Upgrade to Pro — share decks privately, control downloads, hide ads and more …

『プロフェッショナルSSL/TLS』読書会 第7章前半資料

sylph01
October 06, 2017

『プロフェッショナルSSL/TLS』読書会 第7章前半資料

7.1 〜 7.3まで。

sylph01

October 06, 2017
Tweet

More Decks by sylph01

Other Decks in Technology

Transcript

  1. (7) ϓϩτίϧʹର͢Δ
    ߈ܸ: 7.1-7.3
    @ʰϓϩϑΣογϣφϧSSL/TLSʱಡ
    ॻձ
    Ryo Kajiwara (@s01), 10/6/2017

    View Slide

  2. શମײ
    ࠓ೔આ໌͢Δ߈ܸख๏͸ͲΕ΋TLSͷϓϩτίϧͷόʔδϣϯΞο
    ϓʹΑͬͯݱ୅తʹ͸༗ޮͰͳ͍ɻ
    • ҆શͰͳ͍࠶ωΰγΤʔγϣϯɿ࠶ωΰγΤʔγϣϯ֦ு
    • BEAST: 1.1ͰIVΛຖϨίʔυͰϥϯμϜԽɺ1.3ͰCBCϞʔυࣗମ
    ഇࢭ
    • ѹॖαΠυνϟωϧ: TLSϨίʔυͷѹॖʹ͍ͭͯ͸1.3Ͱશഇ

    View Slide

  3. 7.1 ҆શͰͳ͍࠶ωΰγΤʔγϣϯ
    ಉ͡TCPίωΫγϣϯͰ࠶౓TLSϋϯυγΣΠΫΛࢼΈΔͱɺαʔ
    όʔ͸͜ΕΛ࠶ωΰγΤʔγϣϯͰ͋ΔͱΈͳ͢ɻ
    ͜ͷͱ͖ɺݹ͍TLSετϦʔϜͱ৽͍͠TLSετϦʔϜͰܧଓੑ͕
    ͳ͘ɺಉ͡૬ख͔Βདྷ͍ͯΔ΋ͷ͔Ͳ͏͔Λݕূ͢Δखཱ͕ͯͳ
    ͔ͬͨ͜ͱʹΑͬͯMITM߈ܸ͕ՄೳͰ͋ͬͨɻ

    View Slide

  4. ʢਤ7.1ʣ

    View Slide

  5. 7.1 ҆શͰͳ͍࠶ωΰγΤʔγϣϯ
    ԿͰϚζ͍ʁˠΞϓϦέʔγϣϯσʔλͷ׬શੑ͕ഁΒΕΔʂ
    ྫͰ͸ɺ઀ଓͷ๯಄ʹ೚ҙͷฏจΛૠೖ͢Δ͜ͱʹ੒ޭ͍ͯ͠
    Δɻ

    View Slide

  6. 7.1.2 Ҿ͖ى͜͢ํ๏
    • ΫϥΠΞϯτʹΑΔ࠶ωΰγΤʔγϣϯΛڐՄ͍ͯ͠Δαʔό
    • IISΛআ͘
    • Server Gated Cryptography
    • ༌ग़༻҉߸ͰωΰγΤʔγϣϯͨ͠ޙΑΓڧ͍҉߸ڧ౓ʹ
    Ҿ্͖͛Δͱ͍͏ํ๏
    • ΫϥΠΞϯτূ໌ॻ

    View Slide

  7. 7.1.3 HTTPʹର͢Δ߈ܸ
    1. ೚ҙͷGETϦΫΤετͷ࣮ߦ
    GET /path/to/hoge HTTP/1.0
    X-Ignore: GET /index.jsp HTTP/1.0
    Cookie: JSESSIONID=XXX
    X-Ignore:ͷίϩϯ·Ͱ͕߈ܸऀͷϦΫΤετɻ͜͏͢Δͱຊདྷ
    ͷϦΫΤετͷ1ߦ໨ΛϔομԽͯ͠ແࢹ͢Δ͜ͱ͕Ͱ͖ɺ೚ҙͷ
    GET͕੒ཱ͢Δɻ
    CSRFͱͦΜͳʹมΘΒͳ͍͔Βݟա͝͞Ε͍͕ͯͨ…

