FR2887049A1 - METHOD FOR PROTECTING THE PIRACY OF A CLIENT TERMINAL USING A SECURE CONNECTION WITH A SERVER ON A PUBLIC NETWORK - Google Patents

Abstract

The invention relates to a method of protection against hacking of a connection (12) between a client terminal (10) and a server terminal (11), the client terminal (10) being connected to the server terminal (11) via a connection According to the invention, such a method comprises a step of continuous supervision of the messages exchanged between the client terminal and the server through the communication network, comprising at least: a substep ( 60) for capturing at least some messages exchanged on the network between the client terminal and the server, from at least one node of the network located between the client terminal and the server, - a sub-step (61) for analyzing at least part of the content of the captured messages; a substep (64) of identification from the substep of analysis, messages corresponding to the initiation of a secure connection between the client terminal and the server - a substep (62) of verification the validity of at least one certificate transmitted by the server to the client terminal, the certificate having been captured in the sub-step (60) for capturing the exchanged messages, and a step (63) for reacting and protecting the terminal customer since the validity of the certificate could not be verified.

Description

Method of protection against hacking of a client terminal using

  a secure connection with a server on a public network

  FIELD OF THE DISCLOSURE The field of the invention is that of security on computer networks, most of which are based on communication and exchange technologies between client terminals and servers relying on the Internet protocol. known by its English name of Internet Protocol (IP).

  More specifically, the invention relates to increasing the level of security in the exchanges between client terminals and / or servers for transactions of a sensitive nature, requiring perfect identification and authentication between the terminals they imply, for example in the context secure transactions relating to access to online banking or e-commerce services.

  Indeed, it is clear that the protocol was not originally designed to provide an adequate level of security for communications on global networks interconnected together.

  As a result, the currently used protocols, at the network level, do not provide any authentication or confidentiality of the data exchanged between two clients communicating on the network commonly called the Internet.

  2. State of the art, In order to overcome the security problems encountered mainly on public communication networks and with variable quality of service, secure protocols, generally implemented at the application level, have been designed in such a way as to provide mechanisms authentication and confidentiality in exchanges and transactions initiated between remote terminals connected on these networks.

  The best-known and most used protocol on the Internet is the SSL protocol, for Secure Socket Layer in English, or secure layer in French, also called TLS, for Transport Layer Security in English, under its standardized name. It is perfectly suited to common uses of the Internet like browsing websites.

  SSL and TLS are widely used in e-commerce or online banking applications.

  Because of the value of the applications they aim to protect, they are under attack to circumvent their level of security (information retrieval in SSL / TLS communication, typically login credentials or card numbers banking).

  Originally proposed by Netscape (registered trademark) and financial organizations, SSL is intended to secure communications, using the X509 standard, through TCP / IP networks, but also communications based on HTTP protocols, FTP and Telnet.

  SSL and TLS do not require special adaptation of network elements, unlike a protocol like IPsec.

  There are two levels of security in SSL and TLS: only the server has a certificate; - The server and the client terminal are both equipped with a certificate: the client and the server can then authenticate each other.

  To overcome the problems of transactional security between client terminals and servers connected by means of an Internet-type network, when a client terminal connects to an SSL-secured merchant site hosted by a server, the latter sends it a certificate containing its public key, signed by a Certificate Authority (CA), as well as a set of cryptographic mechanisms supported by the server. The client then checks the validity of the certificate and then creates a secret key randomly.

  He encrypts this secret key using the public key of the server, then sends him the result. The server decrypts the session key with its private key. This secret key becomes the temporary session key. The two terminals then have a secret common key, which encrypts the exchanges during the duration of a session, by means of a fast symmetric encryption.

  For information, it is specified here that in the remainder of the description and claims, all that concerns the SSL protocol can be easily transposed to the TLS protocol (for Transport Layer Security in English, or securing the transport layer , in French) which corresponds to the standardized version of SSL version 3.0 and has been taken over by the Internet Engineering Task Force (IETF), which is a group whose members contribute to the engineering and the evolution of Internet technologies.

  As mentioned above, the SSLITLS protocol is therefore based on a public key authentication process and certificate exchanges between client terminals and server.

  Asymmetric cryptography therefore ensures that the message sent remains confidential, and without being forced to use, before, a safe way to exchange the keys.

  The first key remains private and secret and is generally known only by its holder. The other key is public and is usually in an electronic directory.

  However, most of the time, the use shows that the recipient does not seek the public key of his correspondent in a public directory, possibly accessible remotely. On the contrary, the latter transmits it to him most often at the same time as other data.

