DevConf CZ 2018: Everyday security issues and how to avoid them

Transcript

1. Everyday security issues and how to avoid them DevConf CZ

   2018 / Brno Christian Heimes Senior Software Engineer [email protected] / [email protected] @ChristianHeimes

2. Everyday security issues, DevConf CZ 2018 2 Who am I?

   • from Hamburg/Germany • Linux user since 1997 • Python and C developer • Python core contributor since 2008 • maintainer of ssl and hashlib module • Python security team

3. Everyday security issues, DevConf CZ 2018 3 Professional life •

   Senior Software Engineer at Red Hat • Security Engineering • FreeIPA Identity Management • Dogtag PKI • Custudia secrets management

4. Agenda & Goals

5. Everyday security issues, DevConf CZ 2018 5 • Motivation •

   What is security? • Honourable mention • Security bottom-up • Examples • Summary Agenda

6. Everyday security issues, DevConf CZ 2018 6 depth breadth

7. Motivation Why should I care?

8. Everyday security issues, DevConf CZ 2018 8 proud craftsman responsible

   engineer

9. Everyday security issues, DevConf CZ 2018 9 Business

10. Everyday security issues, DevConf CZ 2018 10 https://www.theguardian.com/technology/2016/dec/14/yahoo-hack-security-of-one-billion-accounts-breached

11. Everyday security issues, DevConf CZ 2018 11 https://www.reuters.com/article/us-yahoo-cyber/yahoo-says-all-three-billion-accounts-hacked-in-2013-data-theft-idUSKCN1C82O1

12. Everyday security issues, DevConf CZ 2018 12 https://nypost.com/2016/10/06/verizon-wants-1b-discount-on-yahoo-deal-after-hacking-reports/ https://www.cnet.com/news/verizon-and-yahoo-agree-to-cut-4-billion-deal-by-350-million/

13. Everyday security issues, DevConf CZ 2018 13 Life and Death

14. Everyday security issues, DevConf CZ 2018 14 https://www.theguardian.com/technology/2017/aug/31/hacking-risk-recall-pacemakers-patient-death-fears-fda-frmware-update

15. Everyday security issues, DevConf CZ 2018 15 http://news.sky.com/story/gay-people-at-risk-after-ashley-madison-hack-10348710 http://www.bbc.com/news/technology-34044506

16. Everyday security issues, DevConf CZ 2018 16 World laws pertaining

    to homosexual relationships and expression Wikipedia

17. What is information security?

18. Everyday security issues, DevConf CZ 2018 18 Wikipedia defnition Information

    security is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information.

19. Everyday security issues, DevConf CZ 2018 19 Info Sec •

    prevention • mitigation • auditing • recovery • privacy

20. Everyday security issues, DevConf CZ 2018 20 Why is security

    hard? • complex systems • weakest link causes catastrophic failures • secure is not testable • design issues • multitude of attack vectors • threat analysis

21. Everyday security issues, DevConf CZ 2018 21 https://www.independent.co.uk/travel/news-and-advice/air-safety-2017-best-year-safest-airline-passengers-worldwide-to70-civil-aviation-review-a8130796.html

22. Everyday security issues, DevConf CZ 2018 22 Amazon Says One

    Engineer's Simple Mistake Brought the Internet Down

23. Everyday security issues, DevConf CZ 2018 23

24. Everyday security issues, DevConf CZ 2018 24 RSA Key Extraction

    via Acoustic Cryptanalysis https://www.tau.ac.il/~tromer/acoustic/

25. Everyday security issues, DevConf CZ 2018 25 Compiler and CPU

    optimization char *demo(const char *msg, int msg_len) { char secret[16]; char *output; get_secret_key(secret); output = encrypt(secret, msg, msg_len); /* wipe secret key from memory */ memset(secret, 0x00, sizeof(secret)); return output; } char *demo(const char *msg, int msg_len) { char secret[16]; char *output; get_secret_key(secret); output = encrypt(secret, msg, msg_len); /* wipe secret key from memory */ memset(secret, 0x00, sizeof(secret)); return output; }

