Alexandra Dirksen

Bachelor's Thesis by Anna Sack

Security protocols such as HTTPS and TLS, in combination with the Public Key Infrastructure (PKI), ensure the integrity, authenticity, and confidentiality of messages sent over the internet, protecting against man-in-the-middle attacks. The security industry also utilises proxies to analyse the HTTP plaintext of users for malicious code. This is done through a technique called HTTPS interception, which involves terminating the TLS session initiated by the user, issuing a new certificate for the intercepted domain, and initiating a new connection to the server with the newly issued certificate. Although HTTPS interception was originally intended for good purposes, it can also be used maliciously by powerful actors such as governments. In order to carry out large scale interceptions, the interceptors require control over the ISPs that route the traffic they want to intercept, control over a certificate authority that can issue the necessary certificates for re-encryption of terminated TLS sessions, and a browser that accepts those certificates. It is important to note that the use of trusted certificates means that no warning is shown in the browser, making the attack extremely difficult to detect.

This thesis presents a browser extension designed to detect possible HTTPS interception in users’ browsers. The extension provides a color-based detection system, as no proper distributed detection mechanism currently exists and HTTPS interceptions are difficult to identify. Once installed, the extension displays four different colors. When no information is available, the color grey is displayed. Green indicates that everything is fine, yellow indicates suspicion, and red indicates that an HTTPS interception has most likely occurred. To make this work, we receive two certificates: one from the user’s browser and one from the server that the domain is on. If these certificates differ, the color red or yellow is displayed, depending on the severity of the differences.The extension was tested on the top 200 CloudRadar domains worldwide. The results showed that 94.3% of the domains were secure, excluding the unreachable ones. Further analysis of the remaining domains revealed that the differences were mostly harmless.

Bachelor's Thesis by Linus Kämmerer

Man-in-the-middle attackers impersonate as the genuine communication partner. To protect traffic form such attacks, encryption in the form of TLS/HTTPS gained popular- ity in the last decade. However, HTTPS interceptions still allow the eavesdropping of encrypted communication. By issuing forged certificates for the requested domains on the fly, the proxy conducting the interception is able to decrypt and re-encrpyt the traffic while having access to the plaintext. HTTPS interceptions are sometimes used in coop- erate networks for Deep Packet Inspection, but are also used as attack by nation states in terms of surveillance of their population. However, previous attacks always came to light rather early, and the corresponding root Certificate Authorities (CAs) used to sign the forged certificates were banned by browser vendors.
In this bachelor thesis, we consider an attack model where an attacker in the form of a nation state controls one specific browser implementation and multiple ISPs. This allows them to conduct a large scale HTTPS interception. By introducing the concept of a conditional HTTPS interception using TLS fingerprinting, the attacker can infer the type of a client before answering its TLS handshake, allowing them to only intercept connections originating from the controlled browser implementation. Thereby, the controlled browser assists the interception by explicitly trusting the forged root CA of the proxy. In- tercepting only a part of the connections avoids that HTTPS warnings are shown to users of other, non-controlled browsers and prevents their browser vendors from hindering the attack. Additionally, recreating certificate chains and letting our proxy behave more similar to client and server makes our interception harder to detect than traditional HTTPS interceptions. Furthermore, we discuss the use case of throttling to covertly motivate users to switch from others browser to the controlled browser, increasing the amount of people that can be surveiled. To evaluate the feasibility of the attack, we explain our implementation of a conditional HTTPS interception proxy and perform various experiments showcasing eavesdropping and modifying payload as well as throttling and performance measurements. Finally, we discuss various detection mechanisms like TCP SYN tests, User-Agent/TLS fingerprint mismatch and client-side in-browser certificate verification.

Master's Thesis by Robin Heinbockel

The General Data Protection Regulation (GDPR) forms the legal basis for processing personal data of website users. There is a multitude of consent request implementations that are embedded in websites because website providers have to ask for consent before processing the user’s data since the GDPR came into effect in 2018. We present flaws in current implementations and derive goals towards user privacy and usability from the GDPR and related research.
We propose a shift of the consent implementation from the website to the browser for increased privacy control on the client’s side, called Native Cookie Consent (NCC). That means the browser is responsible for showing the consent dialog in a native window and executing the user’s preferences afterwards. NCC also includes a protocol to transmit cookie policies and the user’s preferences separate from the website content.