    View Slide

  8. 2. POST΁ͷԠ༻
    POST /statuses/update.xml HTTP/1.0
    Authorization: Basic [߈ܸऀͷcred]
    Content-Type: application/x-www-form-urlencoded
    Content-Length: [ਪଌ͞ΕΔ௕͞]
    status=POST /statuses/update.xml HTTP/1.1
    Authorization: Basic [٘ਜ਼ऀͷcred]
    status=ͷ=·Ͱ͕߈ܸऀͷϦΫΤετɻ

    View Slide

  9. 2. POST΁ͷԠ༻
    • ಉҰαʔϏε্ͷผͷΞΧ΢ϯτΛ࢖͏
    • Content-Lengthͷ௕͞͸ݫີͳ௕͞Λ஌Δඞཁ͸ͳ͍ɻͲ͜·
    Ͱͷ௕͕͋͞Ε͹ϦΫΤετͷ͏ͪཉ͍͠৘ใΛॻ͖ग़ͤΔ
    ͔ɺͱ͍͏௕͕͞Θ͔Ε͹Α͍ɻ
    • ਪଌ͞ΕΔ௕͞Λେ͖͘औΓ͗͢ΔͱϦΫΤετ͕ͦΜͳʹ
    ௕͘ͳ͍ͷͰࣦഊ͢Δɻ

    View Slide

  10. 3. ͦͷଞ
    • ϦμΠϨΫτͷ࢖༻
    • ΦʔϓϯϦμΠϨΫτ͕͋Ε͹ͦ͜ʹඈ͹ͤΔ
    • ฏจͷϦμΠϨΫτ͕͋Ε͹ࣄ্࣮ฏจ௨৴ʹͰ͖Δ
    • HTTP 307(Temporary Redirect)Λฦ͢ϦμΠϨΫτ͕ଘࡏ͢Δ
    ͱɺHTTP 307͸ϦμΠϨΫτ࣌΋ಉ͡ϝιουͰϦμΠϨΫ
    τ͢ΔͨΊɺPOST͕POSTͱͯ͠ϦμΠϨΫτͰ͖Δʂ

    View Slide

  11. 3. ͦͷଞ
    • TRACEϝιουΛ࢖ͬͯXSSͰ͖Δ
    • ຊདྷmessage/httpͷContent-Type͕ͩɺ
    • શͯͷϨεϙϯεΛHTMLͱղऍͪ͠Ό͏ϒϥ΢βͩͱXSS੒
    ཱʂ

    View Slide

  12. 7.1.4 ଞͷϓϩτίϧ
    • SMTP: ͦ΋ͦ΋ূ໌ॻͷνΣοΫΛ͍ͯ͠ͳ͍TLS࣮૷͕ଟ͍ͷ
    Ͱɺ͜ͷ໰୊ͱ͸ؔ܎ͳ͠ʹMITM߈ܸ͕༰қɻ
    • SMTPʹ͓͚ΔTLSͱ͸αʔό-ΫϥΠΞϯτؒͷ҉߸Խʢͪ͜
    Β͸ΫϥΠΞϯτʹΑͬͯ͸ূ໌ॻͷݕূՄʣͱαʔό-αʔ
    όؒͷϗοϓؒͷ҉߸ԽͳͷͰɺͲͷΈͪαʔόʔͰ͸ฏจ
    Ͱ͢ɻຊ࣭తʹϝʔϧܦ༝Ͱ҉߸Խ௨৴͍ͨ͠ͳΒ͹S/MIME
    ূ໌ॻͰݸਓೝূͨ͠ΓPGP࢖͍·͠ΐ͏
    • FTPͰ΋ӨڹΞϦ

