What protections does TLS use in the above scenario?
In the picture, the client asks the attacker for the address of Google.com, but the attacker gives them a different ip address which redirects to a domain that looks like Google.com.
2 Answers
The diagram assumes the initial connection is made using plain text HTTP allowing the attacker to redirect the victim to google.example.com instead of google.com. The TLS does not provide protection against that, but HTTP Strict Transport Security (HSTS), RFC 6797 does.
However, Google has not enabled HSTS on the domain apex but only on the www subdomain. Therefore, it cannot be on the HSTS preloading list, either. That's actually a good example of a site that isn't fully protected against this type of attacks. The user would have to
- manually type the
https://google.comor - use the
www.google.comprotected by HSTS or - check the resulting address bar and notice the suspicious address.
answered Oct 8, 2023 at 19:07
In the depicted scenario, assume that the user's initial request is to https://www.google.com (note the s at the end of https). The user's web browser looks up the A record for www.google.com, but because the attacker has poisoned the DNS, the query resolves to 192.168.1.1.
The user's web browser then proceeds to initiate a TLS connection with the web server at 192.168.1.1 (with www.google.com in the CleintHello). At this point (and before the attacker's server can even respond with the 302 redirect), the attacker's web server has to serve a CA-signed certificate for www.google.com and complete a TLS handshake using this certificate. This requires the attacker to have the private key that corresponds with the public key in the certificate. So, to pull this off, the attacker would either have to steal the private key for one of Google's certificates, or dupe a CA into signing a fake certificate for www.google.com. Both of these are a high bar for an attacker.
-
1
-
1Note that in some scenarios getting a valid fake CA cert for google is not hard. One such case is if a state actor such as China want to intercept the request and China having ownership of all Chinese CA can issue a google CA cert to China in order to intercept the request. The browser would not know that the CA does not actually belong to google. Another example is my current use case, my employer uses Cloudflare VPN to manage internet access on company computers. Cloudflare being a CA will issue CA certs to google when I try to access it so that their VPN can inspect my request. Commented Oct 9, 2023 at 3:01
-
2@slebetman, in the second case, Cloudflare being a public CA does not matter since this should be using a local CA specific to that proxy that your company computers are configured to trust, but any other computer will not. Commented Oct 9, 2023 at 5:25
-
1@slebetman The first case is handled by the Certificate Transparency system. Browsers require that all public CAs publish the certificates they sign to several central logs. The logs add additional signatures to the certificate to prove to the browser that they saw it. The logs are then published so anyone can see what certificates were issued, so if a CA does get hacked or forced to issue a fake certificate, the world will know about it.– JBYoshiCommented Oct 10, 2023 at 0:38
Host: www.google.com, notHost: 192.168.1.1.