Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
『プロフェッショナルSSL/TLS』読書会 第7章前半資料
Search
sylph01
October 06, 2017
Technology
0
290
『プロフェッショナルSSL/TLS』読書会 第7章前半資料
7.1 〜 7.3まで。
sylph01
October 06, 2017
Tweet
Share
More Decks by sylph01
See All by sylph01
"Actual" Security in Microcontroller Ruby!?
sylph01
0
93
Everyone Now Understands AuthZ/AuthN and Encryption Perfectly and I'm Gonna Lose My Job
sylph01
1
33
Updates on PicoRuby Networking, HPKE (and maybe more)
sylph01
1
250
Adding Security to Microcontroller Ruby
sylph01
2
3.3k
Secure Messaging at IETF 118
sylph01
0
85
Adventures in the Dungeons of OpenSSL
sylph01
0
530
Community & RubyKaigi Showcase @ Ehime.rb Reboot Meetup
sylph01
0
330
Build and Learn Rails Authentication
sylph01
8
2.1k
Email, Messaging, and Self-Sovereign Identity (2021/05/28 edition)
sylph01
0
310
Other Decks in Technology
See All in Technology
NFV基盤のOpenStack更新 ~9世代バージョンアップへの挑戦~
vtj
0
360
IAMポリシーのAllow/Denyについて、改めて理解する
smt7174
2
210
AWS Well-Architected Frameworkで学ぶAmazon ECSのセキュリティ対策
umekou
2
150
ExaDB-XSで利用されているExadata Exascaleについて
oracle4engineer
PRO
3
260
Ruby on Railsで持続可能な開発を行うために取り組んでいること
am1157154
3
160
LINEギフトにおけるバックエンド開発
lycorptech_jp
PRO
0
310