    View Slide

  13. 7.1.5 ΞʔΩςΫνϟʹىҼ͢Δ߈ܸ
    SSLΦϑϩʔυͰ͸ऴ୺ͱͯ͠ػೳ͢Δαʔόʹ໰୊͕͋ͬͨΒ࢒
    Γ΋੬ऑɻͦΕ͸ͦ͏ɻ
    ʢͱ͸͍͑ɺapp server͕௚઀TLS௨৴͠ͳ͍͜ͱ͸ݱ୅Ͱ͸ଟ͍
    ͷͰແࢹͰ͖ͳ͍ʣ

    View Slide

  14. 7.1.6 Өڹ
    • ඪతαΠτ͝ͱͷௐ͕ࠪඞཁͩͬͨΓͯ͠߈ܸ͕ࠔ೉
    • ͔͠͠ɺαΠτ͕ࣗಈԽ͍ͯ͠Δͱ੒ޭ·ͰԿ౓Ͱ΋ϦΫΤε
    τ͕ൃߦͰ͖Δ → ੒ޭ཰up
    • ߈ܸऀ͸ʮvictim͕αʔόΛ߈ܸ͍ͯ͠Δʯ͔ͷΑ͏ʹݟ͔͚ͤ
    Δ͜ͱ͕Ͱ͖Δ

    View Slide

  15. 7.1.7, 7.1.8
    2010೥ʹRenegotiation Indicationͱ͍͏ͷͰʮͲ͏ͯ͠΋࠶ωΰγ
    Τʔγϣϯ͕ඞཁͳέʔεʯʢʹ·͋ΫϥΠΞϯτূ໌ॻͷ͜
    ͱʣΛηΩϡΞʹߦ͏ͨΊͷ֦ு͕ग़ͨɻ
    ͔͠͠ɿ
    • ϓϩτίϧͷमਖ਼ʹ6ϲ݄
    • ϥΠϒϥϦ/OSͷύονʹ͞Βʹ12ϲ݄
    • ͔ͦ͜Βਁಁ͢Δ·Ͱ͞Βʹ24ϲ݄

    View Slide

  16. View Slide

  17. 7.2 BEAST
    TLS 1.0ҎલͷϓϩτίϧͰ҉߸Խ͞ΕͨσʔλͷҰ෦Λ෮߸͠ൈ
    ͖ग़ͤΔɺͱ͍͏߈ܸɻ
    TLS 1.0ʹ͓͚Δʮ༧ଌՄೳͳIVʯΛ࢖͍ɺCBCϞʔυͷ҉߸ʹର͠
    ͯ߈ܸΛ࢓ֻ͚Δ΋ͷɻ
    ಈ࡞ݪཧʹ͍ͭͯɺDavid Wongࢯͷղઆಈը͕͋ΔɻURL͸
    https://www.youtube.com/watch?v=-_8-2pDFvmgʢ"beast
    attack explanation"Ͱग़ͯ͘Δಈըʣ

    View Slide

  18. CBC with known IV͸࣮࣭ECB
    ECB͸deterministic encryptionʢܾఆ࿦త҉߸Խʣɻಉ͡಺༰ͷฏ
    จϒϩοΫ͸ಉ͡҉߸จʹͳΔɻ

    View Slide

  19. CBC with known IV͸࣮࣭ECB
    ಉ͡಺༰ͷฏจϒϩοΫ͸ಉ͡҉߸จʹͳΔͷͰɺϒϩοΫ୯Ґ
    (16byte)ͷਪଌͳΒ҉߸ԽΛ ճࢼΈΕ͹෮߸Ͱ͖ΔʢECBΦϥ
    Ϋϧ; ͦΕ͸ͦ͏ʣɻ
    CBCϞʔυΛ࣮࣭ECBʹҾ͖Լ͛ɺࢼߦճ਺Λ͞ΒʹݮΒ͢͜ͱ͕
    Ͱ͖Δɺͱ͍͏ͷ͕ຊ߈ܸͷझࢫɻ

    View Slide

  20. CBC with known IV͸࣮࣭ECB
    CBCʹ͓͚ΔIVͷ࢖͍ճ͠͸ୈ1ϒϩοΫʹର࣮࣭ͯ͠తʹECBͱಉ
    ͡ޮՌΛ΋ͨΒ͢ɻԼਤʹ͓͍ͯɺblock cipher encryptionͷҾ਺͕
    IVͱฏจ͔Βߏ੒Ͱ͖Δ͜ͱʹ஫ҙɻ

