On the Effective Prevention of TLS Man-in-the-Middle Attacks in Web Applications

In this paper we consider TLS Man-In-The-Middle (MITM) attacks in the context of web applications, where the attacker is able to successfully impersonate the legitimate server to the user, with the goal of impersonating the user to the server and thus compromising the user's online account and data. We describe in detail why the recently proposed client authentication protocols based on TLS Channel IDs, as well as client web authentication in general, cannot fully prevent such attacks. Nevertheless, we show that strong client authentication, such as Channel ID-based authentication, can be combined with the concept of server invariance, a weaker and easier to achieve property than server authentication, in order to protect against the considered attacks. We specifically leverage Channel ID-based authentication in combination with server invariance to create a novel mechanism that we call SISCA: Server Invariance with Strong Client Authentication. SISCA resists user impersonation via TLS MITM attacks, regardless of how the attacker is able to successfully achieve server impersonation. We analyze our proposal and show how it can be integrated in today's web infrastructure.

[1]  Adrian Perrig,et al.  Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing , 2008, USENIX Annual Technical Conference.

[2]  Dan S. Wallach,et al.  Origin-Bound Certificates: A Fresh Approach to Strong Client Authentication for the Web , 2012, USENIX Security Symposium.

[3]  Dirk Fox,et al.  Cross Site Scripting (XSS) , 2012, Datenschutz und Datensicherheit - DuD.

[4]  Alexei Czeskis,et al.  Protected Login , 2012, Financial Cryptography Workshops.

[5]  Roy T. Fielding,et al.  Hypertext Transfer Protocol - HTTP/1.1 , 1997, RFC.

[6]  Paul E. Hoffman,et al.  The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA , 2012, RFC.

[7]  David A. Wagner,et al.  Dynamic pharming attacks and locked same-origin policies for web browsers , 2007, CCS '07.

[8]  Sid Stamm,et al.  Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL , 2010 .

[9]  Rolf Oppliger,et al.  SSL/TLS session-aware user authentication - Or how to effectively thwart the man-in-the-middle , 2006, Comput. Commun..

[10]  Dan S. Wallach,et al.  Hardening Persona - Improving Federated Web Login , 2014, NDSS.

[11]  Wouter Joosen,et al.  You are what you include: large-scale evaluation of remote javascript inclusions , 2012, CCS.

[12]  Chris Palmer,et al.  Public Key Pinning Extension for HTTP , 2015, RFC.

[13]  Arnis Parsovs Practical Issues with TLS Client Certificate Authentication , 2014, NDSS.

[14]  Arnar Birgisson,et al.  Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud , 2014, NDSS.

[15]  Dirk Balfanz,et al.  Transport Layer Security (TLS) Channel IDs , 2013 .

[16]  Alfredo Pironti,et al.  Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS , 2014, 2014 IEEE Symposium on Security and Privacy.

[17]  Sid Stamm,et al.  Certified Lies: Detecting and Defeating Government Interception Attacks against SSL (Short Paper) , 2011, Financial Cryptography.

[18]  Jeremy Clark,et al.  2013 IEEE Symposium on Security and Privacy SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements , 2022 .

[19]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[20]  Collin Jackson,et al.  Accountable key infrastructure (AKI): a proposal for a public-key validation infrastructure , 2013, WWW.

[21]  Rolf Oppliger,et al.  SSL/TLS session-aware user authentication revisited , 2008, Comput. Secur..

[22]  Dan S. Wallach,et al.  Strengthening user authentication through opportunistic cryptographic identity assertions , 2012, CCS.

[23]  Lorrie Faith Cranor,et al.  Crying Wolf: An Empirical Study of SSL Warning Effectiveness , 2009, USENIX Security Symposium.

[24]  Sebastian Mödersheim,et al.  Formalizing and Analyzing Sender Invariance , 2006, Formal Aspects in Security and Trust.

[25]  S. Hadjiefthymiades,et al.  Hypertext Transfer Protocol (HTTP) , 1996 .

[26]  C. Jackson,et al.  Beware of Finer-Grained Origins , 2008 .