Derrick Isaacson, profile picture
Uploaded byDerrick Isaacson
PPTX, PDF2,491 views

Cargo Cult Security at OpenWest

The document discusses the concept of 'cargo cult security' in programming, emphasizing the importance of understanding true security goals and selecting appropriate cryptographic primitives rather than blindly following security patterns. It includes various examples of cryptographic implementations and highlights common anti-patterns, such as poor random value generation and insecure session management. The document concludes with a call to action for developers to enhance their knowledge of security practices and avoid superficial implementations.

TechnologyEducation
Related topics:
web-applications

Embed presentation

Download to read offline
Cargo Cult Security - OpenWest https://github.com/disaacson/cargo-cult-security by Derrick Isaacson
http://en.wikipedia.org/wiki/Cargo_cult
Richard Feynman
Cargo Cult Programming Ritualistic inclusion of code or patterns that are unnecessary for the task at hand. • Design patterns • Factory • Wrapper • Dependency injection • Cryptography • Encryption • Hashing
The Big Picture
Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
Classic Encryption Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
PlaintextCiphertext Cipher
Symmetric Key Cryptography (Private-key Cryptography) • Blowfish • Twofish • Serpent • AES (Rijndael) • CAST5 • RC4 • 3DES • IDEA HTTPS (TLS) SSH (SSL) LUKS Disk Encryption KeePass
Blowfish Example $plaintext = ‘Keep it secret. Keep it safe.'; $ciphertext = mcrypt_encrypt(MCRYPT_BLOWFISH, ‘0123456789', $plaintext, MCRYPT_MODE_CBC, ‘87acec17cd9dcd20'); $crypttextHex = bin2hex($ciphertext); echo $crypttextHex; a8 c5 22 a1 c5 19 97 70 95 a9 12 af 1a 1f 83 4e 0e d7 20 9e ea ab ba 7f 6c d5 d7 de a0 24 1a 5b
Anti-pattern: Authentication $plainTextId = '100000'; echo '<h4>"Secure" URL for image ' . $plainTextId . '.</h4>'; $cryptTextId = bin2hex(mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $plainTextId, MCRYPT_MODE_OFB, $initializationVector)); $secretImageUrl = "…?secure_id=". $cryptTextId; echo '<a href="'. $secretImageUrl .'">'.$secretImageUrl.'</a>'; private_image.php?secure_id=573146feb41e
private_image.php?secure_id=573146feb41e $cryptTextId = $_GET["secure_id"]; $plainTextId = rtrim(mcrypt_decrypt(MCRYPT_BLOWFISH, $key, hex2bin($cryptTextId), MCRYPT_MODE_OFB, $initializationVector)); $imageData = file_get_contents("img/“ . $plainTextId); echo '<img src="data:image/png;base64,‘ . base64_encode($imageData).'">‘; 573146feb41e 100000 Team Photo
private_image.php?secure_id=573146feb41e private_image.php?secure_id=573146feb41f $cryptTextId = $_GET["secure_id"]; $plainTextId = rtrim(mcrypt_decrypt(MCRYPT_BLOWFISH, $key, hex2bin($cryptTextId), MCRYPT_MODE_OFB, $initializationVector)); $imageData = file_get_contents("img/“ . $plainTextId); echo '<img src="data:image/png;base64,‘ . base64_encode($imageData).'">‘; 573146feb41f 100001 Attack Plan
Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
Message Authentication Codes HMAC(key, message) HMAC: RFC 2104 • HMAC-MD5 • HMAC-SHA1 • HMAC-SHA256 Message MAC
HMAC $plainTextId = '100000'; $hmac = hash_hmac("sha256", $key, $plainTextId); $secretImageUrl = "…?id=". $plainTextId . "&hmac=" . $hmac; echo '<a href="'. $secretImageUrl .'">' . $secretImageUrl . '</a>'; $plainTextId = $_GET["id"]; $signature = $_GET["hmac"]; $hmac = hash_hmac("sha256", $key, $plainTextId); if ($hmac == $signature) { $imageData = file_get_contents("img/" . $plainTextId . ".jpg"); echo '<img src="data:image/png;base64,'. base64_encode($imageData) .'">'; } else { echo '<h4 class="error">Permission Denied!</h4>'; } Permission Denied! /cargo-cult-security/private_image_2php?id=100000&hmac=9d892a6925a0a3eb36a3fcff47d12f0c03c2f7c8c1 /cargo-cult-security/private_image_2php?id=100001&hmac=9d892a6925a0a3eb36a3fcff47d12f0c03c2f7c8c1
Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
Anti-pattern: Authentication 2 $plainTextUserId = ‘834'; echo '<h4>"Secure" URL for image ' . $plainTextUserId . '.</h4>'; $cryptTextId = bin2hex(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $plainTextId, MCRYPT_MODE_OFB, $initializationVector)); $secretImageUrl = "…?secure_id=". $cryptTextId; echo '<a href="'. $secretImageUrl .'">'.$secretImageUrl.'</a>'; private_image.php?secure_id=f3d90e http://aes.online-domain-tools.com/ 224 search space with a valid URL density of 1 16,777
HMAC for authentication $authInfo = ‘uid=‘ . $userId ‘&ts=‘ . time(); // uid=123&ts=12345 $hmac = hash_hmac("sha256", $key, $authInfo); $authToken = $authInfo . ‘&hmac=‘ . $hmac; // uid=123&ts=12345&hmac=9a0b1c // send token to user (e.g. set as a cookie) $token = // read token (from cookie, Authorization header, …) $message = // regenerate base message (uid=123&ts=12345) $signature = $token["hmac"]; $validationHmac = hash_hmac("sha256", $key, $message); if ($validationHmac == $signature) { // let request through if timestamp is also recent enough else { // send back a 403 Forbidden } Login Protected service
Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
Anti-pattern: Integrity $aes = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, ''); … return mcrypt_generic($aes, $data); $cipher [45] = chr(ord($cipher [45]) ^ ord(".") ^ ord ("0")); $aes = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, ''); … return mdecrypt_generic($aes, $data);
Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
Encryption Parameters Creates cipher text Cipher (AES, Blowfish, …) Secret key Data to encrypt CBC, ECB, OFB, … Initialization Vector mcrypt_encrypt( MCRYPT_BLOWFISH, $key, $plainText, MCRYPT_MODE_CBC, $iv);
Anti-pattern: Encryption Modes $plainImageData = file_get_contents($file); $cryptText = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $plainImageData, MCRYPT_MODE_ECB, $initializationVector); file_put_contents($file . ".encrypted.data", $cryptText);
Cipher-block Chaining Mode $plainImageData = file_get_contents($file); $cryptText = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $plainImageData, MCRYPT_MODE_CBC, $initializationVector); file_put_contents($file . ".encrypted.data", $cryptText);
Encryption Parameters Creates cipher text Cipher (AES, Blowfish, …) Secret key Data to encrypt CBC, ECB, OFB, … Initialization Vector mcrypt_encrypt( MCRYPT_BLOWFISH, $key, $plainText, MCRYPT_MODE_CBC, $iv);
May 20th 1942 Message intercepted Island “AF” June 3rd 1942 Battle of Midway
Anti-pattern: Initialization Vector $plainText = “Hold"; $cryptText = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $plainText, MCRYPT_MODE_CBC, md5($key)); • Monday: “a8b8f95c4684b3f3” • Tuesday: “a8b8f95c4684b3f3” • Wednesday: “a8b8f95c4684b3f3” • Thursday: “a8b8f95c4684b3f3” • Friday: “10f32c937a1284db”
Modes and IVs • Cipher-block chaining prevents patterns within messages • Correct IV prevents patterns across messages
Generating Keys & Initialization Vectors $key = “koicy37m8ao2nl07"; $iv = rand(); $cypherText = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $plainText, MCRYPT_MODE_CBC, $iv); • How many bits of key entropy can be contained in 16 alphanumeric characters? • 96 bits! • ~0.00000002% of possible search space • What initialization vector is really used here? • “0000000000000000”! • PHP Warning: mcrypt_decrypt(): The IV parameter must be as long as the blocksize in /home/derrick/…/CBC.php on line 27 • Use • $size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC); • mcrypt_create_iv($size);
Anti-pattern: Random Values <form action=""> <label>Donation amount</label> <input type="text" value="10.00"> <?php $csrfToken = rand(); setCookie("csrfToken", $csrfToken); echo "<input type="hidden" value="$csrfToken">“; ?> <input type="submit" value="Submit"> </form>
Finding Linear Congruential Seed Random random = new Random(); long v1 = random.nextInt(); long v2 = random.nextInt(); for (int i = 0; i < 65536; i++) { long seed = v1 * 65536 + i; if (((seed * multiplier + addend) & mask) >>> 16) == v2) { System.out.println("Seed found: " + seed); break; } }
Anti-pattern: Psuedo-random Session IDs <?php $uid = "12345678"; $sessionId = md5($uid . rand() . microtime()); setCookie(“session_id", $sessionId); ?> Really only ~20 bits of entropy. A modern GPU can calculate that in a second!9,12
HMACs and Secure Random <form action=""> <label>Donation amount</label> <input type="text" value="10.00"> <?php $csrfToken = openssl_random_pseudo_bytes(32); setCookie("csrfToken", bin2hex($csrfToken)); echo "<input type="hidden" value="$csrfToken">“; ?> <input type="submit" value="Submit"> </form> Do not use sessions! Use HMACs! Seriously.
No Cargo Cult Security! 1. Identify true security goal. 2. Find correct crypto primitive. 3. Spend some time to learn about it. 4. Write as little of your own crypto code as possible.
Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
Questions? derrick@lucidchart.com https://github.com/disaacson/cargo-cult-security
References 1. http://en.wikipedia.org/wiki/Cargo_cult 2. http://neurotheory.columbia.edu/~ken/cargo_cult.html 3. http://en.wikipedia.org/wiki/Post_hoc_ergo_propter_hoc 4. http://en.wikipedia.org/wiki/Cargo_cult_programming 5. https://oracleus.activeevents.com/2013/connect/sessionDetail.ww?SESSION_ID=6325 6. http://www.scs.stanford.edu/10au-cs144/notes/ 7. http://resources.infosecinstitute.com/cbc-byte-flipping-attack-101-approach/ 8. http://security.stackexchange.com/questions/18033/how-insecure-are-phps-rand-functions 9. http://crypto.di.uoa.gr/CRYPTO.SEC/Randomness_Attacks_files/paper.pdf 10. http://security.stackexchange.com/questions/17988/how-insecure-are-non-cryptographic-random-number-generators 11. http://jazzy.id.au/default/2010/09/20/cracking_random_number_generators_part_1.html 12. http://thepasswordproject.com/oclhashcat_benchmarking 13. http://www.php.net/manual/en/function.openssl-random-pseudo-bytes.php 14. http://blowfish.online-domain-tools.com/ 15. https://github.com/disaacson/cargo-cult-security 16. http://tools.ietf.org/html/rfc2104