26. Everyday security issues, DevConf CZ 2018 26 Compiler optimization $

    clang -O3 0000000000000000 <demo>: 0: 55 push %rbp 1: 41 56 push %r14 3: 53 push %rbx 4: 48 83 ec 10 sub $0x10,%rsp 8: 89 f5 mov %esi,%ebp a: 48 89 fb mov %rdi,%rbx d: 4c 8d 34 24 lea (%rsp),%r14 11: 4c 89 f7 mov %r14,%rdi 14: e8 00 00 00 00 callq 19 <demo+0x19> 15: R_X86_64_PC32 get_secret_key-0x4 19: 4c 89 f7 mov %r14,%rdi 1c: 48 89 de mov %rbx,%rsi 1f: 89 ea mov %ebp,%edx 21: e8 00 00 00 00 callq 26 <demo+0x26> 22: R_X86_64_PC32 encrypt-0x4 26: 48 83 c4 10 add $0x10,%rsp 2a: 5b pop %rbx 2b: 41 5e pop %r14 2d: 5d pop %rbp 2e: c3 retq $ clang -O0 0000000000000000 <demo>: 0: 55 push %rbp 1: 48 89 e5 mov %rsp,%rbp 4: 48 83 ec 30 sub $0x30,%rsp 8: 48 8d 45 e0 lea -0x20(%rbp),%rax c: 48 89 7d f8 mov %rdi,-0x8(%rbp) 10: 89 75 f4 mov %esi,-0xc(%rbp) 13: 48 89 c7 mov %rax,%rdi 16: e8 00 00 00 00 callq 1b <demo+0x1b> 17: R_X86_64_PC32 get_secret_key-0x4 1b: 48 8d 7d e0 lea -0x20(%rbp),%rdi 1f: 48 8b 75 f8 mov -0x8(%rbp),%rsi 23: 8b 55 f4 mov -0xc(%rbp),%edx 26: 89 45 d4 mov %eax,-0x2c(%rbp) 29: e8 00 00 00 00 callq 2e <demo+0x2e> 2a: R_X86_64_PC32 encrypt-0x4 2e: be af 00 00 00 mov $0x00,%esi 33: 48 ba 10 00 00 00 00 movabs $0x10,%rdx 3a: 00 00 00 3d: 48 8d 7d e0 lea -0x20(%rbp),%rdi 41: 48 89 45 d8 mov %rax,-0x28(%rbp) 45: e8 00 00 00 00 callq 4a <demo+0x4a> 46: R_X86_64_PC32 memset-0x4 4a: 48 8b 45 d8 mov -0x28(%rbp),%rax 4e: 48 83 c4 30 add $0x30,%rsp 52: 5d pop %rbp 53: c3 retq

27. Everyday security issues, DevConf CZ 2018 27 CPU

28. Everyday security issues, DevConf CZ 2018 28 Rowhammer, Spectre, Meltdown

29. Everyday security issues, DevConf CZ 2018 29 'Руthοn' != 'Python'

30. Everyday security issues, DevConf CZ 2018 30 Homoglyph confusion attack

    >>> import unicodedata >>> for c in 'Руthοn': ... print(unicodedata.name(c)) ... CYRILLIC CAPITAL LETTER ER CYRILLIC SMALL LETTER U LATIN SMALL LETTER T LATIN SMALL LETTER H GREEK SMALL LETTER OMICRON LATIN SMALL LETTER N >>> import unicodedata >>> for c in 'Руthοn': ... print(unicodedata.name(c)) ... CYRILLIC CAPITAL LETTER ER CYRILLIC SMALL LETTER U LATIN SMALL LETTER T LATIN SMALL LETTER H GREEK SMALL LETTER OMICRON LATIN SMALL LETTER N

31. Honourable mention

32. Everyday security issues, DevConf CZ 2018 32 Out of scope

    • legal requirements (e.g. EU privacy shield, FISMA) • data centre security • hardware security (e.g. Intel Management Engine) • browser / web security • ransomware • state sponsored actors • cyber war

33. Everyday security issues, DevConf CZ 2018 33 Wikipedia

34. Everyday security issues, DevConf CZ 2018 34 cybersquirrel1.com – attacks

    on power grid http://cybersquirrel1.com/

35. Everyday security issues, DevConf CZ 2018 35 Human factor •

    Social engineer • CEO scam: Ubiquiti Networks victim of $39 million https://www.csoonline.com/article/2961066/supply-chain-security/ubiquiti-networks-victim-of-39-million-social- engineering-attack.html • Password in exchange for chocolate (up to 47.9%) Université du Luxembourg, Computers in Human Behavior, 2016; 61: 372 DOI: 10.1016/j.chb.2016.03.026 • dissatisfed employees • ignorant management

36. Everyday security issues, DevConf CZ 2018 36 Security vs. Usability

37. Everyday security issues, DevConf CZ 2018 37 IoT – Internet

    of Things The “S” in “IoT” stands for security. The “P” in “IoT” stands for privacy. (Sorry, German humour)

38. Security bottom-up

39. Everyday security issues, DevConf CZ 2018 39 Hardware & OS

    • Hardware from trustworthy vendor • validate OS image • UEFI secure boot (protect your MOK) • Firewall • update, update, update • SELinux / AppArmor don't: setenforce 0 do: semanage permissive -a myapp_t

40. Everyday security issues, DevConf CZ 2018 40 Application • don't

    run as root or admin • Restrict and isolate separate user, group systemd: PrivateTmp, Protectsystem, RemoveIPC, CapabilityBoundingSet, … SecComp sandboxing • encrypt in transit (TLS/SSL), encrypt at rest • bind to localhost • strong authentication • update, update, update … and restart!

