Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
『プロフェッショナルSSL/TLS』読書会 第7章前半資料
Search
sylph01
October 06, 2017
Technology
0
290
『プロフェッショナルSSL/TLS』読書会 第7章前半資料
7.1 〜 7.3まで。
sylph01
October 06, 2017
Tweet
Share
More Decks by sylph01
See All by sylph01
"Actual" Security in Microcontroller Ruby!?
sylph01
0
94
Everyone Now Understands AuthZ/AuthN and Encryption Perfectly and I'm Gonna Lose My Job
sylph01
1
35
Updates on PicoRuby Networking, HPKE (and maybe more)
sylph01
1
250
Adding Security to Microcontroller Ruby
sylph01
2
3.3k
Secure Messaging at IETF 118
sylph01
0
85
Adventures in the Dungeons of OpenSSL
sylph01
0
530
Community & RubyKaigi Showcase @ Ehime.rb Reboot Meetup
sylph01
0
330
Build and Learn Rails Authentication
sylph01
8
2.1k
Email, Messaging, and Self-Sovereign Identity (2021/05/28 edition)
sylph01
0
310
Other Decks in Technology
See All in Technology
開発者体験を定量的に把握する手法と活用事例
ham0215
0
120
株式会社Awarefy(アウェアファイ)会社説明資料 / Awarefy-Company-Deck
awarefy
3
12k
データモデルYANGの処理系を再発明した話
tjmtrhs
0
240
MIMEと文字コードの闇
hirachan
2
1.5k
Cracking the Coding Interview 6th Edition
gdplabs
14
28k
大規模アジャイルフレームワークから学ぶエンジニアマネジメントの本質
staka121
PRO
3
1.5k
Охота на косуль у древних
