If not redirected, please click here https://www.thesecuritybuddy.com/vulnerabilities/what-is-crime-attack/
A CRIME Attack
or Compression Ratio Info-leak Made Easy
Attack is an attack in which the attacker manages to decrypt the
HTTPS cookie placed in a computer of a user and exploit that to
impersonate the user in a web application and steals sensitive data
thereafter. This attack is possible for HTTPS connections that also
use data compression feature of SSL/TLS.
The attack was first
found by two security researchers Juliano Rizzo and Thai Duong.
Let's understand what
that attack is actually.
CRIME Attack
HTTPS protocol
internally uses SSL/TLS. When two hosts connect to each other using
HTTPS protocol, a TLS connection is first established and then the
data is transferred in encrypted fashion. So, it is very difficult
for an eavesdropper to listen to the conversation and get sensitive
information.
On the other hand, when
a user logs in to a web application, authentication information is
stored in a cookie inside the user's computer. So, after
authentication, if the user's browser makes any HTTPS request to the
web application, the authentication information stored in the cookie
is used.
If an attacker has
access to the authentication cookie, he can impersonate the victim to
log in to his account in the web application. But, normally it is
very difficult for the attacker to access this authentication cookie.
Moreover, in HTTPS connection, the cookie is compressed using
lossless data compression algorithm and then encrypted and is sent.
So, the attacker cannot get the value of the cookie by mere
eavesdropping.
In CRIME Attack, the
attacker sends several HTTPS requests to the web application with a
cookie value which is appended with a few random characters over the
actual cookie of the victim. And, listens to the conversation to get
the compressed and encrypted value of the cookie. After that, the
attacker analyzes the results to get the actual value of the cookie.
To understand further,
we need to know a little bit about the lossless compression algorithm
that is used in the HTTPS connections.
Let's suupose, the
value of the cookie is :
BBBBACDE
After compression, the
value of the cookie would be :
4BACDE
At this point, if we
prepend the data with one more A, the cookie and its compressed value
would be :
ABBBBACDE
A4BACDE
But, if we prepend the
value with a B, the cookie and its compressed value would be :
BBBBBACDE
5BACDE
So, if we prepend the
data with a B, the compressed value will be less than the compressed
value of the data when we prepend it with an A. Thus we have come to
know the first part of the data, which is a B. Next, we can prepend
the original data with BA, BB and so on and find out that the rest of
the data.
So, if someone prepends
the data with some carefully chosen values and observes the length of
the compressed values, he will be able to guess the whole data. This
is true even after the data is encrypted after compression. If
someone prepends the original data with random data and observes the
length of the compressed and encrypted data, the same relationship
will hold.
Now, in a CRIME attack,
the attacker first uses some social engineering to trick the victim
to click on a link. He may send the victim an email saying, Look
at some interesting pictures ! The link
actually points to a malicious script of the attacker's website.
When a victim clicks on
the link when he is already authenticated to the web application, the
malicious script will run and it will send several HTTPS request to
the web application using the authentication cookie of the victim,
prepended with some random bytes.
At this point, if the
attacker is on same wireless networks as that of the victim or is
controlling the router of the victim or is in same local networks as
that of the victim, the attacker can now listen to the conversation
and observe the length of the compressed and encrypted cookie with
each HTTPS requests.
As explained above,
because of the property of the compression algorithm used in HTTPS
connections, the attacker can analyze those values and derive the
value of the authentication cookie.
The attacker can now
easily impersonate the victim and login to the victim's account in
the web application to steal his sensitive data like credit card
numbers, social security numbers, passwords etc.
Mitigation
- One way of dealing with CRIME attack is to disable compression mechanism in HTTPS requests.
- TLS connections should use Cipher Chaining Block or CBC ciphers. This will reduce the relationship of encrypted data with the plaintext data, thereby making it much difficult for the attackers to analyze the encrypted data and deduce the actual value of data.
- Cross Site Request Forgery or CSRF Attacks must be prevented efficiently. Because the attacker first injects his malicious script to make several HTTPS requests using CSRF attacks only.
- Browsers should be upgraded with recent security patches.
So, beware of various
security vulnerabilities, so that you can protect your data in a
better way and stay safe, stay secured.
No comments:
Post a Comment