
BEASTãšã¯äœã§ããïŒ
BEASTïŒSSL / TLSã«å¯Ÿãããã©ãŠã¶ãšã¯ã¹ããã€ãïŒãŠãŒãã£ãªãã£ãPayPalã¢ã«ãŠã³ãã«ãã°ã€ã³ããããã«ã·ãŒã¯ã¬ããCookieã解èªããã®ã«ããã103ç§ããããŸããã Youtubeã§ãããªãã£ã¹ããèŠãããšãã§ããŸãã ããã¯åœç©ã§ã¯ãããŸããã ããšãã¹ã¢ã€ãã§è¡ããããšã³ããŒãã£äŒè°ã®äžç°ãšããŠããŠãŒãã£ãªãã£ã®å®æŒãè¡ãããŸãããããã§ã¯ãç 究è ããã¬ãŒã³ããŒã·ã§ã³ãè¡ããå®çšçãªæŠå¿µå®èšŒã瀺ããŸããã 䜿çšãããè匱æ§ã«ãããWebãµãŒããŒãšãŠãŒã¶ãŒã®ãã©ãŠã¶ãŒéã§éä¿¡ãããããŒã¿ãéãã«ååããããšãã§ããŸãã ç®èãªããšã«ããã®æ»æã¯ãããã³ã«ã§èŠã€ãã£ãæ°ããæ¬ é¥ãæªçšããã®ã§ã¯ãªããçŽç²ã«çè«çã«èããããŠãã10幎åã®SSL / TLSã®è匱æ§ãæªçšããŸãã ãããã圌ããèšãããã«ã1幎ã«1åã¹ãã£ãã¯ãçºå°ãããããã10幎以å ã«è匱æ§ã¯çè«çãªã«ããŽãªããéåžžã«å®çšçãªã«ããŽãªã«ç¢ºå®ã«ç§»è¡ããŸãã
ç 究è ã¯ãŠãŒãã£ãªãã£ããŸã å ¬éããŠããŸããããå®äºããäœæ¥ã«é¢ãããã¯ã€ãããŒããŒãå ±æããŠããŸãã ãã®ããã°ã©ã ã¯2ã€ã®èŠçŽ ã§æ§æãããŠããŸããHTTPSãã©ãã£ãã¯ãåæããã¹ããã¡ãŒãšã被害è ã®ãã©ãŠã¶ãŒã«èªã¿èŸŒãå¿ èŠãããJavaScriptãšJavaã§æžãããç¹å¥ãªãšãŒãžã§ã³ãã§ãïŒããšãã°ããŠãŒã¶ãŒã«å¿ èŠãªã³ãŒãã§ããŒãžãéãããå¿ èŠããããŸãïŒã ç§å¯ã®Cookieã®éä¿¡ã«äœ¿çšãããã®ãšåãå®å šãªéä¿¡ãã£ãã«ã«ããŒã¿ãå ·äœçã«åã蟌ãã«ã¯ããšãŒãžã§ã³ããå¿ èŠã§ãã ããã¯ã©ã®ããã«ããŒã¿ã解èªããŸããïŒ ããã¯ã以åããç¥ãããŠããSSL 3.0 / TLS 1.0ã®è匱æ§ã®åºçªã§ããããã«ã€ããŠã¯ãããã«è©³ãã説æããŸãã

åçŽãªäº€æã¢ãŒãã®åé¡
SSLæå·åæ©èœ1.0
SSL 1.0 / TLS 3.0ãããã³ã«ã§ã¯ããããã¯æå·ãŸãã¯ã¹ããªãŒã æå·ã䜿çšãã察称ããŒæå·åã䜿çšã§ããŸãã ãã ããå®éã«ã¯ãéåžžããããã¯æå·ã䜿çšãããããã§èª¬æããæ»æã¯ç¹ã«ãããã¯æå·ã«é©çšãããŸãã æ¬è³ªãç解ããã«ã¯ãåºæ¬çãªæŠå¿µãããç解ããå¿ èŠããããŸãã
