Cargo Cult Security
- OpenWest
https://github.com/disaacson/cargo-cult-security
by Derrick Isaacson
http://en.wikipedia.org/wiki/Cargo_cult
Richard Feynman
Cargo Cult Programming
Ritualistic inclusion of code or patterns that are
unnecessary for the task at hand.
• Design patte...
The Big Picture
Crypto Primitives & Goals
Hash MAC
HMAC
Symmetric
Key Crypto
Asymmetric
Key Crypto
Digital
Signature
Digital
Certificates
...
Classic Encryption
Hash MAC
HMAC
Symmetric
Key Crypto
Asymmetric
Key Crypto
Digital
Signature
Digital
Certificates
Data In...
PlaintextCiphertext Cipher
Symmetric Key
Cryptography
(Private-key Cryptography)
• Blowfish
• Twofish
• Serpent
• AES (Rijndael)
• CAST5
• RC4
• 3DES...
Blowfish Example
$plaintext = ‘Keep it secret. Keep it safe.';
$ciphertext = mcrypt_encrypt(MCRYPT_BLOWFISH, ‘0123456789',...
Anti-pattern: Authentication
$plainTextId = '100000';
echo '<h4>"Secure" URL for image ' . $plainTextId . '.</h4>';
$crypt...
private_image.php?secure_id=573146feb41e
$cryptTextId = $_GET["secure_id"];
$plainTextId = rtrim(mcrypt_decrypt(MCRYPT_BLO...
private_image.php?secure_id=573146feb41e
private_image.php?secure_id=573146feb41f
$cryptTextId = $_GET["secure_id"];
$plai...
Crypto Primitives & Goals
Hash MAC
HMAC
Symmetric
Key Crypto
Asymmetric
Key Crypto
Digital
Signature
Digital
Certificates
...
Message Authentication Codes
HMAC(key, message)
HMAC: RFC 2104
• HMAC-MD5
• HMAC-SHA1
• HMAC-SHA256
Message MAC
HMAC
$plainTextId = '100000';
$hmac = hash_hmac("sha256", $key, $plainTextId);
$secretImageUrl = "…?id=". $plainTextId . "...
Crypto Primitives & Goals
Hash MAC
HMAC
Symmetric
Key Crypto
Asymmetric
Key Crypto
Digital
Signature
Digital
Certificates
...
Anti-pattern: Authentication 2
$plainTextUserId = ‘834';
echo '<h4>"Secure" URL for image ' . $plainTextUserId .
'.</h4>';...
HMAC for authentication
$authInfo = ‘uid=‘ . $userId ‘&ts=‘ . time();
// uid=123&ts=12345
$hmac = hash_hmac("sha256", $key...
Crypto Primitives & Goals
Hash MAC
HMAC
Symmetric
Key Crypto
Asymmetric
Key Crypto
Digital
Signature
Digital
Certificates
...
Anti-pattern: Integrity
$aes = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');
…
return mcrypt_generic($...
Crypto Primitives & Goals
Hash MAC
HMAC
Symmetric
Key Crypto
Asymmetric
Key Crypto
Digital
Signature
Digital
Certificates
...
Encryption Parameters
Creates cipher text
Cipher (AES, Blowfish, …)
Secret key
Data to encrypt
CBC, ECB, OFB, …
Initializa...
Anti-pattern: Encryption Modes
$plainImageData = file_get_contents($file);
$cryptText = mcrypt_encrypt(MCRYPT_BLOWFISH, $k...
Cipher-block Chaining Mode
$plainImageData = file_get_contents($file);
$cryptText = mcrypt_encrypt(MCRYPT_BLOWFISH, $key,
...
Encryption Parameters
Creates cipher text
Cipher (AES, Blowfish, …)
Secret key
Data to encrypt
CBC, ECB, OFB, …
Initializa...
May 20th 1942
Message intercepted
Island “AF”
June 3rd 1942
Battle of Midway
Anti-pattern: Initialization Vector
$plainText = “Hold";
$cryptText = mcrypt_encrypt(MCRYPT_BLOWFISH, $key,
$plainText, MC...
Modes and IVs
• Cipher-block chaining prevents patterns within messages
• Correct IV prevents patterns across messages
Generating Keys & Initialization Vectors
$key = “koicy37m8ao2nl07";
$iv = rand();
$cypherText = mcrypt_encrypt(MCRYPT_RIJN...
Anti-pattern: Random Values
<form action="">
<label>Donation amount</label>
<input type="text" value="10.00">
<?php
$csrfT...
Finding Linear Congruential Seed
Random random = new Random();
long v1 = random.nextInt();
long v2 = random.nextInt();
for...
Anti-pattern: Psuedo-random
Session IDs
<?php
$uid = "12345678";
$sessionId = md5($uid . rand() . microtime());
setCookie(...
HMACs and Secure Random
<form action="">
<label>Donation amount</label>
<input type="text" value="10.00">
<?php
$csrfToken...
No Cargo Cult Security!
1. Identify true security goal.
2. Find correct crypto primitive.
3. Spend some time to learn abou...
Crypto Primitives & Goals
Hash MAC
HMAC
Symmetric
Key Crypto
Asymmetric
Key Crypto
Digital
Signature
Digital
Certificates
...
Crypto Primitives & Goals
Hash MAC
HMAC
Symmetric
Key Crypto
Asymmetric
Key Crypto
Digital
Signature
Digital
Certificates
...
Questions?
derrick@lucidchart.com
https://github.com/disaacson/cargo-cult-security
References
1. http://en.wikipedia.org/wiki/Cargo_cult
2. http://neurotheory.columbia.edu/~ken/cargo_cult.html
3. http://en...
Cargo Cult Security at OpenWest
Upcoming SlideShare
Loading in...5
×

