![Page 1: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/1.jpg)
HTTP!Encrypted!Information can be!Stolen through!TCP-windows
by!
Mathy Vanhoef & Tom Van Goethem
![Page 2: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/2.jpg)
H E I S T
Agenda• Technical background!
• Same-Origin Policy!
• Compression-based attacks!
• SSL/TLS & TCP!
• Nitty gritty HEIST details!
• Demo!
• Countermeasures
2
![Page 3: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/3.jpg)
H E I S T
Same-Origin Policy
3
Mr. Sniffleshttps://bunnehbank.com
GET /vault
![Page 4: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/4.jpg)
H E I S T
Same-Origin Policy
3
Mr. Sniffleshttps://bunnehbank.com
GET /vault
![Page 5: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/5.jpg)
H E I S T 4
the World Wide Web
Mr. Sniffles https://bunnehbank.com
![Page 6: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/6.jpg)
H E I S T 4
the World Wide Web
Mr. Sniffles https://bunnehbank.com
![Page 7: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/7.jpg)
H E I S T 4
the World Wide Web
Mr. Sniffles https://bunnehbank.com
GET /vault
![Page 8: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/8.jpg)
H E I S T 4
the World Wide Web
Mr. Sniffles https://bunnehbank.com
GET /vault
![Page 9: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/9.jpg)
H E I S T 4
the World Wide Web
Mr. Sniffles https://bunnehbank.com
GET /vault
![Page 10: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/10.jpg)
H E I S T 4
the World Wide Web
Mr. Sniffles https://bunnehbank.com
GET /vault
![Page 11: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/11.jpg)
H E I S T
the World Wide Web
Mr. Sniffles https://bunnehbank.com
GET /vault
5
![Page 12: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/12.jpg)
H E I S T 6
the World Wide Web
Mr. Sniffles https://bunnehbank.com
GET /vault
![Page 13: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/13.jpg)
H E I S T
Agenda• Technical background!
• Same-Origin Policy!
• Compression-based attacks!
• SSL/TLS & TCP!
• Nitty gritty HEIST details!
• Demo!
• Countermeasures
7
![Page 14: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/14.jpg)
H E I S T
You requested: /vault
_secret=carrots4life
8
/vault
Uncompressed Compressed
You requested: /vault
vault_secret=carrots4life
→ 51 bytes → 47 bytes
![Page 15: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/15.jpg)
H E I S T
You requested: /vault?secret=c
_ arrots4life
9
/vault?secret=a
→ 49 bytes
You requested: /vault?secret=a
_ carrots4life
→ 50 bytes
/vault?secret=c
![Page 16: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/16.jpg)
H E I S T
You requested: /vault?secret=c
_ arrots4life
10
/vault?secret=a
→ 49 bytes
You requested: /vault?secret=a
_ carrots4life
→ 50 bytes
/vault?secret=c
49 bytes < 50 bytes → 'c' is a correct guess
![Page 17: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/17.jpg)
H E I S T
You requested: /vault?secret=cb
_ arrots4life
11
/vault?secret=ca
→ 50 bytes
You requested: /vault?secret=ca
_ rrots4life
→ 49 bytes
/vault?secret=cb
![Page 18: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/18.jpg)
H E I S T
You requested: /vault?secret=cb
_ arrots4life
12
/vault?secret=ca
→ 50 bytes
You requested: /vault?secret=ca
_ rrots4life
→ 49 bytes
/vault?secret=cb
49 bytes < 50 bytes → 'ca' is a correct guess
![Page 19: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/19.jpg)
H E I S T
Compression-based Attacks• Compression and Information Leakage of Plaintext [FSE'02]!
• Chosen plaintext + compression = plaintext leakage!
• CRIME [ekoparty'12]!• Exploits SSL compression!
• BREACH [Black Hat USA'13]!• Exploits HTTP compression
13
![Page 20: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/20.jpg)
H E I S T
Agenda• Technical background!