ashapiro
0
120
Amazon Aurora のバージョンアップ手法について
smt7174
2
180
JAWS FESTA 2024「バスロケ」GPS×サーバーレスの開発と運用の舞台裏/jawsfesta2024-bus-gps-serverless
ma2shita
3
310
AWSではじめる Web APIテスト実践ガイド / A practical guide to testing Web APIs on AWS
yokawasa
8
770
役員・マネージャー・著者・エンジニアそれぞれの立場から見たAWS認定資格
nrinetcom
PRO
4
6.6k
プルリクエストレビューを終わらせるためのチーム体制 / The Team for Completing Pull Request Reviews
nekonenene
2
990
Featured
See All Featured
Side Projects
sachag
452
42k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
6
580
Why Our Code Smells
bkeepers
PRO
336
57k
Music & Morning Musume
bryan
46
6.4k
Being A Developer After 40
akosma
89
590k
jQuery: Nuts, Bolts and Bling
dougneiner
63
7.7k
VelocityConf: Rendering Performance Case Studies
addyosmani
328
24k
The Pragmatic Product Professional
lauravandoore
32
6.4k
For a Future-Friendly Web
brad_frost
176
9.6k
GraphQLとの向き合い方2022年版
quramy
44
14k
Measuring & Analyzing Core Web Vitals
bluesmoon
6
260
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
32
2.2k
Transcript
(7) ϓϩτίϧʹର͢Δ ߈ܸ: 7.1-7.3 @ʰϓϩϑΣογϣφϧSSL/TLSʱಡ ॻձ Ryo Kajiwara (@s01), 10/6/2017
શମײ ࠓઆ໌͢Δ߈ܸख๏ͲΕTLSͷϓϩτίϧͷόʔδϣϯΞο ϓʹΑͬͯݱతʹ༗ޮͰͳ͍ɻ • ҆શͰͳ͍࠶ωΰγΤʔγϣϯɿ࠶ωΰγΤʔγϣϯ֦ு • BEAST: 1.1ͰIVΛຖϨίʔυͰϥϯμϜԽɺ1.3ͰCBCϞʔυࣗମ ഇࢭ •