Cargo Cult Security at OpenWest

1,351

Published on

See common anti-patterns for securing web applications and how to correct them. Learn how to differentiate between authentication, authorization, secrecy, integrity, non-repudiation, and other security goals.

Examples include how:
* a theoretical "secret" banking request is corrupted to pad an attacker's bank account,
* an insecure "session" authentication token is attacked, and
* a "random" XSRF value gives a false sense of security.

Correct principles and patterns are analyzed and compared with common incorrect ones.

Presented at OpenWest 2014

Published in: Technology, Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,351
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
3
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Cargo Cult Security at OpenWest

  1. 1. Cargo Cult Security - OpenWest https://github.com/disaacson/cargo-cult-security by Derrick Isaacson
  2. 2. http://en.wikipedia.org/wiki/Cargo_cult
  3. 3. Richard Feynman
  4. 4. Cargo Cult Programming Ritualistic inclusion of code or patterns that are unnecessary for the task at hand. • Design patterns • Factory • Wrapper • Dependency injection • Cryptography • Encryption • Hashing
  5. 5. The Big Picture
  6. 6. Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
  7. 7. Classic Encryption Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
  8. 8. PlaintextCiphertext Cipher
  9. 9. Symmetric Key Cryptography (Private-key Cryptography) • Blowfish • Twofish • Serpent • AES (Rijndael) • CAST5 • RC4 • 3DES • IDEA HTTPS (TLS) SSH (SSL) LUKS Disk Encryption KeePass
  10. 10. Blowfish Example $plaintext = ‘Keep it secret. Keep it safe.'; $ciphertext = mcrypt_encrypt(MCRYPT_BLOWFISH, ‘0123456789', $plaintext, MCRYPT_MODE_CBC, ‘87acec17cd9dcd20'); $crypttextHex = bin2hex($ciphertext); echo $crypttextHex; a8 c5 22 a1 c5 19 97 70 95 a9 12 af 1a 1f 83 4e 0e d7 20 9e ea ab ba 7f 6c d5 d7 de a0 24 1a 5b
  11. 11. Anti-pattern: Authentication $plainTextId = '100000'; echo '<h4>"Secure" URL for image ' . $plainTextId . '.</h4>'; $cryptTextId = bin2hex(mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $plainTextId, MCRYPT_MODE_OFB, $initializationVector)); $secretImageUrl = "…?secure_id=". $cryptTextId; echo '<a href="'. $secretImageUrl .'">'.$secretImageUrl.'</a>'; private_image.php?secure_id=573146feb41e
  12. 12. private_image.php?secure_id=573146feb41e $cryptTextId = $_GET["secure_id"]; $plainTextId = rtrim(mcrypt_decrypt(MCRYPT_BLOWFISH, $key, hex2bin($cryptTextId), MCRYPT_MODE_OFB, $initializationVector)); $imageData = file_get_contents("img/“ . $plainTextId); echo '<img src="data:image/png;base64,‘ . base64_encode($imageData).'">‘; 573146feb41e 100000 Team Photo
  13. 13. private_image.php?secure_id=573146feb41e private_image.php?secure_id=573146feb41f $cryptTextId = $_GET["secure_id"]; $plainTextId = rtrim(mcrypt_decrypt(MCRYPT_BLOWFISH, $key, hex2bin($cryptTextId), MCRYPT_MODE_OFB, $initializationVector)); $imageData = file_get_contents("img/“ . $plainTextId); echo '<img src="data:image/png;base64,‘ . base64_encode($imageData).'">‘; 573146feb41f 100001 Attack Plan
  14. 14. Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
  15. 15. Message Authentication Codes HMAC(key, message) HMAC: RFC 2104 • HMAC-MD5 • HMAC-SHA1 • HMAC-SHA256 Message MAC
