Scott Johnson

Cryptography II
Spring 2013

CRIME Attack
Compression Ratio Info-
leak Made Easy
What is CRIME?
 Exploit for SSL/TSL
 Takes Advantage of Compression in
SSL/TSL
 Allows Attacker To Obtain Control
Who and When of CRIME?

 security researchers
Juliano Rizzo
Thai Duong
 Also created the BEAST exploit
Browser Exploit Against SSL/TLS
 Introduced at the 2012 Ekoparty
Security Conference
Background Information
 What is SSL/TSL
Security Protocols to assist in transferring
data securely via the Internet
Built-in Compression Option
Requires a Session Cookie Containing a
Key to Validate Messages
Used by Many Websites that Require
Security
How Does CRIME Work?
 The attacker creates a special
JavaScript
Script will append data to attackee’s
transmissions
This data is very specific and created to
obtain patterns
 The attacker introduces the JavaScript
into the attackee’s system
How Does CRIME Work? (con’t)

 Once in the system JavaScript executes

Finds active SSL/TSL Connections
Appends Specific Patterns to Outgoing SSL
Messages
Repeats the Appending Process to Output
Various Predefined Patterns
Done Before Encryption/Compression
 Attacker Obtains Encrypted Message via
Man-in-the-Middle method
How Does CRIME Work? (con’t)

 Attacker Compares Messages to

Achieve Patterns Created By JavaScript
 Attacker Acquires Compression and
Encryption Methods via Patterns
 Attacker Obtains Session Cookie
Information from Header via
Compression and Encryption Method
 Attacker Uses Cookie Information to
Hijack Session
How Are The Patterns Obtained?

 Attacker Uses SSL’s Compression to

Create Patterns
 Attacker Introduces a Three Character
Pattern to Same Attackee Message
Multiple Times
Three characters must all be the same
The Pattern
 Example of Pattern
Attackee’s data: [unknown]
Attacker Appends Various Three Characters
AAA[unknown]
BBB[unknown]
Etc.
SSL Compresses and Encrypts
Attacker Obtains Compressed and Encrypted
Message
The Pattern (con’t)
 Attacker Compares Message Lengths
AAA[unknown] = 1df4h6a
BBB[unknown] = 23fdhd234
Etc.
 AAA[unknown] has a smaller message length
Due to compression the first character in the
unknown data must be an A.
 Attacker Repeats To Obtain A
Compression/Encryption Pattern
Compression/Encryption Pattern

 With Pattern In Hand

Attacker obtains session header
Uses Compression/Encryption Pattern to
decode header
From header the attacker obtains all cookie
information
 With Cookie Information Attacker Can
Act As The Attacked System and Send
Messages To Host
How To Prevent CRIME?
 Simple Solutions
Turn off compression at either end of the
connection
Use another form of secure connection
 CRIME is still relatively new
More in-depth solution are being researched
Exact details of attack a not published
CRIME creators are working with NIST to
create a solution
Browsers and CRIME
 Microsoft Internet Explorer is not
vulnerable to CRIME
 Crome added patch to latest version to
mitigate CRIME attack
 FireFiox also added patch to latest
version to mitigate CRIME attack
 Many Websites have added protection
on their end to thwart CRIME attacks
Conclusion
 CRIME is a very specific attack
 Can be easily avoided
This avoidance comes with transmission speed
decrease
 Users must determine if compression or
security is top priority
Compression increases speed but allows for
CRIME
Security Defeats CRIME but disables
Compression.
Conclusion (con’t)
 CRIME was easily defeated, but….
Will its knick in the armor of SSL/TSL put
doubts in the minds of the computer security
world?