データエンジニアリング領域におけるDuckDBのユースケース
chanyou0311
9
2.2k
Autonomous Database Serverless 技術詳細 / adb-s_technical_detail_jp
oracle4engineer
PRO
17
45k
2/18 Making Security Scale: メルカリが考えるセキュリティ戦略 - Coincheck x LayerX x Mercari
jsonf
0
220
Share my, our lessons from the road to re:Invent
naospon
0
150
ウォンテッドリーのデータパイプラインを支える ETL のための analytics, rds-exporter / analytics, rds-exporter for ETL to support Wantedly's data pipeline
unblee
0
130
4th place solution Eedi - Mining Misconceptions in Mathematics
rist
0
150
Featured
See All Featured
Git: the NoSQL Database
bkeepers
PRO
427
65k
Building a Scalable Design System with Sketch
lauravandoore
461
33k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Bootstrapping a Software Product
garrettdimon
PRO
306
110k
Being A Developer After 40
akosma
89
590k
Designing Experiences People Love
moore
140
23k
Producing Creativity
orderedlist
PRO
344
40k
Building Flexible Design Systems
yeseniaperezcruz
328
38k
Building Your Own Lightsaber
phodgson
104
6.2k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
For a Future-Friendly Web
brad_frost
176
9.6k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
30
4.6k
Transcript
(7) ϓϩτίϧʹର͢Δ ߈ܸ: 7.1-7.3 @ʰϓϩϑΣογϣφϧSSL/TLSʱಡ ॻձ Ryo Kajiwara (@s01), 10/6/2017