ѹॖαΠυνϟωϧ: TLSϨίʔυͷѹॖʹ͍ͭͯ1.3Ͱશഇ
7.1 ҆શͰͳ͍࠶ωΰγΤʔγϣϯ ಉ͡TCPίωΫγϣϯͰ࠶TLSϋϯυγΣΠΫΛࢼΈΔͱɺαʔ όʔ͜ΕΛ࠶ωΰγΤʔγϣϯͰ͋ΔͱΈͳ͢ɻ ͜ͷͱ͖ɺݹ͍TLSετϦʔϜͱ৽͍͠TLSετϦʔϜͰܧଓੑ͕ ͳ͘ɺಉ͡૬ख͔Βདྷ͍ͯΔͷ͔Ͳ͏͔Λݕূ͢Δखཱ͕ͯͳ ͔ͬͨ͜ͱʹΑͬͯMITM߈ܸ͕ՄೳͰ͋ͬͨɻ
ʢਤ7.1ʣ
7.1 ҆શͰͳ͍࠶ωΰγΤʔγϣϯ ԿͰϚζ͍ʁˠΞϓϦέʔγϣϯσʔλͷશੑ͕ഁΒΕΔʂ ྫͰɺଓͷ಄ʹҙͷฏจΛૠೖ͢Δ͜ͱʹޭ͍ͯ͠ Δɻ
7.1.2 Ҿ͖ى͜͢ํ๏ • ΫϥΠΞϯτʹΑΔ࠶ωΰγΤʔγϣϯΛڐՄ͍ͯ͠Δαʔό • IISΛআ͘ • Server Gated Cryptography
• ༌ग़༻҉߸ͰωΰγΤʔγϣϯͨ͠ޙΑΓڧ͍҉߸ڧʹ Ҿ্͖͛Δͱ͍͏ํ๏ • ΫϥΠΞϯτূ໌ॻ
7.1.3 HTTPʹର͢Δ߈ܸ 1. ҙͷGETϦΫΤετͷ࣮ߦ GET /path/to/hoge HTTP/1.0 X-Ignore: GET /index.jsp
HTTP/1.0 Cookie: JSESSIONID=XXX X-Ignore:ͷίϩϯ·Ͱ͕߈ܸऀͷϦΫΤετɻ͜͏͢Δͱຊདྷ ͷϦΫΤετͷ1ߦΛϔομԽͯ͠ແࢹ͢Δ͜ͱ͕Ͱ͖ɺҙͷ GETཱ͕͢Δɻ CSRFͱͦΜͳʹมΘΒͳ͍͔Βݟա͝͞Ε͍͕ͯͨ…
2. POSTͷԠ༻ POST /statuses/update.xml HTTP/1.0 Authorization: Basic [߈ܸऀͷcred] Content-Type: application/x-www-form-urlencoded
Content-Length: [ਪଌ͞ΕΔ͞] status=POST /statuses/update.xml HTTP/1.1 Authorization: Basic [٘ਜ਼ऀͷcred] status=ͷ=·Ͱ͕߈ܸऀͷϦΫΤετɻ
2. POSTͷԠ༻ • ಉҰαʔϏε্ͷผͷΞΧϯτΛ͏ • Content-Lengthͷ͞ݫີͳ͞ΛΔඞཁͳ͍ɻͲ͜· Ͱͷ͕͋͞ΕϦΫΤετͷ͏ͪཉ͍͠ใΛॻ͖ग़ͤΔ ͔ɺͱ͍͏͕͞Θ͔ΕΑ͍ɻ • ਪଌ͞ΕΔ͞Λେ͖͘औΓ͗͢ΔͱϦΫΤετ͕ͦΜͳʹ
͘ͳ͍ͷͰࣦഊ͢Δɻ
3. ͦͷଞ • ϦμΠϨΫτͷ༻ • ΦʔϓϯϦμΠϨΫτ͕͋Εͦ͜ʹඈͤΔ • ฏจͷϦμΠϨΫτ͕͋Εࣄ্࣮ฏจ௨৴ʹͰ͖Δ • HTTP
307(Temporary Redirect)Λฦ͢ϦμΠϨΫτ͕ଘࡏ͢Δ ͱɺHTTP 307ϦμΠϨΫτ࣌ಉ͡ϝιουͰϦμΠϨΫ τ͢ΔͨΊɺPOST͕POSTͱͯ͠ϦμΠϨΫτͰ͖Δʂ