  The question then is how to be sure that the public key received belongs to the sender, not to a hacker? To answer this question, the digital certificate has been created. It allows to securely associate a public key and the terminal that holds it.

  It is signed by a recognized and independent certification authority (CA). The verification of the signature thus gives the certainty that the certificate presented has been certified by a certification authority in which the customer has decided to trust.

  Technically this means that the user has saved the public key of the CA on his terminal.

  The format of digital certificates is standardized in the X509 standard (RFC 2459).

  A certificate contains a certain amount of information, some of which may be mentioned as illustrative examples: the version of the certificate, which indicates which version of the X509 standard corresponds to that certificate; the serial number of the certificate; the signature algorithm used, which identifies the type of signature used; the issuer of the certificate, under the Distinguished Name (DN) variable of the certification authority that issued the certificate; the certificate validity start date; the end date of certificate validity; the holder of the public key of the certificate; the public key, described in the form of a plurality of information on the public key of the certificate; basic constraints: optional generic extensions that can be associated with the certificate; the purpose of use of the key; the digital signature of the certification authority having validated all the above information.

  In addition, checking the validity of the certificate mainly means: checking its validity date; - check the level of trust against the issuer of the certificate; - check that the object of the certificate is that of the issuer (for example the name of the web server www.mabanque.com to which we are connected is found in the Subject field of the certificate); check that the certificate has not been revoked, ie that the issuing CA has not put the certificate on opposition lists (available on the network).

  However, when one of the checks performed on the information in a certificate fails, most browsers ask the endpoint user if they still want to validate the server authentication.

  Indeed, many servers have outdated certificates, but they have kept in memory, or else certificates whose object (for example http://www.mabanque.com) is different from the address by which the server is accessible (for example, several names like http://www.mabanque.fr and http://www.mabanque.com).

  This is why browsers display a window on the user's screen and offer him, after an abscond warning, whether he wishes to validate the identity of the server.

  The SSL / TLS protocol is today one of the most used security protocols on the Internet, particularly as regards the consultation of merchant sites or banking services.

  The exchanges defined by the SSL protocol are carried out in two phases: 1) First phase: authentication of the server: following a request from a client terminal, the server sends its certificate to the client terminal and proposes a list of cryptographic algorithms that can to be used.

  The client terminal verifies the validity of the server certificate according to the procedure described above: automatic checking of the validity date, the issuer, the object and the non-revocation, then asks the user if wants to override the control in case of failure.

  2) Second phase: (optional) authentication of the client terminal: the server (and only it) can ask the client terminal to authenticate itself by first asking for its certificate.

  If the certificate verification fails, then the entity that detects the anomaly immediately sends an alert to the other entity. For example, the following messages are provided in the standard: Unknown_ca: the CA is not on the list of trusted CAs; Certificate_revoked: the certificate was put in opposition by its issuing CA; Certificate_expired: the current date is after the validity date; Bad_certificate: verification of the certificate signature failed; Certificate unkown: other certificate errors.

  Although SSL provides a good level of security, it is possible to exploit a human error to perform a Man-in-the-Middle attack, or attack by the middle.

  As illustrated in FIG. 2, and compared with a normal situation (FIG. 1), the principle of such an attack is relatively simple: the hacker is placed between the user's client terminal and the server offering the service the user wants to access.

  In the manner of a relay, the hacker, by means of a computer terminal will impersonate the client terminal server function, and impersonate the client terminal to the server.

  As part of such a Man in the middle attack, the attacker can intercept all the information sent by the client terminal, inject or modify traffic on the fly.

  In front of this type of computer attack, the certificate mechanisms used in the SSL protocol, even if they do not prevent a diversion of traffic, offer certain guarantees of security to the user. Indeed, since the server is normally the only one to know the private key associated with the certificate presented to the client terminal, the hacker performing an attack of the type Man in the Middle may relay the traffic, but it being encrypted, it can not not read it and therefore access its content.

  As the attacker finds himself in the middle of communications, it is possible for him to perform an SSL session with the client by presenting a certificate other than that of the legitimate server.

  At this level, the security of the connection will then rest only on the user who is responsible for detecting that the certificate presented by his Web browser (in the case of a conventional SSL connection via a browser) is not valid, or was usurped.

  Typically, Web browsers will detect an anomaly in the certificate, which does not match the expected one (for example, detecting a difference between the fully qualified domain name or fully qualified domain name in English, the Web site entered by the user via the URL typed, and the corresponding field of the certificate presented by the server).

  The browser of the user then reports to the latter a message notifying him that a potential problem of confidence is detected.