શମײ ࠓઆ໌͢Δ߈ܸख๏ͲΕTLSͷϓϩτίϧͷόʔδϣϯΞο ϓʹΑͬͯݱతʹ༗ޮͰͳ͍ɻ • ҆શͰͳ͍࠶ωΰγΤʔγϣϯɿ࠶ωΰγΤʔγϣϯ֦ு • BEAST: 1.1ͰIVΛຖϨίʔυͰϥϯμϜԽɺ1.3ͰCBCϞʔυࣗମ ഇࢭ •
ѹॖαΠυνϟωϧ: TLSϨίʔυͷѹॖʹ͍ͭͯ1.3Ͱશഇ
7.1 ҆શͰͳ͍࠶ωΰγΤʔγϣϯ ಉ͡TCPίωΫγϣϯͰ࠶TLSϋϯυγΣΠΫΛࢼΈΔͱɺαʔ όʔ͜ΕΛ࠶ωΰγΤʔγϣϯͰ͋ΔͱΈͳ͢ɻ ͜ͷͱ͖ɺݹ͍TLSετϦʔϜͱ৽͍͠TLSετϦʔϜͰܧଓੑ͕ ͳ͘ɺಉ͡૬ख͔Βདྷ͍ͯΔͷ͔Ͳ͏͔Λݕূ͢Δखཱ͕ͯͳ ͔ͬͨ͜ͱʹΑͬͯMITM߈ܸ͕ՄೳͰ͋ͬͨɻ
ʢਤ7.1ʣ
7.1 ҆શͰͳ͍࠶ωΰγΤʔγϣϯ ԿͰϚζ͍ʁˠΞϓϦέʔγϣϯσʔλͷશੑ͕ഁΒΕΔʂ ྫͰɺଓͷ಄ʹҙͷฏจΛૠೖ͢Δ͜ͱʹޭ͍ͯ͠ Δɻ
7.1.2 Ҿ͖ى͜͢ํ๏ • ΫϥΠΞϯτʹΑΔ࠶ωΰγΤʔγϣϯΛڐՄ͍ͯ͠Δαʔό • IISΛআ͘ • Server Gated Cryptography
• ༌ग़༻҉߸ͰωΰγΤʔγϣϯͨ͠ޙΑΓڧ͍҉߸ڧʹ Ҿ্͖͛Δͱ͍͏ํ๏ • ΫϥΠΞϯτূ໌ॻ
7.1.3 HTTPʹର͢Δ߈ܸ 1. ҙͷGETϦΫΤετͷ࣮ߦ GET /path/to/hoge HTTP/1.0 X-Ignore: GET /index.jsp
HTTP/1.0 Cookie: JSESSIONID=XXX X-Ignore:ͷίϩϯ·Ͱ͕߈ܸऀͷϦΫΤετɻ͜͏͢Δͱຊདྷ ͷϦΫΤετͷ1ߦΛϔομԽͯ͠ແࢹ͢Δ͜ͱ͕Ͱ͖ɺҙͷ GETཱ͕͢Δɻ CSRFͱͦΜͳʹมΘΒͳ͍͔Βݟա͝͞Ε͍͕ͯͨ…
2. POSTͷԠ༻ POST /statuses/update.xml HTTP/1.0 Authorization: Basic [߈ܸऀͷcred] Content-Type: application/x-www-form-urlencoded
Content-Length: [ਪଌ͞ΕΔ͞] status=POST /statuses/update.xml HTTP/1.1 Authorization: Basic [٘ਜ਼ऀͷcred] status=ͷ=·Ͱ͕߈ܸऀͷϦΫΤετɻ
2. POSTͷԠ༻ • ಉҰαʔϏε্ͷผͷΞΧϯτΛ͏ • Content-Lengthͷ͞ݫີͳ͞ΛΔඞཁͳ͍ɻͲ͜· Ͱͷ͕͋͞ΕϦΫΤετͷ͏ͪཉ͍͠ใΛॻ͖ग़ͤΔ ͔ɺͱ͍͏͕͞Θ͔ΕΑ͍ɻ • ਪଌ͞ΕΔ͞Λେ͖͘औΓ͗͢ΔͱϦΫΤετ͕ͦΜͳʹ
͘ͳ͍ͷͰࣦഊ͢Δɻ