3. ͦͷଞ • TRACEϝιουΛͬͯXSSͰ͖Δ • ຊདྷmessage/httpͷContent-Type͕ͩɺ • શͯͷϨεϙϯεΛHTMLͱղऍͪ͠Ό͏ϒϥβͩͱXSS ཱʂ
7.1.4 ଞͷϓϩτίϧ • SMTP: ͦͦূ໌ॻͷνΣοΫΛ͍ͯ͠ͳ͍TLS࣮͕ଟ͍ͷ Ͱɺ͜ͷͱؔͳ͠ʹMITM߈ܸ͕༰қɻ • SMTPʹ͓͚ΔTLSͱαʔό-ΫϥΠΞϯτؒͷ҉߸Խʢͪ͜ ΒΫϥΠΞϯτʹΑͬͯূ໌ॻͷݕূՄʣͱαʔό-αʔ όؒͷϗοϓؒͷ҉߸ԽͳͷͰɺͲͷΈͪαʔόʔͰฏจ
Ͱ͢ɻຊ࣭తʹϝʔϧܦ༝Ͱ҉߸Խ௨৴͍ͨ͠ͳΒS/MIME ূ໌ॻͰݸਓೝূͨ͠ΓPGP͍·͠ΐ͏ • FTPͰӨڹΞϦ
7.1.5 ΞʔΩςΫνϟʹىҼ͢Δ߈ܸ SSLΦϑϩʔυͰऴͱͯ͠ػೳ͢Δαʔόʹ͕͋ͬͨΒ Γ੬ऑɻͦΕͦ͏ɻ ʢͱ͍͑ɺapp server͕TLS௨৴͠ͳ͍͜ͱݱͰଟ͍ ͷͰແࢹͰ͖ͳ͍ʣ
7.1.6 Өڹ • ඪతαΠτ͝ͱͷௐ͕ࠪඞཁͩͬͨΓͯ͠߈ܸ͕ࠔ • ͔͠͠ɺαΠτ͕ࣗಈԽ͍ͯ͠Δͱޭ·ͰԿͰϦΫΤε τ͕ൃߦͰ͖Δ → ޭup •
߈ܸऀʮvictim͕αʔόΛ߈ܸ͍ͯ͠Δʯ͔ͷΑ͏ʹݟ͔͚ͤ Δ͜ͱ͕Ͱ͖Δ
7.1.7, 7.1.8 2010ʹRenegotiation Indicationͱ͍͏ͷͰʮͲ͏ͯ͠࠶ωΰγ Τʔγϣϯ͕ඞཁͳέʔεʯʢʹ·͋ΫϥΠΞϯτূ໌ॻͷ͜ ͱʣΛηΩϡΞʹߦ͏ͨΊͷ֦ு͕ग़ͨɻ ͔͠͠ɿ • ϓϩτίϧͷमਖ਼ʹ6ϲ݄ •
ϥΠϒϥϦ/OSͷύονʹ͞Βʹ12ϲ݄ • ͔ͦ͜Βਁಁ͢Δ·Ͱ͞Βʹ24ϲ݄
None
7.2 BEAST TLS 1.0ҎલͷϓϩτίϧͰ҉߸Խ͞ΕͨσʔλͷҰ෦Λ෮߸͠ൈ ͖ग़ͤΔɺͱ͍͏߈ܸɻ TLS 1.0ʹ͓͚Δʮ༧ଌՄೳͳIVʯΛ͍ɺCBCϞʔυͷ҉߸ʹର͠ ͯ߈ܸΛֻ͚Δͷɻ ಈ࡞ݪཧʹ͍ͭͯɺDavid Wongࢯͷղઆಈը͕͋ΔɻURL
https://www.youtube.com/watch?v=-_8-2pDFvmgʢ"beast attack explanation"Ͱग़ͯ͘Δಈըʣ
CBC with known IV࣮࣭ECB ECBdeterministic encryptionʢܾఆత҉߸Խʣɻಉ͡༰ͷฏ จϒϩοΫಉ͡҉߸จʹͳΔɻ
CBC with known IV࣮࣭ECB ಉ͡༰ͷฏจϒϩοΫಉ͡҉߸จʹͳΔͷͰɺϒϩοΫ୯Ґ (16byte)ͷਪଌͳΒ҉߸ԽΛ ճࢼΈΕ෮߸Ͱ͖ΔʢECBΦϥ Ϋϧ; ͦΕͦ͏ʣɻ CBCϞʔυΛ࣮࣭ECBʹҾ͖Լ͛ɺࢼߦճΛ͞ΒʹݮΒ͢͜ͱ͕
Ͱ͖Δɺͱ͍͏ͷ͕ຊ߈ܸͷझࢫɻ
