Automated Detection of SSL Vulnerabilities in Applications
This research introduces SSLint, a systematic approach and automated tool for detecting incorrect SSL API usage vulnerabilities in applications. By analyzing millions of lines of code, the tool discovered previously unknown SSL/TLS vulnerable apps. The study addresses the motivation, problem statement, background on SSL vulnerabilities, and the design and implementation of SSLint.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Vetting SSL Usage in Applications with SSLINT Boyuan He[1], Vaibhav Rastogi[2], Yinzhi Cao[3], Yan Chen[2][1], Venkat Venkatakrishnan[4], Runqing Yang[1], Zhenrui Zhang[1] Lab of Internet and Security Technology (LIST) [1] Zhejiang University, China [2] Northwestern University, USA [3] Columbia University, USA [4] University of Illinois, Chicago, USA
Motivation & Problem Statement TCP SSL/TLS HTTP SMTP POP3 Use an X509 certificate for authentication IMAP 2
Motivation & Problem Statement Many application vulnerabilities due to improper usage of SSL/TLS are mentioned in previous papers. Georgiev et al. [CCS 12] (Black-box testing) Is it possible to automatically detect such SSL vulnerabilities in large scale and in a more general way with high efficiency and accuracy? 3 3
Contributions Design a systematic approach to automatically detect incorrect SSL API usage vulnerabilities. Implement SSLint, a scalable automated tool to verify SSL usage in applications. Automated candidate app selection and compilation. Results. Automatically analyzed 22 million lines of code. 27 previously unknown SSL/TLS vulnerable apps. 4 4
Agenda 1. Motivation & Problem Statement 2. Background on SSL Vulnerabilities 3. SSLint Design and Implementation 4. Results 5
Background on SSL Vulnerabilities How SSL/TLS works? TCP SYN TCP ACK ClientHello TCP SYN ACK ServerHello Certificate ServerHelloDone Client Key Exchange Certificate Verify [Change Cipher Spec] Finished [Change Cipher Spec] Finished Application Data Client Application Data Server (RFC 5246) 6 6
Background on SSL Vulnerabilities Man-in-the-middle attacks caused by incorrect certificate validation. A hijacked SSL channel A secure SSL channel Mail Server Router(Gateway) Victim Web Server 7 Attacker
A Motivating Example Vulnerable example (OpenSSL API) Create SSL context. ctx = SSL_CTX_new(method); ... ssl = SSL_new(ctx); ... SSL_connect(ssl); if(SSL_get_verify_result(ssl) ==X509_V_OK){ //Validation succeeds. } else{ //Validation fails and terminate connection } Create SSL session. Launch SSL handshake Check the built-in certificate validation result after handshake, but if no certificate is presented, X509_V_OK flag can still be set. 8
A Motivating Example Contd Fix of vulnerable example ctx = SSL_CTX_new(method); ... ssl = SSL_new(ctx); ... SSL_connect(ssl); cert = SSL_get_peer_certificate(ssl); if (cert != NULL){ if(SSL_get_verify_result(ssl) ==X509_V_OK){ //Validation succeeds. } else{ //Validation fails and terminate connection } } else{ //Validation fails and terminate connection } Check if server s certificate is presented (is NULL?) together with the validation result. 9
SSLint Framework SSL Client Apps Check whether validation APIs are called correctly. Static Analyzer Code Signatures Encode correct usage in a signature and match this signature. Pass if match succeeds Representation Matcher Vulnerability Report 10
SSLint Signatures Fixed vulnerable example @1 SSL_CTX_new 1 ctx = SSL_CTX_new(method); ... 2 ssl = SSL_new(ctx); ... 3 SSL_connect(ssl); 4 cert = SSL_get_peer_certificate(ssl); 5 if (cert != NULL){ 6 if(SSL_get_verify_result(ssl) ==X509_V_OK){ 7 //Validation succeeds. 8 SSL_read(ssl ) or SSLwrite(ssl, ) 9 } 10 else{ 11 //Validation fails and terminate connection 12 } 13 } 14 else{ 15 //Validation fails and terminate connection } @2 SSL_new @3 SSL_connect @4: @6: SSL_get_peer _certificate SSL_get_verify _result @5: If condition (cert!=NULL) @6: If condition (==X509_V_OK) @8: SSL_read/SSL_write Data Flow & Control Flow 11
SSLint Signatures We use Program dependence graphs (PDGs) as code representation as well as signature representation, in order to capture both control flow and data flow SSL_connect() <function call> (x3)(y3) SSL_new() <function call> (x2)(y2) SSL_CTX_new() <function call> (x1)(y1) SSL_CTX_set_verify() <function call> (x4) SSL_get_peer_certificate() <function call> (y4) SSL_get_verify_result() <function call> (y5) SSL_read()/SSL_write() <function call> (x6) OR <condition-point> (==NULL)? (y6) <condition-point> (==X509_V_OK)? (y7) SSL_VERIFY_PEER <Const> (x5) SSL_read()/SSL_write() <function call> (y8) Data dependence Control dependence 12 Signature for OpenSSL APIs
SSLint Implementation Technical Challenges: Defining and representing correct use. Identifying the preliminary condition for signature matching. Automated candidate app selection and compilation. SSL_new() SSL_read() or SSL_write() 13