3. ͦͷଞ • ϦμΠϨΫτͷ༻ • ΦʔϓϯϦμΠϨΫτ͕͋Εͦ͜ʹඈͤΔ • ฏจͷϦμΠϨΫτ͕͋Εࣄ্࣮ฏจ௨৴ʹͰ͖Δ • HTTP
307(Temporary Redirect)Λฦ͢ϦμΠϨΫτ͕ଘࡏ͢Δ ͱɺHTTP 307ϦμΠϨΫτ࣌ಉ͡ϝιουͰϦμΠϨΫ τ͢ΔͨΊɺPOST͕POSTͱͯ͠ϦμΠϨΫτͰ͖Δʂ
3. ͦͷଞ • TRACEϝιουΛͬͯXSSͰ͖Δ • ຊདྷmessage/httpͷContent-Type͕ͩɺ • શͯͷϨεϙϯεΛHTMLͱղऍͪ͠Ό͏ϒϥβͩͱXSS ཱʂ
7.1.4 ଞͷϓϩτίϧ • SMTP: ͦͦূ໌ॻͷνΣοΫΛ͍ͯ͠ͳ͍TLS࣮͕ଟ͍ͷ Ͱɺ͜ͷͱؔͳ͠ʹMITM߈ܸ͕༰қɻ • SMTPʹ͓͚ΔTLSͱαʔό-ΫϥΠΞϯτؒͷ҉߸Խʢͪ͜ ΒΫϥΠΞϯτʹΑͬͯূ໌ॻͷݕূՄʣͱαʔό-αʔ όؒͷϗοϓؒͷ҉߸ԽͳͷͰɺͲͷΈͪαʔόʔͰฏจ
Ͱ͢ɻຊ࣭తʹϝʔϧܦ༝Ͱ҉߸Խ௨৴͍ͨ͠ͳΒS/MIME ূ໌ॻͰݸਓೝূͨ͠ΓPGP͍·͠ΐ͏ • FTPͰӨڹΞϦ
7.1.5 ΞʔΩςΫνϟʹىҼ͢Δ߈ܸ SSLΦϑϩʔυͰऴͱͯ͠ػೳ͢Δαʔόʹ͕͋ͬͨΒ Γ੬ऑɻͦΕͦ͏ɻ ʢͱ͍͑ɺapp server͕TLS௨৴͠ͳ͍͜ͱݱͰଟ͍ ͷͰແࢹͰ͖ͳ͍ʣ
7.1.6 Өڹ • ඪతαΠτ͝ͱͷௐ͕ࠪඞཁͩͬͨΓͯ͠߈ܸ͕ࠔ • ͔͠͠ɺαΠτ͕ࣗಈԽ͍ͯ͠Δͱޭ·ͰԿͰϦΫΤε τ͕ൃߦͰ͖Δ → ޭup •
߈ܸऀʮvictim͕αʔόΛ߈ܸ͍ͯ͠Δʯ͔ͷΑ͏ʹݟ͔͚ͤ Δ͜ͱ͕Ͱ͖Δ
7.1.7, 7.1.8 2010ʹRenegotiation Indicationͱ͍͏ͷͰʮͲ͏ͯ͠࠶ωΰγ Τʔγϣϯ͕ඞཁͳέʔεʯʢʹ·͋ΫϥΠΞϯτূ໌ॻͷ͜ ͱʣΛηΩϡΞʹߦ͏ͨΊͷ֦ு͕ग़ͨɻ ͔͠͠ɿ • ϓϩτίϧͷमਖ਼ʹ6ϲ݄ •
ϥΠϒϥϦ/OSͷύονʹ͞Βʹ12ϲ݄ • ͔ͦ͜Βਁಁ͢Δ·Ͱ͞Βʹ24ϲ݄
None
7.2 BEAST TLS 1.0ҎલͷϓϩτίϧͰ҉߸Խ͞ΕͨσʔλͷҰ෦Λ෮߸͠ൈ ͖ग़ͤΔɺͱ͍͏߈ܸɻ TLS 1.0ʹ͓͚Δʮ༧ଌՄೳͳIVʯΛ͍ɺCBCϞʔυͷ҉߸ʹର͠ ͯ߈ܸΛֻ͚Δͷɻ ಈ࡞ݪཧʹ͍ͭͯɺDavid Wongࢯͷղઆಈը͕͋ΔɻURL
https://www.youtube.com/watch?v=-_8-2pDFvmgʢ"beast attack explanation"Ͱग़ͯ͘Δಈըʣ
CBC with known IV࣮࣭ECB ECBdeterministic encryptionʢܾఆత҉߸Խʣɻಉ͡༰ͷฏ จϒϩοΫಉ͡҉߸จʹͳΔɻ
CBC with known IV࣮࣭ECB ಉ͡༰ͷฏจϒϩοΫಉ͡҉߸จʹͳΔͷͰɺϒϩοΫ୯Ґ (16byte)ͷਪଌͳΒ҉߸ԽΛ ճࢼΈΕ෮߸Ͱ͖ΔʢECBΦϥ Ϋϧ; ͦΕͦ͏ʣɻ CBCϞʔυΛ࣮࣭ECBʹҾ͖Լ͛ɺࢼߦճΛ͞ΒʹݮΒ͢͜ͱ͕
