Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
『プロフェッショナルSSL/TLS』読書会 第7章前半資料
Search
sylph01
October 06, 2017
Technology
0
290
『プロフェッショナルSSL/TLS』読書会 第7章前半資料
7.1 〜 7.3まで。
sylph01
October 06, 2017
Tweet
Share
More Decks by sylph01
See All by sylph01
The Definitive? Guide To Locally Organizing RubyKaigi
sylph01
6
1.5k
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too
sylph01
1
99
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too (JP subtitles)
sylph01
2
460
Introduction to C Extensions
sylph01
3
200
"Actual" Security in Microcontroller Ruby!?
sylph01
0
140
Everyone Now Understands AuthZ/AuthN and Encryption Perfectly and I'm Gonna Lose My Job
sylph01
1
62
Updates on PicoRuby Networking, HPKE (and maybe more)
sylph01
1
300
Adding Security to Microcontroller Ruby
sylph01
3
3.6k
Secure Messaging at IETF 118
sylph01
0
110
Other Decks in Technology
See All in Technology
生成AI時代 文字コードを学ぶ意義を見出せるか?
hrsued
1
750
Understanding_Thread_Tuning_for_Inference_Servers_of_Deep_Models.pdf
lycorptech_jp
PRO
0
150
怖くない!はじめてのClaude Code
shinya337
0
310
Core Audio tapを使ったリアルタイム音声処理のお話
yuta0306
0
160
Tech-Verse 2025 Global CTO Session
lycorptech_jp
PRO
0
1.2k
生成AI活用の組織格差を解消する 〜ビジネス職のCursor導入が開発効率に与えた好循環〜 / Closing the Organizational Gap in AI Adoption
upamune
6
4.7k
あなたの声を届けよう! 女性エンジニア登壇の意義とアウトプット実践ガイド #wttjp / Call for Your Voice
kondoyuko
4
520
マーケットプレイス版Oracle WebCenter Content For OCI
