Cargo Cult Security at OpenWest
Download as PPTX, PDF1 like2,490 views
The document discusses the concept of 'cargo cult security' in programming, emphasizing the importance of understanding true security goals and selecting appropriate cryptographic primitives rather than blindly following security patterns. It includes various examples of cryptographic implementations and highlights common anti-patterns, such as poor random value generation and insecure session management. The document concludes with a call to action for developers to enhance their knowledge of security practices and avoid superficial implementations.
![private_image.php?secure_id=573146feb41e
$cryptTextId = $_GET["secure_id"];
$plainTextId = rtrim(mcrypt_decrypt(MCRYPT_BLOWFISH, $key,
hex2bin($cryptTextId), MCRYPT_MODE_OFB,
$initializationVector));
$imageData = file_get_contents("img/“ . $plainTextId);
echo '<img src="data:image/png;base64,‘
. base64_encode($imageData).'">‘;
573146feb41e
100000
Team Photo](https://image.slidesharecdn.com/cargocultsecurityopenwestmay2014-140509171629-phpapp02/85/Cargo-Cult-Security-at-OpenWest-12-320.jpg)
![private_image.php?secure_id=573146feb41e
private_image.php?secure_id=573146feb41f
$cryptTextId = $_GET["secure_id"];
$plainTextId = rtrim(mcrypt_decrypt(MCRYPT_BLOWFISH, $key,
hex2bin($cryptTextId), MCRYPT_MODE_OFB,
$initializationVector));
$imageData = file_get_contents("img/“ . $plainTextId);
echo '<img src="data:image/png;base64,‘
. base64_encode($imageData).'">‘;
573146feb41f
100001
Attack Plan](https://image.slidesharecdn.com/cargocultsecurityopenwestmay2014-140509171629-phpapp02/85/Cargo-Cult-Security-at-OpenWest-13-320.jpg)
![HMAC
$plainTextId = '100000';
$hmac = hash_hmac("sha256", $key, $plainTextId);
$secretImageUrl = "…?id=". $plainTextId . "&hmac=" . $hmac;
echo '<a href="'. $secretImageUrl .'">' . $secretImageUrl . '</a>';
$plainTextId = $_GET["id"];
$signature = $_GET["hmac"];
$hmac = hash_hmac("sha256", $key, $plainTextId);
if ($hmac == $signature) {
$imageData = file_get_contents("img/" . $plainTextId . ".jpg");
echo '<img src="data:image/png;base64,'. base64_encode($imageData)
.'">'; }
else {
echo '<h4 class="error">Permission Denied!</h4>';
}
Permission Denied!
/cargo-cult-security/private_image_2php?id=100000&hmac=9d892a6925a0a3eb36a3fcff47d12f0c03c2f7c8c1
/cargo-cult-security/private_image_2php?id=100001&hmac=9d892a6925a0a3eb36a3fcff47d12f0c03c2f7c8c1](https://image.slidesharecdn.com/cargocultsecurityopenwestmay2014-140509171629-phpapp02/85/Cargo-Cult-Security-at-OpenWest-16-320.jpg)
![HMAC for authentication
$authInfo = ‘uid=‘ . $userId ‘&ts=‘ . time();
// uid=123&ts=12345
$hmac = hash_hmac("sha256", $key, $authInfo);
$authToken = $authInfo . ‘&hmac=‘ . $hmac;
// uid=123&ts=12345&hmac=9a0b1c
// send token to user (e.g. set as a cookie)
$token = // read token (from cookie, Authorization header, …)
$message = // regenerate base message (uid=123&ts=12345)
$signature = $token["hmac"];
$validationHmac = hash_hmac("sha256", $key, $message);
if ($validationHmac == $signature) {
// let request through if timestamp is also recent enough
else {
// send back a 403 Forbidden
}
Login
Protected
service](https://image.slidesharecdn.com/cargocultsecurityopenwestmay2014-140509171629-phpapp02/85/Cargo-Cult-Security-at-OpenWest-19-320.jpg)
![Anti-pattern: Integrity