  The principle of the attack is based on the difficulty for a novice or average computer user to understand the meaning of such a message and the scope of his act if he chooses to ignore this message by accepting an invalid certificate presented by a hacker, the latter can then access the content of the communication.

  This attack does not exploit a flaw of the SSL protocol, but a human flaw, unfortunately the most common.

  Thus, and as illustrated in Figure 3, the client was deceived by the hacker who gave him a bad certificate: the SSL session is controlled by the attacker.

  As illustrated in FIG. 3, the numbered SSL link (1) is in this case totally accessible by the attacker, who in fact provides the termination of this connection. The hacker is then able to establish a connection (2) with the legitimate server. It can replay the data provided by the user (playing the role of proxy or relay) and thus completely hide his intervention in the eyes of a standard user.

  It should therefore be emphasized that a major disadvantage lies in the fact that there is currently no way to systematically prohibit SSL / TLS connections with a server that presents an invalid or falsified certificate by a hacker.

  The user always has the possibility of refusing a certificate for which a doubt remains, but the reality of the users' behaviors shows that the users often do not ask the question of the piracy and accept without great distrust a certificate whose origin they can not guarantee , or for which the browser has sent back a security alert message. It is this property that can lead to actual attacks to deceive the user.

  3. Objectives of the invention The invention described here proposes a mechanism for forcing a security policy on a given network so as to avoid the problem of user errors, as mentioned above.

  An object of the invention is to provide a technique that makes it possible to detect an attack of a hacker presenting to a user a fraudulent certificate, so as to perform an attack of the Man in the Middle type.

  Another object of the invention is to provide a technique that is independent of the behavior of the user through its client terminal, regardless of the vulnerability of this user to a hacker.

  An additional object of the invention is to provide such a technique that allows to isolate the client terminal of the communication network, as soon as an attack of a pirate is detected.

  A final objective of the invention is to provide such a technique which is relatively simple to implement and relatively inexpensive in terms of operation.

  4. SUMMARY OF THE INVENTION These objectives, as well as others which will appear subsequently, are achieved according to the invention by means of a method of protection against hacking of a network connection (12) between a terminal (10) client and a server (11), the terminal (10) client being connected to the server (11) via a connection (12) on a communication network. According to the invention, such a method comprises: a step of continuous supervision of the messages exchanged between the client terminal and the server through the communication network, the supervision step comprising at least: a substep (60) of capturing at least some messages exchanged over the network between the client terminal and the server; a substep (61) for analyzing at least a portion of the content of the captured messages; a substep (64) of identification from the substep (61) of analysis, messages corresponding to the initiation of a secure connection between the client terminal and said server; ^ a substep (62) for verifying the validity of at least one certificate transmitted by the server (11) to said client terminal (10), the certificate having been captured in the identification sub-step; a step (63) of reaction and protection of the client terminal (10) since the validity of the server certificate could not be verified.

  Such a technical approach according to the invention advantageously makes it possible to anticipate any risk that a user of the client terminal may accept to go beyond the control of the validity of the server's certificate, when the control has failed at the identification stage and authentication of the server by the client terminal.

  Advantageously, the sub-step (62) for verifying the validity of at least one certificate transmitted by the server (11) to the client terminal (10) is a step of checking at least one predetermined criterion attached to the server certificate and belonging to the group comprising at least: a date of validity of the certificate; a trust level associated with the certificate authority that issued the server certificate; a Boolean value indicating whether there is a match between the server's domain name and the network address of the service hosted by the server; a Boolean value indicating whether the certificate sent to the client terminal by the server has not been revoked and / or if the server certificate is not contained in a list of certificates that have been objected to, accessible on the communication network.

  Preferably, the sub-step (63) of reaction and protection of the client terminal is executed as soon as at least one of the predetermined criteria relating to the server certificate to be verified could not be verified in the verification sub-step (62). .

  Also preferentially, the sub-step (63) for reaction and protection of the client terminal is followed by a step of voluntarily cutting (65) the current network connection established between the client terminal and the server.

  This is to prevent a novice user or unaccustomed to messages inviting him to validate if he wishes to establish a secure connection from an expired certificate, or which he will not be able to certify origin, may be attacked by a hacker by inadvertently accepting a hacker certificate.

  Advantageously, the voluntary substep (65) sub-step of the current network connection uses at least one connection parameter (66) between the client terminal and the server obtained during the substep (61) for analyzing the network connection. messages exchanged, the parameters belonging to the group comprising at least: a source IP address; a destination IP address; at least one source TCP port; at least one destination TCP port; the two TCP sequence numbers for a connection termination based on the TCP / IP protocol.

