Bad Life Advice: Never Give Up - Replay Attacks Against HTTPS

(joint work with Thiago Valverde and Quan Nguyen -- see also Thiago's post on his blog)

I was once advised by a self-help book that I should never give up, be confident in myself, and keep trying. The secret to success is failure, wrote cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book. I'd always believed that this is a great wisdom until Thiago and Quan helped me realize that it could lead to replay attacks.

A few weeks ago we found that because Chrome (and Firefox and possibly ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r browsers) automatically retries failed requests, a man-in-cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365-middle adversary can easily duplicate and replay HTTPS traffic. More details can be found in Thiago's blog post, but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 attack can be summarized as follows:

* The adversary sets itself up as a TCP layer relay for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 targeted TLS connection to, say, google.com.

* When cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 adversary detects a request that it wants to replay (using traffic analysis), it copies all relevant TLS records, and instead of relaying cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 HTTP response from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 server it just closes cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 socket to Chrome. It keeps cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 leg to google.com open.

* Over a fresh socket, Chrome would automatically retry cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 (presumably failed) request. The adversary would cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n forward it normally to google.com.

* Adversary replays cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 copied records to google.com, which will happily accept cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m.

This a cute attack, but we don't think it's too alarming. While Thiago made a proof of concept which works like a charm against an internal tool at Google, we failed to mount cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 attack against PayPal though. It looks like most important websites that we looked at have some defense against this attack, probably not because cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are aware of it, but because cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y just want to prevent cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir users from unintentionally sending duplicated requests.

Still it's amusing thinking about what has gone wrong here. I don't blame TLS, which does cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 right thing when it comes to replay attacks. TLS promises that none can replay its records, and it delivers by using random nonces and sequence numbers. No TLS records were replayed in our attack. We can't do that. What we replayed was HTTP payload.

This attack exploits a mismatch between what is promised by TLS and what is actually deployed. TLS proudly declares, "Alright. TLS clients and servers of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world, we protect your traffic against replay attacks," but our beloved protocol can't do nothing when clients replay cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir own traffic, which is what happening in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 real world. As a result servers still have to defend cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365mselves, which is surprising, and might caught some developers off-guard.

Moral of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 story: give up on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first failure and stop reading self-help books.

Comments