More Related Content

PPTX
Cryptography 101 for Java developers
byMichel Schudel
 
PPTX
Cargo Cult Security 2014_01_18
byDerrick Isaacson
 
PPTX
Cargo Cult Security UJUG Sep2015
byDerrick Isaacson
 
PPTX
Cryptography 101 for_java_developers, Fall 2019
byMichel Schudel
 
PPTX
Cryptography 101 for Java Developers - Devoxx 2019
byMichel Schudel
 
PDF
Cryptography For The Average Developer
byAnthony Ferrara
 
PPTX
Cryptography 101 for Java Developers - JavaZone2019
byMichel Schudel
 
PDF
Dodging WebCrypto API Landmines
byErnie Turner
 
Cryptography 101 for Java developers
byMichel Schudel
 
Cargo Cult Security 2014_01_18
byDerrick Isaacson
 
Cargo Cult Security UJUG Sep2015
byDerrick Isaacson
 
Cryptography 101 for_java_developers, Fall 2019
byMichel Schudel
 
Cryptography 101 for Java Developers - Devoxx 2019
byMichel Schudel
 
Cryptography For The Average Developer
byAnthony Ferrara
 
Cryptography 101 for Java Developers - JavaZone2019
byMichel Schudel
 
Dodging WebCrypto API Landmines
byErnie Turner
 

What's hot

PDF
How does cryptography work? by Jeroen Ooms
byAjay Ohri
 
PDF
Python Cryptography & Security
byJose Manuel Ortega Candel
 
PDF
Obfuscation-Resilient Privacy Leak Detection for Mobile Apps
byNECST Lab @ Politecnico di Milano
 
PPTX
Crypto failures every developer should avoid
byFilip Šebesta
 
PPT
9 password security
bydrewz lin
 
PDF
Hta t07-did-you-read-the-news-http-request-hijacking
byКомсс Файквэе
 
PPTX
Cryptography for Absolute Beginners (May 2019)
bySvetlin Nakov
 
PPTX
Cryptography for the mere mortals
byM A Hossain Tonu
 
PPTX
XSS: From alert(1) to crypto mining malware
byOmer Meshar
 
PPTX
Django cryptography
byErik LaBianca
 
PPTX
Secure Coding for NodeJS
byThang Chung
 
PDF
iCloud keychain
byAlexey Troshichev
 
PPTX
Web application Security
byLee C
 
PDF
Application Security around OWASP Top 10
bySastry Tumuluri
 
PDF
Preventing Data Breaches: How to Tighten Your Security Stance
bySara Goodison
 
