Misc CyberSecurity

Posted on February 1, 2015

Tags: hacksoft

1 Reminders

Stack- stores local variables inside functions. Local variables and Values get destroyed after function call returns.
Heap- new allows local variables to persist after function call. Only destroyed with delete. Only Heap cause mem leaks.

2 Examples

Code has buffer overflow due to memcpy, but you use a compiler that uses stack canaries. Which is better random canaries or terminator canaries for security?

(GOOD) Random canaries -Attack has to guess
(BAD) Terminator canary - Terminator canary contains NULL(0x00), CR (0x0d), LF (0x0a), and EOF (0xff) after a string . only useful for strcpy; wont help against memcpy bc memcpy can overwrite the canary. the canary.

You visit page using VPN w. passive mixed content(HTTPS loads subresources from a cdn that uses insecure HTTP). If your VPN service is evil, what exploit can they use?

VPN service can change/replace the image.

Can VPN service inject javascipt with an onload attribute using <img src=".." onload="possibleAttack?">.

No since onload is part of the HTTPS page which is secure from VPN attack.

Are XSS attacks affected by cookies marked secure? how about marked httponly?

(BAD) secure: not effective
(GOOD) httponly: blocks script access and completely stops XSS

NX pages: NX bit is security feature on processors which mark certain pages of memory as non-executable. Explain what this prevents.

Prevents stack-based buffer overflows

Which segments is NX bit set for: stack,heap,code?

mainly stack and sometimes heap

Does NX bit require re-compiling old code.

No since only the kern

Does NX bit have permance penalty?

Name an advanced version of the stack-based buffer overflow which can evade NX bit.

Heap-based buffer overflow and ROP-return oriented programming which returns to your malicious library.

Suppose you build an encrypted web app which stores keys in browser local storage. You think of implementing PGP or OTR. (remember OTR offers forward secrecy but PGP does not). What can a XSS attack on your site do?

XSS injection could read keys from local storage but OTR

Which PGP or OTR is better against this XSS attack?

OTR is better since leaked keys can only be used to read old messages.

Some UNIX distro has a user called nobody with no access rights to file system. Bob downloaded a program foo and set it with -r-sr-xr-x 1 nobody nogroup foo. What does this do?

The setuid bit is a linux principle that means when running an executable, system permissions are set to the user that created it(nobody) instead of the user that launched it(Bob)
Anyone can run foo but foo wont be able to write or corrupt our file system or processes.
Essentially this is program isolation.

What is DKIM and how does it preevnt spam?

DKIM(Domain Key Identified Mail) adds a signature to each email message using a the email domain specified key.
You can verify if the email really came from a gmail account by checking the email signature.

Describe ACLs vs. Capabilities

ACL(Access Control Lists) - behaves like a bouncer that checks their DB if you are on-the-list.
- Pro: Disallow sharing
- Pro: Centrally manage therefore Easy to manage
- Con: Very specific to an app or system therefore not reusable. (Bouncer can’t just use his on-the-list on the other bar across town)
Capabilities - behaves like a metal detector
- Pro: Anonymous access
- Pro: Abstract broad policies making it easy to share
- Con: Harder to revoke

3 Guide

3.1 Symmetric Crypto

Primitive	Function	Property	Example
Hash function	H(x) -> y	Collision-Resistant One-way	SHA-256, SHA-512, SHA3 MD5,SHA1 are broken
Symmetric Encryption	KeyGen() -> k Encrypt(m,k) -> c Decrypt(k,c) -> m	Semantic Security	Stream Ciphers (RC-4, AES-CTR) Block Ciphers(AES-CBC, DES-CBC) ECB is not secure
MAC (Message Auth. Code)	KeyGen() -> k MAC(m,k) -> t	Existential unforgeability	HMAC
Authenticated Encryption	Encryption + MAC	Semantic Security Existential unforgeability	AES-GCM