  Preferably, said connection is of the type belonging to the group comprising at least: an SSL connection (secure socket layer in English or secure connection layer in French); a TLS connection (Transport layer security in English or secure transport layer in French); - a SHTTP (Secure HTTP in English, or secure HTTP in French) connection; the communication network can be a private network as well as a public network of the TCP / IP network type, or a combination of the two previous types, for example.

  The invention also relates to a computer program product downloadable from a communication network and / or recorded on a computer-readable and / or executable medium by a processor, comprising program code instructions for executing the steps of the method protection against hacking a connection between a client terminal and a server, as mentioned above, when the program is run on a computer.

  The invention also relates advantageously to a module (40) able to supervise and control the legitimacy of a network connection (41) between a client terminal (10) and a server (11). Preferably, such a module according to the invention comprises: means (50) for capturing at least some messages exchanged on the network between the client terminal (10) and the (11) server, since at least one node of the network located between said client terminal (10) and said server (11); means (51) for analyzing at least part of the content of the captured messages; identification means (54) from the analysis results, messages corresponding to the initiation of a secure connection by exchange of at least one certificate between the client terminal (10) and the server (11); means (52) for verifying the validity of at least one of the certificates that have been transmitted by the server (11) to the client terminal (10); means (55) for protecting the terminal (10) client, activated when the means (52) verification could verify the validity of the certificate sent by the server.

  Advantageously, the means (52) for verifying the validity of at least one certificate transmitted by the server (11) to the client terminal (10), are means for verifying at least one predetermined criterion attached to the at least one certificate to be verified and belonging to the group comprising at least: a date of validity of the certificate; a trust level associated with the certificate authority that issued the server certificate; a Boolean value indicating whether there is a match between the server's domain name and the network address of the service hosted by the server; a Boolean value indicating whether the certificate sent to the client terminal by the server has not been revoked and / or if the server certificate is not contained in a list of certificates that have been objected to, accessible on the network.

  Preferably, the means (55) for protecting the client terminal (10) activate means for intentionally cutting (56) the current network connection between the client terminal (10) and the server (11) on the communication network, and / or triggering at least one alert according to which an attempt to impersonate the server (11) by a hacker terminal (13) is detected.

  Advantageously, the means for intentionally cutting (56) the current network connection take account of at least one connection parameter between the client terminal (10) and the server (11) previously determined by the analysis means (51). , the parameters belonging to the group comprising at least: a source IP address; a destination IP address; at least one source TCP port; at least one destination TCP port; the two TCP sequence numbers for a connection termination based on the TCP / IP protocol.

  Also advantageously, the connection established through said network is of the type belonging to the group comprising at least: an SSL connection (secure socket layer in English or secure connection layer in French); a TLS connection (Transport layer security in English or secure transport layer in French); a SHTTP (Secure HTTP in English, or secure HTTP in French) connection; the communication network may be a private network or a public network of the TCP / IP network type, or a combination of the two types.

  In a preferred embodiment of the module (40) according to the invention, the latter further comprises manual or automatic decision means (53) capable of initiating the activation of the means (55) for protecting the client terminal when the certificate transmitted by the server is not valid, the decision means thus serving as an interface between the means (52) for checking the validity of the certificate and the means (55) of protection.

  The invention also relates to a firewall (42) for filtering the data packets that a client terminal (10) exchanges with at least one server (11) through a communication network, and comprising at least one module ( 40) capable of supervising and controlling the validity and / or the legitimacy of a network connection established between the client terminal (10) and at least one of the servers (11). It is understood that such a module (40) according to the invention may be integrated with any other type of physical and / or software component serving as a relay for information packets on a communication network, or for filtering and / or listen to such information packets from an interconnection node of the communication network under consideration.

  The invention finally relates to a protection system against the hacking of a connection (12) between at least one client terminal (10) and at least one server (11), at least one of the client terminals (10) being connected at least one of the servers (11) via a connection (12) on a communication network. Such a system according to the invention advantageously comprises at least one module (40) capable of supervising and checking the validity and / or the legitimacy of a network connection established between at least one of the client terminals (10) with at least one of the servers (11).

  Preferably, at least one of the modules (40) capable of supervising and checking the validity and / or the legitimacy of a network connection established between at least one of the client terminals (10) and at least one of the remote servers (11) are located at a network interconnection node of the type belonging to the group comprising: a firewall separating at least two communication networks; a network router; a network gateway.

  Such a positioning of the module (40) according to the invention on the communication network considered thus advantageously allows a greater efficiency a complete view of communications and messages exchanged between the client terminals to protect and the servers using a connection following the Secure TLS / SSL protocol, obtainable.

  5. List of Figures Other features and advantages of the invention will appear more clearly on reading the following description of a preferred embodiment of the invention, given by way of illustrative and non-limiting example, made by way of example. with reference to the accompanying drawings, in which: FIG. 1 shows a normal connection on a communication network, between a client terminal and a server; FIG. 2 illustrates the general principle of a man in the middle attack during which a hacker usurps the server function in the view of a client terminal; Figure 3 illustrates the general principle of a man-in-the-middle attack as part of a secure SSL connection; FIG. 4 gives an example of architecture of the system according to the invention; FIG. 5 shows the different sub-modules comprising the module (40) according to the invention able to supervise and control the legitimacy of a network connection (41) between a client terminal (10) and a server (11) according to a mode embodiment of the invention; FIG. 6 is a flowchart of the major steps of the method of protection against hacking of a secure connection (12) between a client terminal (10) and a server (11), according to one embodiment of the invention.

  DESCRIPTION OF A PREFERRED EMBODIMENT OF THE INVENTION The present invention thus relates to a method and a device for protecting against the hacking of a connection between a client terminal and a server.

  The originality of the method according to this invention essentially lies in the way of effectively protecting the user who will no longer be able to make mistakes when he misinterprets the safety alert messages returned by his browser, at the risk of accepting the certificate of a hacker.

  The method offers the advantage of being transparent, while being applicable to any type of network, the only constraint consisting in the need to be able to intercept the information packets corresponding to the messages exchanged between a client terminal and a client. given server, on the underlying communication network.

  No limitation on the network architecture nor on the configuration of the 30 client stations is therefore imposed by the invention.

  The object of the invention lies in the ability of the method and the device to perform an SSL / TLS connection break, when it does not appear to be valid, that is to say when the server certificate does not match. to that expected by the client terminal of the user -difference detected in the Fully Qualified Domain Name that shows that the Web site entered by the user is different from the content of the corresponding field of the certificate, or when a notification message raises the occurrence of a potential problem of trust regarding the validity of the issuer.

  Indeed, a particularly used attack has the principle of intercepting the communications of customers wanting to make an SSL / TLS connection, and present them with an invalid certificate which will then be accepted by the users for reasons of not understanding the alert: the hacker pretends to be the website the user intended to go to.

  The invention proposes to solve this problem of piracy by means of an attack detection at the time of their occurrence, then by making a cut of the SSL / TLS network connection, as soon as an attack is detected.

  It is therefore necessary for the deployed device to be judiciously positioned on a network to be protected so as to have a complete view of the traffic generated by the users between their client terminal and a server accessible on the same network, and thus be able to generate an event allowing to isolate the client terminal of the network, before the hacker could recover the sensitive data from the user.

  Such an event may take the form, for example and without limitation, of a termination of the client terminal to the network, so as to voluntarily terminate the session which would have irrevocably led to the transmission of sensitive data by the user to hacker who spoofed the server certificate.

  Figure 6 illustrates the steps of a method according to an embodiment of the invention.

  A first step (60) is to capture the traffic generated on the listened communication network (typically Ethernet), from a network node located between the client terminal and the server and typically positioned at an interconnection point of one or more networks - in order to obtain a complete view of the communications and messages exchanged between the client terminals to be protected and the external servers using a connection according to the secure TLS / SSL protocol. The device capturing the traffic and connected for example to a node of the network may be a router or a firewall 42 (or firewall in English) separating the private network of a company from a public network of the Internet type, or even any other physical and / or software component that may constitute a transit point for messages passing over the network (a router, for example), or able to listen to communications on the network (a software agent, a communicating agent, for example) A second step (61) then consists of analyzing the captured traffic and locating therein the traffic relying on the SSL / TLS protocol between a client terminal and a server, so as to target only the connections that must give rise at least server certificate authentication for the exchange of sensitive data (eg bank codes).

  A third step (64) consists of identifying the messages corresponding to the initiation of a secure connection and extracting messages exchanged in SSL / TLS format from the certificate transmitted by the server to the client terminal.

  A fourth step (62) is to check the validity of the certificate, so as to validate and certify the validity of this certificate, with respect to its issuer.

  This step makes it possible, according to the certificate recovered in the identification step (64), to check the validity of the certificate according to several criteria, among which: the date of validity of the certificate; the level of trust associated with the CA that issued the server certificate; the Boolean value indicating whether there is a match between the server's domain name and the network address, for example the Internet address, of the service hosted by the server; the Boolean key value indicating whether the certificate transmitted to the terminal by the server has not been revoked, ie if the server certificate is not contained in a list of certificates that have been the subject of an opposition, accessible on the network.

