Half sites and their number is steadily increasing. The protocol reduces the risk of traffic interception, but does not exclude attack attempts per se. About some of them - POODLE, BEAST, DROWN and others - and ways to protect, we will tell in our material.
/flickr/ / CC BY SA
POODLE
First time attack became known in 2014. A vulnerability in the SSL 3.0 protocol was discovered by information security specialist Bodo MΓΆller and colleagues from Google.
Its essence is as follows: a hacker forces the client to connect via SSL 3.0, emulating disconnects. It then searches in the encrypted -traffic mode special messages-tags. Through a series of fake requests, an attacker is able to reconstruct the content of the data of interest, such as cookies.
SSL 3.0 is an obsolete protocol. But the question of its safety is still relevant. Clients use it to avoid compatibility issues with servers. According to some reports, almost 7% of the 100 thousand most popular sites . Also modifications to POODLE that target the more modern TLS 1.0 and TLS 1.1. This year new Zombie POODLE and GOLDENDOODLE attacks that bypass TLS 1.2 protection (they are still associated with CBC encryption).
How to defend yourself. In the case of the original POODLE, you need to disable SSL 3.0 support. However, in this case, there is a risk of getting compatibility problems. An alternative solution could be the TLS_FALLBACK_SCSV mechanism - it ensures that data exchange over SSL 3.0 will only be carried out with older systems. Attackers will no longer be able to initiate a protocol downgrade. The way to protect against Zombie POODLE and GOLDENDOODLE is to disable CBC support in applications based on TLS 1.2. The cardinal decision will be the transition to TLS 1.3 - the new version of the protocol does not use CBC encryption. Instead, more persistent AES and ChaCha20 are used.
BEAST
One of the very first attacks on SSL and TLS 1.0, discovered in 2011. Like POODLE, BEAST features of CBC encryption. The attackers inject a JavaScript agent or Java applet onto the client machine, which spoofs messages when broadcasting data over TLS or SSL. Since attackers know the contents of the fake packets, they can use them to decrypt the initialization vector and read other messages to the server, such as authentication cookies.
To date, BEAST vulnerabilities are still : Proxy servers and applications to protect local Internet gateways.
How to defend yourself. The attacker needs to regularly send requests to decrypt the data. At VMware reduce the SSLSessionCacheTimeout duration from five minutes (the default recommendation) to 30 seconds. This approach will complicate the implementation of plans for attackers, although it will have some negative effect on performance. In addition, you need to understand that soon the BEAST vulnerability may become a thing of the past on its own - since 2020, the largest browsers support for TLS 1.0 and 1.1. In any case, less than 1,5% of all browser users use these protocols.
DROWN
This is a cross-protocol attack that exploits bugs in the implementation of SSLv2 with 40-bit RSA keys. The attacker listens on the target's hundreds of TLS connections and sends special packets to an SSLv2 server using the same private key. Using , a hacker can decrypt one of the client's approximately XNUMX TLS sessions.
DROWN first became known in 2016 - then it turned out to be in the world. To date, it has not lost its relevance. Of the 150 thousand most popular sites, 2% are still SSLv2 and vulnerable encryption mechanisms.
How to defend yourself. It is necessary to install the patches proposed by the developers of cryptographic libraries that disable support for SSLv2. For example, two such patches were presented for OpenSSL (in 2016 1.0.1s and 1.0.2g). Also, updates and instructions for disabling the vulnerable protocol were published in , , .
βA resource can be vulnerable to DROWN if its keys are used by a third-party server with SSLv2, such as a mail server,β notes the head of development Sergei Belkin. - This situation occurs if several servers use a common SSL certificate. In this case, you need to disable SSLv2 support on all machines.
You can check if your system needs to be updated using the special - it was developed by information security specialists who discovered DROWN. You can read more about recommendations related to protection against this type of attack in .
heartbleed
One of the biggest vulnerabilities in software . It was discovered in 2014 in the OpenSSL library. At the time the bug was announced, the number of affected websites - this is approximately 17% of the protected resources on the network.
The attack is implemented through a small TLS extension Heartbeat module. The TLS protocol requires that data be transmitted continuously. In the event of a long downtime, a break occurs and the connection has to be re-established. To cope with the problem, servers and clients artificially "noise" the channel () by sending a packet of random length. If it turned out to be more than the entire packet, then vulnerable versions of OpenSSL read memory outside the allotted buffer. This area could contain any data, including private encryption keys and information about other connections.
The vulnerability was present in all versions of the library between 1.0.1 and 1.0.1f inclusive, as well as in a number of operating systems - Ubuntu up to 12.04.4, CentOS older than 6.5, OpenBSD 5.3 and others. There is a complete list . Although patches against this vulnerability were released almost immediately after its discovery, the problem remains relevant to this day. Back in 2017 prone to Heartbleed.
How to defend yourself. Necessary to version 1.0.1g or higher. You can also disable Heartbeat prompts manually with the DOPENSSL_NO_HEARTBEATS option. After the update, information security specialists reissue SSL certificates. Replacement is needed in case the data on encryption keys still got to hackers.
Certificate substitution
A managed host with a legitimate SSL certificate is installed between the user and the server, actively intercepting traffic. This node pretends to be a legitimate server by presenting a valid certificate, and it becomes possible to carry out a MITM attack.
According to teams from Mozilla, Google and a number of universities, approximately 11% of secure connections on the network are "listened". This is the result of installing suspicious root certificates on users' computers.
How to defend yourself. Use the services of reliable . You can check the "quality" of certificates using the service (CT). Cloud providers can also help with the detection of "wiretapping" - today some large companies offer specialized tools for monitoring TLS connections.
Another way to protect will be a new ACME, which automates the receipt of SSL certificates. In doing so, it will add additional mechanisms to verify the owner of the site. More about him .
/flickr/ / CC BY
Perspectives on HTTPS
Despite a number of vulnerabilities, IT giants and information security experts are confident in the future of the protocol. For the active implementation of HTTPS WWW creator Tim Berners-Lee. Over time, TLS will become more secure, he says, which will greatly improve the security of connections. Berners-Lee even suggested that in client certificates for identity authentication. They will help improve the protection of servers from intruders.
It is also planned to develop SSL / TLS technology using machine learning - smart algorithms will be responsible for filtering malicious traffic. In HTTPS connections, administrators have no way to find out the content of encrypted messages, including detecting requests from malware. Already today, neural networks are able to filter potentially dangerous packets with an accuracy of 90%. ().
Conclusions
Most of the attacks on HTTPS are not related to problems in the protocol itself, but to the support of outdated encryption mechanisms. The IT industry is starting to phase out the previous generation of protocols and offering new tools to find vulnerabilities. In the future, these tools will become more and more intelligent.
Additional related links:
Source: habr.com