oracle4engineer
PRO
3
940
ハッカソン by 生成AIハッカソンvol.05
1ftseabass
PRO
0
150
改めてAWS WAFを振り返る~業務で使うためのポイント~
masakiokuda
1
130
AWS Summit Japan 2025 Community Stage - App workflow automation by AWS Step Functions
matsuihidetoshi
1
310
ビギナーであり続ける/beginning
ikuodanaka
3
480
Featured
See All Featured
The Language of Interfaces
destraynor
158
25k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
124
52k
Thoughts on Productivity
jonyablonski
69
4.7k
Building an army of robots
kneath
306
45k
Statistics for Hackers
jakevdp
799
220k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
5
240
Speed Design
sergeychernyshev
32
1k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
Building a Scalable Design System with Sketch
lauravandoore
462
33k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
357
30k
A Tale of Four Properties
chriscoyier
160
23k
Typedesign – Prime Four
hannesfritz
42
2.7k
Transcript
(7) ϓϩτίϧʹର͢Δ ߈ܸ: 7.1-7.3 @ʰϓϩϑΣογϣφϧSSL/TLSʱಡ ॻձ Ryo Kajiwara (@s01), 10/6/2017
શମײ ࠓઆ໌͢Δ߈ܸख๏ͲΕTLSͷϓϩτίϧͷόʔδϣϯΞο ϓʹΑͬͯݱతʹ༗ޮͰͳ͍ɻ • ҆શͰͳ͍࠶ωΰγΤʔγϣϯɿ࠶ωΰγΤʔγϣϯ֦ு • BEAST: 1.1ͰIVΛຖϨίʔυͰϥϯμϜԽɺ1.3ͰCBCϞʔυࣗମ ഇࢭ •
ѹॖαΠυνϟωϧ: TLSϨίʔυͷѹॖʹ͍ͭͯ1.3Ͱશഇ
7.1 ҆શͰͳ͍࠶ωΰγΤʔγϣϯ ಉ͡TCPίωΫγϣϯͰ࠶TLSϋϯυγΣΠΫΛࢼΈΔͱɺαʔ όʔ͜ΕΛ࠶ωΰγΤʔγϣϯͰ͋ΔͱΈͳ͢ɻ ͜ͷͱ͖ɺݹ͍TLSετϦʔϜͱ৽͍͠TLSετϦʔϜͰܧଓੑ͕ ͳ͘ɺಉ͡૬ख͔Βདྷ͍ͯΔͷ͔Ͳ͏͔Λݕূ͢Δखཱ͕ͯͳ ͔ͬͨ͜ͱʹΑͬͯMITM߈ܸ͕ՄೳͰ͋ͬͨɻ
ʢਤ7.1ʣ
7.1 ҆શͰͳ͍࠶ωΰγΤʔγϣϯ ԿͰϚζ͍ʁˠΞϓϦέʔγϣϯσʔλͷશੑ͕ഁΒΕΔʂ ྫͰɺଓͷ಄ʹҙͷฏจΛૠೖ͢Δ͜ͱʹޭ͍ͯ͠ Δɻ