    View Slide

  21. CBC with known IV͸࣮࣭ECB
    ୈ2ϒϩοΫͷฏจ͕஌Γͨ͘ɺୈ3ϒϩοΫͷฏจ͕ૢ࡞Մೳͱ
    ͢Δɻ֤ϒϩοΫͷ҉߸จ͸஌Δ͜ͱ͕Ͱ͖Δɻ

    View Slide

  22. CBC with known IV͸࣮࣭ECB
    ԼਤΑΓ ɺ
    ͜͜Ͱɺ ͱ͢Δͱ:

    View Slide

  23. CBC with known IV͸࣮࣭ECB
    ͜͜Ͱ ͳΒ͹ ͱͰ͖Δʂ

    View Slide

  24. ༧ଌՄೳͳIVʹ͍ͭͯ
    TLS 1.0ҎલͰ͸ίωΫγϣϯશମΛ1ͭͷϝοηʔδͱΈͳ͠ɺແ
    ࡞ҝͳIV͸ઌ಄ͷϨίʔυͷΈʹద༻͞Ε͍ͯͨɻ2ͭ໨ͷϨίʔ
    υҎ߱͸ɺલͷϨίʔυͷ࠷ऴϒϩοΫͷ҉߸จ͕IVͱͳ͍ͬͯ
    ͨʢΑͬͯ༧ଌՄೳʣɻ
    1.1, 1.2Ͱ͸Ϩίʔυ͝ͱʹrandomized IVɻ

    View Slide

  25. ࣮ࡍͷ߈ܸ
    • ύεϫʔυ΍ηογϣϯIDΛ஌Δ৔߹ɺ16byteͰे෼Ͱ͋Δ͜
    ͱ͕ଟ͍
    • ͳͷͰ௕͍ύεϫʔυΛ͚ͭ·͠ΐ͏…
    • ηογϣϯID͸16ਐ਺Τϯίʔυ͞Ε͍ͯΔ͜ͱ͕ଟ͍
    • HTTPϝοηʔδͷߏ଄͸༧૝͠΍͍͢
    Ҏ্ΑΓɺ௨ৗΑΓ΋ਪଌճ਺Λ͔ͳΓݮΒ͢͜ͱ͕Ͱ͖Δɻ

    View Slide

  26. ࣮ࡍͷ߈ܸ
    ͞ΒʹɺϞμϯϒϥ΢βͰ͸
    • ϦΫΤετURIʹ༨ܭͳจࣈΛ଍͢͜ͱʹΑͬͯɺϦΫΤετͷ
    தʹ͋Δػඍ৘ใͷҐஔΛͣΒ͢͜ͱ͕Մೳ
    • ҉߸Խ͞ΕΔ΋ͷͱͦͷૹ৴λΠϛϯάΛ੍ޚͰ͖Δ
    • ͱ͸͍͑͜Ε͸JavaΞϓϨοτΛ࢖Θͳ͍ͱ͍͚ͳ͍ɻJava
    ΞϓϨοτͷผͷ੬ऑੑͰSame-Origin PolicyΛಥഁ͢Δ

    View Slide

  27. ରࡦ
    • 0/n෼ׂ
    • ۭͷϨίʔυΛ1ݸڬΉͱʮલͷϨίʔυ͕ͦͷ··IVʹͳ
    Δʯ୅ΘΓʹʮલͷϨίʔυΛ҉߸Խͨ͠΋ͷʯ͕IVʹͳ
    Δɻ
    • ͔͠͠Ұ෦ͷϒϥ΢β͕ඇରԠ

    View Slide

  28. ରࡦ
    • 1/n-1෼ׂ
    • ͡Ό͋ʮ1byteؚ͚ͩΜͩϨίʔυʯͱʮͦΕҎ֎ʯʹ෼͚ͯ
    ૹΖ͏
    • ཧ࿦্ಈ࡞͸͢Δͷ͚ͩͲChrome͕΍ͬͯଟ͘ͷαΠτ͕ݟ
    Εͳ͘ͳͬͯrevertͨ͠

