View
5
Download
0
Category
Preview:
Citation preview
Sensitive Data Exposure
Emmanuel BenoistFall Term 2020/2021
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 1
Table of Contents
� ExamplesAttacks
� Recommendations
� PCI Data Security Standard
� Conclusion
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 2
Sensitive Data Exposure
OWASP TOP 10 A3:2017
Where sensitive data can be accessed due to lack ofencryption
Local StorageDatabaseTransit (LAN)
Backups contain sensitive dataBackup policy is part of security policyData stored must be readable... but not to much!
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 3
Exploitability
Attackers typically don’t break crypto directlyBreak something elseSteal keysman-in-the-middle
Steal clear text dataon the serverin transitfrom user’s browser
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 4
Hard to exploit
Simple: no encryption at allthe most common flaw
When crypto is employedweak key generationweak key managementweak algorithm usage
Difficult to detect server side flawslimited accesshard to exploit
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 5
Impact is Severe
Compomises sensitive dataHealth recordscredentialspersonal datacredit cards. . .
Impact on your businessValue of data for competitorsReputationCompliance
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 6
NSA vs. Google
Wikileaks showed that NSA was spying on google mailTons of mails were readableNSA listened to communication between datacentersCommunication was cleartext
Google strengthtened its systemsHTTPS for any client to gmailencryption of data between servers
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 7
Heartbleed
Disovered in 2014Bug in the library Open SSLImplementation of Heartbeat by a PhD studentHeartbeat : extension for TLS (Transport Layer Security)
PrincipleEach heartbeat exposed up to 64kB of memory
VictimsCanada Revenue Agency : theft of 900 taxpayers SocialInsurance Numbersin UK, Mumsnet had accounts hijacked (including CEO’s one)
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 8
Scenario: encrypted database
A Database is stored encryptedAutomatic encryption is doneData stored on the disk are unreadableBut SQL injection can read Credit Card Numbers
SolutionEncrypt data with a public keyCards can only be read from back-endusing private keyData are “write only”
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 9
Scenario: HTTP vs HTTPS
A site has HTTP pagesLogin occures in HTTPS pagesRest of pages are HTTPSAnother part of site is HTTP
If cookie is not “secure”SessionID is sent also for HTTP pages / resources (images,css, . . . )Can be spyed by third partyCan be used for inpersonating the victim
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 10
Are you exposed?
First define which data are sensitiveHealth dataCredit Card informationpersonal informationCredentials (passwords, keys, . . . )
Are they stored clear text?Including Backup
Are they transmitted clear text?On the internetInside the internal network
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 11
Are you exposed? (Cont)
Do you use weak or old crypto?Some algorithms are proven weak (MD5 for instance)Configuration is crutialNo self made crypto library : details are important
Do you use the browser correctly?security directives or headers missing?
