Wednesday, 14 October 2015

The web authentication arms race

Image result for spy vs spyThis is really good. It’s a description of the evolution of authentication as an arms race between a developer and an attacker.  I think it does a brilliant job of explaining the issue.

An arms race is exactly the right way to think about the history of authentication.  This should be obvious but although I’ve always recognised it as an arms race, I’ve never explicitly written down the stages.  It didn’t even occur to me what a great and powerful idea it is. It should have.

Defender: Users will enter a username & password, and I will give them an authentication cookie for me to trust in the future.

Attacker: I will watch your network traffic and steal the passwords as they come down the wire.

Defender: I will change the <form> to submit over HTTPS, so you won't see any readable passwords.

Attacker: I will run an active MITM attack as the user loads the login page, and insert Javascript that sends the password to my server in the background.

Defender: I will serve the login page itself over HTTPS too, so you won't be able to read or change it.

Attacker: I will watch your network traffic and steal the resulting authentication cookies, so I can still impersonate users even without knowing the password.

Defender: I will serve the entire site over HTTPS (and mark the cookie as Secure), so you won't be able to see any cookies.

Attacker: I will run an active MITM attack against your entire site and serve it over HTTP, letting me see all of your traffic (including passwords and cookies) again.

Defender: I will serve a Strict-Transport-Security header, telling the browser to always refuse to load my site over HTTP (assuming the user has already visited the site over a trusted connection to establish a trust anchor).

Attacker: I will find or compromise a shady certificate authority and get my own certificate for your domain name, letting me run my MITM attack and still serve HTTPS.

Defender: I will serve a Public-Key-Pins header, telling the browser to refuse to load my site with any certificate other than the one I specify.

At this point, there is no reasonable way for the attacker to run an MITM attack without first compromising the browser.

Do click through for the rest.  This comes pretty high on the list of things I wish I’d thought of.

No comments:

Post a Comment