SlideShare a Scribd company logo

Cargo Cult Security: Understanding Crypto Primitives and Avoiding Common Pitfalls

Download as PPTX, PDF
Derrick Isaacson
Derrick Isaacson

See common anti-patterns for securing web applications and how to correct them. Learn how to differentiate between authentication, authorization, secrecy, integrity, non-repudiation, and other security goals. Examples include how: * a theoretical "secret" banking request is corrupted to pad an attacker's bank account, * an insecure "session" authentication token is attacked, and * a "random" XSRF value gives a false sense of security. Correct principles and patterns are analyzed and compared with common incorrect ones. Presented at OpenWest 2014

TechnologyEducation
1 of 40
Cargo Cult Security - OpenWest https://github.com/disaacson/cargo-cult-security by Derrick Isaacson
http://en.wikipedia.org/wiki/Cargo_cult
Richard Feynman
Cargo Cult Programming Ritualistic inclusion of code or patterns that are unnecessary for the task at hand. • Design patterns • Factory • Wrapper • Dependency injection • Cryptography • Encryption • Hashing
The Big Picture
Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
Classic Encryption Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
PlaintextCiphertext Cipher
Symmetric Key Cryptography (Private-key Cryptography) • Blowfish • Twofish • Serpent • AES (Rijndael) • CAST5 • RC4 • 3DES • IDEA HTTPS (TLS) SSH (SSL) LUKS Disk Encryption KeePass
Blowfish Example $plaintext = ‘Keep it secret. Keep it safe.'; $ciphertext = mcrypt_encrypt(MCRYPT_BLOWFISH, ‘0123456789', $plaintext, MCRYPT_MODE_CBC, ‘87acec17cd9dcd20'); $crypttextHex = bin2hex($ciphertext); echo $crypttextHex; a8 c5 22 a1 c5 19 97 70 95 a9 12 af 1a 1f 83 4e 0e d7 20 9e ea ab ba 7f 6c d5 d7 de a0 24 1a 5b
Anti-pattern: Authentication $plainTextId = '100000'; echo '<h4>"Secure" URL for image ' . $plainTextId . '.</h4>'; $cryptTextId = bin2hex(mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $plainTextId, MCRYPT_MODE_OFB, $initializationVector)); $secretImageUrl = "…?secure_id=". $cryptTextId; echo '<a href="'. $secretImageUrl .'">'.$secretImageUrl.'</a>'; private_image.php?secure_id=573146feb41e
private_image.php?secure_id=573146feb41e $cryptTextId = $_GET["secure_id"]; $plainTextId = rtrim(mcrypt_decrypt(MCRYPT_BLOWFISH, $key, hex2bin($cryptTextId), MCRYPT_MODE_OFB, $initializationVector)); $imageData = file_get_contents("img/“ . $plainTextId); echo '<img src="data:image/png;base64,‘ . base64_encode($imageData).'">‘; 573146feb41e 100000 Team Photo
private_image.php?secure_id=573146feb41e private_image.php?secure_id=573146feb41f $cryptTextId = $_GET["secure_id"]; $plainTextId = rtrim(mcrypt_decrypt(MCRYPT_BLOWFISH, $key, hex2bin($cryptTextId), MCRYPT_MODE_OFB, $initializationVector)); $imageData = file_get_contents("img/“ . $plainTextId); echo '<img src="data:image/png;base64,‘ . base64_encode($imageData).'">‘; 573146feb41f 100001 Attack Plan
Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
Message Authentication Codes HMAC(key, message) HMAC: RFC 2104 • HMAC-MD5 • HMAC-SHA1 • HMAC-SHA256 Message MAC
HMAC $plainTextId = '100000'; $hmac = hash_hmac("sha256", $key, $plainTextId); $secretImageUrl = "…?id=". $plainTextId . "&hmac=" . $hmac; echo '<a href="'. $secretImageUrl .'">' . $secretImageUrl . '</a>'; $plainTextId = $_GET["id"]; $signature = $_GET["hmac"]; $hmac = hash_hmac("sha256", $key, $plainTextId); if ($hmac == $signature) { $imageData = file_get_contents("img/" . $plainTextId . ".jpg"); echo '<img src="data:image/png;base64,'. base64_encode($imageData) .'">'; } else { echo '<h4 class="error">Permission Denied!</h4>'; } Permission Denied! /cargo-cult-security/private_image_2php?id=100000&hmac=9d892a6925a0a3eb36a3fcff47d12f0c03c2f7c8c1 /cargo-cult-security/private_image_2php?id=100001&hmac=9d892a6925a0a3eb36a3fcff47d12f0c03c2f7c8c1
Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
Anti-pattern: Authentication 2 $plainTextUserId = ‘834'; echo '<h4>"Secure" URL for image ' . $plainTextUserId . '.</h4>'; $cryptTextId = bin2hex(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $plainTextId, MCRYPT_MODE_OFB, $initializationVector)); $secretImageUrl = "…?secure_id=". $cryptTextId; echo '<a href="'. $secretImageUrl .'">'.$secretImageUrl.'</a>'; private_image.php?secure_id=f3d90e http://aes.online-domain-tools.com/ 224 search space with a valid URL density of 1 16,777
HMAC for authentication $authInfo = ‘uid=‘ . $userId ‘&ts=‘ . time(); // uid=123&ts=12345 $hmac = hash_hmac("sha256", $key, $authInfo); $authToken = $authInfo . ‘&hmac=‘ . $hmac; // uid=123&ts=12345&hmac=9a0b1c // send token to user (e.g. set as a cookie) $token = // read token (from cookie, Authorization header, …) $message = // regenerate base message (uid=123&ts=12345) $signature = $token["hmac"]; $validationHmac = hash_hmac("sha256", $key, $message); if ($validationHmac == $signature) { // let request through if timestamp is also recent enough else { // send back a 403 Forbidden } Login Protected service
Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
Anti-pattern: Integrity $aes = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, ''); … return mcrypt_generic($aes, $data); $cipher [45] = chr(ord($cipher [45]) ^ ord(".") ^ ord ("0")); $aes = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, ''); … return mdecrypt_generic($aes, $data);
Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
Encryption Parameters Creates cipher text Cipher (AES, Blowfish, …) Secret key Data to encrypt CBC, ECB, OFB, … Initialization Vector mcrypt_encrypt( MCRYPT_BLOWFISH, $key, $plainText, MCRYPT_MODE_CBC, $iv);
Anti-pattern: Encryption Modes $plainImageData = file_get_contents($file); $cryptText = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $plainImageData, MCRYPT_MODE_ECB, $initializationVector); file_put_contents($file . ".encrypted.data", $cryptText);
Cipher-block Chaining Mode $plainImageData = file_get_contents($file); $cryptText = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $plainImageData, MCRYPT_MODE_CBC, $initializationVector); file_put_contents($file . ".encrypted.data", $cryptText);
Encryption Parameters Creates cipher text Cipher (AES, Blowfish, …) Secret key Data to encrypt CBC, ECB, OFB, … Initialization Vector mcrypt_encrypt( MCRYPT_BLOWFISH, $key, $plainText, MCRYPT_MODE_CBC, $iv);
May 20th 1942 Message intercepted Island “AF” June 3rd 1942 Battle of Midway
Anti-pattern: Initialization Vector $plainText = “Hold"; $cryptText = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $plainText, MCRYPT_MODE_CBC, md5($key)); • Monday: “a8b8f95c4684b3f3” • Tuesday: “a8b8f95c4684b3f3” • Wednesday: “a8b8f95c4684b3f3” • Thursday: “a8b8f95c4684b3f3” • Friday: “10f32c937a1284db”
Modes and IVs • Cipher-block chaining prevents patterns within messages • Correct IV prevents patterns across messages
Generating Keys & Initialization Vectors $key = “koicy37m8ao2nl07"; $iv = rand(); $cypherText = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $plainText, MCRYPT_MODE_CBC, $iv); • How many bits of key entropy can be contained in 16 alphanumeric characters? • 96 bits! • ~0.00000002% of possible search space • What initialization vector is really used here? • “0000000000000000”! • PHP Warning: mcrypt_decrypt(): The IV parameter must be as long as the blocksize in /home/derrick/…/CBC.php on line 27 • Use • $size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC); • mcrypt_create_iv($size);
Anti-pattern: Random Values <form action=""> <label>Donation amount</label> <input type="text" value="10.00"> <?php $csrfToken = rand(); setCookie("csrfToken", $csrfToken); echo "<input type="hidden" value="$csrfToken">“; ?> <input type="submit" value="Submit"> </form>
Finding Linear Congruential Seed Random random = new Random(); long v1 = random.nextInt(); long v2 = random.nextInt(); for (int i = 0; i < 65536; i++) { long seed = v1 * 65536 + i; if (((seed * multiplier + addend) & mask) >>> 16) == v2) { System.out.println("Seed found: " + seed); break; } }
Anti-pattern: Psuedo-random Session IDs <?php $uid = "12345678"; $sessionId = md5($uid . rand() . microtime()); setCookie(“session_id", $sessionId); ?> Really only ~20 bits of entropy. A modern GPU can calculate that in a second!9,12
HMACs and Secure Random <form action=""> <label>Donation amount</label> <input type="text" value="10.00"> <?php $csrfToken = openssl_random_pseudo_bytes(32); setCookie("csrfToken", bin2hex($csrfToken)); echo "<input type="hidden" value="$csrfToken">“; ?> <input type="submit" value="Submit"> </form> Do not use sessions! Use HMACs! Seriously.
No Cargo Cult Security! 1. Identify true security goal. 2. Find correct crypto primitive. 3. Spend some time to learn about it. 4. Write as little of your own crypto code as possible.
Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
Questions? derrick@lucidchart.com https://github.com/disaacson/cargo-cult-security
References 1. http://en.wikipedia.org/wiki/Cargo_cult 2. http://neurotheory.columbia.edu/~ken/cargo_cult.html 3. http://en.wikipedia.org/wiki/Post_hoc_ergo_propter_hoc 4. http://en.wikipedia.org/wiki/Cargo_cult_programming 5. https://oracleus.activeevents.com/2013/connect/sessionDetail.ww?SESSION_ID=6325 6. http://www.scs.stanford.edu/10au-cs144/notes/ 7. http://resources.infosecinstitute.com/cbc-byte-flipping-attack-101-approach/ 8. http://security.stackexchange.com/questions/18033/how-insecure-are-phps-rand-functions 9. http://crypto.di.uoa.gr/CRYPTO.SEC/Randomness_Attacks_files/paper.pdf 10. http://security.stackexchange.com/questions/17988/how-insecure-are-non-cryptographic-random-number-generators 11. http://jazzy.id.au/default/2010/09/20/cracking_random_number_generators_part_1.html 12. http://thepasswordproject.com/oclhashcat_benchmarking 13. http://www.php.net/manual/en/function.openssl-random-pseudo-bytes.php 14. http://blowfish.online-domain-tools.com/ 15. https://github.com/disaacson/cargo-cult-security 16. http://tools.ietf.org/html/rfc2104