7.1.2 Ҿ͖ى͜͢ํ๏ • ΫϥΠΞϯτʹΑΔ࠶ωΰγΤʔγϣϯΛڐՄ͍ͯ͠Δαʔό • IISΛআ͘ • Server Gated Cryptography
• ༌ग़༻҉߸ͰωΰγΤʔγϣϯͨ͠ޙΑΓڧ͍҉߸ڧʹ Ҿ্͖͛Δͱ͍͏ํ๏ • ΫϥΠΞϯτূ໌ॻ
7.1.3 HTTPʹର͢Δ߈ܸ 1. ҙͷGETϦΫΤετͷ࣮ߦ GET /path/to/hoge HTTP/1.0 X-Ignore: GET /index.jsp
HTTP/1.0 Cookie: JSESSIONID=XXX X-Ignore:ͷίϩϯ·Ͱ͕߈ܸऀͷϦΫΤετɻ͜͏͢Δͱຊདྷ ͷϦΫΤετͷ1ߦΛϔομԽͯ͠ແࢹ͢Δ͜ͱ͕Ͱ͖ɺҙͷ GETཱ͕͢Δɻ CSRFͱͦΜͳʹมΘΒͳ͍͔Βݟա͝͞Ε͍͕ͯͨ…
2. POSTͷԠ༻ POST /statuses/update.xml HTTP/1.0 Authorization: Basic [߈ܸऀͷcred] Content-Type: application/x-www-form-urlencoded
Content-Length: [ਪଌ͞ΕΔ͞] status=POST /statuses/update.xml HTTP/1.1 Authorization: Basic [٘ਜ਼ऀͷcred] status=ͷ=·Ͱ͕߈ܸऀͷϦΫΤετɻ
2. POSTͷԠ༻ • ಉҰαʔϏε্ͷผͷΞΧϯτΛ͏ • Content-Lengthͷ͞ݫີͳ͞ΛΔඞཁͳ͍ɻͲ͜· Ͱͷ͕͋͞ΕϦΫΤετͷ͏ͪཉ͍͠ใΛॻ͖ग़ͤΔ ͔ɺͱ͍͏͕͞Θ͔ΕΑ͍ɻ • ਪଌ͞ΕΔ͞Λେ͖͘औΓ͗͢ΔͱϦΫΤετ͕ͦΜͳʹ
͘ͳ͍ͷͰࣦഊ͢Δɻ
3. ͦͷଞ • ϦμΠϨΫτͷ༻ • ΦʔϓϯϦμΠϨΫτ͕͋Εͦ͜ʹඈͤΔ • ฏจͷϦμΠϨΫτ͕͋Εࣄ্࣮ฏจ௨৴ʹͰ͖Δ • HTTP
307(Temporary Redirect)Λฦ͢ϦμΠϨΫτ͕ଘࡏ͢Δ ͱɺHTTP 307ϦμΠϨΫτ࣌ಉ͡ϝιουͰϦμΠϨΫ τ͢ΔͨΊɺPOST͕POSTͱͯ͠ϦμΠϨΫτͰ͖Δʂ
3. ͦͷଞ • TRACEϝιουΛͬͯXSSͰ͖Δ • ຊདྷmessage/httpͷContent-Type͕ͩɺ • શͯͷϨεϙϯεΛHTMLͱղऍͪ͠Ό͏ϒϥβͩͱXSS ཱʂ
7.1.4 ଞͷϓϩτίϧ • SMTP: ͦͦূ໌ॻͷνΣοΫΛ͍ͯ͠ͳ͍TLS࣮͕ଟ͍ͷ Ͱɺ͜ͷͱؔͳ͠ʹMITM߈ܸ͕༰қɻ • SMTPʹ͓͚ΔTLSͱαʔό-ΫϥΠΞϯτؒͷ҉߸Խʢͪ͜ ΒΫϥΠΞϯτʹΑͬͯূ໌ॻͷݕূՄʣͱαʔό-αʔ όؒͷϗοϓؒͷ҉߸ԽͳͷͰɺͲͷΈͪαʔόʔͰฏจ
Ͱ͢ɻຊ࣭తʹϝʔϧܦ༝Ͱ҉߸Խ௨৴͍ͨ͠ͳΒS/MIME ূ໌ॻͰݸਓೝূͨ͠ΓPGP͍·͠ΐ͏ • FTPͰӨڹΞϦ
7.1.5 ΞʔΩςΫνϟʹىҼ͢Δ߈ܸ SSLΦϑϩʔυͰऴͱͯ͠ػೳ͢Δαʔόʹ͕͋ͬͨΒ Γ੬ऑɻͦΕͦ͏ɻ ʢͱ͍͑ɺapp server͕TLS௨৴͠ͳ͍͜ͱݱͰଟ͍ ͷͰແࢹͰ͖ͳ͍ʣ
7.1.6 Өڹ • ඪతαΠτ͝ͱͷௐ͕ࠪඞཁͩͬͨΓͯ͠߈ܸ͕ࠔ • ͔͠͠ɺαΠτ͕ࣗಈԽ͍ͯ͠Δͱޭ·ͰԿͰϦΫΤε τ͕ൃߦͰ͖Δ → ޭup •