ãããã¯æå·ã®åäœåçã¯ãåããµã€ãºã®æå·åããããããã¯ã§ãã¬ãŒã³ããã¹ããããã¯ã衚瀺ããããšã§ãã ãããã¯æå·ãæ³åããæãç°¡åãªæ¹æ³ã¯ã2 ^ 128ãšã³ããªãå«ã巚倧ãªããŒãã«ã®åœ¢åŒã§ããåãšã³ããªã«ã¯ãããã¹ãã®ãããã¯Mãšããã«å¯Ÿå¿ããæå·åããããããã¯Cãå«ãŸããŸãããããã£ãŠãæå·åããŒããšã«åå¥ã®ãã®ãããªããŒãã«ããããŸãã 次ã«ãé¢æ°ãšããŠæå·åã瀺ããŸãã
C = EïŒããŒãMïŒãããã§Mã¯ãœãŒã¹ããŒã¿ãããŒã¯æå·åããŒãCã¯åä¿¡ããæå·åããŒã¿ã§ãã
ãããã¯ã¯å°ããïŒéåžžã¯16ãã€ãïŒã ãããã£ãŠã質åãçºçããŸãïŒé·ãã¡ãã»ãŒãžãæå·åããæ¹æ³ïŒ ã¡ãã»ãŒãžãåãé·ãïŒåã16ãã€ãïŒã®ãããã¯ã«åå²ããåãããã¯ãåå¥ã«æå·åã§ããŸãã ãã®ã¢ãããŒãã¯ãåçŽçœ®æã¢ãŒãïŒECBãé»åã³ãŒãããã¯ïŒãšåŒã°ããŸããããã£ãã«äœ¿çšãããŸããã ããã«ã¯çç±ããããŸããã³ã³ãã³ãå ã®2ã€ã®åäžã®ãããã¯ãæå·åãããšãçµæãšããŠ2ã€ã®åäžã®æå·åãããã¯ãåŸãããŸãã ããã«ã¯ããœãŒã¹ããã¹ãã®çµ±èšçç¹åŸŽãä¿æãããšããåé¡ã䌎ããŸããããã¯ãå³ã«ãã瀺ãããŠããŸãã ãã®åœ±é¿ãåé¿ããããã«ãæå·ãããã¯é£éããããã³ã°ã¢ãŒãïŒCBCãæå·ãããã¯é£éïŒãéçºãããŸããããã®ã¢ãŒãã§ã¯ããã¬ãŒã³ããã¹ãXORã®æ¬¡ã®åãããã¯ãåã®æå·åçµæã«é¢é£ä»ããããŸãã
Ci = E(Key, Mi xor Ci-1)
æåã®ãããã¯ã®æå·åäžãXORãœãŒã¹ã³ãŒãã¯äœããã®åæåãã¯ãã«ïŒåæåãã¯ãã«ãIVïŒã§ãããããã¯ä»¥åã®æå·åã®çµæã眮ãæããŸãã ã芧ã®ãšããããã¹ãŠãéåžžã«ç°¡åã§ãã ãã ãããã®çè«ã§ã¯ãããšãã°ãç°¡åã«ãããã¯ã«åå²ããããã¡ã€ã«ãªã©ã1ã€ã®å€§ããªãªããžã§ã¯ãã®ç¶æ³ã説æããŠããŸãã 次ã«ãSSL / TLSã¯æå·åãããã³ã«ã§ããåäžã®ãã¡ã€ã«ã§ã¯ãªããäžé£ã®ãã±ãããæå·åããå¿ èŠããããŸãã SSL / TLSæ¥ç¶ã䜿çšããŠäžé£ã®HTTPSãªã¯ãšã¹ããéä¿¡ã§ããŸããåãªã¯ãšã¹ãã¯1ã€ä»¥äžã®ãã±ããã«åå²ãããæ°ç§ãŸãã¯æ°å以å ã«éä¿¡ãããŸãã ãã®ç¶æ³ã§ã¯ãCBCã¢ãŒãã䜿çšãã2ã€ã®æ¹æ³ããããŸãã
- åã¡ãã»ãŒãžãåå¥ã®ãªããžã§ã¯ããšããŠåŠçããæ°ããåæåãã¯ãã«ãçæãã説æãããŠããã¹ããŒã ã«åŸã£ãŠæå·åããŸãã
