Dark Clouds on the Horizon: Using Cloud Storage as Attack ... · Wuala Cryptree yes yes yes...
Transcript of Dark Clouds on the Horizon: Using Cloud Storage as Attack ... · Wuala Cryptree yes yes yes...
![Page 1: Dark Clouds on the Horizon: Using Cloud Storage as Attack ... · Wuala Cryptree yes yes yes SpiderOak proprietary yes yes yes Ubuntu One u1storage yes no yes Dropbox proprietary yes](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8da7b73e86cd5d7c4cb2fa/html5/thumbnails/1.jpg)
Dark Clouds on the Horizon:Using Cloud Storage as Attack Vector and Online
Slack Space
Martin Mulazzani, Sebastian Schrittwieser, Manuel Leithner,Markus Huber, Edgar Weippl
SBA Research
![Page 2: Dark Clouds on the Horizon: Using Cloud Storage as Attack ... · Wuala Cryptree yes yes yes SpiderOak proprietary yes yes yes Ubuntu One u1storage yes no yes Dropbox proprietary yes](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8da7b73e86cd5d7c4cb2fa/html5/thumbnails/2.jpg)
Outline
Cloud Storage in General
Dropbox in particular
Results & Countermeasures
![Page 3: Dark Clouds on the Horizon: Using Cloud Storage as Attack ... · Wuala Cryptree yes yes yes SpiderOak proprietary yes yes yes Ubuntu One u1storage yes no yes Dropbox proprietary yes](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8da7b73e86cd5d7c4cb2fa/html5/thumbnails/3.jpg)
Cloud Storage Overview
![Page 4: Dark Clouds on the Horizon: Using Cloud Storage as Attack ... · Wuala Cryptree yes yes yes SpiderOak proprietary yes yes yes Ubuntu One u1storage yes no yes Dropbox proprietary yes](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8da7b73e86cd5d7c4cb2fa/html5/thumbnails/4.jpg)
Systems Overview
Simple systems:
I FTP, WebDAV, NFS ...
More complex systems:
I Delta sync
I Folder sharing, incl. push
I P2P
I Encryption (?)
c©porsche89y, flickr.com
![Page 5: Dark Clouds on the Horizon: Using Cloud Storage as Attack ... · Wuala Cryptree yes yes yes SpiderOak proprietary yes yes yes Ubuntu One u1storage yes no yes Dropbox proprietary yes](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8da7b73e86cd5d7c4cb2fa/html5/thumbnails/5.jpg)
More complex systems
Examples:Name Protocol Encrypted Encrypted Shared
transmission storage storageWuala Cryptree yes yes yes
SpiderOak proprietary yes yes yesUbuntu One u1storage yes no yes
Dropbox proprietary yes no yes
User has to choose threat model:
I Danger of honest, but curious operator?
I Unauthorized file access by third parties?
I Location of data?
![Page 6: Dark Clouds on the Horizon: Using Cloud Storage as Attack ... · Wuala Cryptree yes yes yes SpiderOak proprietary yes yes yes Ubuntu One u1storage yes no yes Dropbox proprietary yes](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8da7b73e86cd5d7c4cb2fa/html5/thumbnails/6.jpg)
Data Deduplication
At the server:
I Same file only stored once
I Benefit: Save storage space at the server
At the client:
I Calculate hash sum or other digest
I Benefit: Reduce communication with clients
Beneficial for everyone, right?
![Page 7: Dark Clouds on the Horizon: Using Cloud Storage as Attack ... · Wuala Cryptree yes yes yes SpiderOak proprietary yes yes yes Ubuntu One u1storage yes no yes Dropbox proprietary yes](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8da7b73e86cd5d7c4cb2fa/html5/thumbnails/7.jpg)
Data Deduplication
At the server:
I Same file only stored once
I Benefit: Save storage space at the server
At the client:
I Calculate hash sum or other digest
I Benefit: Reduce communication with clients
Beneficial for everyone, right?
