Truncating TLS Connections to Violate Beliefs in Web Applications

Presented at Black Hat USA 2013, July 31, 2013, 3:30 p.m. (60 minutes).

We identify logical web application flaws which can be exploited by TLS truncation attacks to desynchronize the user- and server-perspective of an application's state. It follows immediately that servers may make false assumptions about users, hence, the flaw constitutes a security vulnerability. Moreover, in the context of authentication systems, we exploit the vulnerability to launch the following practical attacks: we exploit the Helios electronic voting system to cast votes on behalf of honest voters, take full control of Microsoft Live accounts, and gain temporary access to Google accounts.


Presenters:

  • Ben Smyth
    Ben Smyth is a postdoctoral researcher at INRIA, Paris, France. He is interested in the verification of cryptographic protocols and broadly focuses on the following complimentary topics: developing procedures for the evaluation of security properties and, specifying and analysing properties of protocols. His analysis has lead to the discovery of attacks against: the Direct Anonymous Attestation scheme proposed by HP, IBM and Intel in the context of trusted computing; the Helios electronic voting protocol; and the online banking systems offered by the Lloyds Banking Group (including Bank of Scotland & Halifax), the Royal Bank of Scotland Group (including Natwest, Royal Bank of Scotland & Ulster bank) and Barclays.
  • Alfredo Pironti - INRIA
    Alfredo Pironti is a postdoctoral researcher at INRIA, Paris, France. His research interests are focused on verification of security protocol implementations and traffic analysis. He developed and verified the cryptographic security of miTLS, an open source reference implementation of the TLS protocol. He also designed traffic analysis countermeasures for TLS which are under standardisation. In the past, he designed and developed Spi2Java, a framework for the automatic generation of Java implementations of security protocols from formal specifications.

Links:

Similar Presentations: