TLS attacks :
CRIME & Heartbleed
Valentin ZELIONII Marie SAUVANT François LETTERLE
Pierre LACOUVE Maxime LETERRE
1
● 1994 : Netscape creates SSL
● 1999 : Creation of TLS
● 2015 : End of SSL
● 2018 : TLS 1.3 (latest version)
Introduction : TLS history
2
How does TLS work ?
HTTPS
3
CRIME Attack Method
Duong and Rizzo at the Ekoparty security conference in 2012
C : Compression R : Ration
I : Info-leak
ME : Made easy
4
CRIME : Initialization
5
CRIME Algorithm
6
CRIME Prevention
Client
Server
Disable the compression of SPDY or HTTPS requests
Prevent the use of data compression on transactions using the protocol
negotiation features of the TLS protocol
7
CRIME Prevention
- Never supported TLS compression or SPDY
- Only supported SPDY
- The compression was removed in Firefox 15
- Supported both TLS compression and SPDY compression
- The compression was removed in Chrome 21 8
CRIME Prevention
9
CRIME Prevention
10
HeartBleed main characteristics
- Reference : CVE-2014-0160
- OpenSSL versions : 1.0.1 to 1.0.1f and 1.0.2-beta - Vulnerability informations :
- heartbeat extension (RFC6520)
- Introduced in december 2011 by Robin Seggelmann - Released with 1.0.1 on 14th of March 2012
- Alive until 1.0.1g release on 7th of April 2014 (2 years) - Implementation mistake (an equality was not checked)
- Available on apache and nginx servers.
- Informations leaked :
- memory of client and server
- Primary and secondary keys (public and private keys, usernames and passwords) - Protected content (instant messages, emails, business critical documents)
11
HeartBleed Attack method
12
HeartBleed Attack method
1. Ask for the server for an answer with a longer response than the word you’re requesting it to answer
2. Wait
3. Profit from an incredibly long and detailed answer from the server
13
Consequence of HeartBleed
- impossible to detect the attack in the log
- All Web-Server and Router that use SSL versions between March 2012 and April 2014
HeartBleed can be used to retrieve : - Password
- Identifier
- see same encryption key - and other confidential data
14
The Heartbleed fix
fix :
- 10 elementary code line
- only verification of the size send if the server is potentially vulnerable :
- upgrade to the last version - Change the certificates SSL
- change the passwords of the systems that were exposed
15
The positive consequences
- in 48 hours: the 500 largest website had fixed the breach - Vulnerability has strong media coverage
- Investment in open source by large companies
16
Other examples
● POODLE ( Padding Oracle On Downgraded Legacy Encryption)
● DROWN
17
Any questions ?
18