  Finally, a fifth step (63) is executed, since the result of the verification step of the validity of the server certificate could not succeed positively, given the verification criteria of the certificate in question. It consists in deciding on the protection to be provided to the server terminal.

  By way of illustrative and nonlimiting example, the type of event that can be generated during a sixth step (65) is specified here since the server's certificate can not be validly verified and / or its issuer can not be validly recognized and / or identified with a good level of trust.

  Secure SSL / TLS sessions between client and server endpoints are usually based on the TCP protocol. Thus, in a relatively simple manner, and so as to temporarily isolate the client terminal network and therefore the usurper hacker terminal, a cut of the TCP / IP connection is made between the client terminal and the hacker server terminal.

  For example, it is possible to cut a TCP connection on the fly by issuing a reset packet (RST) of the connection, between the hacker server and the client terminal (or vice versa), using the correct ones. parameters (source and destination IP addresses, source and destination ports, sequence numbers, etc.).

  More precisely and as illustrated in FIG. 5, the invention implements a module (40) comprising: a module (50) for capturing traffic; a traffic analysis module (51); an identification module (54); a module (52) for verifying the validity of the server certificate; a decision module (53); - a module (55) of protection.

  The traffic capture module (50) is responsible for capturing the traffic on the network being listened to (typically Ethernet). To do this, the most common technique is to use tools based on PCAP (Packet Capture English or capture packages in French) that capture all or part of the information transiting through a computer network.

  Specific libraries, such as libcap exist, which make it easy to perform this type of traffic monitoring. As a result, it is perfectly possible to transmit all captured packets to the traffic analysis module which will thus be able to analyze and interpret the contents of the packets received.

  The positioning of the module (50) for capturing traffic on the network to be listened to is decisive. It is indeed possible to listen to the information transiting through a computer network only if the equipment performing the listening access to it physically. Therefore, it is preferable to position the traffic capture module at a network interconnection (a network node for example) through which all packets will transit. For example, in the context of a company it seems advisable to position the invention at the level of the interconnection firewall (42) separating the network of the company from the Internet network. Such positioning is illustrated in FIG. 4.

  The traffic analysis module (51) is responsible for analyzing the traffic captured by the traffic capture module (50) and for locating the SSL / TLS traffic between a client terminal and a server.

  This module (51) is capable of understanding the SSL / TLS protocols.

  The traffic analysis module is capable of identifying determined parameters between a client terminal and a server, typically through the following information: - IP address of the client terminal; -IP address of the server; TCP source and destination ports between which communication is established; the two TCP sequence numbers; - the server certificate presented to the client terminal.

  In the same way, this module is also able to recover the machine name (beginning of the "Uniform Resource Locator" URL), for example and non-exclusively thanks to a DNS (Domain Name Service) analysis. or domain name service in French) that resolve a name into an IP address. Indeed, the connection from the client terminal is a TCP / IP connection from a source IP address to a destination IP address.

  It is therefore possible thanks to the analysis module to retrieve the DNS request sent by the client terminal in order to know the network address of the server from which the client terminal intends to connect.

  The identification module (54) is adapted from the analysis results to recognize the initiation of a secure connection and to extract the certificate that is presented to the client terminal by the server.

  The certificate as well as the information extracted by the traffic analysis module (51) are then transmitted to the module (52) for verifying the validity of the server certificate.

  The validity check module (52) of the server certificate retrieves information from the traffic analysis module and the identification module. The goal now is to validate that the current connection is legitimate.

  The verification of legitimacy of the connection is performed in the same way as that performed by the client terminal, namely the verification of the following parameters: the date of validity of the certificate; the level of trust associated with the CA that issued the server certificate; the Boolean value indicating whether there is a match between the server's domain name and the network address, for example the Internet address, of the service hosted by the server; the boolean value indicating whether the certificate sent to the terminal by the server has not been revoked, ie if the server's certificate is not contained in a list of certificates that have been the subject of an opposition, accessible on the network.

  Verification of the validity date of the certificate is easily achieved by reading the appropriate field (validity date) in the server certificate. The process operator can define which CAs he considers to be trusted. This list may be different from that of the user's browser. The verification of the level of confidence associated with the certification authority is easily achieved by reading the appropriate field (issuing CA) in the server certificate.

  The correspondence between the server's domain name and the network address is easily achieved by means of the appropriate field (Distinguished Name) in the server certificate with the information from the traffic analysis module.

  Verification of server certificate revocation is easily accomplished through a connection to the server certificate CA revocation server. As a result, it will be possible for this module to check whether the server certificate has been revoked or not. Indeed, the browsers of the client terminals do not necessarily check the certificate revocation lists of the server terminals. The method then makes it possible to solve this problem.

  The validity check module (52) of the server certificate then transmits to the decision module the final result of its analysis with additional information, among which: the result of the analysis: the parameters of the server certificate are all checked, or not ; the source IP address; - the destination IP address; the source and destination ports; the two TCP sequence numbers.

  The decision module (53) is in charge of deciding whether or not to cut the connection according to the previous result. Such a break can be decided automatically or manually. Indeed, it is then possible to tell this module is to cut all connections when an invalid connection has been detected; or notify a security administrator so that he or she decides to activate the cutoff or not. Of course, for more efficiency, it is better to have a fast action and therefore to be able to undertake a countermeasure quickly.

  If the decision to take a countermeasure has been made, whether done automatically or manually, then the decision module sends the following information directly to the protection module: the source IP address; the destination IP address; the source and destination ports; the two TCP sequence numbers.

  The protection module (55) is responsible for initiating a countermeasure based on the information from the decision module, as well as the countermeasure methods that are implemented in its software.

  It is for example quite possible to inject TCP connection termination packets (RST) which then allow the TCP session to be terminated abruptly. This is easily achievable when the module is aware of the following information: - the source IP address; the destination IP address; - the source and destination ports; - the two TCP sequence numbers.

  This module (55) is able to create the necessary packages for this purpose through self-service libraries available on the Internet such as libnet. It is then sufficient to create conforming packets according to the aforementioned parameters, and to send two TCP RST packets, the first to the source and the second to the destination. The latter will then be accepted by the TCP / IP stacks of the client and server terminals, thus cutting the SSL / TLS secure connection in a very simple and non-awkward way for the end user, the latter only having the impression that the website on which it connects does not work or is unavailable.

Claims (16)