PDF
Onward15
bysarah_nadi
 
PPTX
동시성과 병렬성
byChanhyeong LEE
 
KEY
Mongo scaling
bySimon Maynard
 
PDF
Dip Your Toes in the Sea of Security (IPC Fall 2017)
byJames Titcumb
 
PDF
SSL/TLS for Mortals (JavaZone)
byMaarten Mulders
 
How does cryptography work? by Jeroen Ooms
byAjay Ohri
 
Python Cryptography & Security
byJose Manuel Ortega Candel
 
Obfuscation-Resilient Privacy Leak Detection for Mobile Apps
byNECST Lab @ Politecnico di Milano
 
Crypto failures every developer should avoid
byFilip Šebesta
 
9 password security
bydrewz lin
 
Hta t07-did-you-read-the-news-http-request-hijacking
byКомсс Файквэе
 
Cryptography for Absolute Beginners (May 2019)
bySvetlin Nakov
 
Cryptography for the mere mortals
byM A Hossain Tonu
 
XSS: From alert(1) to crypto mining malware
byOmer Meshar
 
Django cryptography
byErik LaBianca
 
Secure Coding for NodeJS
byThang Chung
 
iCloud keychain
byAlexey Troshichev
 
Web application Security
byLee C
 
Application Security around OWASP Top 10
bySastry Tumuluri
 
Preventing Data Breaches: How to Tighten Your Security Stance
bySara Goodison
 
Onward15
bysarah_nadi
 
동시성과 병렬성
byChanhyeong LEE
 
Mongo scaling
bySimon Maynard
 
Dip Your Toes in the Sea of Security (IPC Fall 2017)
byJames Titcumb
 
SSL/TLS for Mortals (JavaZone)
byMaarten Mulders
 

Similar to Cargo Cult Security at OpenWest

PDF
Strong cryptography in PHP
byEnrico Zimuel
 
PDF
BH_US_12_Argyros_PRNG_Slides_text Presentatiion
byrollingacres
 
PDF
Cryptography For The Average Developer - Sunshine PHP
byAnthony Ferrara
 
PDF
Cryptography in PHP: use cases
byEnrico Zimuel
 
PDF
When Crypto Attacks! (Yahoo 2009)
byNate Lawson
 
PDF
Dip Your Toes in the Sea of Security (PHP UK 2016)
byJames Titcumb
 
PDF
Cryptography
byYnon Perek
 
PDF
Crypto Strikes Back! (Google 2009)
byNate Lawson
 
PDF
Exploiting Cryptographic Misuse - An Example
byDharmalingam Ganesan
 
PDF
Intro to Cryptography
byMichael Soltys
 
PDF
Dip Your Toes in the Sea of Security (phpDay 2016)
byJames Titcumb
 
PDF
Cryptography with Zend Framework
byEnrico Zimuel
 
PDF
Cryptography in PHP: Some Use Cases
byZend by Rogue Wave Software
 
PDF
TLS Optimization
byNate Lawson
 
PDF
Tlsoptimizationprint 120224194603-phpapp02
byfangjiafu
 
PPTX
Image Security System using Image Processing
bySruthiReddy112
 
PDF
Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)
byJames Titcumb
 
PDF
Cool crypto concepts JavaZone
byRoy Wasse
 
PPT
Eight simple rules to writing secure PHP programs
byAleksandr Yampolskiy
 
PPTX
Blockchain Fundamentals
byBruno Lowagie
 
Strong cryptography in PHP
byEnrico Zimuel
 
BH_US_12_Argyros_PRNG_Slides_text Presentatiion
byrollingacres
 
Cryptography For The Average Developer - Sunshine PHP
byAnthony Ferrara
 
Cryptography in PHP: use cases
byEnrico Zimuel
 
When Crypto Attacks! (Yahoo 2009)
byNate Lawson
 
Dip Your Toes in the Sea of Security (PHP UK 2016)
byJames Titcumb
 
Cryptography
byYnon Perek
 
Crypto Strikes Back! (Google 2009)
byNate Lawson
 
Exploiting Cryptographic Misuse - An Example
byDharmalingam Ganesan
 
Intro to Cryptography
byMichael Soltys
 
Dip Your Toes in the Sea of Security (phpDay 2016)
byJames Titcumb
 
