SPDY connection coalescing and chosen-plaintext attacks
Brian Smith
tl;dr: Perhaps we should restrict the SPDY coalescing feature to hosts with the same TLD+1 (e.g. "alice.com" and "*.alice.com" could share a SPDY connection, but "alice.com" and "mallory.com" wouldn't).
Some SPDY implementations (including Chromium and Firefox) are experimenting with a feature ("coalescing") that allows multiple origins to share a single TLS connection if the TLS connection uses a certificate that includes the hostnames of all of the origins (e.g. as subjectAltNames) and if there is an IP address match for any A/AAAA record returned by the DNS resolver for each of those hostnames.
DNS is spoofable so any active MiTM can cause the IP address match to happen. But, even in the absence of any malicious MiTM, we should expect that many attackers will be able to share IP addresses with their targets via CDNs and/or other kinds of "edge" "accelerator" network proxies. Further, in CDN/accelerator situations, it is quite common for the server to have a certificate that contains many unrelated domain names (perhaps in order to work around the lack of SNI support in Internet Explorer on Windows XP). Consequently, with this feature enabled, some attackers will share a TLS connection with some targets.
It seems like all browser that will implement SPDY will have implemented countermeasures against chosen-plaintext attacks in the client->server direction for SSL 3.0 and TLS 1.0. But, we must assume that they are still possible in the server->client direction *at least* if the connection isn't TLS 1.1+. I do not have an exploit handy, but it seems reasonable that, for SSL3/TLS1.0+SPDY+coalescing case, (adaptive) chosen plaintext attacks that work in the opposite direction of the BEAST attack (deciphering server->client traffic instead of client->server traffic) might become practical, whereas they seem to have been impractical before (currently).
Also, in TLS 1.1 and in the chosen-plaintext mitigations for SSL 3.0/TLS 1.0, we assume that resetting the encryption IV at the start of each TLS record is sufficient to prevent all possibly-practical (adaptive) chosen plaintext attacks. There is nothing in the draft SPDY spec that prohibits the mixing of SPDY frames to/from different origins in the same TLS record (and, it might be difficult for some implementations to enforce such a restriction). So, AFAICT, we have to assume that an attacker in such a scenerio can prefix or suffix (or more generally intermingle) their own frames with frames to/from the site(s) that they are attacking, within a single TLS record. That sounds like something else that might be interesting to study.
Would restricting this connection coalescing feature to same-TLD+1 (e.g. "alice.com" and "*.alice.com" could share a SPDY connection, but "alice.com" and "mallory.com" couldn't) be helpful? It seems like a good idea to me, because it would require an attacker controlling subdomain of their victim websites to mount any such attack. However, it wouldn't allow as much sharing as some might like. But, perhaps that is a necessary tradeoff?
Thoughts?
- Brian
Mike Belshe
Mike
Brian Smith
> I'm not 100% certain I understand what you're saying, so let me try to
> repeat.
> a) You're concerned there is a possible attack vector with coalesced
> connections, but you don't really have one in hand.
> b) You're wanting to make a change to the policy based on (a).
>
> If that is the case, I don't see this as a good idea. If there is a
> specific attack in hand, we can discuss it. But I'm not sure how to
> react to maybes, because there is an infinite number of them.
>
> Am I misreading? Or do you think there is a real attack here that we
> missed?
I don't have a specific attack in hand; instead, I am eagerly awaiting Juliano and Thai make another YouTube® video for us. :) Seriously, though, I have a vague idea of how one or more attacks might work, but I haven't implemented (or even documented) them yet. And, these kinds of threats might have already been considered and already rejected as impractical.
First, has anybody done analysis that can be shared, regarding the susceptibility of SPDY to BEAST and BEAST-like attacks (not just in the client->server direction like Thai and Juliano demonstrated, but also in the server->client direction that the browser cannot ensure is protected short of requiring TLS 1.1)?
Also, are you trying to enable "make only one connection to an Amazon® Web Serices® server, regardless of whether the hostnames in the shared connection are related or totally unrelated," or is "make one connection to twitter.com regardless of subdomain, and make one connection for amazon.com regardless of subdomain" good enough? In what situations is the latter not good enough?
Some potential attack vectors have already been discussed, like the shared compression context for header compression and the shared compression context for TLS-level compression. In the "Compression contexts and privacy considerations" thread, you wrote:
> The concern that came up was that someone could infer previous requests
> based on sizes of requests to crafted URLs. For sites concerned about
> this, don't share our SPDY sessions is a reasonable answer.
If I am understanding you correctly, you were saying "don't create a situation in which you could have your connection shared with an attacker." I.e. don't use a cert that includes an attacker's domain name in it. Although that does sound reasonable, I know that many organizations (including mozilla.org) do this on CDNs, and there are some scenerios where "don't do that" or "stop doing that" won't work:
1. The site administrator doesn't know that his CDN turned on SPDY support on the CDN-hosted domain.
2. The site administrator takes your advice and decides to stop sharing a cert with potential attackers, but that shared cert still exists and might continue to be used on the CDN after that decision is made. And/or the cert could later be compromised (and we should assume not not revoked, not that it would matter much) and used on another server. (For example, there's probably at least one such cert that includes a subjectAltName for mozilla.org that still hasn't expired.)
3. Even if your CDN/edge proxy neighbors seem honest, they might be exploitable and/or purposefully (but not maliciously) enable attackers to attack the shared connection, perhaps even in a way that is practically harmless to the neighbor but very harmful to you.