Ͱ͖Δɺͱ͍͏ͷ͕ຊ߈ܸͷझࢫɻ
CBC with known IV࣮࣭ECB CBCʹ͓͚ΔIVͷ͍ճ͠ୈ1ϒϩοΫʹର࣮࣭ͯ͠తʹECBͱಉ ͡ޮՌΛͨΒ͢ɻԼਤʹ͓͍ͯɺblock cipher encryptionͷҾ͕ IVͱฏจ͔ΒߏͰ͖Δ͜ͱʹҙɻ
CBC with known IV࣮࣭ECB ୈ2ϒϩοΫͷฏจ͕Γͨ͘ɺୈ3ϒϩοΫͷฏจ͕ૢ࡞Մೳͱ ͢Δɻ֤ϒϩοΫͷ҉߸จΔ͜ͱ͕Ͱ͖Δɻ
CBC with known IV࣮࣭ECB ԼਤΑΓ ɺ ͜͜Ͱɺ ͱ͢Δͱ:
CBC with known IV࣮࣭ECB ͜͜Ͱ ͳΒ ͱͰ͖Δʂ
༧ଌՄೳͳIVʹ͍ͭͯ TLS 1.0ҎલͰίωΫγϣϯશମΛ1ͭͷϝοηʔδͱΈͳ͠ɺແ ࡞ҝͳIVઌ಄ͷϨίʔυͷΈʹద༻͞Ε͍ͯͨɻ2ͭͷϨίʔ υҎ߱ɺલͷϨίʔυͷ࠷ऴϒϩοΫͷ҉߸จ͕IVͱͳ͍ͬͯ ͨʢΑͬͯ༧ଌՄೳʣɻ 1.1, 1.2ͰϨίʔυ͝ͱʹrandomized IVɻ
࣮ࡍͷ߈ܸ • ύεϫʔυηογϣϯIDΛΔ߹ɺ16byteͰेͰ͋Δ͜ ͱ͕ଟ͍ • ͳͷͰ͍ύεϫʔυΛ͚ͭ·͠ΐ͏… • ηογϣϯID16ਐΤϯίʔυ͞Ε͍ͯΔ͜ͱ͕ଟ͍ • HTTPϝοηʔδͷߏ༧͍͢͠
Ҏ্ΑΓɺ௨ৗΑΓਪଌճΛ͔ͳΓݮΒ͢͜ͱ͕Ͱ͖Δɻ
࣮ࡍͷ߈ܸ ͞ΒʹɺϞμϯϒϥβͰ • ϦΫΤετURIʹ༨ܭͳจࣈΛ͢͜ͱʹΑͬͯɺϦΫΤετͷ தʹ͋ΔػඍใͷҐஔΛͣΒ͢͜ͱ͕Մೳ • ҉߸Խ͞ΕΔͷͱͦͷૹ৴λΠϛϯάΛ੍ޚͰ͖Δ • ͱ͍͑͜ΕJavaΞϓϨοτΛΘͳ͍ͱ͍͚ͳ͍ɻJava ΞϓϨοτͷผͷ੬ऑੑͰSame-Origin
PolicyΛಥഁ͢Δ
ରࡦ • 0/nׂ • ۭͷϨίʔυΛ1ݸڬΉͱʮલͷϨίʔυ͕ͦͷ··IVʹͳ ΔʯΘΓʹʮલͷϨίʔυΛ҉߸Խͨ͠ͷʯ͕IVʹͳ Δɻ • ͔͠͠Ұ෦ͷϒϥβ͕ඇରԠ
ରࡦ • 1/n-1ׂ • ͡Ό͋ʮ1byteؚ͚ͩΜͩϨίʔυʯͱʮͦΕҎ֎ʯʹ͚ͯ ૹΖ͏ • ཧ্ಈ࡞͢Δͷ͚ͩͲChrome͕ͬͯଟ͘ͷαΠτ͕ݟ Εͳ͘ͳͬͯrevertͨ͠
αʔόʔαΠυͷରࡦ • 2013·ͰσϑΥϧτͰRC4ʹ͢Δ͜ͱ͕ਪ͞Ε͍ͯͨ • ผͷ͕͋Δ(7.5) • RC4ετϦʔϜ҉߸ͳͷͰCBCϞʔυͱ͔ؔͳ͍ • ݱతʹGCMϞʔυΛ͏ɻ࣮࣭ετϦʔϜ҉߸ •
ͬͱɺݱతʹTLS 1.1ରԠΫϥΠΞϯτ͕૿͍͑ͯΔͷ ͰTLS 1.0ΛΘͳ͍ͱ͍͏ͷ͕Ұ൪ͷରࡦ
ྺ࢙ • ༧ଌՄೳͳIVͷ߈ܸ1995ʹIPsecɺ2002ʹSSHʹରͯ͠ܯࠂ ͞Ε͍ͯͨ • 2002ʹTLSʹద༻ՄೳͱΘ͔Δɻ0/nׂ͕ఏҊ͞ΕΔɻ • 2004, 2006ʹGregory Bard͕TLSʹ͓͚ΔCBCͷΛൃදɺ͠
