Hacknbeers sqli and cryptography

ì Information Security SQL Injec*on and Cryptography

About me

ì  Miguel Ibarra

ì  PHP developer since 2000 ì  Actually, coding since 1986

ì  Projects from simple web pages to GRP’s

ì  SoLware Engineer @ Tiempo Development

ì  Webservices, security and cryptography fan

ì I can has ur data?

I can has ur data?

ì  Today, informa*on assets can be more valuable than physical assets… ì  Lost your USB s*ck lately?

ì  Data theL is becoming an every-‐day issue and concern…

ì Data Dump I can has ur data?

I can has ur data?

ì  linkedin.com ì  6th June 2012 ì  More than 6 million

passwords

ì  eharmony.com ì  6th June 2012 ì  More than 1.5 million

passwords

ì  last.fm ì  7th June 2012 ì  ? Million passwords

ì  yahoo.com ì  12th June 2012 ì  443K passwords ì  Sql injec*on ì  Passwords in plain text…

ì

I can has ur data?

Hot news!

ì

2010 -‐ 2013

World’s biggest data breaches

ì

2010 – 2013 (Web only)

World’s biggest data breaches

I can has ur data?

ì  Public web applica*ons expose an authen,cated and authorized connec,on to DBMS servers ì  DBMS have their own authen*ca*on and

authoriza*on systems ì  Applica*ons that use such DBMS need creden*als to

connect to DB servers ì  This type of apps can have their own auth

procedures ì  They can be vulnerable

I can has ur data?

ì  It does not maeer if your DBMS is behind a firewall and/or private network

User

Public network

Web server

Private network

DBMS Server

ì SQL Injection How I got your data

SQL Injection

ì  Golden rule:

ì  Filter/Validate inputs, escape outputs

ì  …many ‘developers’ do not follow this rule…

SQL Injection

ì  Our database schema

ì  Sample resultset WTF?

SQL Injection

ì  Live demonstra*on

ì Protecting your data – Password Hashing

Protecting your data – Password Hashing

ì  Hash ì  Algorithm that maps data of variable length to data

of fixed length ì  One way func*on

ì  Output cannot be reversed using an efficient algorithm

ì  Also called ‘pseudo-‐random func*on’ ì  Output indis*nguishable from true random data

ì  Popular hashing algorithms ì  md5 ì  sha1


ì  Hash proper*es ì  Output yields a fixed length result

ì  md5(‘1’) = ‘c4ca4238a0b923820dcc509a6f75849’

ì  md5(‘Hello world’) = ‘3e25960a79dbc69b674cd4ec67a72c62’

ì  The slightest change, totally different results ì  md5(‘Hello World’) =

‘b10a8db164e0754105b7a99be72e3fe5’


Message space Result space


Hashing encryp*ng


ì  Our new schema

ì  Sample resultset


ì  Again, cannot revert a hash using an efficient algorithm

ì  … but can be cracked… ì  Crack <> Hack

Hash Algorithm Data


ì  Brute force aeack ì  Generate hashes from a dic*onary

ì  Common words ì  Generate character combina*ons

ì  Exhaus*ve search ì  Generated hash = target hash?

ì  Bingo ì  Inneficient, but…

ì  CPU power is growing (mul*ple cores) ì  GPU can be used too (thousands of cores) ì  Cloud systems

ì ATI HD 5970 String consis*ng of a-‐z|A-‐Z|0-‐9

Algorithm Speed 8 chars 9 chars 10 chars md5 5600

million h/s 10 hours 27 days 4.5 years

sha1 2300 million h/s

26 hours 68 days 11.5 years


ì  Hash database aeack ì  Query a database with pregenerated hashes

ì  Several sites offer this service, free ì  Google.com

ì  hep://bit.ly/15O4SLN


ì  Gesng a hash through sql injec*on ì  Live demonstra*on

ì Password salting

Password salting

ì  Salt ì  Random character string

ì  f(password, salt) = hash(password + salt)

Password salting

Result

Salt

Password

Password salting

ì  Our new schema

ì  Sample resultset

Password salting

ì  Salt has to be stored in clear text as to authen*cate a user

ì  if( hash(<provided password> + <salt field>) == <password field> ) then ì  User creden*als are valid