SSLint Implementation Certificate Validation Vulnerability Scanner CodeSurfer provides static analysis 2.6K LoC (in C++) Generated PDGs matched with signatures Signature Expressions motivated from Cypher, a graph query language Custom algorithm to perform the matches 14
Results Signatures implemented for OpenSSL and GnuTLS the most popular two SSL/TLS libraries Scanned the entire Ubuntu distribution Scanned 22 million LoC in static analysis. 485 applications using OpenSSL and GnuTLS Detected 27 vulnerabilities All reported and confirmed 4 fixed, 14 responses from developers 15
Results Vulnerable E-mail Software Xfce4-Mailwatch-Plugin, Mailfilter, Exim, DragonFly Mail Agent, spamc Vulnerable IRC Software Enhanced Programmable ircII client (EPIC), Scrollz Other Vulnerable Software Web(https): Prayer front end, xxxterm Database: FreeTDS Admin tool: nagircbot, nagios-nrpe-plugin, syslog-ng Performance testing tool: siege, httperf, httping 16
Results Vulnerability Type SSL library Dynamic Auditing Developer Feedback App Name LoC dma 12,504 Certificate Validation OpenSSL Proved Confirmed OpenSSL GnuTLS exim4 94,874 Hostname Validation Proved Fixed xfce4-mailwatch- plugin Certificate Validation Hostname Validation 9,830 GnuTLS Proved spamc 5,472 Certificate Validation OpenSSL Confirmed prayer 45,555 Certificate Validation OpenSSL Confirmed epic4 56,168 Certificate Validation OpenSSL Proved Fixed epic5 65,155 Certificate Validation OpenSSL Proved Fixed Certificate Validation Hostname Validation OpenSSL GnuTLS scrollz 78,390 Proved Confirmed xxxterm 23,126 Hostname Validation GnuTLS Proved Confirmed httping 1,400 Certificate Validation OpenSSL Proved Confirmed pavuk 51,781 Certificate Validation OpenSSL Confirmed crtmpserver5 57,377 Certificate Validation OpenSSL Confirmed Certificate Validation Hostname Validation freetds-bin 80,203 GnuTLS Proved Confirmed 17
Results Vulnerability Type SSL library Dynamic Auditing Developer Feedback App Name LoC nagircbot 3,307 Certificate Validation OpenSSL Proved picolisp 14,250 Certificate Validation OpenSSL Fixed nagios-nrpe- plugin 3,145 Certificate Validation OpenSSL Confirmed citadel-client 56,866 Certificate Validation OpenSSL Proved mailfilter 4,773 Certificate Validation OpenSSL Proved suck 12,083 Certificate Validation OpenSSL Proved Certificate Validation Hostname Validation proxytunnel 2,043 GnuTLS Proved siege 8,581 Certificate Validation OpenSSL Proved httperf 6,692 Certificate Validation OpenSSL Proved syslog-ng 115,513 Certificate Validation OpenSSL Proved medusa 18,811 Certificate Validation OpenSSL Proved hydra 23,839 Certificate Validation OpenSSL Proved ratproxy 4,069 Certificate Validation OpenSSL Proved dsniff 24,625 Certificate Validation OpenSSL Proved 18
Conclusion & Ongoing work Conclusion We design and implement SSLint to verify SSL API usage in large scale.(22M LoC) We discover 27 previously unknown vulnerable apps due to misuse Ongoing work SSLint is our 1ststep to verify API usage by static analysis. (A generic approach?) Fix failed applications in analysis by automatically identify SSL-relevant modules in application code. 19
Demo Attack Demo Video against Xfce4-mailwatch-plugin 20
Thank you! http://list.zju.edu.cn/ http://list.cs.northwestern.edu/ Questions? 21
BackUp 22
A Motivating Example Vulnerable example (OpenSSL API) Specify the protocol: TLSv1 const SSL_METHOD *method; SSL_CTX *ctx; SSL *ssl; method = TLSv1_client_method(); ... ctx = SSL_CTX_new(method); ... ssl = SSL_new(ctx); ... SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE,...); ... SSL_connect(ssl); Create SSL context. Create SSL session. Configure OpenSSL built-in certificate validation, but fail to enforcement this validation during handshake Launch SSL handshake 23
A Motivating Example Contd Fix of Vulnerable example const SSL_METHOD *method; SSL_CTX *ctx; SSL *ssl; method = TLSv1_client_method(); ... ctx = SSL_CTX_new(method); ... ssl = SSL_new(ctx); ... SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER,...); ... SSL_connect(ssl); Use SSL_VERIFY_PEER flag instead of SSL_VERIFY_NONE to enforce OpenSSL built-in certificate validation during handshake. 24
OpenSSL API SSL/TLS handshake Start Global initialization Authentication Create SSL_METHOD (select protocol version) PASS Create SSL_CTX (context for SSL) FAIL Data transmission over SSL Configure SSL_CTX (set up certificates, keys, etc) SSL shutdown Create SSL Set up sockets for SSL End 25
Incorrect use of SSL API Server Certificate CommonName: www.google.com Issuer: Google CA Signature:**************** https://www.google.com Poisoned DNS cache Victim Router(Gateway) Web Server Server Certificate CommonName:www Issuer Issuer: : Verisign Signature Signature: :**************** Man-in-the-middle attacks caused by incorrect hostname validation. www. .attacker attacker. .com com 26 Attacker
Measurement results SSL/TLS apps in Ubuntu 12.04 Analysis Coverage 104 138 349 381 OpenSSL app GnuTLS app App sucesseed analyzed App failed in analysis 27
Accuracy 28