߈ܸऀʮvictim͕αʔόΛ߈ܸ͍ͯ͠Δʯ͔ͷΑ͏ʹݟ͔͚ͤ Δ͜ͱ͕Ͱ͖Δ
7.1.7, 7.1.8 2010ʹRenegotiation Indicationͱ͍͏ͷͰʮͲ͏ͯ͠࠶ωΰγ Τʔγϣϯ͕ඞཁͳέʔεʯʢʹ·͋ΫϥΠΞϯτূ໌ॻͷ͜ ͱʣΛηΩϡΞʹߦ͏ͨΊͷ֦ு͕ग़ͨɻ ͔͠͠ɿ • ϓϩτίϧͷमਖ਼ʹ6ϲ݄ •
ϥΠϒϥϦ/OSͷύονʹ͞Βʹ12ϲ݄ • ͔ͦ͜Βਁಁ͢Δ·Ͱ͞Βʹ24ϲ݄
None
7.2 BEAST TLS 1.0ҎલͷϓϩτίϧͰ҉߸Խ͞ΕͨσʔλͷҰ෦Λ෮߸͠ൈ ͖ग़ͤΔɺͱ͍͏߈ܸɻ TLS 1.0ʹ͓͚Δʮ༧ଌՄೳͳIVʯΛ͍ɺCBCϞʔυͷ҉߸ʹର͠ ͯ߈ܸΛֻ͚Δͷɻ ಈ࡞ݪཧʹ͍ͭͯɺDavid Wongࢯͷղઆಈը͕͋ΔɻURL
https://www.youtube.com/watch?v=-_8-2pDFvmgʢ"beast attack explanation"Ͱग़ͯ͘Δಈըʣ
CBC with known IV࣮࣭ECB ECBdeterministic encryptionʢܾఆత҉߸Խʣɻಉ͡༰ͷฏ จϒϩοΫಉ͡҉߸จʹͳΔɻ
CBC with known IV࣮࣭ECB ಉ͡༰ͷฏจϒϩοΫಉ͡҉߸จʹͳΔͷͰɺϒϩοΫ୯Ґ (16byte)ͷਪଌͳΒ҉߸ԽΛ ճࢼΈΕ෮߸Ͱ͖ΔʢECBΦϥ Ϋϧ; ͦΕͦ͏ʣɻ CBCϞʔυΛ࣮࣭ECBʹҾ͖Լ͛ɺࢼߦճΛ͞ΒʹݮΒ͢͜ͱ͕
Ͱ͖Δɺͱ͍͏ͷ͕ຊ߈ܸͷझࢫɻ
CBC with known IV࣮࣭ECB CBCʹ͓͚ΔIVͷ͍ճ͠ୈ1ϒϩοΫʹର࣮࣭ͯ͠తʹECBͱಉ ͡ޮՌΛͨΒ͢ɻԼਤʹ͓͍ͯɺblock cipher encryptionͷҾ͕ IVͱฏจ͔ΒߏͰ͖Δ͜ͱʹҙɻ
CBC with known IV࣮࣭ECB ୈ2ϒϩοΫͷฏจ͕Γͨ͘ɺୈ3ϒϩοΫͷฏจ͕ૢ࡞Մೳͱ ͢Δɻ֤ϒϩοΫͷ҉߸จΔ͜ͱ͕Ͱ͖Δɻ
CBC with known IV࣮࣭ECB ԼਤΑΓ ɺ ͜͜Ͱɺ ͱ͢Δͱ:
CBC with known IV࣮࣭ECB ͜͜Ͱ ͳΒ ͱͰ͖Δʂ
༧ଌՄೳͳIVʹ͍ͭͯ TLS 1.0ҎલͰίωΫγϣϯશମΛ1ͭͷϝοηʔδͱΈͳ͠ɺແ ࡞ҝͳIVઌ಄ͷϨίʔυͷΈʹద༻͞Ε͍ͯͨɻ2ͭͷϨίʔ υҎ߱ɺલͷϨίʔυͷ࠷ऴϒϩοΫͷ҉߸จ͕IVͱͳ͍ͬͯ ͨʢΑͬͯ༧ଌՄೳʣɻ 1.1, 1.2ͰϨίʔυ͝ͱʹrandomized IVɻ
࣮ࡍͷ߈ܸ • ύεϫʔυηογϣϯIDΛΔ߹ɺ16byteͰेͰ͋Δ͜ ͱ͕ଟ͍ • ͳͷͰ͍ύεϫʔυΛ͚ͭ·͠ΐ͏… • ηογϣϯID16ਐΤϯίʔυ͞Ε͍ͯΔ͜ͱ͕ଟ͍ • HTTPϝοηʔδͷߏ༧͍͢͠
Ҏ্ΑΓɺ௨ৗΑΓਪଌճΛ͔ͳΓݮΒ͢͜ͱ͕Ͱ͖Δɻ
࣮ࡍͷ߈ܸ ͞ΒʹɺϞμϯϒϥβͰ • ϦΫΤετURIʹ༨ܭͳจࣈΛ͢͜ͱʹΑͬͯɺϦΫΤετͷ தʹ͋ΔػඍใͷҐஔΛͣΒ͢͜ͱ͕Մೳ • ҉߸Խ͞ΕΔͷͱͦͷૹ৴λΠϛϯάΛ੍ޚͰ͖Δ • ͱ͍͑͜ΕJavaΞϓϨοτΛΘͳ͍ͱ͍͚ͳ͍ɻJava ΞϓϨοτͷผͷ੬ऑੑͰSame-Origin
PolicyΛಥഁ͢Δ