Password salting

ì  Hash database aeack becomes improbable

ì  If hash remains unknown, brute force aeack becomes improbable ì  Total characters: 42 ì  Calcula*ons per second: 4 billion ì  Possible combina*ons: 522 duovigin*llion ì  Total *me to crack: 4 septendecillion years*

ì  According to heps://howsecureismypassword.net/

Password salting

ì  But the aeacker could modify the aeack to obtain the salt field…

ì  DEMO

ì  The aeacker would only need to launch a brute force aeack ì  Generate some character combina*on string ì  Concatenate salt and hash ì  Compare hashes

ì Password stretching

Password stretching

ì  To mi,gate men*oned aeack, use password stretching technique

ì  Create a recursive / itera*ve algorithm that calculates a hash value over itself thousand (or more) *mes

Salt Password Hash

Salt Password Hash

Salt Password

Hash Algorithm

Hash Algorithm

Thousands of *mes

Password stretching

ì  This algorithm should iterate enough to delay each calcula*on by 1 second

ì  In order to crack with a brute force aeack, the aeacker… ì  Should know the exact itera*on count

ì  +/-‐ 1 itera*on will result in totally different hash value ì  Should wait 1 second between each aeemp ì  This makes the aeack highly improbable

Password stretching

ì  Several standard algorithms for password stretching

ì  PBKDF2 ì  Bcrypt ì  Scrypt ì  …

ì I can still has ur data…

I can still has ur data…

ì  We give it away freely… ì  Facebook ì  Twieer ì  Foursquare

ì  If it is free, you are the product


ì  We uninten*onally give it away… ì  Phishing scams ì  Social engineering ì  Adware / Spyware / Browser bars / Apps ì  Weak passwords

ì  Names ì  Birthdays ì  Phone numbers ì  Common passwords


ì  It is forcibly/unlawfully taken from us… ì  Extor*ons / black mail ì  Unethical prac*ces

ì  banks ì  Government spy programs

ì  NSA’s PRISM ì  Communica*ons Intercept System Mexico

ì  Requested by USDoS to Mexican Federal Government in 2007

ì  Request cancelled in 2012… ì  Unknown sponsored spy programs

ì  Rumored FinFisher program probably running in networks belonging to Uninet, Iusacell and Televisa

ì Cryptography 101

Cryptography 101

ì  Krypto ì  Hidden

ì  Graphos ì  Script

ì  Tecnique to modify a linguis*cal or caligrafical presenta*on of a message

ì  Ruled by an algorithm ì  Must allow forward and backward process

Cryptography 101

ì  700BC -‐ Scytale

Cryptography 101

ì  <40BC – Caesar Cipher

Cryptography 101

ì  1467 – Alber* Cipher

Cryptography 101

ì  1797 – Jefferson Wheel

Cryptography 101

ì  1943 – Enigma machine

Cryptography 101

ì  Today, cryptography is performed by an automated algorithm: Cipher

ì  Short name for pseudo-‐random permuta*on ì  Takes an input ì  Applies a reversible algorithm ì  Outputs data indis*nguishable from a truly random

data stream ì  Result space is equal to message space

ì  No collisions

Message space

Result space

Cryptography 101

ì  Modern algorithms use a ‘key’

ì  They key is used to transform a message into a pseudo-‐random string ì  This is called ‘cipher’

ì  This pseudo-‐random string can be transformed back to the original message only with this key ì  ‘decipher’

Cryptography 101

ì  2 key types

ì  Symetric

ì  Asymetric

ì Symetric ciphers

Symetric ciphers

ì  The same key is used to cipher and decipher

ì  The 2 endpoints must agree on this key

ì  Security relies mainly in this key

ì  Key must be improbably guessed ì  Key space has to be large…

Symetric ciphers

ì  Simple and safest symetric key chipher algorithm ì  XOR

ì  1 ⊕ 0 = 1 ì  1 ⊕ 1 = 0 ì  0 ⊕ 0 = 0

ì  ‘a’ = ascii(97)