- ãã¹ãŠã®ã¡ãã»ãŒãžã1ã€ã®å€§ããªãªããžã§ã¯ãã«çµåããããã®ããã«åŠçããã¡ãã»ãŒãžéã®CBCã¢ãŒããç¶æããŸãã ããã¯ãåã®ã¡ãã»ãŒãžã®æåŸã®æå·åãããã¯ïŒn-1ïŒãã¡ãã»ãŒãžnã®åæåãã¯ãã«ãšããŠäœ¿çšããããšã§å®çŸã§ããŸãã
泚æãéèŠãªãã€ã³ãã SSL 3.0 / TLS 1.0ãããã³ã«ã¯2çªç®ã®ãªãã·ã§ã³ã䜿çšãããããæ»æã®æ©äŒãååšããå Žæã§ãã

CBCæå·ã®åäœåç
äºæž¬å¯èœãªåæåãã¯ãã«
ãã®æ»æã¯ããã€ãã®ä»®å®ã«åºã¥ããŠããŸãããBEASTã®äœæè ã®çµéšãããå®ç掻ã§ããããå®è£ ããããšã¯éåžžã«çŸå®çã§ããããšã瀺ãããŠããŸãã æåã®ä»®å®ïŒæ»æè ã¯ãã©ãŠã¶ãéä¿¡ãããã©ãã£ãã¯ãçèŽã§ããå¿ èŠããããŸãã 2çªç®ã®ä»®å®ïŒæªè ã¯äœããã®åœ¢ã§è¢«å®³è ã«åãå®å šãªéä¿¡ãã£ãã«ãä»ããŠããŒã¿ãéä¿¡ãããå¿ èŠããããŸãã ãªããããå¿ èŠãªã®ã§ããïŒ ãããšã¢ãªã¹ã®ã³ã³ãã¥ãŒã¿ãŒéã§å®å šãªæ¥ç¶ã確ç«ãããŠããå ŽåãèããŸãã æ³å®ã©ãããi-blockã«Aliceã®ãã¹ã¯ãŒãïŒãŸãã¯ã·ãŒã¯ã¬ããCookie-é¢ä¿ãããŸããïŒãå«ãŸããã¡ãã»ãŒãžãååŸããŸãã æå·åããããããã¯ãCiãMiãšããŠç€ºããŸã-ãã®ãã¹ã¯ãŒãã Ci = EïŒKeyãMixor Ci-1ïŒã§ããããšãæãåºãããŠãã ããã ããã§ã圌女ã®ãã¹ã¯ãŒããRã§ãããšä»®å®ããŸããäž»ãªã¢ã€ãã¢ã¯ãæ³å®ã®æ£ãããæ€èšŒã§ããããšã§ãã
ãããã£ãŠã次ã®ã¡ãã»ãŒãžã®æåã®ãããã¯ãæå·åããããã«äœ¿çšãããåæåãã¯ãã«ãïŒååã§ããã®ã§ïŒç¥ã£ãŠããŸãã ããã¯ããããããåã®ã¡ãã»ãŒãžã®æåŸã®ãããã¯ïŒæå·åããã圢åŒïŒã§ãããããIVãšç€ºããŸãã ãŸããCiã®åã®ãããã¯ã®æå³ãã€ã³ã¿ãŒã»ããããç¥ã£ãŠããŸããCi-1ã§ç€ºããŠããŸãã ãã®ããŒã¿ãæ¬åœã«å¿ èŠã§ãã 圌ãã®å©ããåããŠãç¹å¥ãªæ¹æ³ã§ã¡ãã»ãŒãžãäœæããæåã®ãããã¯ã次ãšçãããªãããã«ããŸãã
M1 = Ci-1 xor IV xor P
ã¡ãã»ãŒãžãåãå®å šãªéä¿¡ãã£ãã«ãä»ããŠéä¿¡ãããå Žåãæå·ååŸã®æ°ããã¡ãã»ãŒãžã®æåã®ãããã¯ã¯æ¬¡ã®ããã«ãªããŸãã
C1 = E(Key, M1 xor IV) =
= E(Key, (Ci-1 xor IV xor P) xor IV)
= E(Key, (Ci-1 xor P))
= i
