一种防范TLS协议降级攻击的浏览器安全模型

doi:10.3969/j.issn.1671-1122.2020.03.009

信息网络安全 ›› 2020, Vol. 20 ›› Issue (3): 65-74.doi: 10.3969/j.issn.1671-1122.2020.03.009

一种防范TLS协议降级攻击的浏览器安全模型

张兴隆^1,², 李钰汀^1,², 程庆丰^1,²(), 郭路路^1,²

1.战略支援部队信息工程大学,郑州 450002
2.数学工程与先进计算国家重点实验室,郑州 450002

收稿日期:2019-05-15 出版日期:2020-03-10 发布日期:2020-05-11
作者简介:
作者简介：张兴隆(1994—),男,安徽,硕士研究生,主要研究方向为密码学和信息安全;李钰汀(1996—),女,河南,硕士研究生,主要研究方向为密码学和信息安全;程庆丰(1979—),男,辽宁,副教授,博士,主要研究方向为密码学和信息安全;郭路路(1990—),男,河南,硕士,主要研究方向为信息安全和漏洞挖掘。
基金资助:
国家自然科学基金[61872449]

A Browser Security Model for Preventing TLS Protocol Downgrade Attacks

ZHANG Xinglong^1,², LI Yuting^1,², CHENG Qingfeng^1,²(), GUO Lulu^1,²

1. PLA Strategic Support, Force Information Engineering University, Zhengzhou 450002, China
2. State Key Laboratory of Mathematics Engineering and Advanced Computing, Zhengzhou 450002, China

Received:2019-05-15 Online:2020-03-10 Published:2020-05-11

摘要/Abstract

摘要：

在TLS握手期间,攻击者可以利用一个或两个通信方对旧版本或弱密码套件的支持发起一系列的攻击,这种攻击被称为降级攻击。近年来与TLS相关的降级攻击被广泛研究,可以发现这些攻击并非完全相同,现有文献缺乏一种有效的分类法对它们进行分类和比较,从而在全局视角下研究降级攻击。基于此,文章提出了一种降级攻击的分类方法,并按照该方法对15种已经公开发布的针对TLS协议的降级攻击方法进行了分类。进一步,文章提出了一种轻量级机制,用于Web浏览器中的细粒度TLS安全配置。该机制允许浏览器为进入敏感域的连接强制实施最佳TLS安全配置,同时保持其余连接实施默认配置,从而检测并防止降级攻击和服务器错误配置。

关键词: TLS, 降级攻击, Web浏览器, 细粒度TLS安全配置

Abstract:

During a TLS handshake, an attacker who uses one or two parties to support an old version or a weak cipher suite for a series of attacks is called a downgrade attack. In recent years, TLS-related downgrade attacks have been extensively studied. In-depth study of these attacks reveals that they are not identical. The existing literature lacks a taxonomy to classify and compare them, which helps to study downgrade attacks from a global perspective. Based on this, the article proposes a classification method for downgrade attacks, focusing on fifteen kinds of downgraded attacks against the TLS protocol that have been publicly released. In addition, the article proposes a lightweight mechanism for fine-grained TLS security configuration in Web browsers. This mechanism allows the browser to enforce optimal TLS security configuration for connections entering sensitive domains while maintaining the default configuration of the remaining connections. This article mechanism can detect and prevent downgrade attacks and server misconfiguration.

Key words: TLS, downgrade attack, Web browser, fine-grained TLS security configuration

中图分类号:

TP309

张兴隆, 李钰汀, 程庆丰, 郭路路. 一种防范TLS协议降级攻击的浏览器安全模型[J]. 信息网络安全, 2020, 20(3): 65-74.

ZHANG Xinglong, LI Yuting, CHENG Qingfeng, GUO Lulu. A Browser Security Model for Preventing TLS Protocol Downgrade Attacks[J]. Netinfo Security, 2020, 20(3): 65-74.