  16. 16. HMAC $plainTextId = '100000'; $hmac = hash_hmac("sha256", $key, $plainTextId); $secretImageUrl = "…?id=". $plainTextId . "&hmac=" . $hmac; echo '<a href="'. $secretImageUrl .'">' . $secretImageUrl . '</a>'; $plainTextId = $_GET["id"]; $signature = $_GET["hmac"]; $hmac = hash_hmac("sha256", $key, $plainTextId); if ($hmac == $signature) { $imageData = file_get_contents("img/" . $plainTextId . ".jpg"); echo '<img src="data:image/png;base64,'. base64_encode($imageData) .'">'; } else { echo '<h4 class="error">Permission Denied!</h4>'; } Permission Denied! /cargo-cult-security/private_image_2php?id=100000&hmac=9d892a6925a0a3eb36a3fcff47d12f0c03c2f7c8c1 /cargo-cult-security/private_image_2php?id=100001&hmac=9d892a6925a0a3eb36a3fcff47d12f0c03c2f7c8c1
  17. 17. Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
  18. 18. Anti-pattern: Authentication 2 $plainTextUserId = ‘834'; echo '<h4>"Secure" URL for image ' . $plainTextUserId . '.</h4>'; $cryptTextId = bin2hex(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $plainTextId, MCRYPT_MODE_OFB, $initializationVector)); $secretImageUrl = "…?secure_id=". $cryptTextId; echo '<a href="'. $secretImageUrl .'">'.$secretImageUrl.'</a>'; private_image.php?secure_id=f3d90e http://aes.online-domain-tools.com/ 224 search space with a valid URL density of 1 16,777
  19. 19. HMAC for authentication $authInfo = ‘uid=‘ . $userId ‘&ts=‘ . time(); // uid=123&ts=12345 $hmac = hash_hmac("sha256", $key, $authInfo); $authToken = $authInfo . ‘&hmac=‘ . $hmac; // uid=123&ts=12345&hmac=9a0b1c // send token to user (e.g. set as a cookie) $token = // read token (from cookie, Authorization header, …) $message = // regenerate base message (uid=123&ts=12345) $signature = $token["hmac"]; $validationHmac = hash_hmac("sha256", $key, $message); if ($validationHmac == $signature) { // let request through if timestamp is also recent enough else { // send back a 403 Forbidden } Login Protected service
  20. 20. Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
  21. 21. Anti-pattern: Integrity $aes = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, ''); … return mcrypt_generic($aes, $data); $cipher [45] = chr(ord($cipher [45]) ^ ord(".") ^ ord ("0")); $aes = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, ''); … return mdecrypt_generic($aes, $data);
  22. 22. Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
  23. 23. Encryption Parameters Creates cipher text Cipher (AES, Blowfish, …) Secret key Data to encrypt CBC, ECB, OFB, … Initialization Vector mcrypt_encrypt( MCRYPT_BLOWFISH, $key, $plainText, MCRYPT_MODE_CBC, $iv);
  24. 24. Anti-pattern: Encryption Modes $plainImageData = file_get_contents($file); $cryptText = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $plainImageData, MCRYPT_MODE_ECB, $initializationVector); file_put_contents($file . ".encrypted.data", $cryptText);
  25. 25. Cipher-block Chaining Mode $plainImageData = file_get_contents($file); $cryptText = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $plainImageData, MCRYPT_MODE_CBC, $initializationVector); file_put_contents($file . ".encrypted.data", $cryptText);
  26. 26. Encryption Parameters Creates cipher text Cipher (AES, Blowfish, …) Secret key Data to encrypt CBC, ECB, OFB, … Initialization Vector mcrypt_encrypt( MCRYPT_BLOWFISH, $key, $plainText, MCRYPT_MODE_CBC, $iv);
  27. 27. May 20th 1942 Message intercepted Island “AF” June 3rd 1942 Battle of Midway
  28. 28. Anti-pattern: Initialization Vector $plainText = “Hold"; $cryptText = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $plainText, MCRYPT_MODE_CBC, md5($key)); • Monday: “a8b8f95c4684b3f3” • Tuesday: “a8b8f95c4684b3f3” • Wednesday: “a8b8f95c4684b3f3” • Thursday: “a8b8f95c4684b3f3” • Friday: “10f32c937a1284db”