![Page 8: Dark Clouds on the Horizon: Using Cloud Storage as Attack ... · Wuala Cryptree yes yes yes SpiderOak proprietary yes yes yes Ubuntu One u1storage yes no yes Dropbox proprietary yes](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8da7b73e86cd5d7c4cb2fa/html5/thumbnails/8.jpg)
An efficient cloud architecture
Storage
Cloud System
1. Add file
2. Hash it
3. Send hash
to server
4. Determine availability
![Page 9: Dark Clouds on the Horizon: Using Cloud Storage as Attack ... · Wuala Cryptree yes yes yes SpiderOak proprietary yes yes yes Ubuntu One u1storage yes no yes Dropbox proprietary yes](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8da7b73e86cd5d7c4cb2fa/html5/thumbnails/9.jpg)
Our contributions
Outline three attacks:
I Hash Manipulation Attack
I Stolen Host ID Attack
I Direct Up-/Download Attack
Show their feasibility on Dropbox, a popular cloud storage service
![Page 10: Dark Clouds on the Horizon: Using Cloud Storage as Attack ... · Wuala Cryptree yes yes yes SpiderOak proprietary yes yes yes Ubuntu One u1storage yes no yes Dropbox proprietary yes](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8da7b73e86cd5d7c4cb2fa/html5/thumbnails/10.jpg)
Details Dropbox
I uses Amazon Simple Storage System (S3)
I data deduplication, using SHA-256
I files split in 4 MB chunks
I (server-side) AES-256
I 25 million users
I Store more than 100 billion files
I 1 million files added every 5 minutes
![Page 11: Dark Clouds on the Horizon: Using Cloud Storage as Attack ... · Wuala Cryptree yes yes yes SpiderOak proprietary yes yes yes Ubuntu One u1storage yes no yes Dropbox proprietary yes](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8da7b73e86cd5d7c4cb2fa/html5/thumbnails/11.jpg)
Details Dropbox
I uses Amazon Simple Storage System (S3)
I data deduplication, using SHA-256
I files split in 4 MB chunks
I (server-side) AES-256
I 25 million users
I Store more than 100 billion files
I 1 million files added every 5 minutes
![Page 12: Dark Clouds on the Horizon: Using Cloud Storage as Attack ... · Wuala Cryptree yes yes yes SpiderOak proprietary yes yes yes Ubuntu One u1storage yes no yes Dropbox proprietary yes](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8da7b73e86cd5d7c4cb2fa/html5/thumbnails/12.jpg)
Attack #1 - Hash Manipulation Attack
Manipulating local hashcomputation
I Every time a new file isadded
I Can be set arbitrarily
I Hash value needs to beknown
I Results in unauthorized fileaccess
I Undetectable for victim orDropbox
Disclaimer: attack valid againstall systems with client-side datadeduplication
Dropbox-Client(Python)
Modified NCrypto(wrapper)
SHA-256
OpenSSL(hash value calculation)
replacinghash value
![Page 13: Dark Clouds on the Horizon: Using Cloud Storage as Attack ... · Wuala Cryptree yes yes yes SpiderOak proprietary yes yes yes Ubuntu One u1storage yes no yes Dropbox proprietary yes](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8da7b73e86cd5d7c4cb2fa/html5/thumbnails/13.jpg)
Attack #1 - Hash Manipulation Attack
Manipulating local hashcomputation
I Every time a new file isadded
I Can be set arbitrarily
I Hash value needs to beknown
I Results in unauthorized fileaccess
I Undetectable for victim orDropbox
Disclaimer: attack valid againstall systems with client-side datadeduplication
Dropbox-Client(Python)
Modified NCrypto(wrapper)
SHA-256
OpenSSL(hash value calculation)
replacinghash value
![Page 14: Dark Clouds on the Horizon: Using Cloud Storage as Attack ... · Wuala Cryptree yes yes yes SpiderOak proprietary yes yes yes Ubuntu One u1storage yes no yes Dropbox proprietary yes](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8da7b73e86cd5d7c4cb2fa/html5/thumbnails/14.jpg)
Attack #2 - Stolen Host ID Attack
Dropbox uses host ID to link particular host with account
I Credentials needed only once
I 128bit in length
I Arguable a security issue?
I Can be detected / prevented by Dropbox
Independently discovered by Derek Newton, April 2011
![Page 15: Dark Clouds on the Horizon: Using Cloud Storage as Attack ... · Wuala Cryptree yes yes yes SpiderOak proprietary yes yes yes Ubuntu One u1storage yes no yes Dropbox proprietary yes](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8da7b73e86cd5d7c4cb2fa/html5/thumbnails/15.jpg)
Attack #3 - Direct Up-/Download Attack
Transmission protocol is built upon HTTPS
I Simple HTTPS request:https://dl-clientXX.dropbox.com/retrieve
I As POST data: SHA-256 value & a valid host ID
I No check if chunk is linked with account!
I Easily exploitable
I Same effect as hash manipulation attack, but less stealth
I Can be detected / prevented by Dropbox
![Page 16: Dark Clouds on the Horizon: Using Cloud Storage as Attack ... · Wuala Cryptree yes yes yes SpiderOak proprietary yes yes yes Ubuntu One u1storage yes no yes Dropbox proprietary yes](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8da7b73e86cd5d7c4cb2fa/html5/thumbnails/16.jpg)
Attack #3 - Direct Up-/Download Attack
Transmission protocol is built upon HTTPS
I Simple HTTPS request:https://dl-clientXX.dropbox.com/retrieve
I As POST data: SHA-256 value & a valid host ID
I No check if chunk is linked with account!