ରࡦ • 0/nׂ • ۭͷϨίʔυΛ1ݸڬΉͱʮલͷϨίʔυ͕ͦͷ··IVʹͳ ΔʯΘΓʹʮલͷϨίʔυΛ҉߸Խͨ͠ͷʯ͕IVʹͳ Δɻ • ͔͠͠Ұ෦ͷϒϥβ͕ඇରԠ
ରࡦ • 1/n-1ׂ • ͡Ό͋ʮ1byteؚ͚ͩΜͩϨίʔυʯͱʮͦΕҎ֎ʯʹ͚ͯ ૹΖ͏ • ཧ্ಈ࡞͢Δͷ͚ͩͲChrome͕ͬͯଟ͘ͷαΠτ͕ݟ Εͳ͘ͳͬͯrevertͨ͠
αʔόʔαΠυͷରࡦ • 2013·ͰσϑΥϧτͰRC4ʹ͢Δ͜ͱ͕ਪ͞Ε͍ͯͨ • ผͷ͕͋Δ(7.5) • RC4ετϦʔϜ҉߸ͳͷͰCBCϞʔυͱ͔ؔͳ͍ • ݱతʹGCMϞʔυΛ͏ɻ࣮࣭ετϦʔϜ҉߸ •
ͬͱɺݱతʹTLS 1.1ରԠΫϥΠΞϯτ͕૿͍͑ͯΔͷ ͰTLS 1.0ΛΘͳ͍ͱ͍͏ͷ͕Ұ൪ͷରࡦ
ྺ࢙ • ༧ଌՄೳͳIVͷ߈ܸ1995ʹIPsecɺ2002ʹSSHʹରͯ͠ܯࠂ ͞Ε͍ͯͨ • 2002ʹTLSʹద༻ՄೳͱΘ͔Δɻ0/nׂ͕ఏҊ͞ΕΔɻ • 2004, 2006ʹGregory Bard͕TLSʹ͓͚ΔCBCͷΛൃදɺ͠
͔͠ݱ࣮తͳ߈ܸͰͳ͍ͱͯ͠ແࢹ͞ΕΔ
ྺ࢙ • 2006ʹTLS 1.1Ͱϓϩτίϧ্ͷղܾΛݟ͕ͨɺΫϥΠΞϯτ ୭࣮ͤͣ • 2011ɺDuongͱRizzoʹΑͬͯBEAST߈ܸ͕։ൃ͞ΕΔɻݱ࣮ తͳڴҖͰ͋ΔͱΈͳ͞ΕΔ • AppleͷରԠ2013ʹͳ͔ͬͯΒ
Өڹ BEASTΫϥΠΞϯτ͔ΒͷσʔλετϦʔϜʹର͢Δ߈ܸɻඪ తWebαʔόʔʹૹ৴͞ΕΔͷ੍͕ޚͰ͖Δඞཁ͕͋Δɻ Ճ͑ͯɺʮαʔόଆͰCBC༏ઌͷઃఆͱTLSѹॖͷແޮԽͷઃఆ͕ ඞཁʯʮJavaΞϓϨοτͷSOPʹର͢Δ੬ऑੑʯ͕ඞཁͰ͋Γɺݱ తʹϦεΫɻ
None
7.3 ѹॖαΠυνϟωϧ߈ܸ CRIMEɺTIMEɺBREACHɺͦΕͱʢաڈʹผͷͱ͜ΖͰղઆͨ͜͠ ͱ͕͋ΔͷͰʣࣥච/༁࣌Ͱଘࡏ͠ͳ͔ͬͨHEIST߈ܸʹ͍ͭ ͯղઆ͢Δɻ ѹॖΛ͍ͯͯ͠ϝοηʔδ͕Θ͔Δͱฏจͷใ͕࿙ΕΔʢʹ αΠυνϟωϧ߈ܸʣɺͱ͍͏ੑ࣭Λͬͨͷɻ TLS 1.3Ͱѹॖ͕ഇࢭ͞Εͨͷ͜ͷΜͷࣄ͔Βɻ
ѹॖΦϥΫϧͷΈ DEFLATEѹॖLZ77ͱϋϑϚϯූ߸ԽΛ͏ɻ͜ΕΒڞ௨ͷ෦ จࣈྻ͕͋Δͱѹॖ͕ޮ͘ɻ LZ77ͷྫ: Google is so googley -> Google
is so g(-13, 5)y ͜ͷੑ࣭Λ༻͍ͯɺʮ࣮ࡍͷCookieʯ+ʮ༧ʯͷΈ߹ΘͤΛϦ ΫΤετ͠ɺѹॖ͕ޮ͍ͨΒʮ༧ʯͷ༰࣮ࡍͷCookieʹ ଘࡏ͢Δʂ→܁Γฦͯ͠શମΛʮ༧ʯʂ
CRIME߈ܸ Compression Ration Info-leak Made Easyͷུɻ σʔλѹॖΛߦ͏HTTPS/SPDY্ΛྲྀΕΔCookieͷ༰Λ෮ݩ͠ɺ ηογϣϯϋΠδϟοΫΛ࣮ݱ͢Δɻ ߈ܸऀ͕҉߸จͷ͞ΛݟΕΔ͜ͱ +
ಉ࣌ʹϒϥβ͔Βෳͷ ૢ࡞͞ΕͨϦΫΤετΛૹΕΔ͜ͱΛલఏʹɺ҉߸จͷ͞Λར ༻ͯ͠ฏจΛׂΓग़͢ख๏ɻ ൃݟऀBEASTͷൃݟऀͱಉ͡2໊ɻ
TIME CRIMEͰ߈ܸऀ͕ϩʔΧϧωοτϫʔΫʹΞΫηε͠ͳ͚Ε ͳΒͳ͍ͱ͍͏੍͕͋ͬͨɻTIME߈ܸͦͷ݅Λ؇ΊΔ ͷɻ I/OͷλΠϛϯάࠩΛonLoadͱonReadyStateChangeΠϕϯτ͔Β ଌΓɺѹॖ͞ΕͨϨίʔυΛଌΔɻ
