February 14, 2007
SSL Redux
I decided to turn to the specification for TLS in determining the feasibility of my proposed attack from the other day. I was a little bit wrong in an assumption about how SSLv3 and TLS work with regards to client certificates, although the attack still works with some slight modification.
Negotiation works by the client side generating a random number (called the premaster_secret), encrypting with the client's private key, and shipping it to the server. The server then decrypts the value using the client's public key, and can simultaneously verify the client's authority to access the server, as well as use the now-decrypted premaster_secret to start making shared secret keys between the client and server.
The client-cert-forwarding attack still works, though, because of browsers being silly. My web browsers (IE7 and Firefox 2.0.0.1) both prompt for my smartcard PIN precisely once. After that, they sign whatever client cert requests are asked of them by any trusted server that chooses to ask it. Trusted servers are just those servers that happen to have valid certificates (e.g. someone paid a few dollars to have Verisign generate a key for them). If the site has an invalid key, the client will still sign, so long as he/she clicks "Okay" on the invalid certificate box.
Assuming our intermediary server receives a connection from the client, the client will generate a premaster_secret and send it to the intermediary. The intermediary can then open a connection to the bank, or what-have-you, and use the same premaster_secret. It has the premaster_secret that the client used in both decrypted form (using the client's public key) and encrypted form (what it initially received from the client, prior to decryption)...there seems to be no reason that the intermediary couldn't do this.
To define the problem in a rigorous way that points fingers at the things that need to be fixed is a little complicated, because SSL is a little complicated surrounding client certificates. The real solution is still to do something like have the client encrypt the premaster_secret concatenated with the target server...his way the target server will know the premaster_secret, but won't be able to generate appropriate ciphertext for the bank. Of course, the protocol people might say something like the SSL-library implementors should change their ways and not blindly sign certificates for sites. I guess I'll find out...
Post a comment
Further back...
ArchivesFriends and Family
Search
Previous Trips...
-
Hiking Mount Whitney, 2007 
Spring Break in West Virginia, 2005
New Year's in Paris, 2003-2004
Coming to America, 2003
Protesting in Berlin, 2003
Prague Bier-Tour, 2002
Dresden, 2002
Recent Reading
![]()
The Curve of Binding Energy
John McPhee follows famous physicist Ted Taylor in this piece that was -- and probably still -- ahead of its time.
Originally published in 1973, McPhee outlined the coming security and environmental issues surrounding the plutonium enrichment processes. For the most part, though, McPhee invites the reader to draw his or her own conclusions, although he does point out the ease with which any number of people could obtain the material (though not necessarily the manufacturing prowess) to make an atomic weapon.
The question still sits in my mind after reading -- are we being too paranoid, or not paranoid enough?
Rated 
by reid
on October 01, 2007
by reid
on October 01, 2007
![]()
Zodiac
Zodiac touts itself as an 'eco-thriller,' and it is just that. Told from the first-person perspective of ST (or Sangamon Taylor), the book recounts a roughly six-month period of his life busting big corporations for violating environmental laws.
Not the tree-hugging political activist type, ST is equipped with chem labs, scuba divers, maps, and an organization (GEE International, the Group of Environmental Extremists) that masterfully brings the press into the fold to scare the public with the very real dangers posed by illegal dumping. It's sort of a Sierra Club member's wet dream -- a band of ecowarriors that actually get things done.
ST finds something odd happening in Boston Harbor during his tale: a new form of pollution that could poison everyone on the planet in a matter of weeks. His quest to uncover exactly who and what is causing the latest spike in toxins goes all the way up to the President of the United States, and could end up costing him his own life.
While a neat and fast-paced tale, the novel drags on a bit toward the end, begging disbelief from even the most forgiving sci-fi folk. While not as good as his latest offerings, it's still a great read for those that enjoy a good Stephenson novel (or even those who don't).
Rated 
by reid
on July 17, 2005
by reid
on July 17, 2005
![]()
Cat's Cradle
A few years ago, I attempted to woo an online datee, and she immediately criticized me for my politics. I protested the war on Iraq, which was "a shame." She defended her position of complete noninvolvement by standing behind Vonnegut.
It may seem odd to open a review that way. My assumption is now not that she was an idiot, but that she had only read Cat's Cradle, and only with a rather odd viewpoint.
Cat's Cradle looks at a cold-war world where the personifications of religious, political, and scientific single-mindedness collide to destroy the world.
Vonnegut tells a masterful tale, but it makes me wonder what one person's indifference would do to prevent us from all dying? So for now I will continue to unblindly stop unjust wars, even while I'm only reading.
Rated by reid
on July 17, 2005
by reid
on July 17, 2005