Recommended

Cargo Cult Security 2014_01_18
Cargo Cult Security 2014_01_18Cargo Cult Security 2014_01_18
Cargo Cult Security 2014_01_18Derrick Isaacson
 
Cargo Cult Security UJUG Sep2015
Cargo Cult Security UJUG Sep2015Cargo Cult Security UJUG Sep2015
Cargo Cult Security UJUG Sep2015Derrick Isaacson
 
Cryptography 101 for Java developers
Cryptography 101 for Java developersCryptography 101 for Java developers
Cryptography 101 for Java developersMichel Schudel
 
Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019Michel Schudel
 
Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Michel Schudel
 
Cryptography For The Average Developer
Cryptography For The Average DeveloperCryptography For The Average Developer
Cryptography For The Average DeveloperAnthony Ferrara
 
Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Michel Schudel
 
Dodging WebCrypto API Landmines
Dodging WebCrypto API LandminesDodging WebCrypto API Landmines
Dodging WebCrypto API LandminesErnie Turner
 

Recommended

Cargo Cult Security 2014_01_18
Cargo Cult Security 2014_01_18Cargo Cult Security 2014_01_18
Cargo Cult Security 2014_01_18Derrick Isaacson
 
Cargo Cult Security UJUG Sep2015
Cargo Cult Security UJUG Sep2015Cargo Cult Security UJUG Sep2015
Cargo Cult Security UJUG Sep2015Derrick Isaacson
 
Cryptography 101 for Java developers
Cryptography 101 for Java developersCryptography 101 for Java developers
Cryptography 101 for Java developersMichel Schudel
 
Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019Michel Schudel
 
Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Michel Schudel
 
Cryptography For The Average Developer
Cryptography For The Average DeveloperCryptography For The Average Developer
Cryptography For The Average DeveloperAnthony Ferrara
 
Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Michel Schudel
 
Dodging WebCrypto API Landmines
Dodging WebCrypto API LandminesDodging WebCrypto API Landmines
Dodging WebCrypto API LandminesErnie Turner
 
How does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen OomsHow does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen OomsAjay Ohri
 
Python Cryptography & Security
Python Cryptography & SecurityPython Cryptography & Security
Python Cryptography & SecurityJose Manuel Ortega Candel
 
Obfuscation-Resilient Privacy Leak Detection for Mobile Apps
Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Obfuscation-Resilient Privacy Leak Detection for Mobile Apps
Obfuscation-Resilient Privacy Leak Detection for Mobile Apps NECST Lab @ Politecnico di Milano
 
Crypto failures every developer should avoid
Crypto failures every developer should avoidCrypto failures every developer should avoid
Crypto failures every developer should avoidFilip Šebesta
 
9 password security
9 password security9 password security
9 password securitydrewz lin
 
Hta t07-did-you-read-the-news-http-request-hijacking
Hta t07-did-you-read-the-news-http-request-hijackingHta t07-did-you-read-the-news-http-request-hijacking
Hta t07-did-you-read-the-news-http-request-hijackingКомсс Файквэе
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Svetlin Nakov
 
Cryptography for the mere mortals
Cryptography for the mere mortalsCryptography for the mere mortals
Cryptography for the mere mortalsM A Hossain Tonu
 
XSS: From alert(1) to crypto mining malware
XSS: From alert(1) to crypto mining malwareXSS: From alert(1) to crypto mining malware
XSS: From alert(1) to crypto mining malwareOmer Meshar
 
Django cryptography
Django cryptographyDjango cryptography
Django cryptographyErik LaBianca
 
Secure Coding for NodeJS
Secure Coding for NodeJSSecure Coding for NodeJS
Secure Coding for NodeJSThang Chung
 
iCloud keychain
iCloud keychainiCloud keychain
iCloud keychainAlexey Troshichev
 
Web application Security
Web application SecurityWeb application Security
Web application SecurityLee C
 
Application Security around OWASP Top 10
Application Security around OWASP Top 10Application Security around OWASP Top 10
Application Security around OWASP Top 10Sastry Tumuluri
 
Preventing Data Breaches: How to Tighten Your Security Stance
Preventing Data Breaches: How to Tighten Your Security StancePreventing Data Breaches: How to Tighten Your Security Stance
Preventing Data Breaches: How to Tighten Your Security StanceSara Goodison
 