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 12
Store sensitive data that you need
Credit Card numberMany shops use third party payment providersNo need to store Credit Card numbersReceives a transaction number certified by the bank
ExamplesZalando uses “Verified by Visa” or “MasterCard secure code”The bank verifies the validity of the card (using TAN forinstance)
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 13
Only use strong cryptographicalgorithms
Use only approved public algorithmsAES for symetric encryption,RSA for public key crypto,SHA-256 or better for hash functions
Don’t use weak algorithmsMD5SHA1
Classification changes with the timeFor more details: CAPV program validates crypto algorithmshttp://csrc.nist.gov/groups/STM/cavp/index.html
Configuration is also importantChoice of saltsIntegrity with MAC (HMAC-SHA256 or HMAC-SAH512)
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 14
Ensure that random numbers arecryptographically strong
Random generators are used forrandom numbersrandom file namesrandom userID’s or sessionID’srandom strings
Should be generated in a cryptographically strongfashion
No one should guessSeeded with sufficient entropy
Bad exampleSeed = current time in milliseconds or microsecondsVery easy to know (or brute force)
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 15
Use only widely acceptedimplementations of crypto algorithms
Do not implement an existing algo on your ownNo matter how easy it appearsExample : heartbleed
Ensure that implementation involved crypto specialistsFor the designand for the review
If possible: implementation should be FIPS 140-2certified
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 16
Always ensure data integrity andauthenticity
Encryption must be combined with data integrityOtherwise the ciphertext can be changedEspecially over an untrusted chanel (e.g. URL or cookie)
Use crpytographic cipher modes that offer bothconfidentiality and authenticity
CCM, GCM, OCB
If not combine encryption in cipher-block chaining modeCBC with MAC (Message Authentication Code)
CBC = Cipher Block ChainingMessage Authentication Code : HMAC, UMACDo not use ECB mode (Electronic codebook)
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 17
Store passwords hashed and salted
Clear textVulnerable to SQL injection and the like
Just hashedPresent in rainbow tables
Hashed with a user specific saltA salt is an information added to the value before passing tothe hash function.Attack must be conducted for each of the users
Use hash functions with work factorsArgon2, scrypt, bcrypt or PBKDF2
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 18
Ensure that any secret key isprotected from unauthorized access
Define a key lifecycle
Store unencrypted keys away from the encrypted data
Use independent keys when multiple keys are required
Protect keys in a key vault
Document concrete procedures for managing keysthrough the lifecycle
Build support for changing keys periodically
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 19
Insecure Cryptographic Storage
Data and Credentials are rarely protected withcryptographic functions
Data collected can be used by attackersFor Identity Theftor other crimes like Credit Card Fraud
Most common problemsNot encrypting sensitive dataUsing home grown algorithmsInsecure use of strong algorithmsContinued use of proven weak algorithms (MD5, SHA-1, RC3,RC4, etc.)Hard coding keys, and storing keys in unprotected stores
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 20
Examples
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 21
Attacks
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 22
E-Commerce Web Site
Suppose we manage a e-shopWe sell goods and clients pay using their credit cardsWe have to store the address and references of all our clientsfor the legal issues.Data stored: name, address, e-mail, phone, Credit CardsNumbers
Our web site is attackedAttackers access to our DatabaseThey can harvest the whole content of our customer clients
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 23
E-Commerce Web Site (Cont.)Damages?
For the ClientsUse of Credit Cards Number by attackersPrivacy violationIdentity Theft. . .
For The Web SiteReputationClients data stolen (can be resold to a competitor)Business secrets stolen
For the Credit Card CompanyReputation
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 24
Which assets should be protected?
Passwords of users
Clear-text : accessible by SQL injection, or insidersHashed : can be verified, but not readProblem : Easy to check using lists of hashed passwords(dictionary attack)Hashed with the same salt : Attackers need to find the saltHashed using a generic salt and a specific salt
Credit Card Numbers
Ruled by the Credit card industry (see later)
Private keysShould always been stored encryptedAt least protected using a passphrase
Business dependantPrivate dataSocial Security Number (AHV / AVS in Switzerland)
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 25
Cryptographic tools
EncryptionIf you need to read and write data: symmetric encryption (e.g.DES, AES)If reading and writing are done by different entities:asymmetric encryption (e.g. RSA)
One-way hash functionsOne input has always the same outputImpossible to go from the output back to the inputNo collision can be generated (two inputs having the sameoutput)Example : SHA-256
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 26
Example: Self Made CryptoAlgorithmHash Function
We want to hash a Medical Record NumberHighly Sensitive dataRequire One-Way hashingNeeds to be implemented by a partner.
Partner delivers a self-made algorithmBased on ModuloThis function is so complicated that it can not be reversed.