͔͠ݱ࣮తͳ߈ܸͰͳ͍ͱͯ͠ແࢹ͞ΕΔ
ྺ࢙ • 2006ʹTLS 1.1Ͱϓϩτίϧ্ͷղܾΛݟ͕ͨɺΫϥΠΞϯτ ୭࣮ͤͣ • 2011ɺDuongͱRizzoʹΑͬͯBEAST߈ܸ͕։ൃ͞ΕΔɻݱ࣮ తͳڴҖͰ͋ΔͱΈͳ͞ΕΔ • AppleͷରԠ2013ʹͳ͔ͬͯΒ
Өڹ BEASTΫϥΠΞϯτ͔ΒͷσʔλετϦʔϜʹର͢Δ߈ܸɻඪ తWebαʔόʔʹૹ৴͞ΕΔͷ੍͕ޚͰ͖Δඞཁ͕͋Δɻ Ճ͑ͯɺʮαʔόଆͰCBC༏ઌͷઃఆͱTLSѹॖͷແޮԽͷઃఆ͕ ඞཁʯʮJavaΞϓϨοτͷSOPʹର͢Δ੬ऑੑʯ͕ඞཁͰ͋Γɺݱ తʹϦεΫɻ
None
7.3 ѹॖαΠυνϟωϧ߈ܸ CRIMEɺTIMEɺBREACHɺͦΕͱʢաڈʹผͷͱ͜ΖͰղઆͨ͜͠ ͱ͕͋ΔͷͰʣࣥච/༁࣌Ͱଘࡏ͠ͳ͔ͬͨHEIST߈ܸʹ͍ͭ ͯղઆ͢Δɻ ѹॖΛ͍ͯͯ͠ϝοηʔδ͕Θ͔Δͱฏจͷใ͕࿙ΕΔʢʹ αΠυνϟωϧ߈ܸʣɺͱ͍͏ੑ࣭Λͬͨͷɻ TLS 1.3Ͱѹॖ͕ഇࢭ͞Εͨͷ͜ͷΜͷࣄ͔Βɻ
ѹॖΦϥΫϧͷΈ DEFLATEѹॖLZ77ͱϋϑϚϯූ߸ԽΛ͏ɻ͜ΕΒڞ௨ͷ෦ จࣈྻ͕͋Δͱѹॖ͕ޮ͘ɻ LZ77ͷྫ: Google is so googley -> Google
is so g(-13, 5)y ͜ͷੑ࣭Λ༻͍ͯɺʮ࣮ࡍͷCookieʯ+ʮ༧ʯͷΈ߹ΘͤΛϦ ΫΤετ͠ɺѹॖ͕ޮ͍ͨΒʮ༧ʯͷ༰࣮ࡍͷCookieʹ ଘࡏ͢Δʂ→܁Γฦͯ͠શମΛʮ༧ʯʂ
CRIME߈ܸ Compression Ration Info-leak Made Easyͷུɻ σʔλѹॖΛߦ͏HTTPS/SPDY্ΛྲྀΕΔCookieͷ༰Λ෮ݩ͠ɺ ηογϣϯϋΠδϟοΫΛ࣮ݱ͢Δɻ ߈ܸऀ͕҉߸จͷ͞ΛݟΕΔ͜ͱ +
ಉ࣌ʹϒϥβ͔Βෳͷ ૢ࡞͞ΕͨϦΫΤετΛૹΕΔ͜ͱΛલఏʹɺ҉߸จͷ͞Λར ༻ͯ͠ฏจΛׂΓग़͢ख๏ɻ ൃݟऀBEASTͷൃݟऀͱಉ͡2໊ɻ
TIME CRIMEͰ߈ܸऀ͕ϩʔΧϧωοτϫʔΫʹΞΫηε͠ͳ͚Ε ͳΒͳ͍ͱ͍͏੍͕͋ͬͨɻTIME߈ܸͦͷ݅Λ؇ΊΔ ͷɻ I/OͷλΠϛϯάࠩΛonLoadͱonReadyStateChangeΠϕϯτ͔Β ଌΓɺѹॖ͞ΕͨϨίʔυΛଌΔɻ
HEIST 2016ͷBlack HatͰൃද͞ΕͨɺCRIME/BREACHͷ݅Λ؇ΊΔ ͱ͍͏ҙຯͰTIME߈ܸͷϰΝϦΞϯτɻ Service WorkerͷFetch APIΛར༻ͨ࣌ؒ͠ଌఆͱɺHTTP/2ͷ߈ܸ Մೳੑʹ͍ͭͯݴٴ͍ͯͯ͠ɺ͜ΕΒͲͪΒ2013ͷ࣌Ͱ ଘࡏ͠ͳ͔ͬͨɻ http://sylph01.hatenablog.jp/entry/infosecpaper-