$aes = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');
…
return mcrypt_generic($aes, $data);
$cipher [45] = chr(ord($cipher [45]) ^ ord(".") ^ ord ("0"));
$aes = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');
…
return mdecrypt_generic($aes, $data);](https://image.slidesharecdn.com/cargocultsecurityopenwestmay2014-140509171629-phpapp02/85/Cargo-Cult-Security-at-OpenWest-21-320.jpg)
Cargo Cult Security at OpenWest
- 1. Cargo Cult Security - OpenWest https://github.com/disaacson/cargo-cult-security by Derrick Isaacson
- 4. Cargo Cult Programming Ritualistic inclusion of code or patterns that are unnecessary for the task at hand. • Design patterns • Factory • Wrapper • Dependency injection • Cryptography • Encryption • Hashing
- 6. Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
- 7. Classic Encryption Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
- 9. Symmetric Key Cryptography (Private-key Cryptography) • Blowfish • Twofish • Serpent • AES (Rijndael) • CAST5 • RC4 • 3DES • IDEA HTTPS (TLS) SSH (SSL) LUKS Disk Encryption KeePass
- 10. Blowfish Example $plaintext = ‘Keep it secret. Keep it safe.'; $ciphertext = mcrypt_encrypt(MCRYPT_BLOWFISH, ‘0123456789', $plaintext, MCRYPT_MODE_CBC, ‘87acec17cd9dcd20'); $crypttextHex = bin2hex($ciphertext); echo $crypttextHex; a8 c5 22 a1 c5 19 97 70 95 a9 12 af 1a 1f 83 4e 0e d7 20 9e ea ab ba 7f 6c d5 d7 de a0 24 1a 5b
- 11. Anti-pattern: Authentication $plainTextId = '100000'; echo '<h4>"Secure" URL for image ' . $plainTextId . '.</h4>'; $cryptTextId = bin2hex(mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $plainTextId, MCRYPT_MODE_OFB, $initializationVector)); $secretImageUrl = "…?secure_id=". $cryptTextId; echo '<a href="'. $secretImageUrl .'">'.$secretImageUrl.'</a>'; private_image.php?secure_id=573146feb41e
- 12. private_image.php?secure_id=573146feb41e $cryptTextId = $_GET["secure_id"]; $plainTextId = rtrim(mcrypt_decrypt(MCRYPT_BLOWFISH, $key, hex2bin($cryptTextId), MCRYPT_MODE_OFB, $initializationVector)); $imageData = file_get_contents("img/“ . $plainTextId); echo '<img src="data:image/png;base64,‘ . base64_encode($imageData).'">‘; 573146feb41e 100000 Team Photo
- 13. private_image.php?secure_id=573146feb41e private_image.php?secure_id=573146feb41f $cryptTextId = $_GET["secure_id"]; $plainTextId = rtrim(mcrypt_decrypt(MCRYPT_BLOWFISH, $key, hex2bin($cryptTextId), MCRYPT_MODE_OFB, $initializationVector)); $imageData = file_get_contents("img/“ . $plainTextId); echo '<img src="data:image/png;base64,‘ . base64_encode($imageData).'">‘; 573146feb41f 100001 Attack Plan
- 14. Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
- 15. Message Authentication Codes HMAC(key, message) HMAC: RFC 2104 • HMAC-MD5 • HMAC-SHA1 • HMAC-SHA256 Message MAC
- 16. HMAC $plainTextId = '100000'; $hmac = hash_hmac("sha256", $key, $plainTextId); $secretImageUrl = "…?id=". $plainTextId . "&hmac=" . $hmac; echo '<a href="'. $secretImageUrl .'">' . $secretImageUrl . '</a>'; $plainTextId = $_GET["id"]; $signature = $_GET["hmac"]; $hmac = hash_hmac("sha256", $key, $plainTextId); if ($hmac == $signature) { $imageData = file_get_contents("img/" . $plainTextId . ".jpg"); echo '<img src="data:image/png;base64,'. base64_encode($imageData) .'">'; } else { echo '<h4 class="error">Permission Denied!</h4>'; } Permission Denied! /cargo-cult-security/private_image_2php?id=100000&hmac=9d892a6925a0a3eb36a3fcff47d12f0c03c2f7c8c1 /cargo-cult-security/private_image_2php?id=100001&hmac=9d892a6925a0a3eb36a3fcff47d12f0c03c2f7c8c1
