Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Welcome to the full schedule of the OWASP AppSec Research EU 2013 conference days. You’ll find the schedule for the training days at http://trainings2013.appsec.eu
View analytic
Thursday, August 22 • 1:50pm - 2:35pm
A Perfect CRIME? Only time will tell

Sign up or log in to save this to your schedule and see who's attending!

In 2012, security researchers shook the world of security with their CRIME attack against the SSL encryption protocol. CRIME (Compression Ratio Info-leak Made Easy) attack used an inherent information leakage vulnerability resulting from the HTTP compression usage to defeat SSL’s encryption. 
However, the CRIME attack had two major practical drawbacks. The first is the attack threat model: CRIME attacker is required to control the plaintext AND to be able to intercept the encrypted message. This attack model limits the attack to mostly MITM (Man In The Middle) situation. 
The second issue is the CRIME attack was solely aimed at HTTP requests. However, most of the current web does not compress HTTP requests. The few protocols that did support HTTP requests compression (SSL compression and SPDY) had dropped their support following the attack details disclosure, by thus rendering the CRIME attack irrelevant. 
In our work we address these two limitations by introducing the TIME (Timing Info-leak Made Easy) attack for HTTP responses. 
By using timing information differential analysis to infer on the compressed payload’s size, the CRIME attack’s attack model can be simplified and its requirements can be loosened. In TIME’s attack model the attacker only needs to control the plaintext, theoretically allowing any malicious site to launch a TIME attack against its innocent visitors, to break SSL encryption and/or Same Origin Policy (SOP). 
Changing the target of the attack from HTTP requests to HTTP responses significantly increases the attack surface, as most of the current web utilizes HTTP response compression to save bandwidth and latency. 

Speakers
avatar for Tal Be'Ery

Tal Be'Ery

Tal Be’ery is the web security research team leader at Imperva’s Application Defense Center (ADC). In this position, he leads the efforts to capture and analyze hacking activities. The insights obtained in this process are incorporated into the design of new security mechanisms by the web research team he leads. Mr. Be’ery holds a B.Sc and an M.Sc degree in Electrical Engineering and Computer Science. He was granted a number... Read More →


Thursday August 22, 2013 1:50pm - 2:35pm
Freiraum