26
Heartbleed Attack - Shreyas Kothari (140302003) M.Tech (CNIS) Manipal University Jaipur

The Heartbleed Attack

Tags:

Embed Size (px)

Citation preview

Page 1: The Heartbleed Attack

Heartbleed Attack

- Shreyas Kothari

(140302003)

M.Tech (CNIS)

Manipal University Jaipur

Page 2: The Heartbleed Attack

Introduction

• Heartbleed is a security bug disclosed in April 2014 in the OpenSSLcryptography library, which is a widely used for the implementation ofthe Transport Layer Security (TLS) protocol.

• Heartbleed may be exploited regardless of whether the party using avulnerable OpenSSL instance for TLS is a server or a client.

• It results from improper input validation (due to a missing boundscheck) in the implementation of the TLS heartbeat extension, thusthe bug's name derives from "heartbeat”.

• The vulnerability is classified as a buffer over-read, a situation wheremore data can be read than should be allowed.

Page 3: The Heartbleed Attack

OpenSSL

• OpenSSL is an open-source implementation of the SSL and TLSprotocols. The core library, written in the C programming language,implements basic cryptographic functions and provides various utilityfunctions.

• The OpenSSL project was founded in 1998 to invent a free set ofencryption tools for the code used on the Internet. As of 2014 twothirds of all webservers use it.

Page 4: The Heartbleed Attack

Heartbeat Extension

• The Heartbeat Extension provides a new protocol for TLS/DTLSallowing the usage of keep-alive functionality without performing arenegotiation.

• TLS is based on reliable protocols, but there is no feature available tokeep the connection alive without continuous data transfer.

• The Heartbeat Extension overcomes these limitations.

• The user can use the new HeartbeatRequest message, which has tobe answered by the peer with a HeartbeartResponse immediately.

Page 5: The Heartbleed Attack

Heartbeat Hello Extension

• A peer cannot only indicate that its implementation supportsHeartbeats, it can also choose whether it is willing to receiveHeartbeatRequest messages and respond with HeartbeatResponsemessages or only willing to send HeartbeatRequest messages.

• The former is indicated by using peer_allowed_to_send as theHeartbeatMode; the latter is indicated by usingpeer_not_allowed_to_send as the Heartbeat mode.

• This decision can be changed with every renegotiation.

Page 6: The Heartbleed Attack

The Heartbeat Protocol

• The Heartbeat protocol is a new protocol running on top of theRecord Layer. The protocol itself consists of two message types:HeartbeatRequest and HeartbeatResponse.

• A HeartbeatRequest message can arrive almost at any time during thelifetime of a connection.

• There must not be more than one HeartbeatRequest message in flightat a time. A HeartbeatRequest message is considered to be in flightuntil the corresponding HeartbeatResponse message is received, oruntil the retransmit timer expires.

Page 7: The Heartbleed Attack

Heartbeat Request / Response Message

• The Heartbeat protocol messages consist of their type and anarbitrary payload and padding.

• struct {HeartbeatMessageType type;uint16 payload_length;opaque payload[HeartbeatMessage.payload_length];opaque padding[padding_length];} HeartbeatMessage;

Page 8: The Heartbleed Attack

Heartbeat Request / Response Message

• The total length of a HeartbeatMessage must not exceed 2^14 Bytes.

• type : The message type; either heartbeat_request orheartbeat_response.

• payload_length : The length of the payload.

• payload : The payload consists of arbitrary content.

• Padding : It can be any random content and the sender of thismessage must use at least 16 Bytes of padding.

Page 9: The Heartbleed Attack

Working

• When a HeartbeatRequest message is received and sending aHeartbeatResponse is not prohibited, the receiver must send acorresponding HeartbeatResponse message carrying an exact copy ofthe payload of the received HeartbeatRequest.

• If a received HeartbeatResponse message does not contain theexpected payload, the message must be discarded. If it does containthe expected payload, the retransmission timer must be stopped.

Page 10: The Heartbleed Attack

The Heartbleed Attack

• We had discussed earlier in the introduction part that this attack wasmade possible because of the improper input validation of the TLSHeartbeat extension. The vulnerability lies in the payload variable.

• Ideally the code must check the payload data length with the actuallength of data sent in the Heartbeat request, but it isn’t checking it.

• So if the payload exceeds the standard length in the request, theserver may return more data in response than what it should ideallyreturn.

Page 11: The Heartbleed Attack

The Heartbleed Attack

• This is a case of Buffer Overflow (BoF). Look at the following vulnerable code:

Page 12: The Heartbleed Attack

The Heartbleed Attack

• The rrec contains all the incoming request data. The code reads thedata. The first byte is to check if it’s a Heartbeat protocol and thenanother 2 bytes determine the length of the Heartbeat payload.

• Ideally the length of the payload must be equal to the payload_lengthsent in the Heartbeat request. But as discussed, the code is notchecking actual length sent in the Heartbeat request.

Page 13: The Heartbleed Attack

The Heartbleed Attack

• So the code copies the amount of data requested by incomingrequests to the outgoing server response and possibly more thanrequested in some cases.

• This may leak valuable information to attackers, such as session IDs,tokens, keys, etc.

Page 14: The Heartbleed Attack

The Heartbleed Attack

• Let us try to understand this with the help of one scenario.

Page 15: The Heartbleed Attack

The Heartbleed Attack

Page 16: The Heartbleed Attack

The Heartbleed Attack

Page 17: The Heartbleed Attack

The Heartbleed Attack

Page 18: The Heartbleed Attack

What can be leaked ?

• As said earlier, much sensitive information from the server’s memorycan be sent in through the response.

• Some of them are session-related information such as session ID,different tokens, keys, and some other sensitive internal informationsuch as queries, internal data, etc.

• The next image shows a real example of what we can receive in theresponses.

Page 19: The Heartbleed Attack

What can be leaked ?

Page 20: The Heartbleed Attack

Solution

• This vulnerability lies in the OpenSSL version 1.0.1f and 1.0.2 – beta1.

• Affected users should upgrade to OpenSSL 1.0.1g.

• Users unable to immediately upgrade can alternatively recompileOpenSSL with -DOPENSSL_NO_HEARTBEATS.

• OpenSSL version 1.0.2 will be fixed in 1.0.2 – beta2.

Page 21: The Heartbleed Attack

To check whether your website is safe visit

1) https://lastpass.com/heartbleed/

2) https://filippo.io/Heartbleed/

https://lastpass.com/heartbleed/
https://filippo.io/Heartbleed/
Page 22: The Heartbleed Attack

jaipur.manipal.edu

Page 23: The Heartbleed Attack

ams.muj.edu.in

Page 24: The Heartbleed Attack

Question ??

Page 25: The Heartbleed Attack

References

1. RFC 6520 - https://tools.ietf.org/html/rfc6520

2. www.heartbleed.com

3. Infosec Institute - http://resources.infosecinstitute.com/exploiting-heartbleed/

4. https://xkcd.com/1354/

5. https://www.openssl.org/news/secadv_20140407.txt

6. https://lastpass.com/heartbleed/

https://tools.ietf.org/html/rfc6520
http://www.heartbleed.com/
http://resources.infosecinstitute.com/exploiting-heartbleed/
https://xkcd.com/1354/
https://www.openssl.org/news/secadv_20140407.txt
https://lastpass.com/heartbleed/
Page 26: The Heartbleed Attack

Tool to exploit Heartbleed Vulnerabilityethesis.nitrkl.ac.in/7200/1/Tool_Naidu_2015.pdfTool to exploit Heartbleed Vulnerability Thesis submitted in partial ful llment of the requirements

Tool to exploit Heartbleed Vulnerabilityethesis.nitrkl.ac.in/7200/1/Tool_Naidu_2015.pdfTool to exploit Heartbleed Vulnerability Thesis submitted in partial ful llment of the requirements