Cryptography with Zend Framework
byEnrico Zimuel
 
Cryptography in PHP: Some Use Cases
byZend by Rogue Wave Software
 
TLS Optimization
byNate Lawson
 
Tlsoptimizationprint 120224194603-phpapp02
byfangjiafu
 
Image Security System using Image Processing
bySruthiReddy112
 
Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)
byJames Titcumb
 
Cool crypto concepts JavaZone
byRoy Wasse
 
Eight simple rules to writing secure PHP programs
byAleksandr Yampolskiy
 
Blockchain Fundamentals
byBruno Lowagie
 

More from Derrick Isaacson

PPTX
UJUG Craftsmanship Roundup April 2017
byDerrick Isaacson
 
PPTX
Prisoner's Dilemma and Service-oriented Architectures
byDerrick Isaacson
 
PPTX
Rest in a Nutshell 2014_05_27
byDerrick Isaacson
 
PPTX
Effective SOA
byDerrick Isaacson
 
PPTX
UJUG 2013 Architecture Roundup with Lucid Software
byDerrick Isaacson
 
PPTX
Scaling Web Services with Evolvable RESTful APIs - JavaOne 2013
byDerrick Isaacson
 
UJUG Craftsmanship Roundup April 2017
byDerrick Isaacson
 
Prisoner's Dilemma and Service-oriented Architectures
byDerrick Isaacson
 
Rest in a Nutshell 2014_05_27
byDerrick Isaacson
 
Effective SOA
byDerrick Isaacson
 
UJUG 2013 Architecture Roundup with Lucid Software
byDerrick Isaacson
 
Scaling Web Services with Evolvable RESTful APIs - JavaOne 2013
byDerrick Isaacson
 

Recently uploaded

PDF
Generating Structured Outputs from Unstructured Content Using LLMs
byEnterprise Knowledge
 
PDF
Louisville User Group: Transforming Technical Debt into Technical Wealth
byLynda Kane
 
PPTX
IBM_NEXA_DAC2021 NEXA, a cloud-native platform for collaborative hardware log...
byArun Joseph
 
PDF
Master the FME Connector for ArcGIS: Streamlined Data Management & Robust Met...
bySafe Software
 
PDF
DataLiva-LivaGRC- Business Software for Governance, Risk, and Compliance
byMustafa Kuğu
 
PDF
Best Bank Statement Converter Software - A Documentation-Based Meta-Analysis ...
bylewisconrada
 
PDF
SEO in Charleston SC | Local SEO Strategies to Grow Your Business.pdf
bycustomdigitalsolutio1
 
PPTX
DVCON24-IBM ai/ml driven hardware verification
byArun Joseph
 
PPTX
Lecture 04. about Black heads and Hackerss.pptx
byvinocol222
 
PDF
Governing Agentic Enterprise - From Shadow AI to Autonomous Security.pdf
bysajjasridhar1990
 
PPTX
UNIT 1- Introduction to Basic of Computer Fundamentals
bypawarbhaktiit
 
PDF
Building Software in the AI Era: Spec-Driven Development with Kiro IDE
byHaim Michael
 
PDF
Purple Team - Active Directory and AzureAD v1
byVICTOR MAESTRE RAMIREZ
 
PPTX
KTU-PEMET413 -MODULE 2-POLYMER MATRIX COMPOSITES - LECTURE 1.pptx
byVINAY B
 
PPTX
How Blockchain Application Development Enables Trustless Digital Ecosystems.pptx
byLisa ward
 
PPTX
Building Real-Time Voice AI — Udaiappa Ramachandran
byUdaiappa Ramachandran
 
PDF
65 AI-related Posts Catalog https://tinyurl.com/mpavkr8z
byBob Marcus
 
PPTX
Flutter & Firebase Session Slides - GDG VESIT
bygdgcodecellcmpn
 
PDF
Intro to CrafterQ - AI Agent Platform for the Enterprise.pdf
byCrafterQ
 
PDF
Best-Travel-Portal-Development-Solutions-for-Online-Growth
bykashishnagarrajput
 
Generating Structured Outputs from Unstructured Content Using LLMs
byEnterprise Knowledge
 
