'CRIME' attack abuses SSL/TLS data compression feature to hijack HTTPS sessions

SSL/TLS data compression leaks information that can be used to decrypt HTTPS session cookies, researchers say

By Lucian Constantin, IDG News Service |  Security

If we then generate another request but with "cookie = 556" instead of "cookie = 456," the compression algorithm will again replace "cookie =" because it matches the identical part from the existing "cookie = 123" string. This will result in a compressed request that is almost identical in length to the first one.

However, if we generate a third request, but with "cookie = 156" instead of "cookie = 456," the compression algorithm will now replace the "cookie = 1" part because it will match "cookie = 1" from the existing "cookie = 123" string. The resulting request will be shorter than the previous two requests because a longer part was replaced.

If we were to assume that we didn't know the 123 value from the first string in advance, the variation in compression ratio for the third request will indicate that we just guessed the first character of that value -- 1.

We can then start the same process again, but now using the already known character and trying different variants for the second one until we see a new variation in compression ratio. CRIME is based on the same principle.

It uses JavaScript or plain HTML code to force the victim's browser to repeatedly initiate requests to the targeted HTTPS website. The attack code can be loaded into the victim's browser by tricking the victim into visiting a compromised or malicious website or by injecting it into the victim's legitimate HTTP traffic when connected over an open wireless network.

The attack code can't read the session cookie included in the requests because of security mechanisms in the browser. However, it can control the path of every new request and can insert different strings into it in an attempt to match the value of the cookie.

The attacker needs to be able to compare the compressed HTTPS requests as they leave the victim's computer. Therefore, he needs to either be on the same open wireless network as the victim, be in control of the victim's home router or be on the same local area network as the victim, in which case other attack techniques like ARP spoofing can be used.

Session cookie values can be quite long and are made up of uppercase letters, lowercase letters and digits. As a result, the CRIME attack code has to initiate a very large number of requests in order to decrypt them, which can take several minutes.

However, the researchers have developed some algorithms that make the attack more efficient. "One of the CRIME algorithms makes less than 6 request to decrypt each byte. Sometimes 4 is enough, we can tune it," Rizzo said Wednesday on Twitter.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness