KR102116902B1 - Method for verifying integrity of cookies in https - Google Patents

Abstract

Disclosed is a method for verifying cookie integrity in an HTTPS environment including a client and a server. The method of verifying cookie integrity in the HTTPS environment includes the steps of a client sending an HTTPS request message to the server, and the server generating an HTTPS header message capable of verifying cookie integrity against a cookie stealing attack by adding a Header-MD5 option. And transmitting an HTTPS response message including an HTTPS header message capable of verifying the cookie integrity to a client, and verifying the integrity of the HTTPS response message by the client.

Description

METHOD FOR VERIFYING INTEGRITY OF COOKIES IN HTTPS}

The present invention relates to a method for verifying cookie integrity in HTTPS, and in particular, to present and solve an attack type capable of stealing an HTTP cookie containing a user's secret information in SSL / TLS, a cryptographic communication protocol, and HTTP, a web protocol. How to verify the integrity of HTTP cookies by adding a new HTTP option.

The present invention proposes a cookie integrity verification method in HTTPS.

The SSL / TLS protocol is the most widely used network security protocol in the world and performs functions such as mutual authentication, key exchange, data encryption, and data integrity check for the purpose of secure message exchange between clients and servers. However, the vulnerabilities are still being announced and the attacker can perform various attacks when using a lower version of the protocol or when using a library in which the vulnerability exists.

In a typical web protocol, HTTP, a cookie used to store client information can contain a variety of information. A cookie is a small record information file installed on an Internet user's computer through a server used by the Internet user when visiting a website, also called an HTTP cookie, a web cookie, or a browser cookie. The information contained in cookies is read each time an Internet user visits the same website and is often replaced with new information. Cookies can't be run like programs on your computer, can't carry viruses or install malware, but can be used to track a user's browsing behavior through spyware, stealing someone's cookies and gaining access to that user's web account. It can also be obtained.

If the cookie contains the login information or confidential information of the user account and performs the function of authentication for the user, such a cookie must be protected from an attacker, and for this, a method of verifying cookie integrity in HTTPS is required.

US 8448233 B2 KR 2010-0108132 A US 8286225 B2

The technical problem to be achieved by the present invention is to verify the integrity of the HTTP cookie by presenting and defending the type of attack that can steal the HTTP cookie containing the user's secret information from SSL / TLS, the cryptographic communication protocol, and HTTP, the web protocol. Is to provide a way to do it.

Cookie integrity verification method in an HTTPS environment including a client and a server according to an embodiment of the present invention

The client sends an HTTPS request message to the server, the server generates an HTTPS header message capable of verifying cookie integrity by adding a Header-MD5 option, and the server includes an HTTPS header message capable of verifying the cookie integrity to the client Sending an HTTPS response message, and verifying cookie integrity by the client.

According to the method of verifying cookie integrity in HTTPS according to an embodiment of the present invention, a Set-Cookie message can be protected from a cookie stealing attack on HTTPS, and a Header-MD5 value can be protected through SSL / TLS encryption. You can.

In order to better understand the drawings cited in the detailed description of the present invention, detailed descriptions of each drawing are provided.
1 is a schematic diagram of a cookie integrity verification system in an HTTPS computing environment according to an embodiment of the present invention.
2A to 2B are diagrams illustrating the vulnerability of the browser shown in FIG. 1.
3 is a flowchart illustrating a method for verifying cookie integrity in an HTTPS computing environment according to an embodiment of the present invention.
4 to 5 illustrate exemplary types of attacks that can be defended through a cookie integrity verification method according to an embodiment of the present invention.
6 is an exemplary HTTP cookie header message to which a cookie integrity verification method is applied in an HTTPS computing environment according to an embodiment of the present invention.

Specific structural or functional descriptions of the embodiments according to the concept of the present invention disclosed in this specification are exemplified only for the purpose of explaining the embodiments according to the concept of the present invention, and the embodiments according to the concept of the present invention It can be implemented in various forms and is not limited to the embodiments described herein.

Embodiments according to the concept of the present invention can be applied to various changes and can have various forms, so the embodiments will be illustrated in the drawings and described in detail herein. However, this is not intended to limit the embodiments according to the concept of the present invention to specific disclosure forms, and includes all changes, equivalents, or substitutes included in the spirit and scope of the present invention.

Terms such as first or second may be used to describe various components, but the components should not be limited by the terms. The above terms are only for the purpose of distinguishing one component from other components, for example, without departing from the scope of rights according to the concept of the present invention, the first component may be referred to as the second component and similarly the second component The component may also be referred to as the first component.

The terms used in this specification are only used to describe specific embodiments, and are not intended to limit the present invention. Singular expressions include plural expressions unless the context clearly indicates otherwise. In this specification, terms such as “include” or “have” are intended to indicate that a feature, number, step, operation, component, part, or combination thereof described herein exists, one or more other features. It should be understood that the existence or addition possibilities of fields or numbers, steps, actions, components, parts or combinations thereof are not excluded in advance.

Unless otherwise defined, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by a person skilled in the art to which the present invention pertains. Terms such as those defined in a commonly used dictionary should be interpreted as having meanings consistent with meanings in the context of related technologies, and should not be interpreted as ideal or excessively formal meanings unless explicitly defined herein. Does not.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings.