CBC with known IV࣮࣭ECB CBCʹ͓͚ΔIVͷ͍ճ͠ୈ1ϒϩοΫʹର࣮࣭ͯ͠తʹECBͱಉ ͡ޮՌΛͨΒ͢ɻԼਤʹ͓͍ͯɺblock cipher encryptionͷҾ͕ IVͱฏจ͔ΒߏͰ͖Δ͜ͱʹҙɻ
CBC with known IV࣮࣭ECB ୈ2ϒϩοΫͷฏจ͕Γͨ͘ɺୈ3ϒϩοΫͷฏจ͕ૢ࡞Մೳͱ ͢Δɻ֤ϒϩοΫͷ҉߸จΔ͜ͱ͕Ͱ͖Δɻ
CBC with known IV࣮࣭ECB ԼਤΑΓ ɺ ͜͜Ͱɺ ͱ͢Δͱ:
CBC with known IV࣮࣭ECB ͜͜Ͱ ͳΒ ͱͰ͖Δʂ
༧ଌՄೳͳIVʹ͍ͭͯ TLS 1.0ҎલͰίωΫγϣϯશମΛ1ͭͷϝοηʔδͱΈͳ͠ɺແ ࡞ҝͳIVઌ಄ͷϨίʔυͷΈʹద༻͞Ε͍ͯͨɻ2ͭͷϨίʔ υҎ߱ɺલͷϨίʔυͷ࠷ऴϒϩοΫͷ҉߸จ͕IVͱͳ͍ͬͯ ͨʢΑͬͯ༧ଌՄೳʣɻ 1.1, 1.2ͰϨίʔυ͝ͱʹrandomized IVɻ
࣮ࡍͷ߈ܸ • ύεϫʔυηογϣϯIDΛΔ߹ɺ16byteͰेͰ͋Δ͜ ͱ͕ଟ͍ • ͳͷͰ͍ύεϫʔυΛ͚ͭ·͠ΐ͏… • ηογϣϯID16ਐΤϯίʔυ͞Ε͍ͯΔ͜ͱ͕ଟ͍ • HTTPϝοηʔδͷߏ༧͍͢͠
Ҏ্ΑΓɺ௨ৗΑΓਪଌճΛ͔ͳΓݮΒ͢͜ͱ͕Ͱ͖Δɻ
࣮ࡍͷ߈ܸ ͞ΒʹɺϞμϯϒϥβͰ • ϦΫΤετURIʹ༨ܭͳจࣈΛ͢͜ͱʹΑͬͯɺϦΫΤετͷ தʹ͋ΔػඍใͷҐஔΛͣΒ͢͜ͱ͕Մೳ • ҉߸Խ͞ΕΔͷͱͦͷૹ৴λΠϛϯάΛ੍ޚͰ͖Δ • ͱ͍͑͜ΕJavaΞϓϨοτΛΘͳ͍ͱ͍͚ͳ͍ɻJava ΞϓϨοτͷผͷ੬ऑੑͰSame-Origin
PolicyΛಥഁ͢Δ
ରࡦ • 0/nׂ • ۭͷϨίʔυΛ1ݸڬΉͱʮલͷϨίʔυ͕ͦͷ··IVʹͳ ΔʯΘΓʹʮલͷϨίʔυΛ҉߸Խͨ͠ͷʯ͕IVʹͳ Δɻ • ͔͠͠Ұ෦ͷϒϥβ͕ඇରԠ
ରࡦ • 1/n-1ׂ • ͡Ό͋ʮ1byteؚ͚ͩΜͩϨίʔυʯͱʮͦΕҎ֎ʯʹ͚ͯ ૹΖ͏ • ཧ্ಈ࡞͢Δͷ͚ͩͲChrome͕ͬͯଟ͘ͷαΠτ͕ݟ Εͳ͘ͳͬͯrevertͨ͠
αʔόʔαΠυͷରࡦ • 2013·ͰσϑΥϧτͰRC4ʹ͢Δ͜ͱ͕ਪ͞Ε͍ͯͨ • ผͷ͕͋Δ(7.5) • RC4ετϦʔϜ҉߸ͳͷͰCBCϞʔυͱ͔ؔͳ͍ • ݱతʹGCMϞʔυΛ͏ɻ࣮࣭ετϦʔϜ҉߸ •
ͬͱɺݱతʹTLS 1.1ରԠΫϥΠΞϯτ͕૿͍͑ͯΔͷ ͰTLS 1.0ΛΘͳ͍ͱ͍͏ͷ͕Ұ൪ͷରࡦ
ྺ࢙ • ༧ଌՄೳͳIVͷ߈ܸ1995ʹIPsecɺ2002ʹSSHʹରͯ͠ܯࠂ ͞Ε͍ͯͨ • 2002ʹTLSʹద༻ՄೳͱΘ͔Δɻ0/nׂ͕ఏҊ͞ΕΔɻ • 2004, 2006ʹGregory Bard͕TLSʹ͓͚ΔCBCͷΛൃදɺ͠
͔͠ݱ࣮తͳ߈ܸͰͳ͍ͱͯ͠ແࢹ͞ΕΔ
ྺ࢙ • 2006ʹTLS 1.1Ͱϓϩτίϧ্ͷղܾΛݟ͕ͨɺΫϥΠΞϯτ ୭࣮ͤͣ • 2011ɺDuongͱRizzoʹΑͬͯBEAST߈ܸ͕։ൃ͞ΕΔɻݱ࣮ తͳڴҖͰ͋ΔͱΈͳ͞ΕΔ • AppleͷରԠ2013ʹͳ͔ͬͯΒ
Өڹ BEASTΫϥΠΞϯτ͔ΒͷσʔλετϦʔϜʹର͢Δ߈ܸɻඪ తWebαʔόʔʹૹ৴͞ΕΔͷ੍͕ޚͰ͖Δඞཁ͕͋Δɻ Ճ͑ͯɺʮαʔόଆͰCBC༏ઌͷઃఆͱTLSѹॖͷແޮԽͷઃఆ͕ ඞཁʯʮJavaΞϓϨοτͷSOPʹର͢Δ੬ऑੑʯ͕ඞཁͰ͋Γɺݱ తʹϦεΫɻ
None
7.3 ѹॖαΠυνϟωϧ߈ܸ CRIMEɺTIMEɺBREACHɺͦΕͱʢաڈʹผͷͱ͜ΖͰղઆͨ͜͠ ͱ͕͋ΔͷͰʣࣥච/༁࣌Ͱଘࡏ͠ͳ͔ͬͨHEIST߈ܸʹ͍ͭ ͯղઆ͢Δɻ ѹॖΛ͍ͯͯ͠ϝοηʔδ͕Θ͔Δͱฏจͷใ͕࿙ΕΔʢʹ αΠυνϟωϧ߈ܸʣɺͱ͍͏ੑ࣭Λͬͨͷɻ TLS 1.3Ͱѹॖ͕ഇࢭ͞Εͨͷ͜ͷΜͷࣄ͔Βɻ
ѹॖΦϥΫϧͷΈ DEFLATEѹॖLZ77ͱϋϑϚϯූ߸ԽΛ͏ɻ͜ΕΒڞ௨ͷ෦ จࣈྻ͕͋Δͱѹॖ͕ޮ͘ɻ LZ77ͷྫ: Google is so googley -> Google
is so g(-13, 5)y ͜ͷੑ࣭Λ༻͍ͯɺʮ࣮ࡍͷCookieʯ+ʮ༧ʯͷΈ߹ΘͤΛϦ ΫΤετ͠ɺѹॖ͕ޮ͍ͨΒʮ༧ʯͷ༰࣮ࡍͷCookieʹ ଘࡏ͢Δʂ→܁Γฦͯ͠શମΛʮ༧ʯʂ
CRIME߈ܸ Compression Ration Info-leak Made Easyͷུɻ σʔλѹॖΛߦ͏HTTPS/SPDY্ΛྲྀΕΔCookieͷ༰Λ෮ݩ͠ɺ ηογϣϯϋΠδϟοΫΛ࣮ݱ͢Δɻ ߈ܸऀ͕҉߸จͷ͞ΛݟΕΔ͜ͱ +
ಉ࣌ʹϒϥβ͔Βෳͷ ૢ࡞͞ΕͨϦΫΤετΛૹΕΔ͜ͱΛલఏʹɺ҉߸จͷ͞Λར ༻ͯ͠ฏจΛׂΓग़͢ख๏ɻ ൃݟऀBEASTͷൃݟऀͱಉ͡2໊ɻ
TIME CRIMEͰ߈ܸऀ͕ϩʔΧϧωοτϫʔΫʹΞΫηε͠ͳ͚Ε ͳΒͳ͍ͱ͍͏੍͕͋ͬͨɻTIME߈ܸͦͷ݅Λ؇ΊΔ ͷɻ I/OͷλΠϛϯάࠩΛonLoadͱonReadyStateChangeΠϕϯτ͔Β ଌΓɺѹॖ͞ΕͨϨίʔυΛଌΔɻ
HEIST 2016ͷBlack HatͰൃද͞ΕͨɺCRIME/BREACHͷ݅Λ؇ΊΔ ͱ͍͏ҙຯͰTIME߈ܸͷϰΝϦΞϯτɻ Service WorkerͷFetch APIΛར༻ͨ࣌ؒ͠ଌఆͱɺHTTP/2ͷ߈ܸ Մೳੑʹ͍ͭͯݴٴ͍ͯͯ͠ɺ͜ΕΒͲͪΒ2013ͷ࣌Ͱ ଘࡏ͠ͳ͔ͬͨɻ http://sylph01.hatenablog.jp/entry/infosecpaper-
ac-20161220 ʹͯղઆهࣄॻ͍ͯΔͷͰৄࡉͦͪΒʹৡΓ·͢