ì  9710 = 110000012

ì  Random key = 01010000

1 1 0 0 0 0 0 1

0 1 0 1 0 0 0 0

1 0 0 1 0 0 0 1

1 0 0 1 0 0 0 1

0 1 0 1 0 0 0 0

Data to cipher

Random key

Ciphered data

Data to decipher

Random key

Original data

Symetric ciphers

ì  Ciphered data is impossible to decipher without the key by an efficient algorithm ì  This is, no exhaus*ve search for the key

ì  Is very simple

ì  Key length must be the same as message length

ì  Security measures applied while securily sharing the key might as well we applied to the unciphered message

Symetric ciphers

ì  In fact, every symetrical cipher weakest link is the key ì  An aeacker, instead of brute forcing the key, might

as well focus on incercep*ng the key

ì  Popular cipher algorithms ì  DES ì  3DES ì  AES

ì Asymetric ciphers

Asymetric ciphers

ì  Has a key pair ì  Private key: only the owner can know it ì  Public key: owner can share it freely

ì  Message ciphered with the public key can only be deciphered with the private key

ì  Message ciphered with the private key can be deciphered with the public key

ì  This adds a message authen*ca*on mechanism

Asymetric ciphers

ì  Algorithms are based on prime number and one way func*ons ì  Way too easy to mul*ply to prime numbers ì  Factorizing a number into its prime factors is very

difficult ì  Usually involves very large prime numbers

ì  Hundreds of digits

Asymetric ciphers

ì  Asymetric ciphers require more processing *me

ì  Keys are required to be large ì  As today’s standards, 2048 bits

ì  Ciphered message is bigger than the original message

ì  Popular algorithms ì  RSA ì  Hybrid symetric/asymetric algorithms

ì  HTTPS/TLS

ì Just encrypt it and you are safe …are you?

Just encrypt it and you are safe… are you?

ì  Weakest links in cryptography ì  Again, the key… ì  … and how it is implemented

ì  Aircrack anyone? ì  WEP algor*hm: example of bad crypto

implementa*on


ì  Common cryptography implementa*on misconcep*on

C Message

Key

Cipher Message


ì  Do not… ì  Use a short key ì  Use weak random data to

generate a key ì  Use directly the generated

key ì  Try to derive the key first

ì  PBKDF2 ì  Pseudo-‐random

func*on ì  Use the same key to cipher

iden*cal messages ì  Informa*on leak

ì  Use the same key to cipher mul*ple messages ì  WEP’s Achilles’ heel ì  If you need to, use nonces

ì  Nonce ≃ salt ì  Nonce is included with

the message ì  Cipher and send…

ì  Always add signature verifica*on mechanism ì  Hash-‐mac

ì  Hash with a key ì  Hash-‐mac signature

included in message

ì Do not use weak random data Random data, PHP 4’s rand() func*on output on Windows converted to bitmap

ì Encryption in databases

Encryption in databases

ì  We have the following schema


ì  The aeacker, unable to get login details, could modify the aeack to get personal informa*on:


ì  MySQL supports AES cipher algorithm, then we could modify our schema


ì  If the aeacker executes the injec*on


ì  S*ll informa*on can be leaked ì  Suppose the 2 users share the same phone number,

the aeacker could no*ce this since data was ciphered with the same key

ì Tweakable encryption

Tweakable encryption

ì  Remember, do not use the same key to cipher mul*ple messages… ì  Do we need to generate a new key for each record? ì  Say, we have thousands of records, do we need

thousand keys?

ì  NO ì  Use a tweak

Tweakable encryption

ì  Every table should have a primary key ì  So the values inside the primary key must be unique

to every record

ì  Use the master key + primary key value, then hash ì  f(key, pk value) = hash(key + pk value)

ì  You’ll have an unique cipher key for each record

ì  Now, fields with the same plain text value will appear to be completely different when ciphered

Last Words

ì  Last words… ì  Informa*on privacy is YOUR RIGHT ì  Do you consider it to be a paranoid idea…

ì  …or a daily life concern? ì  First informa*on privacy law from 1890 US

ì  Laws cannot keep up with technology

QA

ì  QA

ì  Thank y’all!

Hacknbeers sqli and cryptography

Technology

brute force

data password

ur data

6th june 2012

ecient algorithm

dbms

hash

algorithm