First, referring to FIGS. 1 to 2, a cookie integrity verification system in HTTPS will be described in detail in an embodiment of the present invention.

1 shows a cookie integrity verification system 10 in an HTTPS computing environment according to an embodiment of the present invention, and FIG. 2 shows a vulnerability of the browser shown in FIG. 1.

Referring to FIG. 1, the cookie integrity verification system 10 in an HTTPS computing environment includes a client device 100 including a browser 110 and a web server 200.

The client device 100 may communicate with the web server 200 through a network network. The network network according to an embodiment is a wide concept including possible communication means such as a wired Internet network including an open Internet, a closed intranet, a wireless Internet communication network interlocked with a mobile communication network, and a computer network capable of various data communication. .

The client device 100 includes a browser 110. Referring to FIG. 2, when the browser 110 receives an HTTP message, there is a vulnerability that does not verify the format or integrity of the message and accepts only the interpretable part.

The browser 110 may receive an incorrect message that may occur due to an error in the setting of the server 200 or a network error, and may store a cookie without a secure flag (FIG. 2A). Similarly, even if the Status line indicating the status of the HTTP protocol is an incorrect format with two or more messages, the cookie value can be normally stored (FIG. 2B).

Hereinafter, a method of verifying cookie integrity in an HTTPS computing environment according to an embodiment of the present invention will be described in detail with reference to FIGS. 3 to 6.

3 is a flow chart for explaining a method for verifying cookie integrity in an HTTPS computing environment according to an embodiment of the present invention, and FIGS. 4 to 5 can be defended through a method for verifying cookie integrity according to an embodiment of the present invention The example attack type is shown.

6 is an exemplary HTTP cookie header message to which a cookie integrity verification method is applied in an HTTPS computing environment according to an embodiment of the present invention.

The following HTTP related terms are based on the Hypertext Transfer Protocol (HTTP).

Hereinafter, an exemplary attack type according to the vulnerability of the browser and SSL / TLS will be described with reference to FIGS. 4 to 5.

The first type of attack is a method in which an intermediate attacker randomly modifies a cookie flag to generate a valid tag for a server using a vulnerable GCM (FIG. 4). The client stores the cookie value without the cookie flag, which can later send the cookie value to the HTTP protocol rather than HTTPS, which is an encrypted communication, so an attacker can steal the cookie value.

The second type of attack is a method of manipulating a message to a client by making a connection using the same key (FIG. 5). In the case of the 0-RTT message, only the client generates and uses a random value used for key generation, so if you copy and transmit the 0-RTT request message used when generating the key, you can create a connection using the same key. have. Similarly, since the client stores the cookie without the cookie flag, the cookie value can later be retrieved using the HTTP protocol.

Hereinafter, a method of verifying cookie integrity in an HTTPS computing environment according to an embodiment of the present invention will be described with reference to FIG. 3.

First, the client 100 transmits an HTTPS (HTTP ??) request message to the server 200 (S100).

Next, the server 200 adds a Header-MD5 option to generate an HTTP header message (S200). In other words, a header option for verifying the integrity of the HTTPS header message used when the server 200 sends a cookie value to the client 100 is added in order to prevent an attack according to the vulnerability of the browser and SSL / TLS. . By adding the Header-MD5 option, it is possible to verify the integrity of the message in the header.

Through this, the Set-Cookie message can be protected and the Header-MD5 value can be protected by SSL / TLS encryption, so it is possible to safely design for the attack scenario presented above.

Next, the server 200 transmits an HTTPS response message including an HTTPS header capable of integrity verification to the client 100 (S300).

Next, the client 100 obtains the Header-MD5 value from the HTTPS header included in the received HTTPS response message. The Header-MD5 value is generated in the same manner as the server from the HTTP header message except the Header-MD5 value. The integrity of the HTTPS header message is verified by comparing the two Header-MD5 values (S400). In other words, if the two Header-MD5 values are the same, an HTTPS response message is received, otherwise, a re-request message is transmitted.

The present invention has been described with reference to the embodiments shown in the drawings, but these are merely exemplary, and those skilled in the art will understand that various modifications and other equivalent embodiments are possible therefrom. Therefore, the true technical protection scope of the present invention should be determined by the technical spirit of the appended claims.

100: client 110: browser
200: server

Claims (4)

In the cookie integrity verification method in an HTTPS environment including a client and a server,
The client sending an HTTPS request message to the server;
Generating, by the server, an HTTPS header message capable of verifying cookie integrity against a cookie stealing attack by adding a Header-MD5 option;
Sending, by the server, an HTTPS response message including the HTTPS header message to the client; And
And verifying the integrity of the HTTPS response message by comparing the Header-MD5 value generated by the client from the Header-MD5 value received from the server and the HTTPS header message,
The cookie stealing attack is a cookie stealing attack through a cookie flag change,
The cookie stealing attack allows the attacker to modify the cookie flag for the server using GCM, generate a valid tag, and allow the client to store the cookie value without the cookie flag and transmit the cookie value using HTTP protocol rather than HTTPS. An attack that manipulates a message to a client by making a connection using the same key as the first attack that enables cookie stealing, by allowing the client to store the cookie value without a cookie flag and to send the cookie value via HTTP protocol rather than HTTPS Comprising at least one of the second attacks that enable an attacker to steal cookies,
How to verify cookie integrity. delete delete delete

Images