Jiaqi Tan, Jayvardhan Nahata
Carnegie Mellon University
SPDY is an application-layer protocol which multiplexes multiple HTTP requests and compresses HTTP headers over a single TCP connection protected by SSL/TLS encryption. Web applications are ubiquitous, and HTTP headers carry HTTP cookies which often contain sensitive information which can result in loss of privacy if leaked. We perform a security analysis on the proposed compression scheme for the next revision of the SPDY protocol, particularly with respect to the previously disclosed CRIME attack which uses compression-based information leaks. We have identified a new information leakage in the compression scheme of the proposed and previous versions of the SPDY protocol, which we call PETAL1, which exploits the use of a fixed Huffman encoding table and the lack of byte-alignment of encoded characters, and we have identified a way to recover cookies using this information leakage by exploiting the way that multiple HTTP cookies with the same name but different Path attributes are handled by current web browsers. We perform a detailed analysis of the impact of this information leakage, and find that after considering practical issues such as the byte-padded nature of network communications, our hypothesized attack only leaks less than 2-bits of information for 30-character uppercase alphanumeric strings, and does not allow a network attacker to recover meaningful amounts of information despite our discovered information leakage.
KEYWORDS: SPDY, Information Leak, HTTPS, SSL, Cookies
FULL TR: pdf