    View Slide

  29. αʔόʔαΠυͷରࡦ
    • 2013·Ͱ͸σϑΥϧτͰRC4ʹ͢Δ͜ͱ͕ਪ঑͞Ε͍ͯͨ
    • ผͷ໰୊͕͋Δ(7.5)
    • RC4͸ετϦʔϜ҉߸ͳͷͰCBCϞʔυͱ͔ؔ܎ͳ͍
    • ݱ୅తʹ͸GCMϞʔυΛ࢖͏ɻ࣮࣭ετϦʔϜ҉߸
    • ΋ͬͱ΋ɺݱ୅తʹ͸TLS 1.1ରԠΫϥΠΞϯτ͕૿͍͑ͯΔͷ
    ͰTLS 1.0Λ࢖Θͳ͍ͱ͍͏ͷ͕Ұ൪ͷରࡦ

    View Slide

  30. ྺ࢙
    • ༧ଌՄೳͳIV΁ͷ߈ܸ͸1995ʹIPsecɺ2002ʹSSHʹରͯ͠ܯࠂ
    ͞Ε͍ͯͨ
    • 2002೥ʹTLSʹ΋ద༻ՄೳͱΘ͔Δɻ0/n෼ׂ͕ఏҊ͞ΕΔɻ
    • 2004, 2006ʹGregory Bard͕TLSʹ͓͚ΔCBCͷ໰୊Λൃදɺ͠
    ͔͠ݱ࣮తͳ߈ܸͰͳ͍ͱͯ͠ແࢹ͞ΕΔ

    View Slide

  31. ྺ࢙
    • 2006ʹ͸TLS 1.1Ͱϓϩτίϧ্ͷղܾΛݟ͕ͨɺΫϥΠΞϯτ
    ͸୭΋࣮૷ͤͣ
    • 2011೥ɺDuongͱRizzoʹΑͬͯBEAST߈ܸ͕։ൃ͞ΕΔɻݱ࣮
    తͳڴҖͰ͋ΔͱΈͳ͞ΕΔ
    • AppleͷରԠ͸2013೥ʹͳ͔ͬͯΒ

    View Slide

  32. Өڹ
    BEAST͸ΫϥΠΞϯτ͔ΒͷσʔλετϦʔϜʹର͢Δ߈ܸɻඪ
    తWebαʔόʔʹૹ৴͞ΕΔ΋ͷ੍͕ޚͰ͖Δඞཁ͕͋Δɻ
    Ճ͑ͯɺʮαʔόଆͰCBC༏ઌͷઃఆͱTLSѹॖͷແޮԽͷઃఆ͕
    ඞཁʯʮJavaΞϓϨοτͷSOPʹର͢Δ੬ऑੑʯ͕ඞཁͰ͋Γɺݱ
    ୅తʹ͸௿ϦεΫɻ

    View Slide

  33. View Slide

  34. 7.3 ѹॖαΠυνϟωϧ߈ܸ
    CRIMEɺTIMEɺBREACHɺͦΕͱʢաڈʹผͷͱ͜ΖͰղઆͨ͜͠
    ͱ͕͋ΔͷͰʣࣥච/຋༁࣌఺Ͱଘࡏ͠ͳ͔ͬͨHEIST߈ܸʹ͍ͭ
    ͯղઆ͢Δɻ
    ѹॖΛ͍ͯͯ͠ϝοηʔδ௕͕Θ͔Δͱฏจͷ৘ใ͕࿙ΕΔʢʹ
    αΠυνϟωϧ߈ܸʣɺͱ͍͏ੑ࣭Λ࢖ͬͨ΋ͷɻ
    TLS 1.3Ͱѹॖ͕ഇࢭ͞Εͨͷ͸͜ͷ΁Μͷࣄ৘͔Βɻ

