 11% of secure connections on the network are “exploited”. This is the result of installing suspicious root certificates on users’ computers.

How to protect yourself Use the services of reliable SSL providers. You can verify the “quality” of certificates using the Certificate Transparency (CT) service. Cloud providers can also help with wiretapping detection – some large companies already offer specialized tools to monitor TLS connections.

Another method of protection will be the new ACME standard, which automates the reception of SSL certificates. At the same time, it will add additional mechanisms to verify the owner of the site. We wrote more about him in one of our previous materials.

HTTPS perspectives

Despite a series of vulnerabilities, IT giants and information security experts are confident in the future of the protocol. WWW creator Tim Berners-Lee represents the active implementation of HTTPS. According to him, over time, TLS will become more secure, which will significantly increase the security of connections. Berners-Lee even suggested that in the future there will be client certificates for authentication. They will help improve server protection against intruders.

It is also planned to develop SSL / TLS technology with the help of machine learning: smart algorithms will be responsible for filtering out malicious traffic. On HTTPS connections, administrators have no way of finding out the content of encrypted messages, including detecting malware requests. Neural networks can now filter potentially dangerous packets with 90% accuracy.

Recommendations

Attacks on HTTPS for the most part are not related to problems with the protocol itself, but to support outdated encryption mechanisms. The IT industry is beginning to remove previous generation protocols and offers new tools to find vulnerabilities. In the future, these tools will be smarter.

Leave a Reply

Your email address will not be published. Required fields are marked *