Louisville User Group: Transforming Technical Debt into Technical Wealth
byLynda Kane
 
IBM_NEXA_DAC2021 NEXA, a cloud-native platform for collaborative hardware log...
byArun Joseph
 
Master the FME Connector for ArcGIS: Streamlined Data Management & Robust Met...
bySafe Software
 
DataLiva-LivaGRC- Business Software for Governance, Risk, and Compliance
byMustafa Kuğu
 
Best Bank Statement Converter Software - A Documentation-Based Meta-Analysis ...
bylewisconrada
 
SEO in Charleston SC | Local SEO Strategies to Grow Your Business.pdf
bycustomdigitalsolutio1
 
DVCON24-IBM ai/ml driven hardware verification
byArun Joseph
 
Lecture 04. about Black heads and Hackerss.pptx
byvinocol222
 
Governing Agentic Enterprise - From Shadow AI to Autonomous Security.pdf
bysajjasridhar1990
 
UNIT 1- Introduction to Basic of Computer Fundamentals
bypawarbhaktiit
 
Building Software in the AI Era: Spec-Driven Development with Kiro IDE
byHaim Michael
 
Purple Team - Active Directory and AzureAD v1
byVICTOR MAESTRE RAMIREZ
 
KTU-PEMET413 -MODULE 2-POLYMER MATRIX COMPOSITES - LECTURE 1.pptx
byVINAY B
 
How Blockchain Application Development Enables Trustless Digital Ecosystems.pptx
byLisa ward
 
