10 application security fundamentals - part 2 - security mechanisms - encryption
- 1. ENCRYPTION Security Mechanism: Authentication Authorization Session Management Data Validation Error Handling Logging Encryption
- 2. Encryption Core Concepts Do NOT attempt to create your own encryption algorithms. Encryption Choices Hash Encryption One Way or Reversible? (e.g., SHA-256 vs. AES) Stream Cipher Block Cipher Bits vs. Blocks (e.g., RC4 vs. AES) Symmetric Asymmetric Shared vs. Public & Private Keys (e.g., AES vs. RSA) Stream Cipher ECB CBC CTR … Which Mode to Use?ECB CTR
- 3. Encryption Words to Live By If storing passwords – hash with a salt value If you’re using authentication – encrypt data in transit Properly seed random number generators
- 4. Encryption Words to Live By: #1 The problem – The software uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. If storing passwords – hash with a salt value
- 5. Real World Example – Hash Compromise Remember the Anonymous attack discussed earlier?
- 6. Secure Coding … Multiple rounds of hashing (>1000) Use the latest available hashing algorithms (SHA-2) How to create salt? – Create small random value – The salt should be different for each user – Can use a hash of the userid in some use cases Where to store salt? – In the database with the userid/password – Often pre-pended to the password in storage Preferred method – Pbkdf: https://en.wikipedia.org/wiki/PBKDF2
- 7. Encryption Words to Live By: #2 The problem – Login pages not using adequate measures to protect the user name and password while they are in transit from the client to the server. – SSL (Secure Socket Layer) provides data confidentiality and integrity to HTTP. By encrypting HTTP messages, SSL protects from attackers eavesdropping or altering message contents. If you’re using authentication – encrypt in transmission
- 8. Real World Example – Packet Capture
- 9. Real World Example - POODLE CBC encryption in SSL 3.0 – SSL has been around for 18 years Block cipher padding is not deterministic – not covered by the MAC Man in the Middle – control request – padding fills an entire block – reveals one byte at a time Encryption is HARD! POODLE = Padding Oracle On Downgraded Legacy Encryption
- 10. Encryption Words to Live By: #3 The problem – The software may use insufficiently random numbers or values in a security context that depends on unpredictable numbers. – When software generates predictable values in a context requiring unpredictability, it may be possible for an attacker to guess the next value that will be generated, and use this guess to impersonate another user or access sensitive information. Properly seed random number generators
- 11. Use of Random Numbers Symmetric keys and initialization vectors for block ciphers Session IDs Gambling games – lotteries – slot machines Statistical sampling Seed for a Pseudo Random Number Generator
- 12. Real World Example - Chip and Pin Many ATMs and point-of-sale terminals use a predictable random number Attack: – attacker predicts “unpredictable number” (UN) – customer uses a controlled terminal – "extra" transaction is performed using the UN and a future date – chip on credit card produces an Authorization Request Cryptogram (ARQC) based on UN – when time is right, attacker uses fake card with pre-recorded ARQC at ATM to withdraw cash
- 13. Secure Coding … Pitfalls – Use of predictable random number generators C: rand() Java: java.util.Random() – Forgetting to seed the random number generator -or- Using the same seed every time will generate identical sequences of numbers Java.Security.SecureRandom – (typically) uses the SHA1PRNG generator – seeds itself using /dev/urandom collects random data from disk reads, mouse movement, keystrokes, etc. – be careful overriding the PRNG or seed, make sure you know what you are doing