å®å šãªM1è¡šèšã䜿çšããã ãã§ããã®åŸãïŒIV xor IVïŒãç Žæ£ããããšããäºå®ã䜿çšããŠåŒãç°¡ç¥åããŸããïŒXORã®é¡èãªç¹æ§ïŒã ã¢ãªã¹ã®ãã¹ã¯ãŒãã«é¢ããæ³å®ãæ£ããïŒã€ãŸããMãå®éã«Pã«çããïŒå Žåãæ°ããã¡ãã»ãŒãžC1ã®æåã®æå·åããããããã¯ã¯ã以åã«ã€ã³ã¿ãŒã»ãããããCiãšçãããªããŸãã ãããŠãã®éïŒä»®å®ãæ£ãããªãå Žåãå¹³çã¯ãããŸããã ãããã£ãŠãä»®å®ããã¹ãã§ããŸãã

SSLæ»æãå®è£ ããããã«ãµãŒããŒã«ãªã¯ãšã¹ããéä¿¡ãã
æ€çŽ¢æ©èœ
æéãšè©Šè¡åæ°ãå€ããšä»®å®ãããšãMã®æ£ããå€ãèŠã€ãããŸã§ãã®ææ³ãäœåºŠãç¹°ãè¿ãããšãã§ããŸãããã ããå®éã«ã¯ãMã®ãããã¯ã®é·ãã¯16ãã€ãã§ãã 2ãã€ããé€ããã¹ãŠã®ãã€ãã®å€ãããã£ãŠããå Žåã§ããæ®ãã®ãã€ããæšæž¬ããã«ã¯2 ^ 15ïŒ32,768ïŒåã®è©Šè¡ãå¿ èŠã§ãã ãããŠãç§ãã¡ããŸã£ããäœãç¥ããªãå Žåã¯ïŒ èŠããã«ããã¯ããã¯ã¯å¯äžã®å Žåã«ããæ©èœããŸãã-Mã®å€ã«ã€ããŠéãããæ°ã®ä»®å®ãããå Žåã§ããããæ£ç¢ºã«ã¯ïŒãã®ãããã¯ã®å 容ã®ã»ãšãã©ãç¥ã£ãŠããå¿ èŠããããŸã-ããã¯ã説æãããè匱æ§ãæªçšããå¯äžã®æ¹æ³ã§ãã 1ã€ã®ããªãã¯ããããŸãã
æ»æè ããæå·åããããããã¯å ã§ã®ããŒã¿ã®é 眮æ¹æ³ãå¶åŸ¡ã§ãããšããŸãã ããšãã°ãã¢ãªã¹ã«æ»ããŸãããã 圌女ã®ãã¹ã¯ãŒãã®é·ãã8æåã§ããããšãç¥ã£ãŠãããšããŸãã æ»æè ããã¹ã¯ãŒãã調æŽããŠãæåã®ãããã¯ã«1æåã®ã¿ãå ¥ããæ®ãã®7æåã次ã®ãããã¯ã«å ¥ãããã«ã§ããå Žåã ã¢ã€ãã¢ã¯ãæåã®ãããã¯ã®æåã®15ãã€ãã§æ¢ç¥ã®ããŒã¿ãéä¿¡ããããšã§ãããã¹ã¯ãŒãã®æåã®æåã§ããæåŸã®ãã€ãã®ã¿ãéžæã§ããŸãã ããšãã°ããuserïŒalice passwordïŒ********ããšãã圢åŒã®è¡ãéä¿¡ãããšããŸããããã§ãã********ãã¯ãã¹ã¯ãŒãèªäœã§ãã æ»æè ãæååãæž¡ããŠæ¬¡ã®ãããã¯ã[lice passwordïŒ*] [******* .........]