C.R.I.M.

E IN SSL
Nicole Longworth, Octavius Todd, Benjamin Moore

 Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL) Cryptographic protocols that provide communication security over the Internet. Developed by Netscape in 1994

What is SSL/TLS?

 Composed of two layers Record layer and Handshake layer Record layer Takes data provided by a higher-layer application, Fragments the data into manageable blocks, and Performs compression, symmetric-key encryption, and MAC digest generation. Handshake layer Performs session establishment and option negotiation, Determining the per-session symmetric keys, which are used in bulk by the record layer.

HOW IT WORKS

 Widely used by Internet browsers and web servers to transmit sensitive information They allow two peers to communicate securely by providing secure key exchange, authentication, encryption, and message integrity checks Any vulnerability in this protocol could put billions of users at risk

Importance of SSL/TLS

 Stands for Compression Ratio Info-Leak Made Easy Developed by Juliano Rizzo and Thai Duong Reveals the data compression scheme used by SSL and SPDY protocols Decrypts user authentication cookies from HTTPS

ABOUT C.R.I.M.E

 CRIME decrypts HTTPS cookies set by websites Users browser forced to send HTTPS requests to a targeted website Victim tricked into visiting malicious website while attack code is loaded Code can also be loaded into HTTP traffic over an open wireless network

Attacker controls path of new requests Analyzes length after compression to determine the value of the users session cookie Compares the compressed HTTPS requests as the leave the victims computer Both server and client need to support the compression feature in order for the CRIME attack to work

THE C.R.I.M.E ATTACK

TLS 1.0 Googles SPDY protocol Any application that uses TLS compression Older versions of Mozilla Firefox that support SPDY Older versions of Google Chrome that supported both TLS and SPDY

Vulnerable Systems

Their Solution
Disable compression

Our Solution
Encrypt entire HTTP packets Compress HTTP message bodies Eliminates possibility of CRIME in its current form Retains the security level of having compression disabled Retains benefits of having it enabled

Solutions to C.R.I.M.E

 Modifying the operation of the TLS record layer to compress only HTTP message bodies Distributing the new update

CHALLENGES

DEMO.

Questions?