Re: Idea for making SSL more efficient

["Frank O'Dwyer" <fod () littlecatZ com>]

It is incorrect to say that the integrity check is weak - as providing 
that the HTML containing the hash was itself delivered over SSL (which 
is clearly Paul's intention, as he says the original page is "https"), 
then the integrity of the hash is itself strongly protected. It is true 
that it is only an integrity check but (as Paul also pointed out) many 
images aren't confidential..

It's actually an ingenious idea, and could be used for more than just 
images (e.g. large downloads, links of any kind). However the main 
difficulty I see with it is that browsers would have to be modified 
handle the new IMG attribute. Having said that, browsers that didn't 
would likely ignore it, so with a little extra markup it could probably 
still be made to work (think of browsers that understand javascript 
versus those that don't). You'd have to ensure that the link that 
unmodified browsers saw was still https.

Server-side, it would be pretty easy to automatically pre-compute these 
hashes and insert them in the HTML, too. Most servers have some 
mechanism for modifying the result stream.

The performance win from reduced traffic seems likely to be 
considerable, too (SSL is not as slow as its painted, but it does expand 
traffic, and as Paul noted it prevents caching).

Cheers,
Frank

Michael Howard wrote:

> SSL provides many security features, including authentication, integrity
> checking and confidentiality. This solution provides only an integrity
> check, and weak one at that - only a hash, not a MAC.
>
> So what threat(s) concern you?
>
> [Writing Secure Code 2nd Ed]
> http://www.microsoft.com/mspress/books/5957.asp
> [Protect Your PC] http://www.microsoft.com/protect
> [Blog] http://blogs.msdn.com/michael_howard
>
> -----Original Message-----
> From: Paul Johnston [mailto:paul () westpoint ltd uk] 
> Sent: Thursday, July 15, 2004 2:12 AM
> To: webappsec () securityfocus com
> Subject: Idea for making SSL more efficient
>
> Hi,
>
> A disadvantage with SSL is that it places increased load on the server, 
> in particular because client's ISP caches cannot be used. In most 
> situations the images on an SSL site are not confidential. If they are 
> included as HTTP links then the browser will display a "mixture of 
> secure and insecure content" warning. That is sensible, because an 
> attacker could potentially manipulate the images to deceive the user.
>
> My idea is to include a MD5 hash of the image in the img tag, so in an 
> https page you could do <img src="http://x.y.z/a.png"; md5="xyz789"/> to 
> reference an HTTP image. Images protected by these integrity checks 
> would then not cause a browser warning.
>
> I expect roll-out would not be easy, and also there may be concerns 
> about infering what is on the SSL page from what images are requested 
> (e.g. whether "overdrawn.png" gets requested).
>
> Anyone got thoughts on this?
>
> Paul
>
>