HEIST 2016ͷBlack HatͰൃද͞ΕͨɺCRIME/BREACHͷ݅Λ؇ΊΔ ͱ͍͏ҙຯͰTIME߈ܸͷϰΝϦΞϯτɻ Service WorkerͷFetch APIΛར༻ͨ࣌ؒ͠ଌఆͱɺHTTP/2ͷ߈ܸ Մೳੑʹ͍ͭͯݴٴ͍ͯͯ͠ɺ͜ΕΒͲͪΒ2013ͷ࣌Ͱ ଘࡏ͠ͳ͔ͬͨɻ http://sylph01.hatenablog.jp/entry/infosecpaper-
ac-20161220 ʹͯղઆهࣄॻ͍ͯΔͷͰৄࡉͦͪΒʹৡΓ·͢
ԿͰ࣌ؒଌఆͰ͕͞Θ͔Δͷʁ TCP Slow Start Algorithm • ϨεϙϯεMaximum Segment Size(MSS)୯Ґʹׂ͞ΕΔ •
࠷ॳinitial congestion windowʢΟϯυʣͷݸͷη άϝϯτ(͍͍ͩͨͷ߹10)͚ͩૹ৴ • ACK͕དྷΔ͝ͱʹcongestion windowΛগͣͭ͠େ͖ͯ͘͠ଳҬ Λ૿͍ͯ͘͠
ख๏ͷେࡶͳ֓ཁ • onLoad/onReadyStateChangeͷൃՐλΠϛϯάʢ·ͨService WorkerͷPromiseͷղܾλΠϛϯάʣ͕Θ͔ΔͷͰɺϨεϙϯε ͷ௨৴͕࣌ؒΘ͔Δ • ͜ΕʹΑͬͯɺϨεϙϯε͕1 windowʹऩ·͔ͬͨɺ2 window Ҏ্ʹͳ͔͕ͬͨΘ͔Δ
• ͳͷͰɺϨεϙϯεʹreflect͞ΕΔΑ͏ͳͷ͞Λগ͍ͣͭ͠ ͬͯ͡ڥքΛ୳Δ͜ͱͰɺຊདྷͷϨεϙϯεͷ͕͞Θ͔Δ
ʢਤ7.6ʣ
None
None
BREACH߈ܸ Browser Reconnaissance and Exfiltration via Adaptive Compression of HypertextͷུɻΑ͘ࢥ͍ͭ͘ͳ͋
CRIME߈ܸͷHTTPS + HTTP compression(gzip, DEFLATE)ʹର͢Δϰ ΝϦΤʔγϣϯɻ CRIME߈ܸ͕HTTP requestʹରͯ͠߈ܸͨ͠ͷʹର͠ɺBREACH߈ ܸHTTP responseʹରͯ͠߈ܸΛ͢ΔɻϦΫΤετͷҰ෦͕Ϩε ϙϯεʹө͞ΕΔ(reflected)͜ͱΛར༻͢Δɻ
߈ܸͷཱ݅ • CRIME٘ਜ਼ऀͷωοτϫʔΫτϥϑΟοΫͷΞΫηε͕ඞ ཁ • ͨͩ͠TIMEʹΑͬͯ݅Λ؇Ͱ͖Δ • JSϚϧΣΞɺಛผʹՃͨ͠URLΛ࣋ͭ<img>λά • (વͳ͕Β)TLSͷѹॖ͕༗ޮͰ͋Δ
• ࣄલ४උͱͯ͠ɺαΠτͷߏͷѲʢ߈ܸରͷcredentialͷ prefixͳͲʣ
߈ܸͷཱ݅ • BREACHωοτϫʔΫτϥϑΟοΫͷΞΫηε͕ඞཁ • ͨͩ͠HEISTʹΑͬͯ݅Λ؇Ͱ͖Δ • ͪ͜ΒTLSͷѹॖͰͳ͘ɺHTTPϨεϙϯεͷѹॖʹରͯ͠ ߈ܸ͢Δ͜ͱʹҙ • ඪతWebαΠτͷதʹɺʮϦΫΤετதͷจࣈྻ͕ө͞ΕΔ
(reflection)ʯՕॴ͕͋Δ͔Ͳ͏͔ͷߏѲ͕ඞཁ
7.3.4, 7.3.5 ؇ࡦ • TLSͷѹॖഇΕ͍ͯΔ(1.3Ͱશഇ) • HTTPͷѹॖΛແޮԽ͢Δͷ͔ͳΓ͍͠ • ϦΫΤετϨʔτΛ੍ޚɻେྔͷϦΫΤετ͕ඞཁ •
༨ܭͳۭനΛೖΕͯຊͷ͞ΛӅ͢ • CSRFରࡦτʔΫϯͷϚεΩϯάʢHTMLʹݱΕΔͷ͕ຊ ͷτʔΫϯͰͳ͍Α͏ʹ͢Δʣ • ෦తʹѹॖΛແޮԽ͢Δ
None
7.4 Lucky 13 ࣍ճʹճ͠·͢