Onward15
Onward15Onward15
Onward15sarah_nadi
 
동시성과 병렬성
동시성과 병렬성동시성과 병렬성
동시성과 병렬성Chanhyeong LEE
 
Mongo scaling
Mongo scalingMongo scaling
Mongo scalingSimon Maynard
 
Dip Your Toes in the Sea of Security (IPC Fall 2017)
Dip Your Toes in the Sea of Security (IPC Fall 2017)Dip Your Toes in the Sea of Security (IPC Fall 2017)
Dip Your Toes in the Sea of Security (IPC Fall 2017)James Titcumb
 
SSL/TLS for Mortals (JavaZone)
SSL/TLS for Mortals (JavaZone)SSL/TLS for Mortals (JavaZone)
SSL/TLS for Mortals (JavaZone)Maarten Mulders
 
Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013javagroup2006
 
Security and Encryption on iOS
Security and Encryption on iOSSecurity and Encryption on iOS
Security and Encryption on iOSGraham Lee
 

More Related Content

What's hot

How does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen OomsHow does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen OomsAjay Ohri
 
Obfuscation-Resilient Privacy Leak Detection for Mobile Apps
Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Obfuscation-Resilient Privacy Leak Detection for Mobile Apps
Obfuscation-Resilient Privacy Leak Detection for Mobile Apps NECST Lab @ Politecnico di Milano
 
Crypto failures every developer should avoid
Crypto failures every developer should avoidCrypto failures every developer should avoid
Crypto failures every developer should avoidFilip Šebesta
 
9 password security
9 password security9 password security
9 password securitydrewz lin
 
Hta t07-did-you-read-the-news-http-request-hijacking
Hta t07-did-you-read-the-news-http-request-hijackingHta t07-did-you-read-the-news-http-request-hijacking
Hta t07-did-you-read-the-news-http-request-hijackingКомсс Файквэе
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Svetlin Nakov
 
Cryptography for the mere mortals
Cryptography for the mere mortalsCryptography for the mere mortals
Cryptography for the mere mortalsM A Hossain Tonu
 
XSS: From alert(1) to crypto mining malware
XSS: From alert(1) to crypto mining malwareXSS: From alert(1) to crypto mining malware
XSS: From alert(1) to crypto mining malwareOmer Meshar
 
Secure Coding for NodeJS
Secure Coding for NodeJSSecure Coding for NodeJS
Secure Coding for NodeJSThang Chung
 
Web application Security
Web application SecurityWeb application Security
Web application SecurityLee C
 
Application Security around OWASP Top 10
Application Security around OWASP Top 10Application Security around OWASP Top 10
Application Security around OWASP Top 10Sastry Tumuluri
 
Preventing Data Breaches: How to Tighten Your Security Stance
Preventing Data Breaches: How to Tighten Your Security StancePreventing Data Breaches: How to Tighten Your Security Stance
Preventing Data Breaches: How to Tighten Your Security StanceSara Goodison
 
동시성과 병렬성
동시성과 병렬성동시성과 병렬성
동시성과 병렬성Chanhyeong LEE
 
Dip Your Toes in the Sea of Security (IPC Fall 2017)
Dip Your Toes in the Sea of Security (IPC Fall 2017)Dip Your Toes in the Sea of Security (IPC Fall 2017)
Dip Your Toes in the Sea of Security (IPC Fall 2017)James Titcumb
 
SSL/TLS for Mortals (JavaZone)
SSL/TLS for Mortals (JavaZone)SSL/TLS for Mortals (JavaZone)
SSL/TLS for Mortals (JavaZone)Maarten Mulders
 

What's hot (20)

How does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen OomsHow does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen Ooms
 
Python Cryptography & Security
Python Cryptography & SecurityPython Cryptography & Security
Python Cryptography & Security
 
Obfuscation-Resilient Privacy Leak Detection for Mobile Apps
Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Obfuscation-Resilient Privacy Leak Detection for Mobile Apps
Obfuscation-Resilient Privacy Leak Detection for Mobile Apps
 
Crypto failures every developer should avoid
Crypto failures every developer should avoidCrypto failures every developer should avoid
Crypto failures every developer should avoid
 
9 password security
9 password security9 password security
9 password security
 
Hta t07-did-you-read-the-news-http-request-hijacking
Hta t07-did-you-read-the-news-http-request-hijackingHta t07-did-you-read-the-news-http-request-hijacking
Hta t07-did-you-read-the-news-http-request-hijacking
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)
 
Cryptography for the mere mortals
Cryptography for the mere mortalsCryptography for the mere mortals
Cryptography for the mere mortals
 
XSS: From alert(1) to crypto mining malware
XSS: From alert(1) to crypto mining malwareXSS: From alert(1) to crypto mining malware
XSS: From alert(1) to crypto mining malware
 
Django cryptography
Django cryptographyDjango cryptography
Django cryptography
 
Secure Coding for NodeJS
Secure Coding for NodeJSSecure Coding for NodeJS
Secure Coding for NodeJS
 
iCloud keychain
iCloud keychainiCloud keychain
iCloud keychain
 
Web application Security
Web application SecurityWeb application Security
Web application Security
 
Application Security around OWASP Top 10
Application Security around OWASP Top 10Application Security around OWASP Top 10
Application Security around OWASP Top 10
 
