计算机领域-国际顶级会议论文(关于网络安全方面)

Empowering Users Against SideJacking Attacks英文版

EmpoweringUsersAgainstSideJackingAttacks

DepartmentofComputerScienceandEngineering

QatarUniversityDoha,Qatar

RyanD.Riley

DepartmentofComputerScienceandEngineering

QatarUniversityDoha,Qatar

NadaMohaamedAli

ryan.riley@qu.edu.qaKholoudSalehAl-Senaidi

DepartmentofComputerScienceandEngineering

QatarUniversityDoha,Qatar

AishaLahdanAl-Kuwari

DepartmentofComputerScienceandEngineering

QatarUniversityDoha,Qatar

ABSTRACT

SideJackingoccurswhenanattackerinterceptsasessioncookieandusesittoimpersonateauserandgainunautho-rizedaccesstoaweb-basedservice.TopreventSideJack-ing,aservershouldenableHTTPSandcon gureallsessioncookiestoonlybetransmittedoverasecurelink.Manyweb-sitesdonotdothis,however,andtheusermaybeunaware.InthisworkwepresentaFirefoxextensionthatwillallowuserstoquicklyandeasilydeterminewhethertheservertheyarevisitingissusceptibletoSideJackingattacks.

CategoriesandSubjectDescriptors

C.2.0[Computer-CommunicationNetworks]:General—Securityandprotection(e.g., rewalls);K.4.4[ComputersandSociety]:ElectronicCommerce—Security

GeneralTerms

Security

1.THEPROBLEM

ASideJacking[1]attackoccurswhenanattackerinter-ceptsasessioncookieandusesittoimpersonateadi erentuserofawebbasedservice.

Typically,whenauserloginsintoawebsiteontheInter-nettheyentertheirusernameandpasswordintoawebformandtransmitittotheserver.Afterthepasswordisveri ed,theservergeneratesalargerandomnumberandsendsittotheuser’swebbrowserasasessioncookie:acredentialthatthebrowserwillthensendbacktotheserverinordertoauthenticateitselfwhenmakinganyfuturerequests.Inanidealworld,allcommunicationbetweentheclientandtheserverwouldoccuroveranencryptedconnectioninor-dertoprotectitfromtheviewofanattacker.Intherealworld,however,encryptedconnectionsrequiresigni cantlymoreprocessorpowerthannormalconnections,andmanywebsitestransmitonlythepasswordoveranencryptedcon-nectionanduseanunencryptedconnectionforeverythingelse.Inthiscasethesessioncookieisusedbytheclientto

Copyrightisheldbytheauthor/owner(s).

SIGCOMM’10,August30–September3,2010,NewDelhi,India.ACM978-1-4503-0201-2/10/08.

authenticateitselftothewebsiteovertheunencryptedcon-nection.Inthisscenariotheattackerwouldnotbeabletosni thepassword,buthewouldbeabletosni thesessioncookie.Eveniftheconnectionissecure,anactiveattackermaybeabletoforceaninsecureconnectionthatwillcausethesessioncookietobesentunencrypted.Oncetheattackerhasthesessioncookietheycanuseittoaccessthewebsiteasiftheywerethelegitimateuser.ThisiscalledaSideJacking[1]orcookiehijacking[2]attack.

Asanexample,considerauseraccessingtheirHotmailaccountwhileanattackerissni ngtheirconnectionataco eeshopthatprovidesfreeWi-Fi.Whentheusercon-nectstotheHotmailserverintheirwebbrowser,Hotmailpresentsthemwithaloginpagethattransmitstheiruser-nameandpasswordoveranHTTPSconnection.Whentheuserlogsin,theattackerisunabletolearntheirusernameorpassword.Aftertheloginsucceeds,theHotmailservergeneratesarandomsessioncookieandsendsittotheuser’swebbrowseroverthesecureconnection.Next,theserverinstructsthebrowsertouseanunencryptedconnectiontoaccesstheinbox.Thebrowserinitiatestheunencryptedcon-nection,sendingthesessioncookieinordertoproveithasloggedin,andisgivenaccesstotheinbox.Becausethecon-nectionisunencrypted,theattackerisabletoseethesessioncookieandsaveacopyofit.TheattackertheninitiatesaconnectiontotheHotmailserver,sendsthesessioncookieitstolefromtheuser,andisgivenaccesstotheuser’sinboxdespitenotknowingtheuser’spassword.

AmajorproblemwithSideJackingattacksisthatifaweb-sitedoesnotensurethatthesessioncookiesareonlysentoverencryptedconnection,auser’sonlyrealrecourseforpreventingtheattackistosimplynotusetheservice.Theburdenofresponsibilityisonthewebsitetoprovideprotec-tionagainstthissortofattack.DespitethefactthatSide-Jackingattackshavebeenwidelyknownsince2007,manymajorwebsites(andmanymoresmallones)arestillsuscep-tibletotheattack.Stillworse,mostusersarecompletelyignorantofthefactthatthewebsitetheyareusingmaybesusceptible.

2.OURWORK

Inthiswork,ourgoalistoallowuserstoquicklyandeasilyascertainifwebsitestheyusearesusceptibletoSideJacking

435

Empowering Users Against SideJacking Attacks英文版

Figure1:Screenshotsoftheextensionisuse.Noticethegreencheckmarkandtheredxinthelowerright.attacks.Toaccomplishthiswewill rstdevelopasetofheuristicsfordeterminingifagivenwebsiteissusceptibletoSideJacking.NextwewilldevelopanextensionfortheFirefoxwebbrowserthatusesourheuristicstorateeverywebsitevisitedbyauserandprovideagraphicalindicationofwhetherornotthewebsiteissusceptible.Withsuchanextensionavailableuserswillbeabletomakeinformeddecisionsaboutthesecurityofwebservicestheychoosetouse.Inaddition,websitesthatareknowntobeinsecuremaybeincentivizedtoinvestintheirinfrastructuretoprovideencryptedconnectionsandincreasethesecuritylevelforalloftheirusers.

2.1Heuristics

At rstglance,theheuristictodetermineSideJacking-abilityseemstrivial:IftheconnectionisencryptedthantheconnectioncannotbeSideJacked(thesessioncookiewouldbeencrypted)andiftheconnectionisnotencryptedthanSideJackingispossible.Inreality,however,thingsaremorecomplicated.

The rstcomplicationisthatsomewebsiteswillpermitbothencryptedandunencryptedconnections,meaningthatanactiveattackermaybeabletoforceanencryptedcon-nectiontobecomeunencrypted(evenonlytemporarily)inordertostealthesessioncookie.Inordertodetermineifthissortofattackcanoccur,oneoptionistocheckthese-cure ag1ofthesessioncookietodeterminewhetherornotthecookiecanbesentunencrypted.Ifitcan,thenwecanassumetheconnectioncanbeSideJacked.

Thesecondcomplicationisthatasinglewebsitemayhavemanycookiesassociatedwithit,anddeterminingwhichone(orones)isthecrucialsessioncookieisnotobvious.Forex-ample,whenusingGoogle’sGmailthereare10cookiesthataresent,and8ofthemappeartoberandomlygeneratedvalues.(Meaningtheycouldpotentiallybese …… 此处隐藏：3943字，全部文档内容请下载后查看。喜欢就下载吧 ……