ãã«åå²ããå Žåããã¹ã¯ãŒãã®æåã®æåãéžæããããšã¯ãã¯ãäžå¯èœã«æããŸãã¿ã¹ã¯ã ææªã®ã·ããªãªã§ã¯ãæ²æšãª256åã®è©Šè¡ãå¿ èŠã«ãªããŸãã ãããŠãç¹å¥ãªéã®å Žåãããã¯å®å šã«1ã€ã§ã:)ïŒ æåã®ãã€ããååŸããåŸãããŒãã£ã·ã§ã³ã®å¢çã1æåã·ããããããšãã§ããŸããã€ãŸããæåã®ã¡ãã»ãŒãžã§14ã®æ¢ç¥ã®ãã€ããéä¿¡ããŸãã ããã§ããããã¯ã¯ãã¹ã¯ãŒãã®æåã®2ãã€ãã§çµäºããŸããæåã®2ãã€ãã¯ãã§ã«éžæãããŠããŸãã ç¹°ãè¿ããŸããã2çªç®ã®ãã€ããæšæž¬ããããã«å¿ èŠãªè©Šè¡åæ°ã¯256åã§ãã ãã¹ã¯ãŒããäžèŽãããŸã§ãããã»ã¹ãç¹°ãè¿ãããšãã§ããŸãã ãŸããBEASTã¯ãã®ååã䜿çšããŠã·ãŒã¯ã¬ããCookieãéžæããå€æŽããããªã¯ãšã¹ãããããŒãæ¢ç¥ã®ããŒã¿ãšããŠäœ¿çšããŸãã éžæã¯ãå¯èœæ§ã®ããæåãçµã蟌ãããšã§å éãããŸãïŒãªã¯ãšã¹ãã§ãã¹ãŠã䜿çšã§ããããã§ã¯ãããŸããïŒããŸããCookieã®ååãæ³å®ããŸãã

ç§å¯ã®PayPal Cookieã解èªããã®ã«ããã103ç§ããããŸããã
æ»æã®å®è£
ãã ããè匱æ§èªäœãšåŸ©å·åãå®è¡ããæé©åãããæ¹æ³ã¯é·ãé説æãããŠããŸããã BEASTéçºè ãå®éã«æåããã®ã¯ãæ»æã«å¿ èŠãªãã¹ãŠã®æ¡ä»¶ãå®è£ ããããšã§ããã
- æ»æè ã¯ã被害è ã®ãã©ãŠã¶ã«ãã£ãŠéå§ããããããã¯ãŒã¯æ¥ç¶ãèãããšãã§ããã¯ãã§ãã
- æ»æè ã¯è¢«å®³è ã®ãã©ãŠã¶ã«ãšãŒãžã§ã³ããæ³šå ¥ã§ããã¯ãã§ãã
- ãšãŒãžã§ã³ãã¯ãä»»æã®ïŒå€ããå°ãªããïŒHTTPSãªã¯ãšã¹ããéä¿¡ã§ããªããã°ãªããŸããã
ãŠãŒã¶ãŒã«ã¢ãã¬ãããŸãã¯JavaScriptããµã€ã¬ã³ãã«ãããã€ããããšã¯ãå®éã«ã¯ããã»ã©é£ããã¿ã¹ã¯ã§ã¯ãããŸããã ãã ããããããªãã¥ã¢ã³ã¹ãæ®ã£ãŠããŸããã¹ã¯ãªãããŸãã¯ã¢ãã¬ããã被害è ã«ãã£ãŠç¢ºç«ãããæ¥ç¶ã§ããŒã¿ãéä¿¡ã§ããããã«ããã«ã¯ãSOPã®å¶éïŒåããªãªãžã³ããªã·ãŒããã¡ã€ã³å¶éã«ãŒã«ïŒããã€ãã¹ããå¿ èŠããããŸãã ããã¯ãJavaScriptãªã©ã®äžéšã®ã¯ã©ã€ã¢ã³ãåŽããã°ã©ãã³ã°èšèªã«ãšã£ãŠéèŠãªã»ãã¥ãªãã£æŠå¿µã§ãã ãã®ããªã·ãŒã¯ã1ã€ã®ãµã€ãã®ããŒãžã«ããã¹ã¯ãªãããå¶éãªãã«äºãã®ã¡ãœãããšããããã£ã«ã¢ã¯ã»ã¹ããããšãèš±å¯ããŸãããç°ãªããµã€ãã®ããŒãžã®ã»ãšãã©ã®ã¡ãœãããšããããã£ãžã®ã¢ã¯ã»ã¹ãçŠæ¢ããŸãã ç°¡åã«èšãã°ã1ã€ã®ããŒãžã§å®è¡ãããŠããã¯ã©ã€ã¢ã³ãã¯ãç®çã®ãµã€ãïŒPaypal.comãªã©ïŒã«ãªã¯ãšã¹ããéä¿¡ã§ããŸããã