Information Security SQL Injec*on and Cryptography
Sep 05, 2014
ì Information Security SQL Injec*on and Cryptography
About me
ì Miguel Ibarra
ì PHP developer since 2000 ì Actually, coding since 1986
ì Projects from simple web pages to GRP’s
ì SoLware Engineer @ Tiempo Development
ì Webservices, security and cryptography fan
ì I can has ur data?
I can has ur data?
ì Today, informa*on assets can be more valuable than physical assets… ì Lost your USB s*ck lately?
ì Data theL is becoming an every-‐day issue and concern…
ì Data Dump I can has ur data?
I can has ur data?
ì linkedin.com ì 6th June 2012 ì More than 6 million
passwords
ì eharmony.com ì 6th June 2012 ì More than 1.5 million
passwords
ì last.fm ì 7th June 2012 ì ? Million passwords
ì yahoo.com ì 12th June 2012 ì 443K passwords ì Sql injec*on ì Passwords in plain text…
ì
I can has ur data?
Hot news!
ì
2010 -‐ 2013
World’s biggest data breaches
ì
2010 – 2013 (Web only)
World’s biggest data breaches
I can has ur data?
ì Public web applica*ons expose an authen,cated and authorized connec,on to DBMS servers ì DBMS have their own authen*ca*on and
authoriza*on systems ì Applica*ons that use such DBMS need creden*als to
connect to DB servers ì This type of apps can have their own auth
procedures ì They can be vulnerable
I can has ur data?
ì It does not maeer if your DBMS is behind a firewall and/or private network
User
Public network
Web server
Private network
DBMS Server
ì SQL Injection How I got your data
SQL Injection
ì Golden rule:
ì Filter/Validate inputs, escape outputs
ì …many ‘developers’ do not follow this rule…
SQL Injection
ì Our database schema
ì Sample resultset WTF?
SQL Injection
ì Live demonstra*on
ì Protecting your data – Password Hashing
Protecting your data – Password Hashing
ì Hash ì Algorithm that maps data of variable length to data
of fixed length ì One way func*on
ì Output cannot be reversed using an efficient algorithm
ì Also called ‘pseudo-‐random func*on’ ì Output indis*nguishable from true random data
ì Popular hashing algorithms ì md5 ì sha1
Protecting your data – Password Hashing
ì Hash proper*es ì Output yields a fixed length result
ì md5(‘1’) = ‘c4ca4238a0b923820dcc509a6f75849’
ì md5(‘Hello world’) = ‘3e25960a79dbc69b674cd4ec67a72c62’
ì The slightest change, totally different results ì md5(‘Hello World’) =
‘b10a8db164e0754105b7a99be72e3fe5’
Protecting your data – Password Hashing
Message space Result space
Protecting your data – Password Hashing
Hashing encryp*ng
Protecting your data – Password Hashing
ì Our new schema
ì Sample resultset
Protecting your data – Password Hashing
ì Again, cannot revert a hash using an efficient algorithm
ì … but can be cracked… ì Crack <> Hack
Hash Algorithm Data
Protecting your data – Password Hashing
ì Brute force aeack ì Generate hashes from a dic*onary
ì Common words ì Generate character combina*ons
ì Exhaus*ve search ì Generated hash = target hash?