    View Slide

  35. ѹॖΦϥΫϧͷ࢓૊Έ
    DEFLATEѹॖ͸LZ77ͱϋϑϚϯූ߸ԽΛ࢖͏ɻ͜ΕΒ͸ڞ௨ͷ෦
    ෼จࣈྻ͕͋Δͱѹॖ͕ޮ͘ɻ
    LZ77ͷྫ: Google is so googley -> Google is so g(-13, 5)y
    ͜ͷੑ࣭Λ༻͍ͯɺʮ࣮ࡍͷCookieʯ+ʮ༧૝ʯͷ૊Έ߹ΘͤΛϦ
    ΫΤετ͠ɺѹॖ͕ޮ͍ͨΒʮ༧૝ʯͷ಺༰͸࣮ࡍͷCookie಺ʹ
    ଘࡏ͢Δʂ→܁Γฦͯ͠શମΛʮ༧૝ʯʂ

    View Slide

  36. CRIME߈ܸ
    Compression Ration Info-leak Made Easyͷུɻ
    σʔλѹॖΛߦ͏HTTPS/SPDY্ΛྲྀΕΔCookieͷ಺༰Λ෮ݩ͠ɺ
    ηογϣϯϋΠδϟοΫΛ࣮ݱ͢Δɻ
    ߈ܸऀ͕҉߸จͷ௕͞ΛݟΕΔ͜ͱ + ಉ࣌ʹϒϥ΢β͔Βෳ਺ͷ
    ૢ࡞͞ΕͨϦΫΤετΛૹΕΔ͜ͱΛલఏʹɺ҉߸จͷ௕͞Λར
    ༻ͯ͠ฏจΛׂΓग़͢ख๏ɻ
    ൃݟऀ͸BEASTͷൃݟऀͱಉ͡2໊ɻ

    View Slide

  37. TIME
    CRIMEͰ͸߈ܸऀ͕ϩʔΧϧωοτϫʔΫʹΞΫηε͠ͳ͚Ε͹
    ͳΒͳ͍ͱ͍͏੍໿͕͋ͬͨɻTIME߈ܸ͸ͦͷ৚݅Λ؇ΊΔ΋
    ͷɻ
    I/OͷλΠϛϯάࠩΛonLoadͱonReadyStateChangeΠϕϯτ͔Β
    ଌΓɺѹॖ͞ΕͨϨίʔυ௕ΛଌΔɻ

    View Slide

  38. HEIST
    2016೥ͷBlack HatͰൃද͞ΕͨɺCRIME/BREACHͷ৚݅Λ؇ΊΔ
    ͱ͍͏ҙຯͰ͸TIME߈ܸͷϰΝϦΞϯτɻ
    Service WorkerͷFetch APIΛར༻ͨ࣌ؒ͠ଌఆͱɺHTTP/2΁ͷ߈ܸ
    Մೳੑʹ͍ͭͯݴٴ͍ͯͯ͠ɺ͜ΕΒ͸ͲͪΒ΋2013೥ͷ࣌఺Ͱ
    ͸ଘࡏ͠ͳ͔ͬͨɻ
    http://sylph01.hatenablog.jp/entry/infosecpaper-
    ac-20161220 ʹͯղઆهࣄॻ͍ͯΔͷͰৄࡉ͸ͦͪΒʹৡΓ·͢

    View Slide

  39. ԿͰ࣌ؒଌఆͰ௕͕͞Θ͔Δͷʁ
    TCP Slow Start Algorithm
    • Ϩεϙϯε͸Maximum Segment Size(MSS)୯Ґʹ෼ׂ͞ΕΔ
    • ࠷ॳ͸initial congestion windowʢ᫔᫓΢Οϯυ΢ʣͷݸ਺ͷη
    άϝϯτ෼(͍͍ͩͨͷ৔߹10)͚ͩૹ৴
    • ACK͕དྷΔ͝ͱʹcongestion windowΛগͣͭ͠େ͖ͯ͘͠ଳҬ
    Λ૿΍͍ͯ͘͠