41. Everyday security issues, DevConf CZ 2018 41 Mitigation: Defence in

    depth

42. Everyday security issues, DevConf CZ 2018 42 Update!

43. Python

44. Everyday security issues, DevConf CZ 2018 44 High level, memory

    safe languages

45. Everyday security issues, DevConf CZ 2018 45 Fermat's Last Theorem

    about C I have discovered a truly remarkable list of dangerous C features, which this margin is too small to contain. Pierre de Fermat (17 August 1601 – 12 January 1665)

46. Everyday security issues, DevConf CZ 2018 46 Dangerous Python features

    • exec() • eval() • import, __import__() • pickle, marshal • ctypes

47. API

48. Everyday security issues, DevConf CZ 2018 48 Secure should be

    easy, obvious, and default • consistent error reporting • production-friendly defaults / “developer mode" • require authentication (MongoDB) • verify certs (Python)

49. Files I/O

50. Everyday security issues, DevConf CZ 2018 50 Directory traversal attack

    BASE = '/var/lib/files' @app.route('/download/<filename>') def download(filename): absname = os.path.join(BASE, name) with open(absname) as f: return f.read() BASE = '/var/lib/files' @app.route('/download/<filename>') def download(filename): absname = os.path.join(BASE, name) with open(absname) as f: return f.read() /download/image.jpg /download/image.jpg

51. Everyday security issues, DevConf CZ 2018 51 Directory traversal attack

    /download/private/image.jpg /download/../etc/passwd /download/../../etc/passwd /download/../../../etc/passwd /download/../../../etc/httpd/server.key /download/private/image.jpg /download/../etc/passwd /download/../../etc/passwd /download/../../../etc/passwd /download/../../../etc/httpd/server.key

52. Everyday security issues, DevConf CZ 2018 52 TOCTOU / race

    condition if not os.path.isfile(filename): with open(filename, 'wb') as f: f.write(b'data') os.chmod(filename, 0o755) if not os.path.isfile(filename): with open(filename, 'wb') as f: f.write(b'data') os.chmod(filename, 0o755) with open(filename, 'xb') as f: # O_EXCL | O_CREAT f.write(b'data') os.fchmod(f.fileno(), 0o755) with open(filename, 'xb') as f: # O_EXCL | O_CREAT f.write(b'data') os.fchmod(f.fileno(), 0o755)

53. Everyday security issues, DevConf CZ 2018 53 temporary fles /

    directories • don't write to /tmp directly • use secure temporary fle API (tempfile module) • consider a private temporary directory

54. Parsing

55. Everyday security issues, DevConf CZ 2018 55 HTTP – RFC

    822 header content-type: text/html; charset=utf-8 content-length: 47446 x-clacks-overhead: GNU Terry Pratchett <html> <head> ... content-type: text/html; charset=utf-8 content-length: 47446 x-clacks-overhead: GNU Terry Pratchett <html> <head> ...

56. Everyday security issues, DevConf CZ 2018 56 HTTP header parsing

    sock = create_connection(('host', 80)) f = sock.makefile() for line in f: name, value = line.split(':', 1) ... sock = create_connection(('host', 80)) f = sock.makefile() for line in f: name, value = line.split(':', 1) ...

57. Everyday security issues, DevConf CZ 2018 57 HTTP header parsing

    DoS sock = create_connection(('host', 80)) f = sock.makefile() for line in f: # DoS vulnerability name, value = line.split(':', 1) ... sock = create_connection(('host', 80)) f = sock.makefile() for line in f: # DoS vulnerability name, value = line.split(':', 1) ...

58. Everyday security issues, DevConf CZ 2018 58 CVE-2013-1752 fx MAX_LENGTH

    = 1024 while True: line = f.readline(MAX_LENGTH + 1) if len(line) > MAX_LENGTH: raise ValueError ... MAX_LENGTH = 1024 while True: line = f.readline(MAX_LENGTH + 1) if len(line) > MAX_LENGTH: raise ValueError ...

59. Everyday security issues, DevConf CZ 2018 59 XML <xml> <tag

    attribute=”value”>text</tag> </xml> <xml> <tag attribute=”value”>text</tag> </xml>

60. Everyday security issues, DevConf CZ 2018 60 XML entities <!DOCTYPE

    example [ <!ENTITY title "My title" > ]> <xml> <tag attribute=”value”>&title;</tag> </xml> <!DOCTYPE example [ <!ENTITY title "My title" > ]> <xml> <tag attribute=”value”>&title;</tag> </xml>

61. Everyday security issues, DevConf CZ 2018 61 XML entities expansion

    attack <!DOCTYPE xmlbomb [ <!ENTITY a "1234567890" > <!ENTITY b "&a;&a;&a;&a;&a;&a;&a;&a;"> <!ENTITY c "&b;&b;&b;&b;&b;&b;&b;&b;"> <!ENTITY d "&c;&c;&c;&c;&c;&c;&c;&c;"> ]> <bomb>&d;</bomb> <!DOCTYPE xmlbomb [ <!ENTITY a "1234567890" > <!ENTITY b "&a;&a;&a;&a;&a;&a;&a;&a;"> <!ENTITY c "&b;&b;&b;&b;&b;&b;&b;&b;"> <!ENTITY d "&c;&c;&c;&c;&c;&c;&c;&c;"> ]> <bomb>&d;</bomb>

62. Everyday security issues, DevConf CZ 2018 62 XML network /

    fle access <!DOCTYPE external [ <!ENTITY remote SYSTEM "http://www.python.org/some.xml"> <!ENTITY local SYSTEM "file:///etc/passwd"> ]> <xml> <url>&remote;</url> <file>&local;</file> </xml> <!DOCTYPE external [ <!ENTITY remote SYSTEM "http://www.python.org/some.xml"> <!ENTITY local SYSTEM "file:///etc/passwd"> ]> <xml> <url>&remote;</url> <file>&local;</file> </xml>

63. Everyday security issues, DevConf CZ 2018 63 XML attacks –

    defusexml • billion laughs / exponential entity expansion • quadratic blowup entity expansion • DTD & external entity expansion (remote and local) • attribute blowup / attribute hash collision attack • decompression bomb (gzip) • XPath injection attacks • XInclude <xi:include /> • XMLSchema-Import <xs:import /> • XSLT features wie xalan/redirect, xalan/java

64. Everyday security issues, DevConf CZ 2018 64 gettext translation msgid

    "" msgstr "" "Project-Id-Version: 2.0\n" "PO-Revision-Date: 2003-04-11 12:42-0400\n" "Last-Translator: Barry A. WArsaw <[email protected]>\n" "Language-Team: XX <[email protected]>\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 7bit\n" "Generated-By: manually\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" msgid "" msgstr "" "Project-Id-Version: 2.0\n" "PO-Revision-Date: 2003-04-11 12:42-0400\n" "Last-Translator: Barry A. WArsaw <[email protected]>\n" "Language-Team: XX <[email protected]>\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 7bit\n" "Generated-By: manually\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n"

65. Everyday security issues, DevConf CZ 2018 65 gettext plural forms

    • English, German: nplurals=2; plural=n != 1; • French: nplurals=2; plural=n > 1; • Celtic: nplurals=3; plural=n==1 ? 0 : n==2 ? 1 : 2; • Russian: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n %10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2; • Denial-Of-Service: nplurals=2; plural=n ** 1000 ** 1000 ** 1000 ** 1000; issue #18317, #28563

66. Everyday security issues, DevConf CZ 2018 66 https://www.theguardian.com/technology/2017/aug/11/hacking-computer-dna-university-of-washington-lab

67. Input validation & sanitization

68. Everyday security issues, DevConf CZ 2018 68 SQL injection attack

    SELECT * FROM users WHERE username='%s' AND password='%s' SELECT * FROM users WHERE username='%s' AND password='%s' query = select_user % (username, password) query = select_user % (username, password)

69. Everyday security issues, DevConf CZ 2018 69 SQL injection attack

    SELECT * FROM users WHERE username='1' OR '1' = '1' AND password='1' OR '1' = '1' SELECT * FROM users WHERE username='1' OR '1' = '1' AND password='1' OR '1' = '1' username = "1' or '1' = '1" password = "1' or '1' = '1" username = "1' or '1' = '1" password = "1' or '1' = '1"

70. Everyday security issues, DevConf CZ 2018 70 subprocess shell=True run_command("myfile;

    rm -rf *") run_command("myfile; rm -rf *") def run_command(filename): return subprocess.check_call( "command {}".format(filename), shell=True) def run_command(filename): return subprocess.check_call( "command {}".format(filename), shell=True)

71. Everyday security issues, DevConf CZ 2018 71 More injection attacks

    • SQL • shell • LDAP • XPath / XQuery • NoSQL databases • ASN.1

72. Cryptography

73. Everyday security issues, DevConf CZ 2018 73 The frst rule

    of cryptography: Don't implement your own crypto!

