computer security seminar api attacks
TRANSCRIPT
Computer Security SeminarAPI Attacks
Security Engineering/Ross Andersson, Chapter 18
Shai Ziv
25th May, 2014
Application Programming Interface
โข Interface for communication between two programs.โข Two threads of the same program.
โข Two programs running on the same server.
โข Client and server.
API is Vulnerable
โข Door to the outer world.
โข Untrusted sources give commands.
โข Designing a secure API is very difficult.
โข Small programming oversights can be disastrous.
The Perfect API
void API(void)
{
printf(โNo commands availableโ);
}
Useful, eh?
Attack on Visa Security Module
โข Hardware device for bank security.
โข Stores no memory.โข Only a single master key stored in tamper-resistant memory.
โข Encryption under this key is โunbreakableโ.
โข We will look at the Terminal Key Generation for ATMs
โข ATM security is based on dual control (secret sharing)โข ๐พ = ๐พ1 โ ๐พ2
Attack on Visa Security Module โcont.โข Key creation:
๐๐๐๐๐๐๐๐ธ๐(๐พ1)
๐๐๐๐พ1
๐๐๐๐๐๐ 1
๐๐๐๐๐๐๐๐ธ๐(๐พ2)
๐๐๐๐พ2
๐๐๐๐๐๐ 2
๐๐๐๐๐๐๐๐ธ๐ ๐พ1 ,๐ธ๐(๐พ2)
๐๐๐
๐๐๐๐๐๐๐๐ธ๐(๐พ=๐พ1โ๐พ2)
๐๐๐
โข What happens if we insert the same encrypted key twice?โข ๐พ = ๐พ1 โ ๐พ1 = 0.
โข Known key inside the system.
Attack on Visa Security Module โ cont.
โข The problem: Support of offline ATMs.
โข ๐๐๐๐๐๐m๐ธ๐ ๐๐ผ๐ ,๐ธ๐(๐พ)
๐๐๐
โข ๐๐๐๐๐๐๐๐ธ๐พ(๐๐ผ๐)
๐๐๐
โข ๐๐ผ๐ = ๐ท0(โ ).
Attack on Visa Security Module โ cont.
โข How to fix?
โข Independent atomic commands!
๐๐๐๐๐๐๐๐ธ(๐พ)
๐๐๐๐๐๐๐๐๐ 1
๐๐๐๐๐๐ 2
๐พ1
๐พ2
Attack on IBM PIN Generation
โข Wild credit cards appear!
โข IBM uses PIN generation.
โข Itโs not very effectiveโฆ
โข In IBM PIN code generation, ๐๐ผ๐๐ถ depends on 3 values:โข ๐๐ผ๐๐ โ bankโs master PIN.
โข ๐๐ถ โ account number.
โข ๐๐๐๐ ๐๐ก โ for memorable (weak) PIN.
Attack on IBM PIN Generation โ cont.
โข The algorithm:
๐ป๐๐ฅ = ๐ธ๐๐ผ๐๐๐๐ถ ๐ป๐๐ฅ = ๐2๐๐126๐69๐๐๐82๐
๐ท๐๐ = ๐ท๐๐_๐๐๐๐๐(๐ป๐๐ฅ) ๐ท๐๐ = 022412626904823
๐๐ผ๐๐ถ = ๐ท๐๐ 1. . 4 + ๐๐๐๐ ๐๐ก ๐๐ผ๐๐ถ = 0224 + 6565 = 6789
โข Great Idea (?): ๐ท๐๐_๐๐๐๐๐ is supplied by the user.
โข ๐ท๐๐_๐๐๐๐๐ = 0123456789012345 was widely used.
Attack on IBM PIN Generation โ cont.
โข Set ๐ท๐๐_๐๐๐๐๐ = 0000000000000000.
โข Get E ๐๐ผ๐๐ถ = 0000 .
โข Set ๐ท๐๐_๐๐๐๐๐ = 1000000000000000.
โข If ๐ธ(๐๐ผ๐๐ถ) changed, then it contained a โ0โ.
โข And so onโฆ
โข With a few dozen queries ๐๐ผ๐๐ถ can be found.
Attack on IBM PIN Generation โ cont.
โข How to fix?โข IBMโs โsolutionโ:
โข Must contain at least 8 different characters, that appear at most 4 times.
โข What about โ0123456789012345โ, then โ1123456789012345โ, and so on?