Preventing Data Breaches: How to Tighten Your Security Stance
Preventing Data Breaches: How to Tighten Your Security StancePreventing Data Breaches: How to Tighten Your Security Stance
Preventing Data Breaches: How to Tighten Your Security Stance
 
Onward15
Onward15Onward15
Onward15
 
동시성과 병렬성
동시성과 병렬성동시성과 병렬성
동시성과 병렬성
 
Mongo scaling
Mongo scalingMongo scaling
Mongo scaling
 
Dip Your Toes in the Sea of Security (IPC Fall 2017)
Dip Your Toes in the Sea of Security (IPC Fall 2017)Dip Your Toes in the Sea of Security (IPC Fall 2017)
Dip Your Toes in the Sea of Security (IPC Fall 2017)
 
SSL/TLS for Mortals (JavaZone)
SSL/TLS for Mortals (JavaZone)SSL/TLS for Mortals (JavaZone)
SSL/TLS for Mortals (JavaZone)
 

Similar to Cargo Cult Security: Understanding Crypto Primitives and Avoiding Common Pitfalls

Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013javagroup2006
 
Security and Encryption on iOS
Security and Encryption on iOSSecurity and Encryption on iOS
Security and Encryption on iOSGraham Lee
 
Crypto failures every developer should avoid
Crypto failures every developer should avoidCrypto failures every developer should avoid
Crypto failures every developer should avoidOwaspCzech
 
Hadoop Security Now and Future
Hadoop Security Now and FutureHadoop Security Now and Future
Hadoop Security Now and Futuretcloudcomputing-tw
 
Cryptography with Zend Framework
Cryptography with Zend FrameworkCryptography with Zend Framework
Cryptography with Zend FrameworkEnrico Zimuel
 
Dip Your Toes in the Sea of Security (PHP UK 2016)
Dip Your Toes in the Sea of Security (PHP UK 2016)Dip Your Toes in the Sea of Security (PHP UK 2016)
Dip Your Toes in the Sea of Security (PHP UK 2016)James Titcumb
 
Using Cryptography Properly in Applications
Using Cryptography Properly in ApplicationsUsing Cryptography Properly in Applications
Using Cryptography Properly in ApplicationsGreat Wide Open
 
Cryptography Fundamentals
Cryptography FundamentalsCryptography Fundamentals
Cryptography FundamentalsDuy Do Phan
 
PHP Identity and Data Security
PHP Identity and Data SecurityPHP Identity and Data Security
PHP Identity and Data SecurityJonathan LeBlanc
 
Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Matthew McCullough
 
How to do Cryptography right in Android Part One
How to do Cryptography right in Android Part OneHow to do Cryptography right in Android Part One
How to do Cryptography right in Android Part OneArash Ramez
 
ExpertsLiveEurope The New Era Of Endpoint Security
ExpertsLiveEurope The New Era Of Endpoint SecurityExpertsLiveEurope The New Era Of Endpoint Security
ExpertsLiveEurope The New Era Of Endpoint SecurityAlexander Benoit
 
Information security programming in ruby
Information security programming in rubyInformation security programming in ruby
Information security programming in rubyHiroshi Nakamura
 
Dip Your Toes in the Sea of Security (DPC 2015)
Dip Your Toes in the Sea of Security (DPC 2015)Dip Your Toes in the Sea of Security (DPC 2015)
Dip Your Toes in the Sea of Security (DPC 2015)James Titcumb
 
Implement symmetric key algorithms.pptx
Implement symmetric key algorithms.pptxImplement symmetric key algorithms.pptx
Implement symmetric key algorithms.pptxpreethihp4500
 
Biting into the forbidden fruit. Lessons from trusting Javascript crypto.
Biting into the forbidden fruit. Lessons from trusting Javascript crypto.Biting into the forbidden fruit. Lessons from trusting Javascript crypto.
Biting into the forbidden fruit. Lessons from trusting Javascript crypto.Krzysztof Kotowicz
 
Eight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsEight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsAleksandr Yampolskiy
 
Introduction to Public Key Cryptography
Introduction to Public Key CryptographyIntroduction to Public Key Cryptography
Introduction to Public Key CryptographyKelley Robinson
 

Similar to Cargo Cult Security: Understanding Crypto Primitives and Avoiding Common Pitfalls (20)

Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013Data Security Essentials - JavaOne 2013
Data Security Essentials - JavaOne 2013
 
Security and Encryption on iOS
Security and Encryption on iOSSecurity and Encryption on iOS
Security and Encryption on iOS
 
Crypto failures every developer should avoid
Crypto failures every developer should avoidCrypto failures every developer should avoid
Crypto failures every developer should avoid
 
Hadoop Security Now and Future
Hadoop Security Now and FutureHadoop Security Now and Future
Hadoop Security Now and Future
 
Cryptography with Zend Framework
Cryptography with Zend FrameworkCryptography with Zend Framework
Cryptography with Zend Framework
 
Dip Your Toes in the Sea of Security (PHP UK 2016)
Dip Your Toes in the Sea of Security (PHP UK 2016)Dip Your Toes in the Sea of Security (PHP UK 2016)
Dip Your Toes in the Sea of Security (PHP UK 2016)
 
