HTTPS Bicycle Attack

資安議題研究區

HTTPS Bicycle Attack

Postby B2W » Mon Jan 11, 2016 2:36 pm

Websense security researcher, Nicholas Griffin, explains http://blogs.websense.com/security-labs/https-bicycle-attack-obtaining-passwords-tls-encrypted-browser-requests?cmpid=pr how an attack targeting a victim's password would work:

“All a user needs to do is have a packet capture of requests to a known site, including an authentication (login) request containing an already known username and an unknown plain-text password. If an attacker can determine the user's browser and how that browser would send requests to the site, they can subtract the length of all the known data the browser would send except for the piece of information they are interested in, which will result in them knowing the length of the unknown data.”

這攻擊是由TLS加密的Request取得敏感資訊,因為是被動式(passive),受害者並無法偵測。
現階段這不是很大的問題,因為有不同的需求要滿足才能破解:
1. TLS必須為stream based
2. 此攻擊可揭露出各敏感資訊欄位的長度,包含帳號、密碼、IP位址等等
3. 攻擊者必須攔截到用戶傳到主機的含敏感資訊request(例如利用中間人攻擊, Man-in-the-Middle Attack))
4. 攻擊者將取得敏感資訊的長度,非明文

獲得敏感資訊的長度會讓它們更容易被破解,重要的系統還是要使用至少two-factor authentication,防止其中一個防護措施出現問題。
B2W
 
Posts: 22
Joined: Fri May 02, 2014 1:53 am

Return to 研究專區(Research Area)

cron