With our prototype implementation, we show that NCC has benefits over existing consent implementations: Authorities have to control a fraction of instances with an imple- mentation in the most popular browsers compared to the amount of website providers that currently provide the consent interface. Website providers and third parties have to disclose purposes for processing in their cookie policy and the user can choose their degree of consent per individual purpose and party. The browser blocks cookies that do not comply with the user’s consent preferences – and it blocks all cookies before the user expressed consent. Dark patterns in design and wording can be prevented with NCC through balanced design and plain language. We analyze the prototype in terms of functionality and usability and discuss extensions to further improve the implementation, including default settings to avoid the necessity to express the same preferences for each website. We conclude that NCC offers privacy and usability improvements compared to other GDPR consent request implementations.

Bachelor's Thesis by Minela Becirovic

In recent years, data privacy and the usage of privacy-conscious applications have gained significant importance. One example for this is the surge in popularity that the en- crypted messaging app “Signal” has experienced after Edward Snowden’s disclosures. With the implementation of security features like end-to-end encryption (E2EE), applications like “Signal” offer strong security guarantees for their end users. The growing demand puts other software developers under increasing pressure to also implement such security features. Due to this, applications like “Zoom” or Google’s “Messages” are also starting to offer E2EE to meet the rising demand and still be seen as “secure”.

In contrast to desktop or mobile applications, web-based applications are struggling to adopt client-side encryption due to various limitations. In order to dynamically display different data as needed, the server-side reloads the code repeatedly. Therefore, the web application is constantly changed. Encrypting the data afterwards could affect the func- tionality of the web application. In some cases, even web application vendors don’t offer client-side encryption and only store the user data on their servers in encrypted form. This can pose a risk to the user data when JavaScript comes into play.

Web technologies such as HTML and JavaScript are used within web browsers to implement the user interface. This usage enables the execution of malicious JavaScript code on the client-side where confidential data of the user resides unencrypted. Therefore a potential adversary can use this to access this data without the user’s knowledge or consent. One approach to deal with this issue is the idea of “CryptoMembranes” (CM). With the concept of CM, a new type of DOM/HTML element that enables native encryption on the client-side gets introduced. By maintaining an encrypted and decrypted representation of confidential data, the concept aims to provide strong protection against active JavaScript attacks. As a result, only the user has access to the decrypted representation of the confidential data. This new type of DOM/HTML element can be included in any web application just like the standardized DOM/HTML elements.

Master's Thesis by Julius Platon

Cloud infrastructures, platforms, and services remain popular targets for attackers. In particular, public clouds are attractive due to their highly available and distributed nature. Within modern cloud and web-based applications, the need for secure storage of credentials such as cryptographic primitives and certificates grows. The responsibility for the protection and storage of such credentials implies a high complexity burden on the development process and an inherent fault-proneness. Recent cloud and development trends revolve around key management services (KMS), which are able to store credentials and provide high-level interfaces for clients. A primary target group of KMS is software developers, in order to relieve them from the large security burden of key storage and management.

KMS commonly utilize sophisticated hardware components, such as hardware security modules (HSM), in order to protect credentials such as cryptographic key material. The responsibility to protect credentials and remain available within heterogeneous cloud environments shifts the complexity burden from developers to cloud and KMS providers. The sensitive nature of KMS makes them highly attractive targets for attackers. Therefore, this thesis presents a threat model and a subsequent case study of four selected KMS solutions, namely Google KMS, AWS KMS, Azure Key Vault, and HashiCorp Vault. Within the threat model, occurring attacker types are presented and analyzed. As preliminaries of the threat model, the infrastructure, actors, and assets related to KMS are described. The threat model is complemented by the implementation of a prototype application for each KMS, in order to analyze insides such as security protocol details. After threat modeling, implementation, and elaboration of mitigations, an overview of results and a comparison of the selected KMS solutions follows. During the conclusion section, the contribution and future work are covered. Eventually, the output and key takeaways of the research are described.