Building Real-Time Voice AI — Udaiappa Ramachandran
byUdaiappa Ramachandran
 
65 AI-related Posts Catalog https://tinyurl.com/mpavkr8z
byBob Marcus
 
Flutter & Firebase Session Slides - GDG VESIT
bygdgcodecellcmpn
 
Intro to CrafterQ - AI Agent Platform for the Enterprise.pdf
byCrafterQ
 
Best-Travel-Portal-Development-Solutions-for-Online-Growth
bykashishnagarrajput
 

Cargo Cult Security at OpenWest

  • 1.
    Cargo Cult Security -OpenWest https://github.com/disaacson/cargo-cult-security by Derrick Isaacson
  • 2.
  • 3.
  • 4.
    Cargo Cult Programming Ritualisticinclusion of code or patterns that are unnecessary for the task at hand. • Design patterns • Factory • Wrapper • Dependency injection • Cryptography • Encryption • Hashing
  • 5.
  • 6.
    Crypto Primitives &Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
  • 7.
    Classic Encryption Hash MAC HMAC Symmetric KeyCrypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
  • 8.
  • 9.
    Symmetric Key Cryptography (Private-key Cryptography) •Blowfish • Twofish • Serpent • AES (Rijndael) • CAST5 • RC4 • 3DES • IDEA HTTPS (TLS) SSH (SSL) LUKS Disk Encryption KeePass
  • 10.
    Blowfish Example $plaintext =‘Keep it secret. Keep it safe.'; $ciphertext = mcrypt_encrypt(MCRYPT_BLOWFISH, ‘0123456789', $plaintext, MCRYPT_MODE_CBC, ‘87acec17cd9dcd20'); $crypttextHex = bin2hex($ciphertext); echo $crypttextHex; a8 c5 22 a1 c5 19 97 70 95 a9 12 af 1a 1f 83 4e 0e d7 20 9e ea ab ba 7f 6c d5 d7 de a0 24 1a 5b
  • 11.
    Anti-pattern: Authentication $plainTextId ='100000'; echo '<h4>"Secure" URL for image ' . $plainTextId . '.</h4>'; $cryptTextId = bin2hex(mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $plainTextId, MCRYPT_MODE_OFB, $initializationVector)); $secretImageUrl = "…?secure_id=". $cryptTextId; echo '<a href="'. $secretImageUrl .'">'.$secretImageUrl.'</a>'; private_image.php?secure_id=573146feb41e
  • 12.
    private_image.php?secure_id=573146feb41e $cryptTextId = $_GET["secure_id"]; $plainTextId= rtrim(mcrypt_decrypt(MCRYPT_BLOWFISH, $key, hex2bin($cryptTextId), MCRYPT_MODE_OFB, $initializationVector)); $imageData = file_get_contents("img/“ . $plainTextId); echo '<img src="data:image/png;base64,‘ . base64_encode($imageData).'">‘; 573146feb41e 100000 Team Photo
  • 13.
    private_image.php?secure_id=573146feb41e private_image.php?secure_id=573146feb41f $cryptTextId = $_GET["secure_id"]; $plainTextId= rtrim(mcrypt_decrypt(MCRYPT_BLOWFISH, $key, hex2bin($cryptTextId), MCRYPT_MODE_OFB, $initializationVector)); $imageData = file_get_contents("img/“ . $plainTextId); echo '<img src="data:image/png;base64,‘ . base64_encode($imageData).'">‘; 573146feb41f 100001 Attack Plan
  • 14.
    Crypto Primitives &Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
  • 15.
    Message Authentication Codes HMAC(key,message) HMAC: RFC 2104 • HMAC-MD5 • HMAC-SHA1 • HMAC-SHA256 Message MAC
  • 16.
    HMAC $plainTextId = '100000'; $hmac= hash_hmac("sha256", $key, $plainTextId); $secretImageUrl = "…?id=". $plainTextId . "&hmac=" . $hmac; echo '<a href="'. $secretImageUrl .'">' . $secretImageUrl . '</a>'; $plainTextId = $_GET["id"]; $signature = $_GET["hmac"]; $hmac = hash_hmac("sha256", $key, $plainTextId); if ($hmac == $signature) { $imageData = file_get_contents("img/" . $plainTextId . ".jpg"); echo '<img src="data:image/png;base64,'. base64_encode($imageData) .'">'; } else { echo '<h4 class="error">Permission Denied!</h4>'; } Permission Denied! /cargo-cult-security/private_image_2php?id=100000&hmac=9d892a6925a0a3eb36a3fcff47d12f0c03c2f7c8c1 /cargo-cult-security/private_image_2php?id=100001&hmac=9d892a6925a0a3eb36a3fcff47d12f0c03c2f7c8c1
  • 17.
    Crypto Primitives &Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
  • 18.
    Anti-pattern: Authentication 2 $plainTextUserId= ‘834'; echo '<h4>"Secure" URL for image ' . $plainTextUserId . '.</h4>'; $cryptTextId = bin2hex(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $plainTextId, MCRYPT_MODE_OFB, $initializationVector)); $secretImageUrl = "…?secure_id=". $cryptTextId; echo '<a href="'. $secretImageUrl .'">'.$secretImageUrl.'</a>'; private_image.php?secure_id=f3d90e http://aes.online-domain-tools.com/ 224 search space with a valid URL density of 1 16,777
  • 19.
    HMAC for authentication $authInfo= ‘uid=‘ . $userId ‘&ts=‘ . time(); // uid=123&ts=12345 $hmac = hash_hmac("sha256", $key, $authInfo); $authToken = $authInfo . ‘&hmac=‘ . $hmac; // uid=123&ts=12345&hmac=9a0b1c // send token to user (e.g. set as a cookie) $token = // read token (from cookie, Authorization header, …) $message = // regenerate base message (uid=123&ts=12345) $signature = $token["hmac"]; $validationHmac = hash_hmac("sha256", $key, $message); if ($validationHmac == $signature) { // let request through if timestamp is also recent enough else { // send back a 403 Forbidden } Login Protected service
  • 20.
    Crypto Primitives &Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
  • 21.
