Ir arriba
Información del artículo

HTB: a very effective method to protect web servers against BREACH attack to HTTPS

R. Palacios, A. Fariña Fernández-Portillo, E.F. Sánchez-Úbeda, P. García-de-Zúñiga

IEEE Access Vol. 10, pp. 40381 - 40390

Resumen:

BREACH is a side-channel attack to HTTPS that allows an attacker to obtain victims’ credentials under certain conditions. An attacker with a privileged position on the network can guess character by character a secret session key just by analyzing the size of the responses returned by the server over HTTPS and encrypted. Heal the Breach (HTB) is the proposed technique to mitigate BREACH attack by randomly changing the size of server responses through a modified gzip library. The attacker needs a precision of one byte in the size of the responses to be able to determine if a guess character is part of the secret token. Since the modified gzip library introduces randomness in the size of the response, BREACH becomes ineffective. The only way to circumvent this protection is to make several requests and compute the average size of the response, which minimizes the random effect. Mathematical and experimental results show that, for a random variation of the size from 1 to 10 bytes, an attacker needs to analyze 500 times more packages to obtain enough accuracy and surpass this mitigation. However, if the number of requests increases it is easier to isolate and block the attack using standard Intrusion Detection Systems (IDS). Compared to other mitigations, the approach presented in this paper is very effective, easy to implement for all websites hosted in the server, and produces a negligible increase in normal traffic.


Resumen divulgativo:

BREACH es un ataque de canal lateral a HTTPS que permite robar claves secretas de páginas web. HTB (Heal-the-BREACH) es una mitigación que introduce una pequeña variación aleatoria en el tamaño de las respuestas del servidor, que confunden al atacante. HTB está deseñador para proteger todos los sitios web de un servidor.


Palabras Clave: BREACH, CRIME, gzip library, HTTPs, side-channel attacks.


Índice de impacto JCR y cuartil WoS: 3,900 - Q2 (2022); 3,400 - Q2 (2023)

Referencia DOI: DOI icon https://doi.org/10.1109/ACCESS.2022.3166175

Publicado en papel: 2022.

Publicado on-line: Abril 2022.



Cita:
R. Palacios, A. Fariña Fernández-Portillo, E.F. Sánchez-Úbeda, P. García-de-Zúñiga, HTB: a very effective method to protect web servers against BREACH attack to HTTPS. IEEE Access. Vol. 10, pp. 40381 - 40390, 2022. [Online: Abril 2022]


    Líneas de investigación:
  • Ciberseguridad: Prevención de cibercrimen, detección de cibercrimen
  • Tecnologías de la Información y Comunicación (TIC)
  • Protocolos de intercambio de datos
  • Industria conectada: seguridad y logística