  29. 29. Modes and IVs • Cipher-block chaining prevents patterns within messages • Correct IV prevents patterns across messages
  30. 30. Generating Keys & Initialization Vectors $key = “koicy37m8ao2nl07"; $iv = rand(); $cypherText = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $plainText, MCRYPT_MODE_CBC, $iv); • How many bits of key entropy can be contained in 16 alphanumeric characters? • 96 bits! • ~0.00000002% of possible search space • What initialization vector is really used here? • “0000000000000000”! • PHP Warning: mcrypt_decrypt(): The IV parameter must be as long as the blocksize in /home/derrick/…/CBC.php on line 27 • Use • $size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC); • mcrypt_create_iv($size);
  31. 31. Anti-pattern: Random Values <form action=""> <label>Donation amount</label> <input type="text" value="10.00"> <?php $csrfToken = rand(); setCookie("csrfToken", $csrfToken); echo "<input type="hidden" value="$csrfToken">“; ?> <input type="submit" value="Submit"> </form>
  32. 32. Finding Linear Congruential Seed Random random = new Random(); long v1 = random.nextInt(); long v2 = random.nextInt(); for (int i = 0; i < 65536; i++) { long seed = v1 * 65536 + i; if (((seed * multiplier + addend) & mask) >>> 16) == v2) { System.out.println("Seed found: " + seed); break; } }
  33. 33. Anti-pattern: Psuedo-random Session IDs <?php $uid = "12345678"; $sessionId = md5($uid . rand() . microtime()); setCookie(“session_id", $sessionId); ?> Really only ~20 bits of entropy. A modern GPU can calculate that in a second!9,12
  34. 34. HMACs and Secure Random <form action=""> <label>Donation amount</label> <input type="text" value="10.00"> <?php $csrfToken = openssl_random_pseudo_bytes(32); setCookie("csrfToken", bin2hex($csrfToken)); echo "<input type="hidden" value="$csrfToken">“; ?> <input type="submit" value="Submit"> </form> Do not use sessions! Use HMACs! Seriously.
  35. 35. No Cargo Cult Security! 1. Identify true security goal. 2. Find correct crypto primitive. 3. Spend some time to learn about it. 4. Write as little of your own crypto code as possible.
  36. 36. Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
  37. 37. Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
  38. 38. Questions? derrick@lucidchart.com https://github.com/disaacson/cargo-cult-security
  39. 39. References 1. http://en.wikipedia.org/wiki/Cargo_cult 2. http://neurotheory.columbia.edu/~ken/cargo_cult.html 3. http://en.wikipedia.org/wiki/Post_hoc_ergo_propter_hoc 4. http://en.wikipedia.org/wiki/Cargo_cult_programming 5. https://oracleus.activeevents.com/2013/connect/sessionDetail.ww?SESSION_ID=6325 6. http://www.scs.stanford.edu/10au-cs144/notes/ 7. http://resources.infosecinstitute.com/cbc-byte-flipping-attack-101-approach/ 8. http://security.stackexchange.com/questions/18033/how-insecure-are-phps-rand-functions 9. http://crypto.di.uoa.gr/CRYPTO.SEC/Randomness_Attacks_files/paper.pdf 10. http://security.stackexchange.com/questions/17988/how-insecure-are-non-cryptographic-random-number-generators 11. http://jazzy.id.au/default/2010/09/20/cracking_random_number_generators_part_1.html 12. http://thepasswordproject.com/oclhashcat_benchmarking 13. http://www.php.net/manual/en/function.openssl-random-pseudo-bytes.php 14. http://blowfish.online-domain-tools.com/ 15. https://github.com/disaacson/cargo-cult-security 16. http://tools.ietf.org/html/rfc2104
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×