ì Bingo ì Inneficient, but…
ì CPU power is growing (mul*ple cores) ì GPU can be used too (thousands of cores) ì Cloud systems
ì ATI HD 5970 String consis*ng of a-‐z|A-‐Z|0-‐9
Algorithm Speed 8 chars 9 chars 10 chars md5 5600
million h/s 10 hours 27 days 4.5 years
sha1 2300 million h/s
26 hours 68 days 11.5 years
Protecting your data – Password Hashing
ì Hash database aeack ì Query a database with pregenerated hashes
ì Several sites offer this service, free ì Google.com
ì hep://bit.ly/15O4SLN
Protecting your data – Password Hashing
ì Gesng a hash through sql injec*on ì Live demonstra*on
ì Password salting
Password salting
ì Salt ì Random character string
ì f(password, salt) = hash(password + salt)
Password salting
Result
Salt
Password
Password salting
ì Our new schema
ì Sample resultset
Password salting
ì Salt has to be stored in clear text as to authen*cate a user
ì if( hash(<provided password> + <salt field>) == <password field> ) then ì User creden*als are valid
Password salting
ì Hash database aeack becomes improbable
ì If hash remains unknown, brute force aeack becomes improbable ì Total characters: 42 ì Calcula*ons per second: 4 billion ì Possible combina*ons: 522 duovigin*llion ì Total *me to crack: 4 septendecillion years*
ì According to heps://howsecureismypassword.net/
Password salting
ì But the aeacker could modify the aeack to obtain the salt field…
ì DEMO
ì The aeacker would only need to launch a brute force aeack ì Generate some character combina*on string ì Concatenate salt and hash ì Compare hashes
ì Password stretching
Password stretching
ì To mi,gate men*oned aeack, use password stretching technique
ì Create a recursive / itera*ve algorithm that calculates a hash value over itself thousand (or more) *mes
Salt Password Hash
Salt Password Hash
Salt Password
Hash Algorithm
Hash Algorithm
Thousands of *mes
Password stretching
ì This algorithm should iterate enough to delay each calcula*on by 1 second
ì In order to crack with a brute force aeack, the aeacker… ì Should know the exact itera*on count
ì +/-‐ 1 itera*on will result in totally different hash value ì Should wait 1 second between each aeemp ì This makes the aeack highly improbable
Password stretching
ì Several standard algorithms for password stretching
ì PBKDF2 ì Bcrypt ì Scrypt ì …
ì I can still has ur data…
I can still has ur data…
ì We give it away freely… ì Facebook ì Twieer ì Foursquare
ì If it is free, you are the product
I can still has ur data…
ì We uninten*onally give it away… ì Phishing scams ì Social engineering ì Adware / Spyware / Browser bars / Apps ì Weak passwords
ì Names ì Birthdays ì Phone numbers ì Common passwords
I can still has ur data…
ì It is forcibly/unlawfully taken from us… ì Extor*ons / black mail ì Unethical prac*ces
ì banks ì Government spy programs
ì NSA’s PRISM ì Communica*ons Intercept System Mexico
ì Requested by USDoS to Mexican Federal Government in 2007
ì Request cancelled in 2012… ì Unknown sponsored spy programs
ì Rumored FinFisher program probably running in networks belonging to Uninet, Iusacell and Televisa
ì Cryptography 101
Cryptography 101
ì Krypto ì Hidden
ì Graphos ì Script
ì Tecnique to modify a linguis*cal or caligrafical presenta*on of a message
ì Ruled by an algorithm ì Must allow forward and backward process
Cryptography 101
ì 700BC -‐ Scytale
Cryptography 101
ì <40BC – Caesar Cipher
Cryptography 101
ì 1467 – Alber* Cipher
Cryptography 101
ì 1797 – Jefferson Wheel
Cryptography 101
ì 1943 – Enigma machine
Cryptography 101
ì Today, cryptography is performed by an automated algorithm: Cipher
ì Short name for pseudo-‐random permuta*on ì Takes an input ì Applies a reversible algorithm ì Outputs data indis*nguishable from a truly random
data stream ì Result space is equal to message space
ì No collisions
Message space
Result space
Cryptography 101
ì Modern algorithms use a ‘key’
ì They key is used to transform a message into a pseudo-‐random string ì This is called ‘cipher’
ì This pseudo-‐random string can be transformed back to the original message only with this key ì ‘decipher’
Cryptography 101
ì 2 key types
ì Symetric
ì Asymetric
ì Symetric ciphers
Symetric ciphers
ì The same key is used to cipher and decipher
ì The 2 endpoints must agree on this key