    Anti-pattern: Integrity $aes =mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, ''); … return mcrypt_generic($aes, $data); $cipher [45] = chr(ord($cipher [45]) ^ ord(".") ^ ord ("0")); $aes = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, ''); … return mdecrypt_generic($aes, $data);
  • 22.
    Crypto Primitives &Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
  • 23.
    Encryption Parameters Creates ciphertext Cipher (AES, Blowfish, …) Secret key Data to encrypt CBC, ECB, OFB, … Initialization Vector mcrypt_encrypt( MCRYPT_BLOWFISH, $key, $plainText, MCRYPT_MODE_CBC, $iv);
  • 24.
    Anti-pattern: Encryption Modes $plainImageData= file_get_contents($file); $cryptText = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $plainImageData, MCRYPT_MODE_ECB, $initializationVector); file_put_contents($file . ".encrypted.data", $cryptText);
  • 26.
    Cipher-block Chaining Mode $plainImageData= file_get_contents($file); $cryptText = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $plainImageData, MCRYPT_MODE_CBC, $initializationVector); file_put_contents($file . ".encrypted.data", $cryptText);
  • 27.
    Encryption Parameters Creates ciphertext Cipher (AES, Blowfish, …) Secret key Data to encrypt CBC, ECB, OFB, … Initialization Vector mcrypt_encrypt( MCRYPT_BLOWFISH, $key, $plainText, MCRYPT_MODE_CBC, $iv);
  • 28.
    May 20th 1942 Messageintercepted Island “AF” June 3rd 1942 Battle of Midway
  • 29.
    Anti-pattern: Initialization Vector $plainText= “Hold"; $cryptText = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $plainText, MCRYPT_MODE_CBC, md5($key)); • Monday: “a8b8f95c4684b3f3” • Tuesday: “a8b8f95c4684b3f3” • Wednesday: “a8b8f95c4684b3f3” • Thursday: “a8b8f95c4684b3f3” • Friday: “10f32c937a1284db”
  • 30.
    Modes and IVs •Cipher-block chaining prevents patterns within messages • Correct IV prevents patterns across messages
  • 31.
    Generating Keys &Initialization Vectors $key = “koicy37m8ao2nl07"; $iv = rand(); $cypherText = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $plainText, MCRYPT_MODE_CBC, $iv); • How many bits of key entropy can be contained in 16 alphanumeric characters? • 96 bits! • ~0.00000002% of possible search space • What initialization vector is really used here? • “0000000000000000”! • PHP Warning: mcrypt_decrypt(): The IV parameter must be as long as the blocksize in /home/derrick/…/CBC.php on line 27 • Use • $size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC); • mcrypt_create_iv($size);
  • 32.
    Anti-pattern: Random Values <formaction=""> <label>Donation amount</label> <input type="text" value="10.00"> <?php $csrfToken = rand(); setCookie("csrfToken", $csrfToken); echo "<input type="hidden" value="$csrfToken">“; ?> <input type="submit" value="Submit"> </form>
  • 33.
    Finding Linear CongruentialSeed Random random = new Random(); long v1 = random.nextInt(); long v2 = random.nextInt(); for (int i = 0; i < 65536; i++) { long seed = v1 * 65536 + i; if (((seed * multiplier + addend) & mask) >>> 16) == v2) { System.out.println("Seed found: " + seed); break; } }
  • 34.
    Anti-pattern: Psuedo-random Session IDs <?php $uid= "12345678"; $sessionId = md5($uid . rand() . microtime()); setCookie(“session_id", $sessionId); ?> Really only ~20 bits of entropy. A modern GPU can calculate that in a second!9,12
  • 35.
    HMACs and SecureRandom <form action=""> <label>Donation amount</label> <input type="text" value="10.00"> <?php $csrfToken = openssl_random_pseudo_bytes(32); setCookie("csrfToken", bin2hex($csrfToken)); echo "<input type="hidden" value="$csrfToken">“; ?> <input type="submit" value="Submit"> </form> Do not use sessions! Use HMACs! Seriously.
  • 36.
    No Cargo CultSecurity! 1. Identify true security goal. 2. Find correct crypto primitive. 3. Spend some time to learn about it. 4. Write as little of your own crypto code as possible.
  • 37.
    Crypto Primitives &Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
  • 38.
    Crypto Primitives &Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
  • 39.
  • 40.
    References 1. http://en.wikipedia.org/wiki/Cargo_cult 2. http://neurotheory.columbia.edu/~ken/cargo_cult.html 3.http://en.wikipedia.org/wiki/Post_hoc_ergo_propter_hoc 4. http://en.wikipedia.org/wiki/Cargo_cult_programming 5. https://oracleus.activeevents.com/2013/connect/sessionDetail.ww?SESSION_ID=6325 6. http://www.scs.stanford.edu/10au-cs144/notes/ 7. http://resources.infosecinstitute.com/cbc-byte-flipping-attack-101-approach/ 8. http://security.stackexchange.com/questions/18033/how-insecure-are-phps-rand-functions 9. http://crypto.di.uoa.gr/CRYPTO.SEC/Randomness_Attacks_files/paper.pdf 10. http://security.stackexchange.com/questions/17988/how-insecure-are-non-cryptographic-random-number-generators 11. http://jazzy.id.au/default/2010/09/20/cracking_random_number_generators_part_1.html 12. http://thepasswordproject.com/oclhashcat_benchmarking 13. http://www.php.net/manual/en/function.openssl-random-pseudo-bytes.php 14. http://blowfish.online-domain-tools.com/ 15. https://github.com/disaacson/cargo-cult-security 16. http://tools.ietf.org/html/rfc2104