I Easily exploitable
I Same effect as hash manipulation attack, but less stealth
I Can be detected / prevented by Dropbox
![Page 17: Dark Clouds on the Horizon: Using Cloud Storage as Attack ... · Wuala Cryptree yes yes yes SpiderOak proprietary yes yes yes Ubuntu One u1storage yes no yes Dropbox proprietary yes](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8da7b73e86cd5d7c4cb2fa/html5/thumbnails/17.jpg)
Attack #3 - Hiding data in the cloud
Same as retrieval, but for storing chunks
I Uploading without linking
I Simple HTTPS request:https://dl-clientXX.dropbox.com/store
I No storage quota / unlimited space
I If host ID is known: push data to other peoples Dropbox
I Can be detected / prevented by Dropbox
![Page 18: Dark Clouds on the Horizon: Using Cloud Storage as Attack ... · Wuala Cryptree yes yes yes SpiderOak proprietary yes yes yes Ubuntu One u1storage yes no yes Dropbox proprietary yes](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8da7b73e86cd5d7c4cb2fa/html5/thumbnails/18.jpg)
Attack #3 - Hiding data in the cloud
Same as retrieval, but for storing chunks
I Uploading without linking
I Simple HTTPS request:https://dl-clientXX.dropbox.com/store
I No storage quota / unlimited space
I If host ID is known: push data to other peoples Dropbox
I Can be detected / prevented by Dropbox
![Page 19: Dark Clouds on the Horizon: Using Cloud Storage as Attack ... · Wuala Cryptree yes yes yes SpiderOak proprietary yes yes yes Ubuntu One u1storage yes no yes Dropbox proprietary yes](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8da7b73e86cd5d7c4cb2fa/html5/thumbnails/19.jpg)
Evaluation - Part 1
We measured time until (hidden) chunks get deleted:
I Random data in multiple files
I Hidden upload: at least 4 weeks
I Regular upload: unlimited undelete possible (> 6 months)
We used the HTTPS attack:
I Stealthiness was not an issue
I Hash manipulation equally suitable
![Page 20: Dark Clouds on the Horizon: Using Cloud Storage as Attack ... · Wuala Cryptree yes yes yes SpiderOak proprietary yes yes yes Ubuntu One u1storage yes no yes Dropbox proprietary yes](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8da7b73e86cd5d7c4cb2fa/html5/thumbnails/20.jpg)
Evaluation - Part 2
Popular files on Dropbox:
I thepiratebay.org Top 100 Torrent files
I Downloaded copyright-free content (.sfv, .nfo, ...)
I 97 % (n = 368) were retrievable
I Approx. 475k seeders
I 20 % of torrents were less than 24 hours old
Interpretation:
I At least one of the seeders uses Dropbox
![Page 21: Dark Clouds on the Horizon: Using Cloud Storage as Attack ... · Wuala Cryptree yes yes yes SpiderOak proprietary yes yes yes Ubuntu One u1storage yes no yes Dropbox proprietary yes](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8da7b73e86cd5d7c4cb2fa/html5/thumbnails/21.jpg)
Evaluation - Part 2
Popular files on Dropbox:
I thepiratebay.org Top 100 Torrent files
I Downloaded copyright-free content (.sfv, .nfo, ...)
I 97 % (n = 368) were retrievable
I Approx. 475k seeders
I 20 % of torrents were less than 24 hours old
Interpretation:
I At least one of the seeders uses Dropbox
![Page 22: Dark Clouds on the Horizon: Using Cloud Storage as Attack ... · Wuala Cryptree yes yes yes SpiderOak proprietary yes yes yes Ubuntu One u1storage yes no yes Dropbox proprietary yes](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8da7b73e86cd5d7c4cb2fa/html5/thumbnails/22.jpg)
Countermeasures
Countermeasures:
I Upload every file, no client-side data deduplication
I (Data possession proofs e.g., [Ateniese et al., CCS 2007])
I ”Proof of Ownage“, by Harnik et al. [under submission]
Our solution: Interactive challenge-response protocol
![Page 23: Dark Clouds on the Horizon: Using Cloud Storage as Attack ... · Wuala Cryptree yes yes yes SpiderOak proprietary yes yes yes Ubuntu One u1storage yes no yes Dropbox proprietary yes](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8da7b73e86cd5d7c4cb2fa/html5/thumbnails/23.jpg)
Challenge-Response
Challenge the client:
I Client and Server are in possession of the same file
I Client has to answer challenges
I Precomputable by the serverI Possible challenges:
I Hash a subset of dataI Append & XOR random bits and bytesI Possibly multiple rounds
Drawbacks:
I Challenges can be forwarded
I Not a real proof!