- 17. Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
- 18. Anti-pattern: Authentication 2 $plainTextUserId = ‘834'; echo '<h4>"Secure" URL for image ' . $plainTextUserId . '.</h4>'; $cryptTextId = bin2hex(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $plainTextId, MCRYPT_MODE_OFB, $initializationVector)); $secretImageUrl = "…?secure_id=". $cryptTextId; echo '<a href="'. $secretImageUrl .'">'.$secretImageUrl.'</a>'; private_image.php?secure_id=f3d90e http://aes.online-domain-tools.com/ 224 search space with a valid URL density of 1 16,777
- 19. HMAC for authentication $authInfo = ‘uid=‘ . $userId ‘&ts=‘ . time(); // uid=123&ts=12345 $hmac = hash_hmac("sha256", $key, $authInfo); $authToken = $authInfo . ‘&hmac=‘ . $hmac; // uid=123&ts=12345&hmac=9a0b1c // send token to user (e.g. set as a cookie) $token = // read token (from cookie, Authorization header, …) $message = // regenerate base message (uid=123&ts=12345) $signature = $token["hmac"]; $validationHmac = hash_hmac("sha256", $key, $message); if ($validationHmac == $signature) { // let request through if timestamp is also recent enough else { // send back a 403 Forbidden } Login Protected service
- 20. Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
- 21. Anti-pattern: Integrity $aes = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, ''); … return mcrypt_generic($aes, $data); $cipher [45] = chr(ord($cipher [45]) ^ ord(".") ^ ord ("0")); $aes = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, ''); … return mdecrypt_generic($aes, $data);
- 22. Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
- 23. Encryption Parameters Creates cipher text Cipher (AES, Blowfish, …) Secret key Data to encrypt CBC, ECB, OFB, … Initialization Vector mcrypt_encrypt( MCRYPT_BLOWFISH, $key, $plainText, MCRYPT_MODE_CBC, $iv);
- 24. Anti-pattern: Encryption Modes $plainImageData = file_get_contents($file); $cryptText = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $plainImageData, MCRYPT_MODE_ECB, $initializationVector); file_put_contents($file . ".encrypted.data", $cryptText);
- 26. Cipher-block Chaining Mode $plainImageData = file_get_contents($file); $cryptText = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $plainImageData, MCRYPT_MODE_CBC, $initializationVector); file_put_contents($file . ".encrypted.data", $cryptText);
- 27. Encryption Parameters Creates cipher text Cipher (AES, Blowfish, …) Secret key Data to encrypt CBC, ECB, OFB, … Initialization Vector mcrypt_encrypt( MCRYPT_BLOWFISH, $key, $plainText, MCRYPT_MODE_CBC, $iv);
- 28. May 20th 1942 Message intercepted Island “AF” June 3rd 1942 Battle of Midway
- 29. Anti-pattern: Initialization Vector $plainText = “Hold"; $cryptText = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $plainText, MCRYPT_MODE_CBC, md5($key)); • Monday: “a8b8f95c4684b3f3” • Tuesday: “a8b8f95c4684b3f3” • Wednesday: “a8b8f95c4684b3f3” • Thursday: “a8b8f95c4684b3f3” • Friday: “10f32c937a1284db”
- 30. Modes and IVs • Cipher-block chaining prevents patterns within messages • Correct IV prevents patterns across messages
