ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication

Presented at Black Hat USA 2021, Aug. 4, 2021, 10:20 a.m. (40 minutes).

TLS is widely used to add confidentiality, authenticity, and integrity to application layer protocols such as HTTP, SMTP, IMAP, POP3, and FTP. However, TLS does not bind a TCP connection to the intended application layer protocol. This allows a man-in-the-middle attacker to redirect TLS traffic to a different TLS service endpoint on another IP address and/or port. For example, if subdomains share a wildcard certificate, an attacker can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one service may compromise the security of the other at the application layer.

We investigate cross-protocol attacks on TLS in general and conduct a systematic case study on web servers, redirecting HTTPS requests from a victim's web browser to SMTP, IMAP, POP3, and FTP servers. We show that in realistic scenarios, the attacker can extract session cookies and other private user data or execute arbitrary JavaScript in the context of the vulnerable web server, therefore bypassing TLS and web application security.

We evaluate the real-world attack surface of web browsers and widely-deployed email and FTP servers in lab experiments and with internet-wide scans. We find that 1.4M web servers are generally vulnerable to cross-protocol attacks, i.e., TLS application data confusion is possible. Of these, 114k web servers can be attacked using an exploitable application server. Finally, we discuss the effectiveness of TLS extensions such as Application Layer Protocol Negotiation (ALPN) and Server Name Indication (SNI) in mitigating these and other cross-protocol attacks.


Presenters:

  • Marcus Brinkmann - Dipl.-Math., Ruhr University Bochum
    Marcus Brinkmann received the diploma degree in mathematics from the Ruhr University Bochum, Germany, in 2012 for his work on cryptographic Boolean functions, and is currently pursuing the PhD degree with the Horst-Görtz Institute for IT Security, Ruhr University Bochum, Germany. His research interests also include applied cryptography and practical security of network protocols.
  • Juraj Somorovsky - Prof. Dr.-Ing., Paderborn University
    Juraj Somorovsky is a security researcher at the Paderborn University and co-founder of Hackmanit GmbH. He is a co-author of several recent TLS attacks (e.g., DROWN, ROBOT, and RACCOON) and the main developer of a flexible tool for TLS analyses: TLS-Attacker (<a href="https://protect-us.mimecast.com/s/oUQmCVO5NBc2gZV2OFzH6ah?domain=github.com" data-mce-href="https://protect-us.mimecast.com/s/oUQmCVO5NBc2gZV2OFzH6ah?domain=github.com">https://github.com/tls-attacker/TLS-Attacker</a>). Beyond TLS, he likes to break stuff in the areas of Web and crypto.<br>

Links:

Similar Presentations: