Cryptography, Security & Viruses: A Comprehensive Overview
Key Cryptography
Asymmetric Cryptography
Inefficient to implement (establishes symmetric key cryptography).
Symmetric Cryptography
Efficient to implement.
SSL
SSL authenticates and provides confidentiality.
Salting
Salting makes the hash unique for repeated passwords.
Can detect if a hash is salted because no particular password should have a higher frequency than any other under ideal salting. Salting truly ties the frequency.
Firewall
Limits network traffic. Many kinds: personal, filter based on packet header, etc.
Principles for Configuration
Least privilege
Failsafe defaults (default should reject)
Egress filtering (filtering outgoing packets too)
Pros
Reduced “attack surface” against external hackers.
Filter out lots of “noise” in network traffic.
Reduced liability.
Cons
Actual cost: both hardware and software and administration.
Bottleneck and single point of failure on network.
False sense of security.
Return-Oriented Programming
Malicious Code Assumption:
Will be okay if malicious code can be prevented from being introduced or executed.
Assumption is Wrong:
Malicious code is a subset of malicious computation.
Use sequences to build a virtual instruction set.
Execute arbitrary bad computation, but can’t introduce any new code – can’t add code in heap or stack. Libc (return-to-libc attack).
Heap Overflow
Corrupt code pointer in heap.
Overwrite a function pointer.
PointerGuard encrypts and decrypts pointers in memory so you cannot corrupt them. It protects against many attacks but is expensive to do in general.
Time of Check/Time of Use Vulnerabilities
Issue: Program makes assumptions about atomicity of actions: check, then use.
Idea: If someone wants to make a file, choose a name, checks to see if file exists, and between the file not existing and creating it, attacker creates a link from the expected /tmp file name to an important file, then the program “creates” the file and gives it working authority.
Basically, between the time of check and action, the attack happens to get root/admin permission.
The item being checked is used later than it is checked, not atomically (the check happens then the thing is used before it can be interrupted).
Not very realistic, but only needs to work once.
Format String Vulnerabilities
Tricky, hard to implement.
Printf has var args on the stack and pointers to where they start.
With some special strings, you can divert control.
fprintf(stdout, input) << DANGER
fprintf(stdout, “%s”, input) << okay
More to Know
XSS
SQL Injections: Not a browser problem, a website problem.
Problem: Cannot distinguish data from code.
i.e., user input could be treated by the website as SQL code and given sufficient knowledge of the schema you could always log in, for example, by putting — inside your input.
Basic XSRF (CSRF)
Abuses established trust sessions that were not killed to send requests from a user.
i.e., send a bank request through a bad link and if the user did not log out of their bank account then the request will go through.
Viruses
Generic decryption, assumptions they’re based on, when it works, when it doesn’t work, attacks that circumvent detection.
Worms
Numeric stuff (classic SI model).
NAT
Is a methodology of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device.[1] The technique was originally used for ease of rerouting traffic in IP networks without renumbering every host. It has become a popular and essential tool in conserving global address space allocations in the face of IPv4 address exhaustion.
Network Perimeter Defenses
DNS Spoofing: Also known as cache poisoning, an attacker puts incorrect data into the DNS, causing it to return back incorrect IP addresses. This can be exploited to have the victim send data to the attacker.
Polymorphic Virus
Virus encrypts body with a random key in each generation. The actual plain text virus code that eventually executes is static (the decryptor itself may be static or metamorphic).
Metamorphic Virus
Changes the particular instructions used by the virus each time it spreads. (Semantically equivalent).
Generic Decryption
“Execute” program until the virus decrypts itself.
Entry-Point Obscuring Viruses
Virus takes control in the middle of the program and is harder to scan for.
Integrated Infection
Rather than appending a single large chunk of code to target files, integrated infectors disassemble their host, integrate their logic throughout the original logic, and reassemble.
Network Worms
Programs that actively spread between machines.
Detecting
Scan detection: Detect that the host is infected by infection attempts.
Signature inference: Automatically identify content signature for exploit (sharable).
Network Perimeter Defense
Firewalls
NAT
Network Intrusion Detection
Backscatter Analysis
Assumes that attackers spoof source address randomly.