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 27
Self Made Crypto Algorithm
AlgorithmTransform all the chars in the string into numbersTake an arbitrary number (always the same)Add this number to the last char, and modulo to remains ininterval where conversion of number and char is automaticAdd the obtained number to the penultimate char and moduloetc.The numbers obtained form a stringThe string is “secure”
AttackTake the obtained string, start from the firstSubstract the arbitrary name to the char, we obtain theoriginal valueGo on the sameIf the obtained number is negative, then modulo was used,attacker just needs to substract this value.
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 28
Recommendations
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 29
Recommendations
Recommendations
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 30
Use only Strong Crypto Algorithms
Do not create cryptographic algorithmsOnly use approved public algorithms such as:AES, RSA public key cryptography and SHA-256 or better
Do not use weak algorithmsMD5 / SHA1 hash functions have been proven weakFavor safer alternatives such as SHA-256
Use TLS with Perfect Forward SecrecyTo protect the future if a private key is leaked.The communication is done using a session key that can notbe found, even it key is leaked later.
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 31
Handle Keys with extra Care
Generate keys offline and store private keys withextreme care
Never transmit private keys over insecure channels
Store if possible your private key encryptedUsing a pass-phraseOr in a Password Manager
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 32
Protect Infrastructure Credentials
Data Base credentialsUse tight file system permissions and controlsEncrypt securely credentials
Encrypted data should not be easy to decryptdatabase encryption,useless if database connection pool provides unencryptedaccess
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 33
PCI Data Security Standard
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 34
PCI Data Security Standard
Payment Card Industry Data Security StandardDeveloped by major credit card companies (e.g. Visa,Mastercard, American Express)to help organizations preventing credit card fraud
Must be implemented by any merchant using CreditCards
A company processing, storing or transmitting payment carddata must be PCI DSS compliantRisk: losing their ability to process credit card payment
Compliance must be validated periodicallyValidation conducted by auditors (Qualified Security Assessors(QSAs)Smaller companies just fill a self-assessment questionnaire.
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 35
PCI-DSS Requirements IBuild and Maintain a Secure network
Install and maintain a firewallDo not use vendor-supplied default password and othersecurity parameters
Protect Card-holder DataProtect stored card-holder dataEncrypt transmission of card-holder data across open, publicnetworks
Maintain a Vulnerability Management ProgramProtect all systems against malware and use and regularlyupdate anti-virus software or programsDevelop and maintain secure systems and applications
Implement Strong Access Control MeasuresRestrict access to card-holder data by business need-to-knowIdentify and authenticate access to system componentsRestrict physical access to card-holder data
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 36
PCI-DSS Requirements II
Regularly Monitor and Test NetworksTrack and monitor all access to network resources andcard-holder dataRegularly test security systems and processes
Maintain an Information Security PolicyMaintain a policy that addresses information security for allpersonnel
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 37
PCI DSS - Storage of data
Card-holder DataPrimary Account Number (PAN, a.k.a. credit card number)Card-holder nameService CodeExpiration DateCan be storedRequire protection
Sensitive Authentication DataFull Magnetic StripeCVC2/CVV2/CIDPINCan in no case be stored
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 38
Store only necessary data
Develop a data retention and disposal policyLimit storage and retention time to which is requiredfor business, legal, and/or regulatory
Protect PANTruncate card-holder data if full PAN is not neededNever send PAN in unencrypted e-mailsMask PAN when displayed
Render PAN unreadable anywhere it is storedStrong one-way hash functionsTruncationIndex tokens and pads (pads must be securely stored)Strong cryptography with associated key managementprocesses and procedures
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 39
Conclusion
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 40
Conclusion
Define which data are sensitiveDepends on regulation
Protect dataUse cryptography
Discard data as soon as possibleAny non existent data can not be stollen!
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 41
Sources
OWASP Top 10, A3:2017
Wikipedia Heartbleed
OWASP Cryptograhic storage cheat sheethttps://www.owasp.org/index.php/Cryptographic_
Storage_Cheat_Sheet
Payment Card Industry Data Security Standards (PCI DSS)https://www.pcisecuritystandards.org/
Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 42
Recommended