Ruhr-Uni-Bochum

Two Distinguished Paper Awards for CASA and HGI researchers at USENIX 2024

The 33rd USENIX Security Symposium will take place from 14 to 16 August 2024 in Philadelphia, USA.

Usenix Logo

Copyright: Usenix

At the 33rd USENIX Security Symposium, held from August 14 to 16, 2024, at the Philadelphia Marriott Downtown in Philadelphia, PA, USA, researchers from CASA and HGI were honored for their contributions to the field of IT security.

Award for Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk

The team consisting of Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk received both the Distinguished Paper Award and the Distinguished Artifact Award for their paper titled “Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation.” In this work, the researchers demonstrated vulnerabilities in the SSH protocol that allow attackers to delete data from the secured connection. These vulnerabilities compromise the integrity of SSH communication, and the researchers propose corresponding countermeasures.

Award for Robin Kirchner, Jonas Möller, Marius Musch, David Klein, Konrad Rieck, and Martin Johns

Another Distinguished Paper Award was given to the paper “Dancer in the Dark: Synthesizing and Evaluating Polyglots for Blind Cross-Site Scripting.” The authors, including Robin Kirchner (Technical University of Braunschweig), Jonas Möller (Technical University of Berlin), Marius Musch and David Klein (Technical University of Braunschweig), Konrad Rieck (Technical University of Berlin), and Martin Johns (Technical University of Braunschweig), conducted an extensive study on Blind Cross-Site Scripting (BXSS) and developed a method to synthesize polyglot payloads that can be executed in all common injection contexts, effectively identifying BXSS vulnerabilities. Their method proved to be as effective as existing approaches and uncovered 20 vulnerabilities in 18 backend systems from the Tranco Top 100,000 websites.

About USENIX Security Symposium

USENIX Security Symposium is held annually and brings together experts interested in the latest advances in security and the protection of computer systems and network privacy.

 

Abstracts and Links


Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation
Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk, Ruhr University Bochum

Abstract: The SSH protocol provides secure access to network services, particularly remote terminal login and file transfer within organizational networks and to over 15 million servers on the open internet. SSH uses an authenticated key exchange to establish a secure channel between a client and a server, which protects the confidentiality and integrity of messages sent in either direction. The secure channel prevents message manipulation, replay, insertion, deletion, and reordering. At the network level, SSH uses the Binary Packet Protocol over TCP.

In this paper, we show that as new encryption algorithms and mitigations were added to SSH, the SSH Binary Packet Protocol is no longer a secure channel: SSH channel integrity (INT-PST, aINT-PTXT, and INT-sfCTF) is broken for three widely used encryption modes. This allows prefix truncation attacks where encrypted packets at the beginning of the SSH channel can be deleted without the client or server noticing it. We demonstrate several real-world applications of this attack. We show that we can fully break SSH extension negotiation (RFC 8308), such that an attacker can downgrade the public key algorithms for user authentication or turn off a new countermeasure against keystroke timing attacks introduced in OpenSSH 9.5. Further, we identify an implementation flaw in AsyncSSH that, together with prefix truncation, allows an attacker to redirect the victim's login into a shell controlled by the attacker.

We also performed an internet-wide scan for affected encryption modes and support for extension negotiation. We find that 71.6% of SSH servers support a vulnerable encryption mode, while 63.2% even list it as their preferred choice.

We identify two root causes that enable these attacks: First, the SSH handshake supports optional messages that are not authenticated. Second, SSH does not reset message sequence numbers when activating encryption keys. Based on this analysis, we propose effective and backward-compatible changes to SSH that mitigate our attacks.

Dancer in the Dark: Synthesizing and Evaluating Polyglots for Blind Cross-Site Scripting
Robin Kirchner, Technische Universität Braunschweig; Jonas Möller, Technische Universität Berlin; Marius Musch and David Klein, Technische Universität Braunschweig; Konrad Rieck, Technische Universität Berlin; Martin Johns, Technische Universität Braunschweig

Abstract: Cross-Site Scripting (XSS) is a prevalent and well known security problem in web applications. Numerous methods to automatically analyze and detect these vulnerabilities exist. However, all of these methods require that either code or feedback from the application is available to guide the detection process. In larger web applications, inputs can propagate from a frontend to an internal backend that provides no feedback to the outside. None of the previous approaches are applicable in this scenario, known as blind XSS (BXSS). In this paper, we address this problem and present the first comprehensive study on BXSS. As no feedback channel exists, we verify the presence of vulnerabilities through blind code execution. For this purpose, we develop a method for synthesizing polyglots, small XSS payloads that execute in all common injection contexts. Seven of these polyglots are already sufficient to cover a state-of-the-art XSS testbed. In a validation on real-world client-side vulnerabilities, we show that their XSS detection rate is on par with existing taint tracking approaches. Based on these polyglots, we conduct a study of BXSS vulnerabilities on the Tranco Top 100,000 websites. We discover 20 vulnerabilities in 18 web-based backend systems. These findings demonstrate the efficacy of our detection approach and point at a largely unexplored attack surface in web security.

General note: In case of using gender-assigning attributes we include all those who consider themselves in this gender regardless of their own biological sex.