'CRIME' attack abuses SSL/TLS data compression feature to hijack HTTPS sessions
SSL/TLS data compression leaks information that can be used to decrypt HTTPS session cookies, researchers say
IDG News Service - The 'CRIME' attack announced last week exploits the data compression scheme used by the TLS (Transport Layer Security) and SPDY protocols to decrypt user authentication cookies from HTTPS (HTTP Secure) traffic, one of the attack's creators confirmed Thursday.
The 'CRIME' attack was developed by security researchers Juliano Rizzo and Thai Duong, who plan to present it next week at the Ekoparty security conference in Buenos Aires, Argentina.
Rizzo and Duong revealed last week that CRIME abuses an optional feature present in all versions of TLS and SSL (Secure Sockets Layer) -- the cryptographic protocols used by HTTPS. However, they declined to name the feature at that time.
On Saturday, Thomas Pornin, a cryptography architect from Quebec, Canada, suggested on a technical question-and-answer website that the feature abused by CRIME might be the SSL/TLS data compression. Pornin even proposed an attack that matched the general description of CRIME.
Rizzo confirmed Thursday via email that CRIME exploits that data compression feature of SSL and TLS. However, SPDY -- a networking protocol that uses a similar compression scheme -- is also vulnerable, he said.
The SPDY (pronounced speedy) protocol was developed by Google and uses techniques like compression, multiplexing and prioritization to reduce the latency of Web pages. It doesn't replace HTTP or HTTPS, but can be used to speed them up.
SPDY has been implemented in Google Chrome and Firefox and is supported by several popular websites including Google search, Gmail and Twitter.
CRIME decrypts HTTPS cookies set by websites to remember authenticated users by means of brute force. The attack code forces the victim's browser to send specially crafted HTTPS requests to a targeted website and analyzes the variation in their length after they've been compressed in order to determine the value of the victim's session cookie.
This is possible because SSL/TLS and SPDY use a compression algorithm called DEFLATE, which eliminates duplicate strings.
For example, if we generate a request that contains a "cookie = 123" string and a "cookie = 456" string and then we compress it with DEFLATE, the compression algorithm will replace the "cookie =" part from the second string with a small token that points to the location of the "cookie =" part from the first string. This will result in a smaller request.
If we then generate another request but with "cookie = 556" instead of "cookie = 456," the compression algorithm will again replace "cookie =" because it matches the identical part from the existing "cookie = 123" string. This will result in a compressed request that is almost identical in length to the first one.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts