CRIME
CRIME (Compression Ratio Info-leak Made Easy) is a
Details
The vulnerability exploited is a combination of
The CRIME exploit was hypothesized by Adam Langley,[5] and first demonstrated by the security researchers Juliano Rizzo and Thai Duong, who also created the BEAST exploit.[6] The exploit was due to be revealed in full at the 2012 ekoparty security conference.[7] Rizzo and Duong presented CRIME as a general attack that works effectively against a large number of protocols, including but not limited to SPDY (which always compresses request headers), TLS (which may compress records) and HTTP (which may compress responses).[2]
Prevention
CRIME can be defeated by preventing the use of compression, either at the client end, by the browser disabling the compression of SPDY requests, or by the website preventing the use of data compression on such transactions using the protocol negotiation features of the TLS protocol. As detailed in The Transport Layer Security (TLS) Protocol Version 1.2,[8] the client sends a list of compression algorithms in its ClientHello message, and the server picks one of them and sends it back in its ServerHello message. The server can only choose a compression method the client has offered, so if the client only offers 'none' (no compression), the data will not be compressed. Similarly, since 'no compression' must be allowed by all TLS clients, a server can always refuse to use compression.[citation needed]
Mitigation
As of September 2012[update], the CRIME exploit against SPDY and TLS-level compression was described as mitigated in the then-latest versions of the Chrome and Firefox web browsers.[6] Some websites have applied countermeasures at their end.[9] The nginx web-server was not vulnerable to CRIME since 1.0.9/1.1.6 (October/November 2011) using OpenSSL 1.0.0+, and since 1.2.2/1.3.2 (June / July 2012) using all versions of OpenSSL.[10]
Note that as of December 2013 the CRIME exploit against HTTP compression has not been mitigated at all.[citation needed] Rizzo and Duong have warned that this vulnerability might be even more widespread than SPDY and TLS compression combined.[citation needed]
BREACH
At the August 2013
References
- ^ a b Fisher, Dennis (September 13, 2012). "CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions". ThreatPost. Retrieved September 13, 2012.
- ^ a b "CVE-2012-4929". Mitre Corporation.
- ISBN 978-3-540-44009-3.
- ^ "CRIME - How to beat the BEAST successor?". StackExchange.com. September 8, 2012. Retrieved September 13, 2012.
- ^ Langley, Adam (August 16, 2011). "Re: Compression contexts and privacy considerations". spdy-dev (Mailing list).
- ^ a b Goodin, Dan (September 13, 2012). "Crack in Internet's foundation of trust allows HTTPS session hijacking". Ars Technica. Retrieved September 13, 2012.
- ^ Rizzo, Juliano; Duong, Thai. "The CRIME attack". Ekoparty. Retrieved September 21, 2012 – via Google Docs.
- doi:10.17487/RFC5246. Retrieved July 10, 2013.)
{{cite journal}}
: Cite journal requires|journal=
(help - ^ Leyden, John (September 14, 2012). "The perfect CRIME? New HTTPS web hijack attack explained". The Register. Retrieved September 16, 2012.
- ^ Sysoev, Igor (September 26, 2012). "Nginx mailing list: crime tls attack". nginx.org. Retrieved July 11, 2013.
- ^ Goodin, Dan (August 1, 2013). "Gone in 30 seconds: New attack plucks secrets from HTTPS-protected pages".