I But makes hash manipulation attacks detectable
![Page 24: Dark Clouds on the Horizon: Using Cloud Storage as Attack ... · Wuala Cryptree yes yes yes SpiderOak proprietary yes yes yes Ubuntu One u1storage yes no yes Dropbox proprietary yes](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8da7b73e86cd5d7c4cb2fa/html5/thumbnails/24.jpg)
Challenge-Response
Challenge the client:
I Client and Server are in possession of the same file
I Client has to answer challenges
I Precomputable by the serverI Possible challenges:
I Hash a subset of dataI Append & XOR random bits and bytesI Possibly multiple rounds
Drawbacks:
I Challenges can be forwarded
I Not a real proof!
I But makes hash manipulation attacks detectable
![Page 25: Dark Clouds on the Horizon: Using Cloud Storage as Attack ... · Wuala Cryptree yes yes yes SpiderOak proprietary yes yes yes Ubuntu One u1storage yes no yes Dropbox proprietary yes](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8da7b73e86cd5d7c4cb2fa/html5/thumbnails/25.jpg)
Timeline & Kudos
Timeline:
I First results in Summer 2010
I First paper draft November 2010
I Same time notified Dropbox via a national CERT
Independent results:
I Danny Harnik, Benny Pinkas & Alexandra Shulman-Peleg(Dec. 2010)
I Derek Newton, Stolen host ID Attack (Apr. 2011)
I Chris Soghoian & Ashkan Soltani, Information leakage andFTC complaint
I Various others tools: Dropship, DropboxReader, ...
![Page 26: Dark Clouds on the Horizon: Using Cloud Storage as Attack ... · Wuala Cryptree yes yes yes SpiderOak proprietary yes yes yes Ubuntu One u1storage yes no yes Dropbox proprietary yes](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8da7b73e86cd5d7c4cb2fa/html5/thumbnails/26.jpg)
Timeline & Kudos
Timeline:
I First results in Summer 2010
I First paper draft November 2010
I Same time notified Dropbox via a national CERT
Independent results:
I Danny Harnik, Benny Pinkas & Alexandra Shulman-Peleg(Dec. 2010)
I Derek Newton, Stolen host ID Attack (Apr. 2011)
I Chris Soghoian & Ashkan Soltani, Information leakage andFTC complaint
I Various others tools: Dropship, DropboxReader, ...
![Page 27: Dark Clouds on the Horizon: Using Cloud Storage as Attack ... · Wuala Cryptree yes yes yes SpiderOak proprietary yes yes yes Ubuntu One u1storage yes no yes Dropbox proprietary yes](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8da7b73e86cd5d7c4cb2fa/html5/thumbnails/27.jpg)
Conclusion
Aftermath - Dropbox reacted in April 2011:
I They fixed the HTTPS Up-/Download Attack
I Host ID is now encrypted on disk
I No more client-side data deduplication (recently)
Conclusion:
I Hash manipulation attack is undetectable
I Applicable to all services using client-side data deduplication
I Client-side data possession proofs needed
![Page 28: Dark Clouds on the Horizon: Using Cloud Storage as Attack ... · Wuala Cryptree yes yes yes SpiderOak proprietary yes yes yes Ubuntu One u1storage yes no yes Dropbox proprietary yes](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8da7b73e86cd5d7c4cb2fa/html5/thumbnails/28.jpg)
Conclusion
Aftermath - Dropbox reacted in April 2011:
I They fixed the HTTPS Up-/Download Attack
I Host ID is now encrypted on disk
I No more client-side data deduplication (recently)
Conclusion:
I Hash manipulation attack is undetectable
I Applicable to all services using client-side data deduplication
I Client-side data possession proofs needed
![Page 29: Dark Clouds on the Horizon: Using Cloud Storage as Attack ... · Wuala Cryptree yes yes yes SpiderOak proprietary yes yes yes Ubuntu One u1storage yes no yes Dropbox proprietary yes](https://reader034.fdocuments.us/reader034/viewer/2022050418/5f8da7b73e86cd5d7c4cb2fa/html5/thumbnails/29.jpg)
Thank you for your time!
Questions?
[email protected] Dropbox (and get me extra space) :)
http://db.tt/dFKyXce