Documents
DevOps Boston - Heartbleed at Acquia

DevOps Boston - Heartbleed at Acquia

Technology
Heartache and Heartbleed - 31c3

Heartache and Heartbleed - 31c3

Technology
Sunrise pc support heartbleed scam alert

Sunrise pc support heartbleed scam alert

Documents
Sullivan heartbleed-defcon22 2014

Sullivan heartbleed-defcon22 2014

Internet
Heartbleed prezenatcija iz konference Hek.si

Heartbleed prezenatcija iz konference Hek.si

Internet
Heartbleed && Wireless

Heartbleed && Wireless

Technology
Heartbleed Bug

Heartbleed Bug

Internet
Understanding heartbleed by Dustin Noe

Understanding heartbleed by Dustin Noe

Technology
image: Marsmettnn Tallahassee Heartbleed & staying …findhorn.cc/wp-content/uploads/2014/11/WPFH-security-heartbleed... · Heartbleed & staying secure online ... April 2014, by Mark

image: Marsmettnn Tallahassee Heartbleed & staying …findhorn.cc/wp-content/uploads/2014/11/WPFH-security-heartbleed... · Heartbleed & staying secure online ... April 2014, by Mark

Documents
Cybercalypse , HeartBleed : Is our Government Listening

Cybercalypse , HeartBleed : Is our Government Listening

Documents
How to exploit heartbleed vulnerability demonstration

How to exploit heartbleed vulnerability demonstration

Education
Part 3 Case Studies HPC Bitcoin – insider attack HPC Pivot Attack – Shared credential incident Heartbleed – Zero day Crimea – PR attack Aug 26, 2014 Incident

Part 3 Case Studies HPC Bitcoin – insider attack HPC Pivot Attack – Shared credential incident Heartbleed – Zero day Crimea – PR attack Aug 26, 2014 Incident

Documents
Why Heartbleed Doesn't Give Lacoon Mobile Security Customers a Heart Attack

Why Heartbleed Doesn't Give Lacoon Mobile Security Customers a Heart Attack

Mobile
The Heartbleed Hit List

The Heartbleed Hit List

Documents
Quick and Dirty Explanation of the Heartbleed Vulnerability

Quick and Dirty Explanation of the Heartbleed Vulnerability

Business
Open ssl heartbleed

Open ssl heartbleed

Documents
HEARTBLEED BUG - WordPress.com · have enough logs/monitoring to determine whether a site was compromised. The potential impact of the Heartbleed bug vulnerability is difficult to

HEARTBLEED BUG - WordPress.com · have enough logs/monitoring to determine whether a site was compromised. The potential impact of the Heartbleed bug vulnerability is difficult to

Documents
Cyber-security tips: the heartbleed bug

Cyber-security tips: the heartbleed bug

Technology
Heartbleed breach - Is your website vulnerable?

Heartbleed breach - Is your website vulnerable?

Internet
The Heartbleed Bug A vulnerability in the OpenSSL Cryptographic Library

The Heartbleed Bug A vulnerability in the OpenSSL Cryptographic Library

Documents
Heartbleed Bug Infographic

Heartbleed Bug Infographic

Documents
How to Detect the Heartbleed Vulnerability with AlienVault USM

How to Detect the Heartbleed Vulnerability with AlienVault USM

Technology
Heartbleed Explained

Heartbleed Explained

Internet
CloudStack and the HeartBleed vulnerability

CloudStack and the HeartBleed vulnerability

Technology
The Matter of Heartbleed · Heartbleed ZMap scans Estimate initial impact, patching rate, and notification reactions 43,142,864 datapoints=89GiB Trustworthy Internet Movement's SSL

The Matter of Heartbleed · Heartbleed ZMap scans Estimate initial impact, patching rate, and notification reactions 43,142,864 datapoints=89GiB Trustworthy Internet Movement's SSL

Documents
HEARTBLEED ATTACK

HEARTBLEED ATTACK

Documents
Lessons Learned From Heartbleed, Struts, and The Neglected 90%

Lessons Learned From Heartbleed, Struts, and The Neglected 90%

Software
Heartbleed by-danish amber

Heartbleed by-danish amber

Technology
Legacy of Heartbleed: MITM and Revoked - Zeronights 2017 · Legacy of Heartbleed: MITM and Revoked Certificates Alexey Busygin busygin@neobit.ru NeoBIT . ... Man-in-the-Middle Attack

Legacy of Heartbleed: MITM and Revoked - Zeronights 2017 · Legacy of Heartbleed: MITM and Revoked Certificates Alexey Busygin [email protected] NeoBIT . ... Man-in-the-Middle Attack

Documents