74. Everyday security issues, DevConf CZ 2018 74 34C3: Squeezing a

    key through a carry bit • Attack by Filippo Valsorda from Cloudfare • Bug on Go's P-256 elliptic curve implementation • Misplaced carry bit in 0.00000003% • CVE-2017-8932

75. Everyday security issues, DevConf CZ 2018 75 The second rule

    of cryptography: Implement your own crypto, but never use it in production!

76. Everyday security issues, DevConf CZ 2018 76 TLS/SSL certifcate validation

    • ssl.create_default_context() • verify_mode = ssl.CERT_REQUIRED • check_hostname = True • requests.get(…, verify=True) # default

77. Everyday security issues, DevConf CZ 2018 77 Don't roll your

    own cert validation • > 6 bugs in Python's hostname verifcation code • Python 3.7 uses X509_VERIFY_PARAM_set1_host()

78. Everyday security issues, DevConf CZ 2018 78 Random number generator

    (CSPRNG) • tokens • password salt • key material • session cookies os.urandom() crypt/rand int getrandom(void *buf, size_t bufen, unsigned int fags);

79. Everyday security issues, DevConf CZ 2018 79 Passwords Salted key

    derivation and key stretching function • PBKDF2 • scrypt • argon2 • bcrypt • Constant timing comparison function

80. Everyday security issues, DevConf CZ 2018 80 Social Login, SSO,

    Kerberos

81. Everyday security issues, DevConf CZ 2018 81 AES and RSA

    are mathematical artifacts.

82. Everyday security issues, DevConf CZ 2018 82 AES ECB mode

83. Everyday security issues, DevConf CZ 2018 83 AES ECB mode

84. Everyday security issues, DevConf CZ 2018 84

85. Everyday security issues, DevConf CZ 2018 85 Malleability malleable encryption

    algorithm

86. Everyday security issues, DevConf CZ 2018 86 Hashing: Length extension

    attack # bad hashlib.sha256(data + secret_token) # bad hashlib.sha256(data + secret_token) # correct hmac.HMAC(secret_token, data, 'sha256') hashlib.blake2b(data, key=secret_token) # correct hmac.HMAC(secret_token, data, 'sha256') hashlib.blake2b(data, key=secret_token)

87. Everyday security issues, DevConf CZ 2018 87 Authenticated encryption AES-GCM

    def encrypt_image(payload, key, nonce, add_data): encryptor = Cipher( algorithms.AES(key), modes.GCM(nonce), backend=default_backend() ).encryptor() encryptor.authenticate_additional_data(add_data) ciphertext = encryptor.update(payload) ciphertext += encryptor.finalize() return ciphertext, encryptor.tag def encrypt_image(payload, key, nonce, add_data): encryptor = Cipher( algorithms.AES(key), modes.GCM(nonce), backend=default_backend() ).encryptor() encryptor.authenticate_additional_data(add_data) ciphertext = encryptor.update(payload) ciphertext += encryptor.finalize() return ciphertext, encryptor.tag

88. Everyday security issues, DevConf CZ 2018 88 XOR Encrypted with

    same nonce and same key

89. Everyday security issues, DevConf CZ 2018 89 Nonce collision

90. Everyday security issues, DevConf CZ 2018 90 Bad Crypto /

    Good Crypto Bad • MD5 • SHA-1 • DES / 3DES • RC4 • PKCS#1 v1.5 (JWE, JWT) • pycrypto package Good • AES • ChaCha20 - Poly1305 • SHA2 family (256, 384, 256) • blake2 • PyCA cryptography • libsodium (NaCl)

91. Everyday security issues, DevConf CZ 2018 91 Secrets (tokens, keys)

    Bad • env vars • command line • git • plain fles Good • Kernel keyring (except in containers) • vault • encrypted at rest • HSM, TPM

92. Everyday security issues, DevConf CZ 2018 92

93. Summary

94. Everyday security issues, DevConf CZ 2018 94 Summary • educate

    • reuse • restrict • encrypt • update • privacy

95. Everyday security issues, DevConf CZ 2018 95 Questions? • @ChristianHeimes

    • [email protected] • [email protected]

96. THANK YOU plus.google.com/+RedHat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHatNews linkedin.com/company/red-hat