You are on page 1of 79

Information

Security
SQL Injec*on and Cryptography

About me
Miguel Ibarra PHP developer since 2000
Actually, coding since 1986

Projects from simple web pages to GRPs SoLware Engineer @ Tiempo Development Webservices, security and cryptography fan

I can has ur data?

I can has ur data?


Today, informa*on assets can be more valuable

than physical assets

Lost your USB s*ck lately?

Data theL is becoming an every-day issue and

concern

Data Dump
I can has ur data?

I can has ur data?


linkedin.com
6th June 2012 More than 6 million

last.fm
7th June 2012 ? Million passwords

passwords

eharmony.com
6th June 2012 More than 1.5 million

yahoo.com
12th June 2012 443K passwords Sql injec*on Passwords in plain text

passwords

Hot news!
I can has ur data?

Worlds biggest data breaches


2010 - 2013

Worlds biggest data breaches


2010 2013 (Web only)

I can has ur data?


Public web applica*ons expose an authen,cated

and authorized connec,on to DBMS servers


DBMS have their own authen*ca*on and

authoriza*on systems Applica*ons that use such DBMS need creden*als to connect to DB servers This type of apps can have their own auth procedures
They can be vulnerable

I can has ur data?


It does not maeer if your DBMS is behind a rewall

and/or private network

User Public network Web server Private network DBMS Server

SQL Injection
How I got your data

SQL Injection
Golden rule:

Filter/Validate inputs, escape outputs

many developers do not follow this rule

SQL Injection
Our database schema


Sample resultset
WTF?

SQL Injection
Live demonstra*on

Protecting your data Password Hashing

Protecting your data Password Hashing


Hash Algorithm that maps data of variable length to data of xed length One way func*on
Output cannot be reversed using an ecient

algorithm

Also called pseudo-random func*on Output indis*nguishable from true random data Popular hashing algorithms md5 sha1

Protecting your data Password Hashing


Hash proper*es Output yields a xed length result
md5(1) =

c4ca4238a0b923820dcc509a6f75849 md5(Hello world) = 3e25960a79dbc69b674cd4ec67a72c62


The slightest change, totally dierent results
md5(Hello World) =

b10a8db164e0754105b7a99be72e3fe5

Protecting your data Password Hashing

Message space

Result space

Protecting your data Password Hashing

Hashing encryp*ng

Protecting your data Password Hashing


Our new schema

Sample resultset

Protecting your data Password Hashing


Again, cannot revert a hash using an ecient

algorithm

Hash

Algorithm

Data

but can be cracked Crack <> Hack

Protecting your data Password Hashing


Brute force aeack Generate hashes from a dic*onary Common words Generate character combina*ons Exhaus*ve search Generated hash = target hash? Bingo Innecient, but CPU power is growing (mul*ple cores) GPU can be used too (thousands of cores) Cloud systems

Algorithm md5 sha1

Speed 5600 million h/s 2300 million h/s

8 chars 10 hours 26 hours

9 chars 27 days 68 days

10 chars 4.5 years 11.5 years

ATI HD 5970
String consis*ng of a-z|A-Z|0-9

Protecting your data Password Hashing


Hash database aeack Query a database with pregenerated hashes
Several sites oer this service, free

Google.com
hep://bit.ly/15O4SLN

Protecting your data Password Hashing


Gesng a hash through sql injec*on Live demonstra*on

Password salting

Password salting
Salt Random character string f(password, salt) = hash(password + salt)

Password salting

Password

Salt

Result

Password salting
Our new schema

Sample resultset

Password salting
Salt has to be stored in clear text as to authen*cate

a user

if( hash(<provided password> + <salt eld>) ==

<password eld> ) then

User creden*als are valid

Password salting
Hash database aeack becomes improbable If hash remains unknown, brute force aeack

becomes improbable

Total characters: 42 Calcula*ons per second: 4 billion Possible combina*ons: 522 duovigin*llion Total *me to crack: 4 septendecillion years*
According to heps://howsecureismypassword.net/

Password salting
But the aeacker could modify the aeack to obtain

the salt eld

DEMO The aeacker would only need to launch a brute

force aeack

Generate some character combina*on string Concatenate salt and hash Compare hashes

Password stretching

Password stretching
To mi,gate men*oned aeack, use password

stretching technique

Create a recursive / itera*ve algorithm that

calculates a hash value over itself thousand (or more) *mes

Thousands of *mes

Hash

Password

Salt

Hash Algorithm
Hash Password Salt

Hash Algorithm
Password Salt

Password stretching
This algorithm should iterate enough to delay each

calcula*on by 1 second aeacker

In order to crack with a brute force aeack, the


Should know the exact itera*on count
+/- 1 itera*on will result in totally dierent hash value

Should wait 1 second between each aeemp This makes the aeack highly improbable

Password stretching
Several standard algorithms for password

stretching

PBKDF2 Bcrypt Scrypt

I can still has ur data

I can still has ur data


We give it away freely Facebook
Twieer Foursquare

If it is free, you are the product

I can still has ur data


We uninten*onally give it away Phishing scams
Social engineering Adware / Spyware / Browser bars / Apps Weak passwords
Names Birthdays Phone numbers Common passwords