Overflow Protections
PointerGuard – Encrypt pointers in memory
Heap/stack cookie
Canonicalization
Multiple ways to represent the same data.
Javascript
Same-Origin Policy
Can only read properties of documents and windows from the same server, protocol, and port.
Cross-Site Scripting
“Script embedded in URL that user visits” or “Script loaded into stored procedure accessed by all clients”. To prevent, user input must be preprocessed before it is used inside HTML.
Cross-Site Request Forgery
Attacker creates a link that implements commands to be sent to a site to which the victim is thought to have already authenticated.
Defenses
Secret validation token
Referer validation
Custom HTTP header/Origin Header.
Practice Final
a) Name one security benefit of using Network Address Translation (NAT)?
It prevents any hosts inside the NAT from being addressed directly. Similarly, it makes it easy to only allow outbound connections.
b) Why is spam e-mail typically delivered via botnets?
Because hosts become blacklisted once they send spam and thus spammers always need to have a fresh source of IPs to send with.
c) What does a stack cookie do?
It detects if an overflow of a stack buffer has overwritten stack meta-data [be generous with this one].
d) What is the difference between a polymorphic virus and a metamorphic virus?
A polymorphic virus has an encrypted body that is decrypted during execution. The actual plaintext virus code that eventually executes is static (the decryptor itself may be static or metamorphic). By contrast, a metamorphic virus changes the particular instructions used by the virus each time it spreads.
Alice has a message to send to Bob, and she wants to encrypt the message using public-key cryptography so that no one other than Bob can read it. She does so by using Bob’s public key. T
Properly used, a MAC can provide both confidentiality and authenticity. F
One advantage of public-key cryptography is that, when properly implemented, it is much faster than symmetric key cryptography. F
The SSL protocol is used to both authenticate Web servers and provide confidentiality for client transactions with them. T
Passwords (8pts)
On June 7th, LinkedIn confirmed that it had experienced a data breach that likely compromised the e-mail addresses and passwords of 6.5 million of its users. This confirmation followed the posting of the password hashes for these users in a public forum. One criticism of LinkedIn is that they used unsalted password hashes. In this question, we’ll explore this criticism. Assume that each stolen password record had two fields in it [user_email, SHA1(password)] and that a user login would be verified by looking up the appropriate record based on user_email and then checking if the corresponding hashed password field matched the SHA1 hash of the password inputted by the user trying to log in. By contrast, if LinkedIn had used a salted scheme, then each record would have had three fields [user_email, salt, SHA1(password+salt)], and login verification would similarly require looking up the salt and using it when matching hashes. Given this:
a) Suppose the attacker’s goal is to break your password via a dictionary attack. Does the lack of salting in LinkedIn’s scheme make this goal substantially easier?
No. Because even were there a salt, the attacker knows what salt is used for a given user. Thus, the time to create a dictionary of hashes is pretty much the same in both schemes.
b) Suppose the attacker’s goal is to break at least half of the passwords via a dictionary attack. Does the lack of salting in this scheme make this goal substantially easier?
Yes. Without salting, one dictionary of hashes is sufficient for searching the entire set of users. With salting, it will require a dictionary for each salt value seen.
c) Suppose you are contacted by the attacker and given a set of password hashes (that’s it, no user_name, no salt). Assuming the hash function is known, is there a measurement you could make to infer if the hashes are likely salted or not?
Yes. Recall that some passwords are much more popular than others. For example, the password 123456 is used by at least 0.1% of all accounts. Thus, if you hash such passwords and they appear disproportionately in the list, then you might infer that the list is not hashed. Similarly, even without doing a hash, if you sort the hashes by frequency, in an unsalted list, you will expect that there is some hash that occurs with frequency ~ 0.1%, whereas in a salted list, it will be ~0.1%/2n where n is the size of the salt in bits.
d) It turns out that 20% of LinkedIn users with Yahoo Mail e-mail addresses used the same password at LinkedIn as Yahoo. You learn that, unlike LinkedIn, Yahoo salts its passwords. Should Yahoo be concerned about the LinkedIn breach or not?
Yes. For 20% of the Yahoo users in the LinkedIn breach, their user name and password are known to the attacker. Yahoo’s salting helps mitigate a breach of their password database but doesn’t help at all in this case.