Cargo Cult Security UJUG Sep2015
-
Upload
derrick-isaacson -
Category
Technology
-
view
324 -
download
0
Transcript of Cargo Cult Security UJUG Sep2015
![Page 1: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/1.jpg)
Cargo Cult Security- Utah Java User Group 2015
https://github.com/disaacson/cargo-cult-security
by Derrick Isaacson
![Page 3: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/3.jpg)
Richard Feynman
![Page 4: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/4.jpg)
Cargo Cult Programming
Ritualistic inclusion of code or patterns that are unnecessary for the task at hand.
• Design patterns• Factory• Wrapper
• Dependency injection• Cryptography• Encryption• Hashing
![Page 5: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/5.jpg)
The Big Picture
![Page 6: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/6.jpg)
Crypto Primitives & GoalsHash MAC
HMACSymmetric Key Crypto
Asymmetric Key Crypto
Digital Signature
Digital Certificates
Data Integrity
Data AuthenticationNon-repudiation
Confidentiality
Trust
![Page 7: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/7.jpg)
Classic EncryptionHash MAC
HMACSymmetric Key Crypto
Asymmetric Key Crypto
Digital Signature
Digital Certificates
Data Integrity
Data AuthenticationNon-repudiation
Confidentiality
Trust
![Page 8: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/8.jpg)
PlaintextCiphertext Cipher
![Page 9: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/9.jpg)
Symmetric Key Cryptography(Private-key Cryptography)
• Blowfish• Twofish• Serpent• AES (Rijndael)• CAST5• RC4• 3DES• IDEA
HTTPS (TLS)SSH (SSL)LUKS Disk EncryptionKeePass
![Page 10: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/10.jpg)
Anti-pattern: Authentication
/private_image?secure_id=573146feb41e
![Page 11: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/11.jpg)
Anti-pattern: Authentication
/private_image?secure_id=573146feb41e
import javax.crypto.*
public static String getPrivateURL(String plainTextId) {
Cipher cipher = Cipher.getInstance("Blowfish/OFB/NoPadding"); cipher.init(Cipher.ENCRYPT_MODE, key, initVector);
byte[] cipherBytes = cipher.doFinal(plainTextId.getBytes());
return bytesToHex(cipherBytes);}
String plainTextId = "100000";String cipherTextId = Auth.getPrivateURL(plainTextId);
![Page 12: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/12.jpg)
/private_image?secure_id=573146feb41epublic static String getSecretImg(String cipherTextId) { cipher = Cipher.getInstance("Blowfish/OFB/NoPadding"); cipher.init(Cipher.DECRYPT_MODE, key, initVector);
byte[] plainBytes = cipher.doFinal(hexToBytes(cipherTextId));
String plainTextId = new String(plainBytes, "UTF-8"); return getImage(plainTextId);}
573146feb41e
100000
Team Photo
![Page 13: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/13.jpg)
/private_image?secure_id=573146feb41e/private_image?secure_id=573146feb41fpublic static String getSecretImg(String cipherTextId) { cipher = Cipher.getInstance("Blowfish/OFB/NoPadding"); cipher.init(Cipher.DECRYPT_MODE, key, initVector);
byte[] plainBytes = cipher.doFinal(hexToBytes(cipherTextId));
String plainTextId = new String(plainBytes, "UTF-8"); return new String(plainBytes, "UTF-8");}
573146feb41f
100001
Attack Plan
![Page 14: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/14.jpg)
Crypto Primitives & GoalsHash MAC
HMACSymmetric Key Crypto
Asymmetric Key Crypto
Digital Signature
Digital Certificates
Data Integrity
Data AuthenticationNon-repudiation
Confidentiality
Trust
![Page 15: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/15.jpg)
Message Authentication Codes
HMAC(key, message)
HMAC: RFC 2104
• HMAC-MD5• HMAC-SHA1• HMAC-SHA256
Message MAC
![Page 16: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/16.jpg)
HMAC
SecretKeySpec signingKey = new SecretKeySpec(key.getBytes(), "HmacSHA1");
