Tag Archives: web security

19/07/2017 – Talks by Mauro Tempesta, Francesco Palmarini, Heider Wahsheh, Marco Squarcina

The program of the day will be:

11.00 Mauro Tempesta
11.20 Francesco Palmarini
11.40 Heider Wahsheh
14.00 Marco Squarcina

Titles and abstracts follow:

Title: Run-time Attack Detection in Cryptographic APIs
Speaker: Marco Squarcina
Abstract:
Cryptographic APIs are often vulnerable to attacks that compromise
sensitive cryptographic keys. In the literature we find many proposals
for preventing or mitigating such attacks but they typically require to
modify the API or to configure it in a way that might break existing
applications. This makes it hard to adopt such proposals, especially
because security APIs are often used in highly sensitive settings, such
as financial and critical infrastructures, where systems are rarely
modified and legacy applications are very common. In this talk we
propose a different approach. We introduce an effective method to
monitor existing cryptographic systems in order to detect, and possibly
prevent, the leakage of sensitive cryptographic keys. The method
collects logs for various devices and cryptographic services and is able
to detect, offline, any leakage of sensitive keys, under the assumption
that a key fingerprint is provided for each sensitive key. We define key
security formally and we prove that the method is sound, complete and
efficient. We also show that without key fingerprinting completeness is
lost, i.e., some attacks cannot be detected. We discuss possible
practical implementations and we develop a proof-of-concept log analysis
tool for PKCS#11 that is able to detect, on a significant fragment of
the API, all key-management attacks from the literature.

14/07/2017 – Talk by Matus Namec

Title: Measuring Popularity of Cryptographic Libraries in Internet-Wide Scans Fingerprinting
Time: 11:00
Location: Skype call
Type: Research Result
Speaker: Matus Nemec
Abstract:
We measure the popularity of cryptographic libraries in large datasets of RSA public keys. We do so by improving a recently proposed method based on biases introduced by alternative implementations of prime selection in different cryptographic libraries. We extend the previous work by applying statistical inference to approximate a share of libraries matching an observed distribution of RSA keys in an inspected dataset (e.g., Internet-wide scan of TLS handshakes). The sensitivity of our method is sufficient to detect transient events such as a periodic insertion of keys from a specific library into Certificate Transparency logs and inconsistencies in archived datasets.

We apply the method on keys from multiple Internet-wide scans collected in years 2010 through 2017, on Certificate Transparency logs and on separate datasets for PGP keys and SSH keys. The results quantify a strong dominance of OpenSSL with more than 84% TLS keys for Alexa 1M domains, steadily increasing since the first measurement. OpenSSL is even more popular for GitHub client-side SSH keys, with a share larger than 96%. Surprisingly, new certificates inserted in Certificate Transparency logs on certain days contain more than 20% keys most likely originating from Java libraries, while TLS scans contain less than 5% of such keys.

Since the ground truth is not known, we compared our measurements with other estimates and simulated different scenarios to evaluate the accuracy of our method. To our best knowledge, this is the first accurate measurement of the popularity of cryptographic libraries not based on proxy information like web server fingerprinting, but directly on the number of observed unique keys.

04/02/2015 – Talk by Wilayat Khan

Title: Web Session Security: Formal Verification, Client-Side Enforcement and Experimental Analysis
Time: 13:00
Location: Meeting room
Type: Research Result
Speaker: Wilayat Khan
Abstract:

Web applications are the dominant means to provide access to millions of on-line  services and applications such as banking and e-commerce. To personalize users’  web experience, servers need to authenticate the users and then maintain their authentication state throughout a set of related HTTP requests and responses called a web session. As HTTP is a stateless protocol, the common approach, used by most of the web applications to maintain web session, is to use HTTP cookies. Each request belonging to a web session is authenticated by having the web browser to provide to the server a unique long random string, known as session identifier stored as cookie called session cookie. Taking over the session identifier gives full control over to the attacker and hence is an attractive target of the attacker to attack on the confidentiality and integrity of web sessions. The browser should take care of the web session security: a session cookie belonging to one source should not be corrupted or stolen or forced, to be sent with the requests, by any other source.

This research demonstrates that security policies can in fact be written down for both, confidentiality and integrity, of web sessions and enforced at the client side without getting any support from the servers and without breaking too many web applications. Moreover, the enforcement mechanisms designed can be proved correct within mathematical models of the web browsers. These claims are supported by

1) defining both, end-to-end and access control, security policies to protect web sessions;

2) introducing a new and using exiting mathematical models of the web browser extended with confidentiality and integrity security policies for web sessions;

3) offering mathematical proofs that the security mechanisms do enforce the security policies; and

4) designing and developing  prototype browser extensions to test that real-life web applications are supported.

23/07/2014 – Talk by Wilayat Khan

Title: Client Side Web Session Integrity as a Non-Interference Property
Time: 11:00
Location: Meeting room
Type: Research Result
Speaker: Wilayat Khan
Abstract:

Because of the stateless nature of the HTTP protocol, web applications
that need to maintain state over multiple interactions with a client have
to implement some form of session management: the server needs to know to
what ongoing session (if any) incoming HTTP requests belong. Sessions are
usually implemented by means of session cookies, which are unpredictable
random identifier generated by the server at the start of a session.

Sessions can be attacked at network (e.g. sniffing), implementation (e.g.
script injection) and application layers. The attacks at the first two
layers are well-understood problems with well-understood solutions,
however, the problem of application-level session integrity is not yet
well-understood. An attack at application layer happens when a page in the
browser send malicious requests to any of the servers that the browser
currently has a session with, and that request will automatically get the
session cookie attached and hence will be considered as part of a
(possibly authenticated) session by the server, leading to CSRF attacks.
Moreover, malicious requests can also be sent by scripts included in or
injected by an attacker into a page from the same origin.

In this work, we refined our previous ideas to the classical
noninterference property as known from information flow security and
designed an information flow control technique that can enforce session
integrity in a more permissive and fine-grained way than access control
mechanisms.

27/11/2013 – Talk by Stefano Calzavara

Title:  Formalizing and Enforcing Web Session Integrity
Time: 11:00
Location: Meeting room
Type: Research Result
Speaker: Stefano Calzavara
Abstract:
Enforcing protection at the browser side has recently become a popular approach for securing web authentication, even when web application developers do not follow recommended security guidelines. Though interesting, existing attempts in the literature only address specific classes of attacks, and thus fall short of providing robust foundations to reason on web authentication security. In this talk we provide such foundations, by introducing a novel notion of web session integrity, which allows us to capture many existing attacks and spot some new ones. We then discuss FF+, a security-enhanced model of a web browser that provides a full-fledged and provably sound enforcement of web session integrity. We leverage our theory to develop SessInt, a prototype extension for Google Chrome implementing the security mechanisms formalized in FF+.   SessInt provides a level of security very close to FF+, while keeping an eye at usability and user experience.