3.2 Asymmetric Crypto

Primitive	Function	Property	Example
Public-Key encryption	KeyGen() -> (k_pub, k_priv) Encrypt(m,k_pub) -> c Decrypt(c, k_priv) -> m	Semantic Security	RSA, El Gamal, EC El Gamal
Digital Signature	KeyGen() -> (k_pub, k_priv) Sign(m,k_priv) -> s Verify(s,k_pub) -> Bool	Existential unforgeability	RSA, DSA, ECDSA
Key Exchange	KeyGen -> (x, g^x ) KeyDerive(x, g^y) -> g^xy	Key is indistinguishable from Random	Diffie-Hellman

TLS key exchange - RSA-style and DH-style
- DH-style is resistant to passive attacks and provide forward secrecy
TLS key exchange involves exchanging a hash of the transcript (downgrade attacks)
PKI - Certificates tie public keys to names signed by Certificate authority
X.509 Certs: Mu
PGP - Encryption for email. Async. Web of trust. No forward secrecy.
OTR/Signal - Encryption for real time chat. Synchronous (DH-style key exchange). Key ratcheting for forward secrecy
Cryptocurrency - use Digital signatures to authorize payments and blockchain to record transactions and prevent double spend

3.3 Network Security

Primitive	Function	Property	Example
Data	Ethernet, Wifi, GSM	Local connection to Internet	Ethernet: none Wifi: WEP/WPA GSM: A5, GEA
Network	IP	Send packets to IP address in best-effort	IPSEC ( VPNS)
Transport	TCP, UDP	TCP: Reliable Ordered Delivery w/ Congestion control UDP: Fast Best-effort	TLS/SSL(TCP) Tor DTLS (UDP)
Application	HTTP, SMTP, FTP, SSH	HTTP: connect to web server SMTP: email	HTTPS

Each layer has:

Confidentiality - Who can eavesdrop? (passive attacker)
Integrity - Who can modify data? (access control)
Access Control - Who can send data? (DDOS attacker)
Availability - Who can block data (jammers)

Concepts:

Tor - Adds anonymity via 3 relays with layered encryption( onion encryption).
- Local observer cannot pair client IP with server IP.
- Vulnerable to traffic fingerprinting
- Tor hides client IP from server
- Tor hidden services hide server IP from client

3.4 System Security

3.4.1 Access Control

Subject/Principal - user ID, real name, IP address
Object/Resource - file, web page, network resource, IO device
Permission - Read, Write, Execute, Append, Change Ownership
Roles - Set of Subjects/Principals (students, faculty)
Labels - Set of Object/Resources (Sensitive, Unclassified)
ACL(Access Control List) - is like a bouncer with a list of names w/ some in VIP
- Store a list of subjects + permissions with each resource
Capabilities
Gives Subject/Principal handles which represent Permission to access Object/Resource

POSIX permissions model

All process are ran with a user ID and Group ID
Processes can run with elevate privilege if setuid or setgid bits are set

Permission	Detail
`-rwsr-x--x 1 alice acct`	Alice (Owner) can read, write, execute. Member of `acct` group can read,execute. `Others` can only execute Setuid bit means program will run with alice’s privilege.
`-r-xr----- 1 bob admin`	Bob (Owner) can read, execute Members of `admin` group can read. `Others` have no permission
`-r-xr-sr-x 1 carol gurus`	Anybody can read, execute Setgid bit means program will run with `gurus` group privilege

Privilege escalation attack - Exploit which tricks priileged programs intro running arbitrary code.

3.5 Memory

NOP Sled - Reduce effectiveness of ASLR with a large buffer to jump to
Heap overflow - evade NX bits and Stack canaries
ROP: Evade canaries, ASLR, NX bits

3.6 Web

3.6.1 Password Storage

Hash password so DB leaks dont reveal actual password, and since hash function is one way, it is difficult to get the real password.
Add salt(~64 bit) to prevent dictionary attack or parallel attack on hashed password.
Iterated hashes make brute-force attacks harder

3.6.2 Authentication Cookies

Commit to username, expiration. Use a MAC!
Mark auth cookies as secure, httponly