ԿͰ࣌ؒଌఆͰ͕͞Θ͔Δͷʁ TCP Slow Start Algorithm • ϨεϙϯεMaximum Segment Size(MSS)୯Ґʹׂ͞ΕΔ •
࠷ॳinitial congestion windowʢΟϯυʣͷݸͷη άϝϯτ(͍͍ͩͨͷ߹10)͚ͩૹ৴ • ACK͕དྷΔ͝ͱʹcongestion windowΛগͣͭ͠େ͖ͯ͘͠ଳҬ Λ૿͍ͯ͘͠
ख๏ͷେࡶͳ֓ཁ • onLoad/onReadyStateChangeͷൃՐλΠϛϯάʢ·ͨService WorkerͷPromiseͷղܾλΠϛϯάʣ͕Θ͔ΔͷͰɺϨεϙϯε ͷ௨৴͕࣌ؒΘ͔Δ • ͜ΕʹΑͬͯɺϨεϙϯε͕1 windowʹऩ·͔ͬͨɺ2 window Ҏ্ʹͳ͔͕ͬͨΘ͔Δ
• ͳͷͰɺϨεϙϯεʹreflect͞ΕΔΑ͏ͳͷ͞Λগ͍ͣͭ͠ ͬͯ͡ڥքΛ୳Δ͜ͱͰɺຊདྷͷϨεϙϯεͷ͕͞Θ͔Δ
ʢਤ7.6ʣ
None
None
BREACH߈ܸ Browser Reconnaissance and Exfiltration via Adaptive Compression of HypertextͷུɻΑ͘ࢥ͍ͭ͘ͳ͋
CRIME߈ܸͷHTTPS + HTTP compression(gzip, DEFLATE)ʹର͢Δϰ ΝϦΤʔγϣϯɻ CRIME߈ܸ͕HTTP requestʹରͯ͠߈ܸͨ͠ͷʹର͠ɺBREACH߈ ܸHTTP responseʹରͯ͠߈ܸΛ͢ΔɻϦΫΤετͷҰ෦͕Ϩε ϙϯεʹө͞ΕΔ(reflected)͜ͱΛར༻͢Δɻ
߈ܸͷཱ݅ • CRIME٘ਜ਼ऀͷωοτϫʔΫτϥϑΟοΫͷΞΫηε͕ඞ ཁ • ͨͩ͠TIMEʹΑͬͯ݅Λ؇Ͱ͖Δ • JSϚϧΣΞɺಛผʹՃͨ͠URLΛ࣋ͭ<img>λά • (વͳ͕Β)TLSͷѹॖ͕༗ޮͰ͋Δ
• ࣄલ४උͱͯ͠ɺαΠτͷߏͷѲʢ߈ܸରͷcredentialͷ prefixͳͲʣ
߈ܸͷཱ݅ • BREACHωοτϫʔΫτϥϑΟοΫͷΞΫηε͕ඞཁ • ͨͩ͠HEISTʹΑͬͯ݅Λ؇Ͱ͖Δ • ͪ͜ΒTLSͷѹॖͰͳ͘ɺHTTPϨεϙϯεͷѹॖʹରͯ͠ ߈ܸ͢Δ͜ͱʹҙ • ඪతWebαΠτͷதʹɺʮϦΫΤετதͷจࣈྻ͕ө͞ΕΔ
(reflection)ʯՕॴ͕͋Δ͔Ͳ͏͔ͷߏѲ͕ඞཁ
7.3.4, 7.3.5 ؇ࡦ • TLSͷѹॖഇΕ͍ͯΔ(1.3Ͱશഇ) • HTTPͷѹॖΛແޮԽ͢Δͷ͔ͳΓ͍͠ • ϦΫΤετϨʔτΛ੍ޚɻେྔͷϦΫΤετ͕ඞཁ •
༨ܭͳۭനΛೖΕͯຊͷ͞ΛӅ͢ • CSRFରࡦτʔΫϯͷϚεΩϯάʢHTMLʹݱΕΔͷ͕ຊ ͷτʔΫϯͰͳ͍Α͏ʹ͢Δʣ • ෦తʹѹॖΛແޮԽ͢Δ
None
7.4 Lucky 13 ࣍ճʹճ͠·͢