图/表 4

图1

表1

图2

表2

参考文献 19

[1]	MÖLLER B, DUONG T, KOTOWICZ K. This POODLE Bites: Exploiting the SSL 3.0 Fallback[EB/OL]. , 2014-9-1.
[2]	BEURDOUCHE B, DELIGNAT L A, KOBEISSI N, et al.FLEXTLS: A Tool for Testing TLS Implementations[C]//USENIX. 9th USENIX Workshop on Offensive Technologies(WOOT 15), August 10-11, 2015, Washington, DC, USA. Washington: USENIX Association, 2015: 123-132.
[3]	AVIRAM N, SCHINZEL S, SOMOROVSKY J, et al.DROWN: Breaking TLS Using SSLv2[C]//USENIX. 25th USENIX Security Symposium(USENIX Security 16), August 10-12, 2016, Austin, TX, USA. Washington: USENIX Association, 2016: 689-706.
[4]	MEYER C, SOMOROVSKY J, WEISS E, et al.Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks[C]//USENIX. 23rd USENIX Security Symposium(USENIX Security 14), August 20-22, 2014, San Diego, CA, USA. Washington: USENIX Association, 2014: 733-748.
[5]	BHARGAVAN K, LEURENT G.Transcript Collision Attacks: Breaking Authentication in TLS, IKE, and SSH[C]//NDSS. the Network and Distributed System Security Symposium(NDSS 2016), February 21-24, 2016, San Diego, California, USA. California: The Internet Society, 2016: 234-239.
[6]	DURUMERIC Z, ADRIAN D, MIRIAN A, et al.Neither Snow nor Rain nor MITM: An Empirical Analysis of Email Delivery Security[C]//ACM. 2015 Internet Measurement Conference, October 28-30, 2015, Tokyo, Japan. NY: ACM, 2015: 27-39.
[7]	ADRIAN D, BHARGAVAN K, DURUMERIC Z, et al.Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice[C]//ACM. 22nd ACM SIGSAC Conference on Computer and Communications Security, October 12-16, 2015, Denver, CO, USA. NY: ACM, 2015: 5-17.
[8]	BEURDOUCHE B, BHARGAVAN K, DELIGNAT L A, et al.A Messy State of the Union: Taming the Composite State Machines of TLS[C]//IEEE. 2015 IEEE Symposium on Security and Privacy, May 17-21, 2015, San Jose, CA, USA. NJ: IEEE, 2015: 535-552.
[9]	DURUMERIC Z, MA Z, SPRINGALL D, et al.The Security Impact of HTTPS Interception[C]//NDSS. Network and Distributed System Security Symposium(NDSS 2017), February 26-March 1, 2017, San Diego, California, USA. California, The Internet Society, 2017: 345-354.
[10]	WAGNER D, SCHEIER B.Analysis of the SSL 3.0 Protocol[C]//USENIX. USENIX Workshop on Electronic Commerce, August 31-September 3, 1996, Boston, Massachusetts, USA. Washington: USENIX Association, 1996: 29-40.
[11]	BHARGAVAN K, BRZUSKA C, FOURNET C, et al.Downgrade Resilience in Key-exchange Protocols[C]//IEEE. 2016 IEEE Symposium on Security and Privacy, May 22-26, 2016, San Jose, CA, USA. NJ: IEEE, 2016: 506-525.
[12]	JACKSON C, BARTH A.Forcehttps: Protecting High-security Web Sites from Network Attacks[C]//ACM. 17th International Conference on World Wide Web, April 21-25, 2008, Beijing, China. NY: ACM, 2008: 525-534.
[13]	SZALACHOWSKI P, MATSUMOTO S, PERRIG A.PoliCert: Secure and Flexible TLS Certificate Management[C]//ACM. 2014 ACM SIGSAC Conference on Computer and Communications Security, November 3-7, 2014, Scottsdale, AZ, USA. NY: ACM, 2014: 406-417.
[14]	MAVROGIANNOPOULOS N, VERCAUTEREN F, VELICHKOV V, et al.A Cross-protocol Attack on the TLS Protocol[C]//ACM. 2012 ACM Conference on Computer and Communications Security, October 15-19, 2018, Toronto, Canada. NY: ACM, 2012: 62-72.
[15]	ALASHWALI E S, SZALACHOWSKI P.DSTC: DNS-based Strict TLS Configurations[C]//Springer. Risks and Security of Internet and Systems-13th International Conference(CRiSIS 2018), October 16-18, 2018, Arcachon, France. Berlin: Springer, 2018: 93-109.
[16]	STONE C M M, CHOTHIA T, Ruiter J. Extending Automated Protocol State Learning for the 802.11 4-way Handshake[C]// Springer. Computer Security-23rd European Symposium on Research in Computer Security(ESORICS 2018), September 3-7, 2018, Barcelona, Spain. Berlin: Springer, 2018: 325-345.
[17]	SAMARASINGHE N, MANNAN M. Another Look at TLS Ecosystems in Networked Devices vs. Web Servers[EB/OL]. , 2019-2-15.
[18]	EASTLAKE D. Domain Name System Security Extensions[EB/OL]. , 1999-3-1.
[19]	SCHECHTER S. Storing HTTP Security Requirements in the Domain Name System[EB/OL]. , 2007-10-28.

编号	降级攻击	元素			漏洞			方法			损害
编号	降级攻击	S	V	L	I	D	T	D	M	I	B	W
1	SSL2.0 Ciphersuite rollback ^[10]	√				√			√		√
2	SSL3.0 Version rollback^[10]		√			√			√		√
3	SSL3.0 key-exchange rollback^[10]	√				√			√		√
4	DHE key-exchange rollback^[14]	√				√			√		√
5	TLS 1.0-1.1 SLOTH^[5]		√			√			√		√
6	POODLE version downgrade^[1]		√		√			√			√
7	FREAK^[8]	√			√				√		√
8	DROWN^[3]	√					√		√		√
9	Forward Secrecy rollback^[8]	√			√			√				√
10	Logjam^[7]	√				√			√		√
11	SMTPS to SMTP^[6]			√		√			√		√
12	Proxied HTTPS^[9]			√			√			√	√
13	TLS1.3 Version rollback^[11]		√			√			√		√
14	TLS1.3 Downgrade-dance version fallback^[11]		√		√			√			√
15	TLS1.3HelloRetry downgrade^[11]	√				√				√		√

策略级别	TLS协议版本	密码套件
Strict	TLS 1.3	AE和FS
Default	TLS 1.3、TLS 1.2、TLS 1.1和TLS 1.0	FS和非FS、 AE和非AE等15种

一种防范TLS协议降级攻击的浏览器安全模型

A Browser Security Model for Preventing TLS Protocol Downgrade Attacks

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 4

参考文献 19

相关文章 5

编辑推荐

Metrics

本文评价

[1]	徐国天. 基于异常加密流量标注的Android恶意进程识别方法研究[J]. 信息网络安全, 2020, 20(7): 30-41.
[2]	项川, 潘无穷, 黎火荣, 林璟锵. 支持商密算法TLS浏览器的设计与实现[J]. 信息网络安全, 2017, 17(4): 26-33.
[3]	陈庆;杨磊. SSL协议应用中安全技术问题探究[J]. , 2012, 12(4): 0-0.
[4]	王勇;谢晓丹;芦翔. 802.11Mesh网络安全连接的实验评估研究[J]. , 2012, 12(3): 0-0.
[5]	刘静;李升. 无线高速接入点中改进的802.1X安全传输机制研究[J]. , 2011, 11(8): 0-0.