Using Cryptography Properly in Applications
Using Cryptography Properly in ApplicationsUsing Cryptography Properly in Applications
Using Cryptography Properly in Applications
 
Cryptography Fundamentals
Cryptography FundamentalsCryptography Fundamentals
Cryptography Fundamentals
 
PHP Identity and Data Security
PHP Identity and Data SecurityPHP Identity and Data Security
PHP Identity and Data Security
 
Web security
Web securityWeb security
Web security
 
Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010
 
How to do Cryptography right in Android Part One
How to do Cryptography right in Android Part OneHow to do Cryptography right in Android Part One
How to do Cryptography right in Android Part One
 
ExpertsLiveEurope The New Era Of Endpoint Security
ExpertsLiveEurope The New Era Of Endpoint SecurityExpertsLiveEurope The New Era Of Endpoint Security
ExpertsLiveEurope The New Era Of Endpoint Security
 
Information security programming in ruby
Information security programming in rubyInformation security programming in ruby
Information security programming in ruby
 
Dip Your Toes in the Sea of Security (DPC 2015)
Dip Your Toes in the Sea of Security (DPC 2015)Dip Your Toes in the Sea of Security (DPC 2015)
Dip Your Toes in the Sea of Security (DPC 2015)
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Implement symmetric key algorithms.pptx
Implement symmetric key algorithms.pptxImplement symmetric key algorithms.pptx
Implement symmetric key algorithms.pptx
 
Biting into the forbidden fruit. Lessons from trusting Javascript crypto.
Biting into the forbidden fruit. Lessons from trusting Javascript crypto.Biting into the forbidden fruit. Lessons from trusting Javascript crypto.
Biting into the forbidden fruit. Lessons from trusting Javascript crypto.
 
Eight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsEight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programs
 
Introduction to Public Key Cryptography
Introduction to Public Key CryptographyIntroduction to Public Key Cryptography
Introduction to Public Key Cryptography
 

More from Derrick Isaacson

UJUG Craftsmanship Roundup April 2017
UJUG Craftsmanship Roundup April 2017UJUG Craftsmanship Roundup April 2017
UJUG Craftsmanship Roundup April 2017Derrick Isaacson
 
Prisoner's Dilemma and Service-oriented Architectures
Prisoner's Dilemma and Service-oriented ArchitecturesPrisoner's Dilemma and Service-oriented Architectures
Prisoner's Dilemma and Service-oriented ArchitecturesDerrick Isaacson
 
Rest in a Nutshell 2014_05_27
Rest in a Nutshell 2014_05_27Rest in a Nutshell 2014_05_27
Rest in a Nutshell 2014_05_27Derrick Isaacson
 
UJUG 2013 Architecture Roundup with Lucid Software
UJUG 2013 Architecture Roundup with Lucid SoftwareUJUG 2013 Architecture Roundup with Lucid Software
UJUG 2013 Architecture Roundup with Lucid SoftwareDerrick Isaacson
 
Scaling Web Services with Evolvable RESTful APIs - JavaOne 2013
Scaling Web Services with Evolvable RESTful APIs - JavaOne 2013Scaling Web Services with Evolvable RESTful APIs - JavaOne 2013
Scaling Web Services with Evolvable RESTful APIs - JavaOne 2013Derrick Isaacson
 

More from Derrick Isaacson (6)

UJUG Craftsmanship Roundup April 2017
UJUG Craftsmanship Roundup April 2017UJUG Craftsmanship Roundup April 2017
UJUG Craftsmanship Roundup April 2017
 
Prisoner's Dilemma and Service-oriented Architectures
Prisoner's Dilemma and Service-oriented ArchitecturesPrisoner's Dilemma and Service-oriented Architectures
Prisoner's Dilemma and Service-oriented Architectures
 
Rest in a Nutshell 2014_05_27
Rest in a Nutshell 2014_05_27Rest in a Nutshell 2014_05_27
Rest in a Nutshell 2014_05_27
 
Effective SOA
Effective SOAEffective SOA
Effective SOA
 
UJUG 2013 Architecture Roundup with Lucid Software
UJUG 2013 Architecture Roundup with Lucid SoftwareUJUG 2013 Architecture Roundup with Lucid Software
UJUG 2013 Architecture Roundup with Lucid Software
 
Scaling Web Services with Evolvable RESTful APIs - JavaOne 2013
Scaling Web Services with Evolvable RESTful APIs - JavaOne 2013Scaling Web Services with Evolvable RESTful APIs - JavaOne 2013
Scaling Web Services with Evolvable RESTful APIs - JavaOne 2013
 

Recently uploaded

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Recently uploaded (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

Cargo Cult Security: Understanding Crypto Primitives and Avoiding Common Pitfalls