  A method of protecting against hacking of a connection (12) between a client terminal (10) and a server (11), said client terminal (10) being connected to said server (11) via a connection (12) on a communication network, characterized in that it comprises: a step of continuous supervision of the messages exchanged between said client terminal and said server through said communication network, said supervision step comprising at least: a substep (60) capturing at least some messages exchanged on said network between said client terminal and said server; a substep (61) for analyzing at least a portion of the contents of said captured messages; a substep (64) of identification from said substep of analysis, messages corresponding to the initiation of a secure connection between said client terminal and said server; ^ a substep (62) for checking the validity of at least one certificate transmitted by said server to said client terminal, said certificate having been captured at said identification sub-step; a step (63) of reaction and protection of said client terminal since the validity of said certificate could not be verified.   2. A method of protection against hacking a connection between a client terminal and a server according to claim 1, characterized in that said substep (62) for checking the validity of at least one certificate transmitted by said server. auditing the client terminal, is a step of checking at least one predetermined criterion concerning said at least one certificate and belonging to the group comprising at least: a date of validity of said certificate; A level of trust associated with the certificate authority issuing said server certificate; a Boolean value indicating whether there is a match between the domain name of said server and the network address of the service hosted by said server; a Boolean value indicating whether said certificate transmitted to said client terminal by said server has not been revoked and / or said certificate of said server is not contained in a list of certificates that have been objected to, accessible on said network.   3. A method of protection against hacking of a connection between a client terminal and a server according to claim 2, characterized in that said substep (63) of reaction and protection of said client terminal is executed as soon as a least predetermined criteria for said at least one certificate to be verified could not be verified at said verification sub-step (62).   4. A method of protection against hacking a connection between a client terminal and a server according to any one of claims 1 to 3, characterized in that said substep (63) for reaction and protection of said client terminal is followed by a step of voluntarily cutting (65) said current connection between said client terminal and said server on said communication network.   5. Method of protection against hacking of a connection between a client terminal and a server according to claim 4, characterized in that said substep (65) voluntarily cutting said current connection uses at least one parameter (66). ) of connection between said client terminal and said server obtained during said substep (61) for analyzing said exchanged messages, said parameters belonging to the group comprising at least: a source IP address; - a destination IP address; at least one source TCP port; at least one destination TCP port; - the two TCP sequence numbers for a connection termination based on the TCP / IP protocol.   6. A method of protection against hacking a connection between a client terminal and a server according to any one of claims 1 to 5, characterized in that said connection is of the type belonging to the group comprising at least: an SSL connection ( secure socket layer in English or secure connection layer in French); a TLS connection (Transport layer security in English or secure transport layer in French); a SHTTP (Secure HTTP in English, or secure HTTP in French) connection; and in that said network is a private network or a public network of the TCP / IP network type.   7. Computer program product downloadable from a communication network and / or recorded on a computer-readable and / or executable medium by a processor, comprising program code instructions for performing the steps of the method of protection against hacking a connection between a client terminal and a server according to any one of claims 1 to 6 when said program is executed on a computer.   8. Module (40) able to supervise and control the legitimacy of a connection (41) between a client terminal (10) and a server (11), characterized in that it comprises: means (50) for capturing at least some messages exchanged on said network between said client terminal (10) and said server (11), since at least one node of said network located between said client terminal (10) and said server (II); means (51) for analyzing at least part of the content of said captured messages; identification means (54) from the analysis results, messages corresponding to the initiation of a secure connection by exchanging at least one certificate between said client terminal (10) and said server (11); means (52) for verifying the validity of said at least one certificate that has been transmitted by said server (11) to said client terminal (10); means (55) for protecting said activated client terminal (10) since said verification means (52) could not verify the validity of said at least one certificate transmitted by said server.   Module (40) able to supervise and control the legitimacy of a connection (41) between a client terminal (10) and a server (11), according to claim 8, characterized in that said means (52) of verification of the validity of at least one certificate transmitted by said server (11) to said client terminal (10), are means for checking at least one predetermined criterion attached to said at least one certificate and belonging to the group comprising at least: a date of validity of the said certificate; a trust level associated with the certificate authority issuing said certificate of said server; a Boolean value indicating whether there is a match between the domain name of said server and the network address of the service hosted by said server; a Boolean value indicating whether said certificate transmitted to said client terminal by said server has not been revoked and / or said certificate of said server is not contained in a list of certificates that have been objected to, accessible on said network.   Module (40) capable of supervising and controlling the legitimacy of a connection (41) between a client terminal (10) and a server (11), according to any one of claims 8 and 9, characterized in that said means (55) for protecting said client terminal (10) activate means for intentionally cutting (56) said current connection between said client terminal (10) and said server (11) on said communication network, and / or triggering at least one alert according to which an attempt to impersonate said server (11) by a hacker terminal (13) is detected.   11. Module (40) able to supervise and control the legitimacy of a connection (41) between a client terminal (10) and a server (11), according to claim 10, characterized in that said cut-off means (56) ) of said current network connection take account of at least one connection parameter between said client terminal (10) and said server (11) previously determined by said analysis means (51), said parameters belonging to the group comprising minus: a source IP address; a destination IP address; at least one source TCP port; at least one destination TCP port; the two TCP sequence numbers for a connection termination based on the TCP / IP protocol.   Module (40) capable of supervising and controlling the legitimacy of a connection (41) between a client terminal (10) and a server (11), according to any one of claims 8 to 11, characterized in that said established connection is of the type belonging to the group comprising at least: an SSL connection (secure socket layer in English or secure connection layer in French); a TLS connection (Transport layer security in English or secure transport layer in French); a SHTTP (Secure HTTP in English, or secure HTTP in French) connection; and in that said network is a private network or a public network of the TCP / IP network type.   13. Module (40) able to supervise and control the legitimacy of a network connection between a client terminal and a server according to any one of claims 8 to 12, characterized in that it further comprises means (53). ) manual or automatic decision able to initiate activation of said means (55) for protecting said client terminal when said certificate transmitted by said server is not valid, said decision means serving as an interface between said means (52) of verification of the validity of said certificate and said means (55) of protection.   14. Firewall (42) for filtering the data packets that a client terminal (10) exchanges with at least one server (11) through a communication network, characterized in that it comprises at least one module Device (40) capable of supervising and controlling the validity and / or legitimacy of a network connection established between said client terminal (10) and said at least one server (11) according to any one of claims 8 to 13.   15. Protection system against hacking of a connection (12) between at least one client terminal (10) and at least one server (11), said at least one client terminal (10) being connected to said at least one server ( 11) via a connection (12) on a communication network, characterized in that it comprises at least one module (40) capable of supervising and checking the validity and / or the legitimacy of a connection established between said at least a client terminal (10) and said at least one server (11) according to any one of claims 8 to 13.   16. Protection system against the hacking of a connection (12) between at least one client terminal (10) and at least one server (11), according to claim 15, characterized in that said at least one module (40) capable of supervising and controlling the validity and / or legitimacy of a network connection established between said at least one client terminal (10) and said at least one remote server (11) is positioned at an interconnection node network, of the type belonging to the group comprising: a firewall separating at least two communication networks; a network router; a network gateway.