Mac mac = Mac.getInstance("HmacSHA1"); mac.init(signingKey);
byte[] hmacBytes = mac.doFinal(message.getBytes());
return bytesToHex(hmacBytes);
![Page 17: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/17.jpg)
Anti-pattern: Authentication 2
/private_image?user_id=3d90e
http://aes.online-domain-tools.com/
224 search space with a valid URL density of
String plainTextId = “834";String cipherTextId = Auth.getPrivateURL(plainTextId);
public static String getPrivateURL(String plainTextId) {
Cipher cipher = Cipher.getInstance("Blowfish/OFB/NoPadding"); cipher.init(Cipher.ENCRYPT_MODE, key, initVector);
byte[] cipherBytes = cipher.doFinal(plainTextId.getBytes());
return bytesToHex(cipherBytes);}
![Page 18: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/18.jpg)
Crypto Primitives & GoalsHash MAC
HMACSymmetric Key Crypto
Asymmetric Key Crypto
Digital Signature
Digital Certificates
Data Integrity
Data AuthenticationNon-repudiation
Confidentiality
Trust
![Page 19: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/19.jpg)
Anti-pattern: Bank Deposit
![Page 20: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/20.jpg)
cipher = Cipher.getInstance(“AES/CBC/NoPadding");…return cipher.doFinal(plainText.getBytes());
msg[45] = (byte)(msg[45] ^ “0".getBytes()[0] ^ "t".getBytes()[0]);
cipher = Cipher.getInstance(“AES/CBC/NoPadding");…return cipher.doFinal(cipherText);
![Page 21: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/21.jpg)
Or…
Replay it 1000 times
![Page 22: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/22.jpg)
Crypto Primitives & GoalsHash MAC
HMACSymmetric Key Crypto
Asymmetric Key Crypto
Digital Signature
Digital Certificates
Data Integrity
Data AuthenticationNon-repudiation
Confidentiality
Trust
![Page 23: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/23.jpg)
Encryption Parameters
Cipher (AES, Blowfish, …) Secret keyData to encryptCBC, ECB, OFB, …Initialization Vector
Cipher cipher = Cipher.getInstance(“AES/ECB/NoPadding");cipher.init(Cipher.ENCRYPT_MODE, key, initVector);
![Page 24: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/24.jpg)
Anti-pattern: Encryption Modes
cipher = Cipher.getInstance(“AES/ECB/NoPadding");
![Page 25: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/25.jpg)
![Page 26: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/26.jpg)
Cipher-block Chaining Mode
cipher = Cipher.getInstance(“AES/CBC/NoPadding");
![Page 27: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/27.jpg)
Encryption Parameters
Cipher (AES, Blowfish, …) Secret keyData to encryptCBC, ECB, OFB, …Initialization Vector
Cipher cipher = Cipher.getInstance(“AES/ECB/NoPadding");cipher.init(Cipher.ENCRYPT_MODE, key, initVector);
![Page 28: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/28.jpg)
May 20th 1942Message interceptedIsland “AF”
June 3rd 1942Battle of Midway
![Page 29: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/29.jpg)
Anti-pattern: Initialization Vector
plainText = “Hold";
cryptText = cipher.doFinal(plainText.getBytes());
• Monday: “a8b8f95c4684b3f3”• Tuesday: “a8b8f95c4684b3f3”• Wednesday: “a8b8f95c4684b3f3”• Thursday: “a8b8f95c4684b3f3”• Friday: “10f32c937a1284db”
![Page 30: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/30.jpg)
Modes and IVs• Cipher-block chaining prevents patterns within
messages• Correct IV prevents patterns across messages
![Page 31: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/31.jpg)
Generating Keys & Initialization Vectorskey = “koicy37m8ao2nl07";iv = new java.util.Random().nextLong();
• How many bits of key entropy can be contained in 16 alphanumeric characters?• 96 bits• ~0.00000002% of possible search space
• What initialization vector is really used here?• “\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0”!• Warning: The IV parameter must be as long as the blocksize in …