  • 1. Cargo Cult Security - OpenWest https://github.com/disaacson/cargo-cult-security by Derrick Isaacson
  • 4. Cargo Cult Programming Ritualistic inclusion of code or patterns that are unnecessary for the task at hand. • Design patterns • Factory • Wrapper • Dependency injection • Cryptography • Encryption • Hashing
  • 6. Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
  • 7. Classic Encryption Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
  • 9. Symmetric Key Cryptography (Private-key Cryptography) • Blowfish • Twofish • Serpent • AES (Rijndael) • CAST5 • RC4 • 3DES • IDEA HTTPS (TLS) SSH (SSL) LUKS Disk Encryption KeePass
  • 10. Blowfish Example $plaintext = ‘Keep it secret. Keep it safe.'; $ciphertext = mcrypt_encrypt(MCRYPT_BLOWFISH, ‘0123456789', $plaintext, MCRYPT_MODE_CBC, ‘87acec17cd9dcd20'); $crypttextHex = bin2hex($ciphertext); echo $crypttextHex; a8 c5 22 a1 c5 19 97 70 95 a9 12 af 1a 1f 83 4e 0e d7 20 9e ea ab ba 7f 6c d5 d7 de a0 24 1a 5b
  • 11. Anti-pattern: Authentication $plainTextId = '100000'; echo '<h4>"Secure" URL for image ' . $plainTextId . '.</h4>'; $cryptTextId = bin2hex(mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $plainTextId, MCRYPT_MODE_OFB, $initializationVector)); $secretImageUrl = "…?secure_id=". $cryptTextId; echo '<a href="'. $secretImageUrl .'">'.$secretImageUrl.'</a>'; private_image.php?secure_id=573146feb41e
  • 12. private_image.php?secure_id=573146feb41e $cryptTextId = $_GET["secure_id"]; $plainTextId = rtrim(mcrypt_decrypt(MCRYPT_BLOWFISH, $key, hex2bin($cryptTextId), MCRYPT_MODE_OFB, $initializationVector)); $imageData = file_get_contents("img/“ . $plainTextId); echo '<img src="data:image/png;base64,‘ . base64_encode($imageData).'">‘; 573146feb41e 100000 Team Photo
  • 13. private_image.php?secure_id=573146feb41e private_image.php?secure_id=573146feb41f $cryptTextId = $_GET["secure_id"]; $plainTextId = rtrim(mcrypt_decrypt(MCRYPT_BLOWFISH, $key, hex2bin($cryptTextId), MCRYPT_MODE_OFB, $initializationVector)); $imageData = file_get_contents("img/“ . $plainTextId); echo '<img src="data:image/png;base64,‘ . base64_encode($imageData).'">‘; 573146feb41f 100001 Attack Plan
  • 14. Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
  • 15. Message Authentication Codes HMAC(key, message) HMAC: RFC 2104 • HMAC-MD5 • HMAC-SHA1 • HMAC-SHA256 Message MAC
  • 16. HMAC $plainTextId = '100000'; $hmac = hash_hmac("sha256", $key, $plainTextId); $secretImageUrl = "…?id=". $plainTextId . "&hmac=" . $hmac; echo '<a href="'. $secretImageUrl .'">' . $secretImageUrl . '</a>'; $plainTextId = $_GET["id"]; $signature = $_GET["hmac"]; $hmac = hash_hmac("sha256", $key, $plainTextId); if ($hmac == $signature) { $imageData = file_get_contents("img/" . $plainTextId . ".jpg"); echo '<img src="data:image/png;base64,'. base64_encode($imageData) .'">'; } else { echo '<h4 class="error">Permission Denied!</h4>'; } Permission Denied! /cargo-cult-security/private_image_2php?id=100000&hmac=9d892a6925a0a3eb36a3fcff47d12f0c03c2f7c8c1 /cargo-cult-security/private_image_2php?id=100001&hmac=9d892a6925a0a3eb36a3fcff47d12f0c03c2f7c8c1
  • 17. Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
  • 18. Anti-pattern: Authentication 2 $plainTextUserId = ‘834'; echo '<h4>"Secure" URL for image ' . $plainTextUserId . '.</h4>'; $cryptTextId = bin2hex(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $plainTextId, MCRYPT_MODE_OFB, $initializationVector)); $secretImageUrl = "…?secure_id=". $cryptTextId; echo '<a href="'. $secretImageUrl .'">'.$secretImageUrl.'</a>'; private_image.php?secure_id=f3d90e http://aes.online-domain-tools.com/ 224 search space with a valid URL density of 1 16,777
  • 19. HMAC for authentication $authInfo = ‘uid=‘ . $userId ‘&ts=‘ . time(); // uid=123&ts=12345 $hmac = hash_hmac("sha256", $key, $authInfo); $authToken = $authInfo . ‘&hmac=‘ . $hmac; // uid=123&ts=12345&hmac=9a0b1c // send token to user (e.g. set as a cookie) $token = // read token (from cookie, Authorization header, …) $message = // regenerate base message (uid=123&ts=12345) $signature = $token["hmac"]; $validationHmac = hash_hmac("sha256", $key, $message); if ($validationHmac == $signature) { // let request through if timestamp is also recent enough else { // send back a 403 Forbidden } Login Protected service
  • 20. Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
  • 21. Anti-pattern: Integrity $aes = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, ''); … return mcrypt_generic($aes, $data); $cipher [45] = chr(ord($cipher [45]) ^ ord(".") ^ ord ("0")); $aes = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, ''); … return mdecrypt_generic($aes, $data);
  • 22. Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