• Same-Origin Policy!
• Compression-based attacks!
• SSL/TLS & TCP!
• Nitty gritty HEIST details!
• Demo!
• Countermeasures
14
![Page 21: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/21.jpg)
H E I S T 15
GET /vault
SYN
SYN, ACK
ACK
Client Hello
Server Hello
Pre-Master Secret
TCP handshake
SSL handshake
![Page 22: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/22.jpg)
H E I S T 16
GET /vault
encrypt( GET /vault HTTP/1.1 Cookie: user=mr.sniffles! Host: bunnehbank.com! ....)
1 TCP data packet
![Page 23: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/23.jpg)
H E I S T 17
encrypt( ) = 29 TCP data packets
![Page 24: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/24.jpg)
H E I S T 18
encrypt( ) = 29 TCP data packets
TCP packet 1TCP packet 2
TCP packet 10...
initcwnd = 10
![Page 25: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/25.jpg)
H E I S T 18
encrypt( ) = 29 TCP data packets
TCP packet 1TCP packet 2
TCP packet 10...
10 ACKs
initcwnd = 10
![Page 26: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/26.jpg)
H E I S T 18
encrypt( ) = 29 TCP data packets
TCP packet 1TCP packet 2
TCP packet 10...
10 ACKs
initcwnd = 10
cwnd = 20
![Page 27: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/27.jpg)
H E I S T 18
encrypt( ) = 29 TCP data packets
TCP packet 1TCP packet 2
TCP packet 10...
TCP packet 11...
TCP packet 29
10 ACKs
initcwnd = 10
cwnd = 20
![Page 28: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/28.jpg)
H E I S T
HEIST
• A set of techniques that allow attacker to determine the exact size of a network response!
• ... purely in the browser!
• Can be used to perform compression-based attacks, such as CRIME and BREACH, in the browser
19
![Page 29: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/29.jpg)
H E I S T
Browser Side-channels
• Returns a Promise, which resolves as soon as browser receives the first byte of the response
20
• Returns time when response was completely downloaded
fetch('https://bunnehbank.com/vault', {mode: "no-cors", credentials:"include"})
performance.getEntries()[-1].responseEnd
• Send authenticated request to /vault resource!
![Page 30: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/30.jpg)
H E I S T
HEIST
• Step 1: find out if response fits in a single TCP window
21
![Page 31: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/31.jpg)
H E I S T 22
time
fetch('...')
TCP handshake complete
SSL handshake complete
GET /vault
initial TCPwindow sent
first byte received
Promiseresolves
initial TCPwindow received
responseEnd
T1 T2
Fetching small resource: T2 - T1 is very small
![Page 32: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/32.jpg)
H E I S T 23
time
fetch('...')
TCP handshake complete
SSL handshake complete
GET /vault
initial TCPwindow sent
first byte received
Promiseresolves
initial TCPwindow received
ACK sent
second TCPwindow sent
second TCPwindow received
responseEnd
T1 T2
Fetching large resource: T2 - T1 is round-trip time
![Page 33: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/33.jpg)
H E I S T
HEIST
• Step 1: find out if response fits in a single TCP window!
• Step 2: discover exact response size
24
![Page 34: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/34.jpg)
H E I S T
Discover Exact Response Size
25
initcwnd second TCP window
Resource size: ?? bytes Reflected content: x bytes
![Page 35: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/35.jpg)
H E I S T
Discover Exact Response Size
26
initcwnd second TCP window
Resource size: ?? bytes Reflected content: x/2 bytes
![Page 36: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/36.jpg)
H E I S T
Discover Exact Response Size
27
initcwnd second TCP window
Resource size: ?? bytes Reflected content: x/2+x/4 bytes
![Page 37: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/37.jpg)
H E I S T 28
initcwnd second TCP window
Resource size: ?? bytes Reflected content: y bytes
After log(n) checks, we find:! y bytes of reflected content = 1 TCP window!! y+1 bytes of reflected content = 2 TCP windows → resource size = initcwnd - y bytes
![Page 38: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/38.jpg)
H E I S T
HEIST
• Step 1: find out if response fits in a single TCP window!
• Step 2: discover exact response size!
• Step 3: do the same for large responses ( > initcwnd)
29
![Page 39: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/39.jpg)
H E I S T
Determine size of large responses
• Large response = bigger than initial TCP window
• initcwnd is typically set to 10 TCP packets!• ~14kB!
• TCP windows grow as packets are acknowledged!
• We can arbitrarily increase window size
30
![Page 40: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/40.jpg)
H E I S T 31
CWND = 10GET /foo
10 TCP packets
10 ACKsCWND = 20GET /vault
= 19 TCP data packets
19 TCP packets
19 ACKs sent in single TCP window
![Page 41: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/41.jpg)
H E I S T
HEIST
• Step 1: find out if response fits in a single TCP window!
• Step 2: discover exact response size!
• Step 3: do the same for large responses ( > initcwnd)!
• Step 4: if available, leverage HTTP/2
32
![Page 42: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/42.jpg)
H E I S T
Leveraging HTTP/2
• HTTP/2 is the new HTTP version!• Preserves the semantics of HTTP!
• Main changes are on the network level!• Only a single TCP connection is used for parallel requests
33
![Page 43: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/43.jpg)
H E I S T
Leveraging HTTP/2
• Determine exact response size without reflected content in the same response!
• Use (reflected) content in other responses on the same server!• Note that BREACH still requires (a few bytes of) reflective content
in the same resource
34
![Page 44: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/44.jpg)
H E I S T 35
CWND = 10GET /reflect?x=...
GET /vault
= 6 TCP packets
/reflect?x=... = 3 TCP packets
contains both/reflect
and /vault
9 TCP packets
9 ACKsresponseEnd
Promiseresolves
![Page 45: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/45.jpg)
H E I S T 36
CWND = 10GET /reflect?x=...
1 TCP packet
GET /vault
= 6 TCP packets
1 ACK
/reflect?x=... = 5 TCP packets
contains both/reflect and
part of /vault
CWND = 20
10 TCP packets
10 ACKs
responseEnd
Promiseresolves
![Page 46: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/46.jpg)
![Page 47: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/47.jpg)
H E I S T
DEMO
38
![Page 48: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/48.jpg)
H E I S T
Other targets• Compression-based attacks!
• gzip compression is used by virtually every website!
• Size-exposing attacks!• Uncover victim's demographics from popular social networks!
• Reveal victim's health conditions from online health websites!
• ....!
• Hard to find sites that are not vulnerable
39
![Page 49: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/49.jpg)
H E I S T
Countermeasures• Browser layer!
• Prevent side-channel leak (infeasible)!
• Disable third-party cookies (complete)!
• HTTP layer!• Block illicit requests (inadequate)!
• Disable compression (incomplete)!
• Network layer!• Randomize TCP congestion window (inadequate)!
• Apply random padding (inadequate)
40
![Page 50: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/50.jpg)
H E I S T
Conclusion• Collection of techniques to discover network response size in
the browser, for all authenticated cross-origin resources!
• Side-channel originates from subtle interplay between multiple layers!
• Allows for compression-based and size-exposing attacks!
• HTTP/2 makes exploitation easier!
• Many countermeasures, few that actually work
41
![Page 51: HTTP Encrypted Information can be Stolen through TCP-windows · 2018-05-11 · Information can be! Stolen through! TCP-windows by! Mathy Vanhoef & Tom Van Goethem. H E I S T Agenda](https://reader034.vdocuments.us/reader034/viewer/2022043017/5f39d83c486198186633720f/html5/thumbnails/51.jpg)
Questions?
Mathy Vanhoef!@vanhoefm!
Tom Van Goethem!@tomvangoethem!
H E I S T