It seems like one of the servers in this shared-connection situation to to exploit some of the shared/cumulative state in TLS--especially compression state for TLS-level compression--to learn what the other parties are saying, much more easily than they would be able to otherwise using traffic analysis. Adam Langley rightly pointed out in that thread that defeating traffic analysis is not something TLS aims for, and SPDY shouldn't aim for that either. Yet, it doesn't seem like a good idea to make such traffic analysis significantly easier, faster, and/or more reliable. I think this feature does make such traffic analysis easier, at least when TLS-level compression is used. Perhaps the answer could/should be again "don't do that" but again I am not sure that is reasonable when we consider public CDN and CDN-like services.
Besides information disclosure, I don't think it is clear yet that one-connection-per-CDN is better than one-connection-per-(TLD+1) for performance. Or, rather, we still need to do experiments to determine if there is something inherent in this connection coalescing mechanism that would make it possible for cdn.mallory.com to seriously disrupt traffic to cdn.alice.com if they both end up sharing the connection, especially since it seems pretty for cdn.mallory.com to easy to disrupt any TLS-level compression by just returning a large chunk of already-compressed data. In the best case, it might be better to share, but in bad cases it might be horrible for performance to do so (especially considering many/most initial server implementations will be sub-optimal and/or plain buggy).
This all leads me to think that, at a minimum, this is something that servers should have some control over--i.e. there should be a way to securely opt in or opt out of this connection coalescing feature on a per-domain or per-(TLD+1) basis. And, it also leads me to think that it worthwhile to have our implementation limit sharing to hosts with the same TLD+1.
As soon as I have time, I will type up some more coherent notes about this and pass them to your side for review. I would be very happy to hear from others in the interim, if they have any findings that you can share.
Cheers,
Brian
Mike Belshe
Mike Belshe wrote:I don't have a specific attack in hand; instead, I am eagerly awaiting Juliano and Thai make another YouTube® video for us. :) Seriously, though, I have a vague idea of how one or more attacks might work, but I haven't implemented (or even documented) them yet. And, these kinds of threats might have already been considered and already rejected as impractical.
> I'm not 100% certain I understand what you're saying, so let me try to
> repeat.
> a) You're concerned there is a possible attack vector with coalesced
> connections, but you don't really have one in hand.
> b) You're wanting to make a change to the policy based on (a).
>
> If that is the case, I don't see this as a good idea. If there is a
> specific attack in hand, we can discuss it. But I'm not sure how to
> react to maybes, because there is an infinite number of them.
>
> Am I misreading? Or do you think there is a real attack here that we
> missed?
First, has anybody done analysis that can be shared, regarding the susceptibility of SPDY to BEAST and BEAST-like attacks (not just in the client->server direction like Thai and Juliano demonstrated, but also in the server->client direction that the browser cannot ensure is protected short of requiring TLS 1.1)?
Also, are you trying to enable "make only one connection to an Amazon® Web Serices® server, regardless of whether the hostnames in the shared connection are related or totally unrelated," or is "make one connection to twitter.com regardless of subdomain, and make one connection for amazon.com regardless of subdomain" good enough? In what situations is the latter not good enough?
Some potential attack vectors have already been discussed, like the shared compression context for header compression and the shared compression context for TLS-level compression. In the "Compression contexts and privacy considerations" thread, you wrote:
> The concern that came up was that someone could infer previous requests
> based on sizes of requests to crafted URLs. For sites concerned about
> this, don't share our SPDY sessions is a reasonable answer.
If I am understanding you correctly, you were saying "don't create a situation in which you could have your connection shared with an attacker." I.e. don't use a cert that includes an attacker's domain name in it. Although that does sound reasonable, I know that many organizations (including mozilla.org) do this on CDNs, and there are some scenerios where "don't do that" or "stop doing that" won't work:
1. The site administrator doesn't know that his CDN turned on SPDY support on the CDN-hosted domain.
2. The site administrator takes your advice and decides to stop sharing a cert with potential attackers, but that shared cert still exists and might continue to be used on the CDN after that decision is made. And/or the cert could later be compromised (and we should assume not not revoked, not that it would matter much) and used on another server. (For example, there's probably at least one such cert that includes a subjectAltName for mozilla.org that still hasn't expired.)
3. Even if your CDN/edge proxy neighbors seem honest, they might be exploitable and/or purposefully (but not maliciously) enable attackers to attack the shared connection, perhaps even in a way that is practically harmless to the neighbor but very harmful to you.
It seems like one of the servers in this shared-connection situation to to exploit some of the shared/cumulative state in TLS--especially compression state for TLS-level compression--to learn what the other parties are saying, much more easily than they would be able to otherwise using traffic analysis. Adam Langley rightly pointed out in that thread that defeating traffic analysis is not something TLS aims for, and SPDY shouldn't aim for that either. Yet, it doesn't seem like a good idea to make such traffic analysis significantly easier, faster, and/or more reliable. I think this feature does make such traffic analysis easier, at least when TLS-level compression is used. Perhaps the answer could/should be again "don't do that" but again I am not sure that is reasonable when we consider public CDN and CDN-like services.
Besides information disclosure, I don't think it is clear yet that one-connection-per-CDN is better than one-connection-per-(TLD+1) for performance. Or, rather, we still need to do experiments to determine if there is something inherent in this connection coalescing mechanism that would make it possible for cdn.mallory.com to seriously disrupt traffic to cdn.alice.com if they both end up sharing the connection, especially since it seems pretty for cdn.mallory.com to easy to disrupt any TLS-level compression by just returning a large chunk of already-compressed data. In the best case, it might be better to share, but in bad cases it might be horrible for performance to do so (especially considering many/most initial server implementations will be sub-optimal and/or plain buggy).
This all leads me to think that, at a minimum, this is something that servers should have some control over--i.e. there should be a way to securely opt in or opt out of this connection coalescing feature on a per-domain or per-(TLD+1) basis. And, it also leads me to think that it worthwhile to have our implementation limit sharing to hosts with the same TLD+1.