  • 23. Encryption Parameters Creates cipher text Cipher (AES, Blowfish, …) Secret key Data to encrypt CBC, ECB, OFB, … Initialization Vector mcrypt_encrypt( MCRYPT_BLOWFISH, $key, $plainText, MCRYPT_MODE_CBC, $iv);
  • 24. Anti-pattern: Encryption Modes $plainImageData = file_get_contents($file); $cryptText = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $plainImageData, MCRYPT_MODE_ECB, $initializationVector); file_put_contents($file . ".encrypted.data", $cryptText);
  • 25.
  • 26. Cipher-block Chaining Mode $plainImageData = file_get_contents($file); $cryptText = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $plainImageData, MCRYPT_MODE_CBC, $initializationVector); file_put_contents($file . ".encrypted.data", $cryptText);
  • 27. Encryption Parameters Creates cipher text Cipher (AES, Blowfish, …) Secret key Data to encrypt CBC, ECB, OFB, … Initialization Vector mcrypt_encrypt( MCRYPT_BLOWFISH, $key, $plainText, MCRYPT_MODE_CBC, $iv);
  • 28. May 20th 1942 Message intercepted Island “AF” June 3rd 1942 Battle of Midway
  • 29. Anti-pattern: Initialization Vector $plainText = “Hold"; $cryptText = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $plainText, MCRYPT_MODE_CBC, md5($key)); • Monday: “a8b8f95c4684b3f3” • Tuesday: “a8b8f95c4684b3f3” • Wednesday: “a8b8f95c4684b3f3” • Thursday: “a8b8f95c4684b3f3” • Friday: “10f32c937a1284db”
  • 30. Modes and IVs • Cipher-block chaining prevents patterns within messages • Correct IV prevents patterns across messages
  • 31. Generating Keys & Initialization Vectors $key = “koicy37m8ao2nl07"; $iv = rand(); $cypherText = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $plainText, MCRYPT_MODE_CBC, $iv); • How many bits of key entropy can be contained in 16 alphanumeric characters? • 96 bits! • ~0.00000002% of possible search space • What initialization vector is really used here? • “0000000000000000”! • PHP Warning: mcrypt_decrypt(): The IV parameter must be as long as the blocksize in /home/derrick/…/CBC.php on line 27 • Use • $size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC); • mcrypt_create_iv($size);
  • 32. Anti-pattern: Random Values <form action=""> <label>Donation amount</label> <input type="text" value="10.00"> <?php $csrfToken = rand(); setCookie("csrfToken", $csrfToken); echo "<input type="hidden" value="$csrfToken">“; ?> <input type="submit" value="Submit"> </form>
  • 33. Finding Linear Congruential Seed Random random = new Random(); long v1 = random.nextInt(); long v2 = random.nextInt(); for (int i = 0; i < 65536; i++) { long seed = v1 * 65536 + i; if (((seed * multiplier + addend) & mask) >>> 16) == v2) { System.out.println("Seed found: " + seed); break; } }
  • 34. Anti-pattern: Psuedo-random Session IDs <?php $uid = "12345678"; $sessionId = md5($uid . rand() . microtime()); setCookie(“session_id", $sessionId); ?> Really only ~20 bits of entropy. A modern GPU can calculate that in a second!9,12
  • 35. HMACs and Secure Random <form action=""> <label>Donation amount</label> <input type="text" value="10.00"> <?php $csrfToken = openssl_random_pseudo_bytes(32); setCookie("csrfToken", bin2hex($csrfToken)); echo "<input type="hidden" value="$csrfToken">“; ?> <input type="submit" value="Submit"> </form> Do not use sessions! Use HMACs! Seriously.
  • 36. No Cargo Cult Security! 1. Identify true security goal. 2. Find correct crypto primitive. 3. Spend some time to learn about it. 4. Write as little of your own crypto code as possible.
  • 37. Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
  • 38. Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
  • 40. References 1. http://en.wikipedia.org/wiki/Cargo_cult 2. http://neurotheory.columbia.edu/~ken/cargo_cult.html 3. http://en.wikipedia.org/wiki/Post_hoc_ergo_propter_hoc 4. http://en.wikipedia.org/wiki/Cargo_cult_programming 5. https://oracleus.activeevents.com/2013/connect/sessionDetail.ww?SESSION_ID=6325 6. http://www.scs.stanford.edu/10au-cs144/notes/ 7. http://resources.infosecinstitute.com/cbc-byte-flipping-attack-101-approach/ 8. http://security.stackexchange.com/questions/18033/how-insecure-are-phps-rand-functions 9. http://crypto.di.uoa.gr/CRYPTO.SEC/Randomness_Attacks_files/paper.pdf 10. http://security.stackexchange.com/questions/17988/how-insecure-are-non-cryptographic-random-number-generators 11. http://jazzy.id.au/default/2010/09/20/cracking_random_number_generators_part_1.html 12. http://thepasswordproject.com/oclhashcat_benchmarking 13. http://www.php.net/manual/en/function.openssl-random-pseudo-bytes.php 14. http://blowfish.online-domain-tools.com/ 15. https://github.com/disaacson/cargo-cult-security 16. http://tools.ietf.org/html/rfc2104