SOPããªã·ãŒãåé¿ããããã«ãèè ã¯Javaä»®æ³ãã·ã³ã«0dayã®è匱æ§ãçºèŠãããã®ããã®ã¹ããŒãã£ã³ã°ãäœæããŸããã æ¢åã®Cookieãèªã¿åãããšã¯æããªãã§ãã ããã ãããããªãããªãæå·åããããã©ãã£ãã¯ãšã®å€§éšããå¿ èŠãªã®ã§ããïŒ åå²ã䜿çšããŠSOPããã€ãã¹ããããšã§ããªã¯ãšã¹ããéä¿¡ãããµãŒããŒã®å¿çïŒæ°ããCookieãå«ãå¿çãå«ãïŒãèªã¿åãããšãã§ããŸããããã©ãŠã¶ãŒã«ä¿åãããŠããæ¢åã®Cookieãèªã¿åãããšã¯ã§ããŸããã éçºè ã¯ã ããã°ã§ãšãŒãžã§ã³ããäœæãããšããã¹ããŒãªãŒå šäœãå ±æããŠããŸãã
å°æ¬ãã
çµè«ãšããŠã10幎åã«èª°ããå¿ããŠããè匱æ§ãå©çšã§ããã ãã§ãªãããŠãŒãã£ãªãã£ãæ©èœãããããã«å€ãã®äœæ¥ãè¡ã£ãç 究è ã®èšå€§ãªäœæ¥ã«æ³šç®ããããšæããŸãã ãã®è³æã®äžéšãšããŠã䜿çšããææ³ã®èª¬æãå€§å¹ ã«ç°¡ç¥åããäž»ãªã¢ã€ãã¢ãäŒããŸããã ããããç§ãã¡ã¯å®éã«ç 究è ãã詳现ãªææžãèªã¿ãå®è£ ãããæ»æã«ã€ããŠè©³çŽ°ã«è©±ããŠããŸãã ãç²ãæ§ã§ããïŒ
åé¡ã®å€§ãã
ã§ã¯ãçœå®³ã®èŠæš¡ã¯ã©ã®ãããã§ããïŒ ãŸãã¯èšãæããã°-誰ãè匱ã§ããïŒ æãäžè¬çãªã»ãã¥ãªãã£ãããã³ã«ã§ããTLS1.0ã䜿çšããã»ãšãã©ãã¹ãŠã®Webãµã€ãã é¢çœãã®ã¯ãBEASTã§ã®ãã®èªå€§åºåã®åŸãå€ãã®äººãæ°ããããŒãžã§ã³ã®ãããã³ã«ïŒTLS 1.1以éïŒã«é¢å¿ã瀺ãå§ããããšã§ãã ããããçŸåšãããã®ãããã³ã«ããµããŒãããŠãããµã€ãã¯ããã€ãããŸããïŒ ã¯ããã»ãšãã©èª°ãããŸããïŒ ã€ã©ã¹ããèŠãŠãã ããã TLS 1.1ã¯ãã§ã«5幎åã§ããããŠãããã¯ããã䜿çšããŠããŸãïŒ

å¥ã®è³ªåïŒèªåãå®ãæ¹æ³ã¯ïŒ å®éããããã¯ããŠãæå³ããããŸããããã®è匱æ§ã¯ã»ãšãã©ã®ãã©ãŠã¶ã§ãã§ã«ä¿®æ£ãããŠããŸãã ããããåŠæ³ãpre延ããŠããå Žåã¯ããã©ãŠã¶ã§å®å šã§ãªããããã³ã«ïŒTLS 1.0ããã³SSL 3.0ïŒãç¡å¹ã«ããåæã«Javaãç¡å¹ã«ããããšãã§ããŸãã ãã ãããã®å Žåãå€ãã®ãµã€ããæ©èœããªããªãããšã¯é©ãã«å€ããŸããã

ããã«ãŒãã¬ãžã³ã 11æïŒââ11ïŒ154
éåçãªå¿ ã
ããã«ãŒã賌èªãã