ì Security relies mainly in this key
ì Key must be improbably guessed ì Key space has to be large…
Symetric ciphers
ì Simple and safest symetric key chipher algorithm ì XOR
ì 1 ⊕ 0 = 1 ì 1 ⊕ 1 = 0 ì 0 ⊕ 0 = 0
ì ‘a’ = ascii(97)
ì 9710 = 110000012
ì Random key = 01010000
1 1 0 0 0 0 0 1
0 1 0 1 0 0 0 0
1 0 0 1 0 0 0 1
1 0 0 1 0 0 0 1
0 1 0 1 0 0 0 0
Data to cipher
Random key
Ciphered data
Data to decipher
Random key
Original data
Symetric ciphers
ì Ciphered data is impossible to decipher without the key by an efficient algorithm ì This is, no exhaus*ve search for the key
ì Is very simple
ì Key length must be the same as message length
ì Security measures applied while securily sharing the key might as well we applied to the unciphered message
Symetric ciphers
ì In fact, every symetrical cipher weakest link is the key ì An aeacker, instead of brute forcing the key, might
as well focus on incercep*ng the key
ì Popular cipher algorithms ì DES ì 3DES ì AES
ì Asymetric ciphers
Asymetric ciphers
ì Has a key pair ì Private key: only the owner can know it ì Public key: owner can share it freely
ì Message ciphered with the public key can only be deciphered with the private key
ì Message ciphered with the private key can be deciphered with the public key
ì This adds a message authen*ca*on mechanism
Asymetric ciphers
ì Algorithms are based on prime number and one way func*ons ì Way too easy to mul*ply to prime numbers ì Factorizing a number into its prime factors is very
difficult ì Usually involves very large prime numbers
ì Hundreds of digits
Asymetric ciphers
ì Asymetric ciphers require more processing *me
ì Keys are required to be large ì As today’s standards, 2048 bits
ì Ciphered message is bigger than the original message
ì Popular algorithms ì RSA ì Hybrid symetric/asymetric algorithms
ì HTTPS/TLS
ì Just encrypt it and you are safe …are you?
Just encrypt it and you are safe… are you?
ì Weakest links in cryptography ì Again, the key… ì … and how it is implemented
ì Aircrack anyone? ì WEP algor*hm: example of bad crypto
implementa*on
Just encrypt it and you are safe… are you?
ì Common cryptography implementa*on misconcep*on
C Message
Key
Cipher Message
Just encrypt it and you are safe… are you?
ì Do not… ì Use a short key ì Use weak random data to
generate a key ì Use directly the generated
key ì Try to derive the key first
ì PBKDF2 ì Pseudo-‐random
func*on ì Use the same key to cipher
iden*cal messages ì Informa*on leak
ì Use the same key to cipher mul*ple messages ì WEP’s Achilles’ heel ì If you need to, use nonces
ì Nonce ≃ salt ì Nonce is included with
the message ì Cipher and send…
ì Always add signature verifica*on mechanism ì Hash-‐mac
ì Hash with a key ì Hash-‐mac signature
included in message
ì Do not use weak random data Random data, PHP 4’s rand() func*on output on Windows converted to bitmap
ì Encryption in databases
Encryption in databases
ì We have the following schema
Encryption in databases
ì The aeacker, unable to get login details, could modify the aeack to get personal informa*on:
Encryption in databases
ì MySQL supports AES cipher algorithm, then we could modify our schema
Encryption in databases
ì If the aeacker executes the injec*on
Encryption in databases
ì S*ll informa*on can be leaked ì Suppose the 2 users share the same phone number,
the aeacker could no*ce this since data was ciphered with the same key
ì Tweakable encryption
Tweakable encryption
ì Remember, do not use the same key to cipher mul*ple messages… ì Do we need to generate a new key for each record? ì Say, we have thousands of records, do we need
thousand keys?
ì NO ì Use a tweak
Tweakable encryption
ì Every table should have a primary key ì So the values inside the primary key must be unique
to every record
ì Use the master key + primary key value, then hash ì f(key, pk value) = hash(key + pk value)
ì You’ll have an unique cipher key for each record
ì Now, fields with the same plain text value will appear to be completely different when ciphered
Last Words
ì Last words… ì Informa*on privacy is YOUR RIGHT ì Do you consider it to be a paranoid idea…
ì …or a daily life concern? ì First informa*on privacy law from 1890 US
ì Laws cannot keep up with technology
QA
ì QA
ì Thank y’all!