Security Flaws in One Time Password Implementation: A Case Study, Slides of Software Engineering

Download Security Flaws in One Time Password Implementation: A Case Study and more Slides Software Engineering in PDF only on Docsity!

Secure Security Software

Overview

• Background

• Code sample

• Analysis

• Conclusions

• Related Works

Background: One Time Passwords

• Used to prevent replay of passwords o Can also be used to prevent reuse
• "Zero knowledge password proof" o Makes captured passwords near worthless to an attacker o Demonstrates knowledge of password without revealing the password (or revealing a way to derive the password) o Shared key (password) never goes across the wire in cleartext
• Well-known schemes o S/KEY o OTPW o RSA SecurID / SoftID

Background: One Time Passwords

• While OTP schemes are useful, they're not often used o Complexity  Setting up the infrastructure  Multiple users  Handling bad logins  Generating challenges  Provisioning keys  User interfaces  Training users how to use an OTP o Cost  OTP calculators -- extra hardware o Security  Disclosure of password list (OTPW, S/KEY)  Still requires protection from MITM attacks

About The Code

• For the purpose of this project, we will focus on the verification stage
• Assume all other stages are implemented in a correct and secure manner
• The verification procedure should also be implemented in a correct manner, but it has major security flaws
• The overall goal of the software is thwarted because it was not developed in a secure manner
• Security is only as strong as its weakest link

Poorly Implemented Server-Side Code

// Call openssl and feed it the password that it was given // by the user.

String[] args = new String[]{"/bin/sh", "-c", "openssl md5 < ./"

• username + ".tmp"}; Process p = Runtime.getRuntime().exec(args); InputStream in = p.getInputStream();

// Process the data from openssl // ---8<--- //

Analysis

• What's wrong? o Input validation -- none! o File names can be selected by the attacker o Command injection immediately apparent  What happens if I enter "|rm -r /" as the user?
• If the program is running as a superuser to generate security tokens (e.g. provide login services), we have a privilege escalation issue o Anonymous user => root o Anything can happen
• If the program is restricted, things are a little bit better o Might be able to run programs as a restricted user o May be able to view or modify configuration information (system secrets?)

Conclusions

• We have shown that software security is needed in security software. Using a well-known protocol is not enough to ensure the software's security
• Other examples exist of security software with software security vulnerabilities -- try visiting Bugtraq, or NVD o CVE-2006-3961: Network Associates: McAfee Security Center 6.0.23, buffer overflow, arbitrary remote code execution o CVE-2007-5603: SonicWall: SSL-VPN NetExtender buffer overflow, arbitrary remote code execution o CVE-2010-0107: Symantec: Norton Internet Security, buffer overflow, arbitrary remote code execution
• Very few bugs of this flavor (high risk, arbitrary remote code execution) are present in today's security software o Improving code quality?

Related Works

• E. Barkan, E. Biham, and N. Keller, “Instant ciphertext-only cryptanalysis of GSM encrypted communications,” in Proc. Int. Cryptology Conf. (CRYPTO) 2003, pp. 600–616.
• Ya-Fen Chang , Chin-Chen Chang , Jui-Yi Kuo, A secure one- time password authentication scheme using smart cards without limiting login times, ACM SIGOPS Operating Systems Review, v. n.4, p.80-90, October 2004
• Alain Forget, Robert Biddle, Memorability of persuasive passwords, CHI '08 extended abstracts on Human factors in computing systems, April 05-10, 2008, Florence, Italy
• V. Goyal, A. Abraham, S. Sanyal, and S.Y. Han, “The N/ R one time password system.” in Proceedings of International Conference on Information Technology: Coding and Computing (ITCC’ 05) , 4- April, 2005, vol. 1, pp. 733-738, 2005.