โข Be careful when using userโs input, and avoid it as much as possible.โข Remember the perfect API!
API Programming - Input Check
โข The API itself can be 100% safe.
โข The communication still will not be secure.
โข Before you execute, check the input you are executing!
SQL Injection (Input Check โ example)
โข Many APIs use SQL transactions in the background.
โข The code is written in advance,
and the parameters are taken from the API call.
โข If the parameter isnโt checked, SQL code can be โInjectedโ and executed.
โข SQL code:๐ ๐๐๐๐๐ก โ๐๐๐๐ ๐ค๐๐๐๐๐๐ ๐คโ๐๐๐ ๐๐๐๐ = โฒ$$โฒ ;
โข Expected parameter ($$): ๐โ๐๐ ๐๐๐ฃ
โข Attackerโs parameter: ๐โ๐๐ ๐๐๐ฃโฒ); ๐๐๐ ๐๐๐ก ๐๐๐ก๐ ๐ค๐๐๐๐๐๐ ๐ฃ๐๐๐ข๐๐ (โฒ๐ฝ๐๐๐๐๐๐ฆ ๐ต๐๐๐๐กโ๐๐๐
โข When inserted:๐ ๐๐๐๐๐ก โ๐๐๐๐ ๐ค๐๐๐๐๐๐ ๐คโ๐๐๐ ๐๐๐๐ = (โฒ๐โ๐๐ ๐๐๐ฃโฒ);
๐๐๐ ๐๐๐ก ๐๐๐ก๐ ๐ค๐๐๐๐๐๐ ๐ฃ๐๐๐ข๐๐ (โฒ๐ฝ๐๐๐๐๐๐ฆ ๐ต๐๐๐๐กโ๐๐๐โฒ);
SQL Injection โ cont.
Buffer Overflow (Input Check โ example)
โข Every API reads input from the user.
โข No computer has an infinite input buffer.
โข Devastating attacks can be executed if input string length is not checked.
โข What is the problem here?
๐๐๐๐ โ
{๐โ๐๐ ๐๐ข๐๐๐๐ 128 ;๐๐๐ก๐ ๐๐ข๐๐๐๐ ;
}
Buffer Overflow โ The Stack
Stack
gets locals
BP
return addr
param - buffer
buffer
BP
return addr
gets frame
main frame
No Buffer Overflow โ No Attack
Stack
gets locals
BP
return addr
param - buffer
buffer
BP
return addr
Stack
gets locals
BP
return addr
param - buffer
โHello World!โ
BP
return addr
Stack
โHello World!โ
BP
return addr
Buffer Overflow โ The Attack
Stack
gets locals
BP
return addr
param - buffer
buffer
BP
return addr
Stack
gets locals
BP
return addr
param - buffer
Code:download(โnyan.mp3โ)
while ( 1 )play(โnyan.mp3โ)
~override~
buffer addr
โข main finishes as usualโข Computer is infected
Summary โ API Design
โข Designing a secure set of commands is very difficult.
โข Single secure looking command might be insecure.
โข Multiple secure commands might be insecure when combined.
โข Each user input can be used for an attack.
Summary โ API Design โ cont.
โข Simplicity is key.โข Complicated APIs are all the more vulnerable.โข Atomic and independent commands.
โข Many failures happen when adding features to API.โข When designed initially, those features were not considered.โข The feature itself should be checked and rechecked.โข Relations between the new feature and old features might be problematic.โข Is the feature necessary?
โข Use as minimal input as possible.โข There is no reason to use a parameter from the user, when you know its value in advance.
Summary โ API Implementation
โข Input check.
โข Input check.
โข Input check.
โข The code which handles the userโs input is extremely critical, and should be treated that way.
Backup
Attack on the 4758
โข 4758 is IBMโs equivalent to Visaโs module.
โข The 4758 supported โcheck valueโ creation for a key ๐พ
โข ๐โ๐๐๐ = ๐ธ๐พ(0)
โข At the time the key length was 56 bits.โข This means we need 255 effort to crack an unknown key,
which is (not really) too much.
Attack on the 4758 โ cont.
โข We do not need to crack a specific key.โข The 4758 would re-encrypt data with a different key
โข Meet in the middle attack:1. Collect a number of check values. Say 216 (takes a few hours)
2. Store them in a hash table.
3. Go over keys until you get a hit. (takes 256
216 = 240 effort)
4. ?????
5. Profit.