    View Slide

  40. ख๏ͷେࡶ೺ͳ֓ཁ
    • onLoad/onReadyStateChangeͷൃՐλΠϛϯάʢ·ͨ͸Service
    WorkerͷPromiseͷղܾλΠϛϯάʣ͕Θ͔ΔͷͰɺϨεϙϯε
    ͷ௨৴͕࣌ؒΘ͔Δ
    • ͜ΕʹΑͬͯɺϨεϙϯε͕1 windowʹऩ·͔ͬͨɺ2 window
    Ҏ্ʹͳ͔͕ͬͨΘ͔Δ
    • ͳͷͰɺϨεϙϯεʹreflect͞ΕΔΑ͏ͳ஋ͷ௕͞Λগ͍ͣͭ͠
    ͬͯ͡ڥք஋Λ୳Δ͜ͱͰɺຊདྷͷϨεϙϯεͷ௕͕͞Θ͔Δ

    View Slide

  41. ʢਤ7.6ʣ

    View Slide

  42. View Slide

  43. View Slide

  44. BREACH߈ܸ
    Browser Reconnaissance and Exfiltration via Adaptive Compression of
    HypertextͷུɻΑ͘ࢥ͍ͭ͘ͳ͋
    CRIME߈ܸͷHTTPS + HTTP compression(gzip, DEFLATE)ʹର͢Δϰ
    ΝϦΤʔγϣϯɻ
    CRIME߈ܸ͕HTTP requestʹରͯ͠߈ܸͨ͠ͷʹର͠ɺBREACH߈
    ܸ͸HTTP responseʹରͯ͠߈ܸΛ͢ΔɻϦΫΤετͷҰ෦͕Ϩε
    ϙϯεʹ൓ө͞ΕΔ(reflected)͜ͱΛར༻͢Δɻ

    View Slide

  45. ߈ܸͷ੒ཱ৚݅
    • CRIME͸٘ਜ਼ऀͷωοτϫʔΫτϥϑΟοΫ΁ͷΞΫηε͕ඞ

    • ͨͩ͠TIMEʹΑͬͯ৚݅Λ؇࿨Ͱ͖Δ
    • JSϚϧ΢ΣΞɺಛผʹՃ޻ͨ͠URLΛ࣋ͭλά
    • (౰વͳ͕Β)TLSͷѹॖ͕༗ޮͰ͋Δ
    • ࣄલ४උͱͯ͠ɺαΠτͷߏ଄ͷ೺Ѳʢ߈ܸର৅ͷcredentialͷ
    prefixͳͲʣ

    View Slide

  46. ߈ܸͷ੒ཱ৚݅
    • BREACH΋ωοτϫʔΫτϥϑΟοΫ΁ͷΞΫηε͕ඞཁ
    • ͨͩ͠HEISTʹΑͬͯ৚݅Λ؇࿨Ͱ͖Δ
    • ͪ͜Β͸TLSͷѹॖͰ͸ͳ͘ɺHTTPϨεϙϯεͷѹॖʹରͯ͠
    ߈ܸ͢Δ͜ͱʹ஫ҙ
    • ඪతWebαΠτͷதʹɺʮϦΫΤετதͷจࣈྻ͕൓ө͞ΕΔ
    (reflection)ʯՕॴ͕͋Δ͔Ͳ͏͔ͷߏ଄೺Ѳ͕ඞཁ

    View Slide

  47. 7.3.4, 7.3.5 ؇࿨ࡦ
    • TLSͷѹॖ͸ഇΕ͍ͯΔ(1.3Ͱ͸શഇ)
    • HTTPͷѹॖΛແޮԽ͢Δͷ͸͔ͳΓ೉͍͠
    • ϦΫΤετϨʔτΛ੍ޚɻେྔͷϦΫΤετ͕ඞཁ
    • ༨ܭͳۭന౳ΛೖΕͯຊ౰ͷ௕͞ΛӅ͢
    • CSRFରࡦτʔΫϯͷϚεΩϯάʢHTMLʹݱΕΔ΋ͷ͕ຊ౰
    ͷτʔΫϯͰͳ͍Α͏ʹ͢Δʣ
    • ෦෼తʹѹॖΛແޮԽ͢Δ

    View Slide

  48. View Slide

  49. 7.4 Lucky 13
    ࣍ճʹճ͠·͢

    View Slide