I can still has ur data


It is forcibly/unlawfully taken from us Extor*ons / black mail Unethical prac*ces banks Government spy programs NSAs PRISM Communica*ons Intercept System Mexico
Requested by USDoS to Mexican Federal Government in

2007 Request cancelled in 2012

Unknown sponsored spy programs


Rumored FinFisher program probably running in

networks belonging to Uninet, Iusacell and Televisa

Cryptography 101

Cryptography 101
Krypto Hidden Graphos
Script

Tecnique to modify a linguis*cal or caligracal

presenta*on of a message

Ruled by an algorithm Must allow forward and backward process

Cryptography 101
700BC - Scytale

Cryptography 101
<40BC Caesar Cipher

Cryptography 101
1467 Alber* Cipher

Cryptography 101
1797 Jeerson Wheel

Cryptography 101
1943 Enigma machine

Cryptography 101
Today, cryptography is performed by an automated

algorithm: Cipher
Takes an input

Short name for pseudo-random permuta*on


Applies a reversible algorithm Outputs data indis*nguishable from a truly random

data stream Result space is equal to message space


No collisions

Message Result space space

Cryptography 101
Modern algorithms use a key They key is used to transform a message into a

pseudo-random string

This is called cipher

This pseudo-random string can be transformed

back to the original message only with this key


decipher

Cryptography 101
2 key types
Symetric Asymetric

Symetric ciphers

Symetric ciphers
The same key is used to cipher and decipher The 2 endpoints must agree on this key Security relies mainly in this key Key must be improbably guessed
Key space has to be large

Symetric ciphers
Simple and safest symetric key chipher algorithm XOR
1 0 = 1 1 1 = 0 0 0 = 0

a = ascii(97) 9710 = 110000012 Random key = 01010000

Data to cipher Random key Ciphered data

1 0 1

1 1 0

0 0 0

0 1 1

0 0 0

0 0 0

0 0 0

1 0 1

Data to decipher Random key Original data

1 0

0 1

0 0

1 1

0 0

0 0

0 0

1 0

Symetric ciphers
Ciphered data is impossible to decipher without the

key by an ecient algorithm

This is, no exhaus*ve search for the key

Is very simple Key length must be the same as message length Security measures applied while securily sharing

the key might as well we applied to the unciphered message

Symetric ciphers
In fact, every symetrical cipher weakest link is the

key

An aeacker, instead of brute forcing the key, might

as well focus on incercep*ng the key


Popular cipher algorithms
DES 3DES AES

Asymetric ciphers

Asymetric ciphers
Has a key pair Private key: only the owner can know it
Public key: owner can share it freely

Message ciphered with the public key can only be

deciphered with the private key deciphered with the public key

Message ciphered with the private key can be This adds a message authen*ca*on mechanism

Asymetric ciphers
Algorithms are based on prime number and one

way func*ons

Way too easy to mul*ply to prime numbers Factorizing a number into its prime factors is very

dicult Usually involves very large prime numbers


Hundreds of digits

Asymetric ciphers
Asymetric ciphers require more processing *me Keys are required to be large As todays standards, 2048 bits Ciphered message is bigger than the original message

Popular algorithms RSA Hybrid symetric/asymetric algorithms HTTPS/TLS

Just encrypt it and you are safe


are you?

Just encrypt it and you are safe are you?


Weakest links in cryptography Again, the key
and how it is implemented

Aircrack anyone? WEP algor*hm: example of bad crypto implementa*on

Just encrypt it and you are safe are you?


Common cryptography implementa*on

misconcep*on Key

Message

Cipher Message

Just encrypt it and you are safe are you?


Do not

Use a short key Use weak random data to generate a key Use directly the generated key

Try to derive the key rst PBKDF2 Pseudo-random

Use the same key to cipher mul*ple messages


WEPs Achilles heel If you need to, use nonces Nonce salt Nonce is included with

the message

Cipher and send


Always add signature

func*on

Use the same key to cipher iden*cal messages


Informa*on leak

verica*on mechanism Hash-mac Hash with a key Hash-mac signature included in message

Do not use weak random data


Random data, PHP 4s rand() func*on output on Windows converted to bitmap

Encryption in databases

Encryption in databases
We have the following schema

Encryption in databases
The aeacker, unable to get login details, could

modify the aeack to get personal informa*on:

Encryption in databases
MySQL supports AES cipher algorithm, then we

could modify our schema

Encryption in databases
If the aeacker executes the injec*on

Encryption in databases
S*ll informa*on can be leaked Suppose the 2 users share the same phone number, the aeacker could no*ce this since data was ciphered with the same key

Tweakable encryption

Tweakable encryption
Remember, do not use the same key to cipher

mul*ple messages

Do we need to generate a new key for each record? Say, we have thousands of records, do we need

thousand keys?

NO
Use a tweak

Tweakable encryption
Every table should have a primary key So the values inside the primary key must be unique to every record Use the master key + primary key value, then hash
f(key, pk value) = hash(key + pk value)

Youll have an unique cipher key for each record Now, elds with the same plain text value will

appear to be completely dierent when ciphered

Last Words
Last words Informa*on privacy is YOUR RIGHT
Do you consider it to be a paranoid idea
or a daily life concern?

First informa*on privacy law from 1890 US


Laws cannot keep up with technology

QA
QA

Thank yall!