ac-20161220 ʹͯղઆهࣄॻ͍ͯΔͷͰৄࡉͦͪΒʹৡΓ·͢
ԿͰ࣌ؒଌఆͰ͕͞Θ͔Δͷʁ TCP Slow Start Algorithm • ϨεϙϯεMaximum Segment Size(MSS)୯Ґʹׂ͞ΕΔ •
࠷ॳinitial congestion windowʢΟϯυʣͷݸͷη άϝϯτ(͍͍ͩͨͷ߹10)͚ͩૹ৴ • ACK͕དྷΔ͝ͱʹcongestion windowΛগͣͭ͠େ͖ͯ͘͠ଳҬ Λ૿͍ͯ͘͠
ख๏ͷେࡶͳ֓ཁ • onLoad/onReadyStateChangeͷൃՐλΠϛϯάʢ·ͨService WorkerͷPromiseͷղܾλΠϛϯάʣ͕Θ͔ΔͷͰɺϨεϙϯε ͷ௨৴͕࣌ؒΘ͔Δ • ͜ΕʹΑͬͯɺϨεϙϯε͕1 windowʹऩ·͔ͬͨɺ2 window Ҏ্ʹͳ͔͕ͬͨΘ͔Δ
• ͳͷͰɺϨεϙϯεʹreflect͞ΕΔΑ͏ͳͷ͞Λগ͍ͣͭ͠ ͬͯ͡ڥքΛ୳Δ͜ͱͰɺຊདྷͷϨεϙϯεͷ͕͞Θ͔Δ
ʢਤ7.6ʣ
None
None
BREACH߈ܸ Browser Reconnaissance and Exfiltration via Adaptive Compression of HypertextͷུɻΑ͘ࢥ͍ͭ͘ͳ͋
CRIME߈ܸͷHTTPS + HTTP compression(gzip, DEFLATE)ʹର͢Δϰ ΝϦΤʔγϣϯɻ CRIME߈ܸ͕HTTP requestʹରͯ͠߈ܸͨ͠ͷʹର͠ɺBREACH߈ ܸHTTP responseʹରͯ͠߈ܸΛ͢ΔɻϦΫΤετͷҰ෦͕Ϩε ϙϯεʹө͞ΕΔ(reflected)͜ͱΛར༻͢Δɻ
߈ܸͷཱ݅ • CRIME٘ਜ਼ऀͷωοτϫʔΫτϥϑΟοΫͷΞΫηε͕ඞ ཁ • ͨͩ͠TIMEʹΑͬͯ݅Λ؇Ͱ͖Δ • JSϚϧΣΞɺಛผʹՃͨ͠URLΛ࣋ͭ<img>λά • (વͳ͕Β)TLSͷѹॖ͕༗ޮͰ͋Δ
• ࣄલ४උͱͯ͠ɺαΠτͷߏͷѲʢ߈ܸରͷcredentialͷ prefixͳͲʣ
߈ܸͷཱ݅ • BREACHωοτϫʔΫτϥϑΟοΫͷΞΫηε͕ඞཁ • ͨͩ͠HEISTʹΑͬͯ݅Λ؇Ͱ͖Δ • ͪ͜ΒTLSͷѹॖͰͳ͘ɺHTTPϨεϙϯεͷѹॖʹରͯ͠ ߈ܸ͢Δ͜ͱʹҙ • ඪతWebαΠτͷதʹɺʮϦΫΤετதͷจࣈྻ͕ө͞ΕΔ
(reflection)ʯՕॴ͕͋Δ͔Ͳ͏͔ͷߏѲ͕ඞཁ
7.3.4, 7.3.5 ؇ࡦ • TLSͷѹॖഇΕ͍ͯΔ(1.3Ͱશഇ) • HTTPͷѹॖΛແޮԽ͢Δͷ͔ͳΓ͍͠ • ϦΫΤετϨʔτΛ੍ޚɻେྔͷϦΫΤετ͕ඞཁ •
༨ܭͳۭനΛೖΕͯຊͷ͞ΛӅ͢ • CSRFରࡦτʔΫϯͷϚεΩϯάʢHTMLʹݱΕΔͷ͕ຊ ͷτʔΫϯͰͳ͍Α͏ʹ͢Δʣ • ෦తʹѹॖΛແޮԽ͢Δ
None
7.4 Lucky 13 ࣍ճʹճ͠·͢