- 31. Generating Keys & Initialization Vectors $key = “koicy37m8ao2nl07"; $iv = rand(); $cypherText = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $plainText, MCRYPT_MODE_CBC, $iv); • How many bits of key entropy can be contained in 16 alphanumeric characters? • 96 bits! • ~0.00000002% of possible search space • What initialization vector is really used here? • “0000000000000000”! • PHP Warning: mcrypt_decrypt(): The IV parameter must be as long as the blocksize in /home/derrick/…/CBC.php on line 27 • Use • $size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC); • mcrypt_create_iv($size);
- 32. Anti-pattern: Random Values <form action=""> <label>Donation amount</label> <input type="text" value="10.00"> <?php $csrfToken = rand(); setCookie("csrfToken", $csrfToken); echo "<input type="hidden" value="$csrfToken">“; ?> <input type="submit" value="Submit"> </form>
- 33. Finding Linear Congruential Seed Random random = new Random(); long v1 = random.nextInt(); long v2 = random.nextInt(); for (int i = 0; i < 65536; i++) { long seed = v1 * 65536 + i; if (((seed * multiplier + addend) & mask) >>> 16) == v2) { System.out.println("Seed found: " + seed); break; } }
- 34. Anti-pattern: Psuedo-random Session IDs <?php $uid = "12345678"; $sessionId = md5($uid . rand() . microtime()); setCookie(“session_id", $sessionId); ?> Really only ~20 bits of entropy. A modern GPU can calculate that in a second!9,12
- 35. HMACs and Secure Random <form action=""> <label>Donation amount</label> <input type="text" value="10.00"> <?php $csrfToken = openssl_random_pseudo_bytes(32); setCookie("csrfToken", bin2hex($csrfToken)); echo "<input type="hidden" value="$csrfToken">“; ?> <input type="submit" value="Submit"> </form> Do not use sessions! Use HMACs! Seriously.
- 36. No Cargo Cult Security! 1. Identify true security goal. 2. Find correct crypto primitive. 3. Spend some time to learn about it. 4. Write as little of your own crypto code as possible.
- 37. Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
- 38. Crypto Primitives & Goals Hash MAC HMAC Symmetric Key Crypto Asymmetric Key Crypto Digital Signature Digital Certificates Data Integrity Data Authentication Non-repudiation Confidentiality Trust
- 39. Questions? derrick@lucidchart.com https://github.com/disaacson/cargo-cult-security
- 40. References 1. http://en.wikipedia.org/wiki/Cargo_cult 2. http://neurotheory.columbia.edu/~ken/cargo_cult.html 3. http://en.wikipedia.org/wiki/Post_hoc_ergo_propter_hoc 4. http://en.wikipedia.org/wiki/Cargo_cult_programming 5. https://oracleus.activeevents.com/2013/connect/sessionDetail.ww?SESSION_ID=6325 6. http://www.scs.stanford.edu/10au-cs144/notes/ 7. http://resources.infosecinstitute.com/cbc-byte-flipping-attack-101-approach/ 8. http://security.stackexchange.com/questions/18033/how-insecure-are-phps-rand-functions 9. http://crypto.di.uoa.gr/CRYPTO.SEC/Randomness_Attacks_files/paper.pdf 10. http://security.stackexchange.com/questions/17988/how-insecure-are-non-cryptographic-random-number-generators 11. http://jazzy.id.au/default/2010/09/20/cracking_random_number_generators_part_1.html 12. http://thepasswordproject.com/oclhashcat_benchmarking 13. http://www.php.net/manual/en/function.openssl-random-pseudo-bytes.php 14. http://blowfish.online-domain-tools.com/ 15. https://github.com/disaacson/cargo-cult-security 16. http://tools.ietf.org/html/rfc2104