• Use• javax.crypto• SecretKey key = KeyGenerator.getInstance("AES").generateKey();• IvParameterSpec iv = new javax.crypto.spec.IvParameterSpec(secureRandBytes);
![Page 32: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/32.jpg)
Anti-pattern: Random Values<form action=""> <label>Donation amount</label> <input type="text" value="10.00"> <%
Long csrfToken = new java.lang.Random().nextLong();
setCookie("csrfToken", csrfToken); print(String.format("<input type=\"hidden\" value=%s\">“, csrfToken); %> <input type="submit" value="Submit"></form>
![Page 33: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/33.jpg)
Finding Linear Congruential Seed
Random random = new Random();long v1 = random.nextInt();long v2 = random.nextInt();
for (int i = 0; i < 65536; i++) { long seed = v1 * 65536 + i; if (((seed * multiplier + addend) & mask) >>> 16) == v2) { System.out.println("Seed found: " + seed); break; }}
![Page 34: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/34.jpg)
Anti-pattern: Psuedo-random Session IDs<% uid = "12345678";
sessionId = md5(uid + rand.nextLong() + System.currentTimeMillis());
setCookie(“session_id", sessionId);%>
Really < 20 bits of entropy.A modern GPU can calculate that in a second!9,12
![Page 35: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/35.jpg)
HMACs and Secure Random<form action=""> <label>Donation amount</label> <input type="text" value="10.00"> <% Long csrfToken = new java.security.SecureRandom().nextLong();
setCookie("csrfToken", csrfToken); print(String.format("<input type=\"hidden\" value=%s\">“, csrfToken)); %> <input type="submit" value="Submit"></form>
Do not use sessions! Use HMACs!Seriously.
![Page 36: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/36.jpg)
No Cargo Cult Security!1. Identify true security goal.2. Find correct crypto primitive.3. Spend some time to learn about it.4. Write as little of your own crypto code as possible.
![Page 37: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/37.jpg)
Crypto Primitives & GoalsHash MAC
HMACSymmetric Key Crypto
Asymmetric Key Crypto
Digital Signature
Digital Certificates
Data Integrity
Data AuthenticationNon-repudiation
Confidentiality
Trust
![Page 38: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/38.jpg)
Crypto Primitives & GoalsHash MAC
HMACSymmetric Key Crypto
Asymmetric Key Crypto
Digital Signature
Digital Certificates
Data Integrity
Data AuthenticationNon-repudiation
Confidentiality
Trust
![Page 39: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/39.jpg)
Questions?
https://github.com/disaacson/cargo-cult-security
![Page 40: Cargo Cult Security UJUG Sep2015](https://reader036.fdocuments.us/reader036/viewer/2022062316/58eefa2a1a28ab8c1a8b4623/html5/thumbnails/40.jpg)
References1. http://en.wikipedia.org/wiki/Cargo_cult2. http://neurotheory.columbia.edu/~ken/cargo_cult.html3. http://en.wikipedia.org/wiki/Post_hoc_ergo_propter_hoc4. http://en.wikipedia.org/wiki/Cargo_cult_programming5. http://www.slideshare.net/javagroup2006/data-security-essentials-java-one-20136. http://www.scs.stanford.edu/10au-cs144/notes/7. http://resources.infosecinstitute.com/cbc-byte-flipping-attack-101-approach/8. http://security.stackexchange.com/questions/18033/how-insecure-are-phps-rand-functions9. http://crypto.di.uoa.gr/CRYPTO.SEC/Randomness_Attacks_files/paper.pdf10. http://security.stackexchange.com/questions/17988/how-insecure-are-non-cryptographic-random-number-generators11. http://jazzy.id.au/default/2010/09/20/cracking_random_number_generators_part_1.html12. http://thepasswordproject.com/oclhashcat_benchmarking13. http://www.php.net/manual/en/function.openssl-random-pseudo-bytes.php14. http://blowfish.online-domain-tools.com/15. https://github.com/disaacson/cargo-cult-security16. http://tools.ietf.org/html/rfc2104