cs390s week 13: randomness pascal meunier, ph.d., m.sc., cissp november 15, 2006 developed thanks to...
Post on 22-Dec-2015
213 views
TRANSCRIPT
![Page 1: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/1.jpg)
CS390S week 13: RandomnessPascal Meunier, Ph.D., M.Sc., CISSPNovember 15, 2006Developed thanks to the support of Symantec Corporation,NSF SFS Capacity Building Program (Award Number 0113725) and the Purdue e-Enterprise CenterCopyright (2004) Purdue Research Foundation. All rights reserved.
![Page 2: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/2.jpg)
Learning objectives
Understand why creating files in insecure directories like /tmp is difficult but useful
Learn why OS-provided function calls help tremendously
Understand the need for good randomness Learn which OS-provided function calls help provide
good random numbers Learn how to create random file names Learn a randomness visualization technique Understand the need for randomness in networking
protocols such as TCP
![Page 3: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/3.jpg)
Temporary Files
Space for temporary files is found in directories such as /tmp, /var/tmp or C:\TEMP, where everyone can write
Space may be purged regularly (e.g., "every night, files older than 5 days are deleted") and during reboot
Space used by many UNIX or Windows utilities, installers and programs
UNIX systems are often configured so that this space is not counted as part of user quota– Allow large, temporary jobs
![Page 4: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/4.jpg)
Shared vs Secured Directories
Secured Directories– Solution discussed in previous slides (Part 5)
e.g., temporary directory in user directories in Windows– %userprofile%\Local Settings\Temp
– Avoid the problems of shared directories Most of the problems discussed in these slides don't apply to
secured directories
– Prefered solution
What if you need or want to use a shared directory?– What are the dangers of using shared directories?– What do you need to do to avoid these problems?– If that's what you want to know keep reading these slides
![Page 5: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/5.jpg)
Race Conditions In Shared Directories
There's a race condition between testing if a file already exists and creating it– Need a unique and unpredictable name to avoid a
collision between links and your files or directories
There's a race condition between creating a file and changing its permissions– Permissions initially set by OS based on:
umask (UNIX) ACLs of parent (Windows)
– Are they the desired and correct permissions?
![Page 6: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/6.jpg)
Name Collisions Attacks
What if the name of your temporary file (lock file or other) in /tmp is constant or predictable?– Your program using a lock file may never run or do what
it's supposed to! Run the lock.c example from part A, but this time, create a
lock file beforehand... Your program will never get past the lock file test (obviously)
Lock files need to be put where other users can't create files
– It's easy to make a symlink pointing to a sensitive file
Symlink attacks are easier if the name of the temporary file is predictable
![Page 7: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/7.jpg)
How Not to Choose a Random Name
Use the process ID Use the user ID Use the time of day Use a counter Use a bad random number generator etc...
![Page 8: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/8.jpg)
OS Support for Temporary Files
The following take a filename “template” as input– mktemp - generate temporary file name (unique)– mkstemp - also create the file– mkstemps - generate temporary file name with suffix– mkdtemp - create a directory
Overwrite part of a template to create a unique name
Some of these functions used to create names using parts of the date or process ID, etc... and were insecure
![Page 9: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/9.jpg)
mktemp (1) (3)
Section (1): command line (shell scripts)– BSD/MacOS X:– creates file with mode 0600
unique name
Section (3): C programs– Race condition between getting the name and creating the
file!– The program must use "open" with the O_CREAT |
O_EXCL flags, and loop until the file is successfully created, or use a different function
![Page 10: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/10.jpg)
Command Line Example
% mktemp "testXXXX"testpnbE% ls -al-rw------- pascal staff testpnbE
![Page 11: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/11.jpg)
mkstemp
Creates name Creates file open for reading and writing with mode
0600 Returns a file descriptor No race condition! Recommended function Usage for extremely paranoid people:
“Unlink” the hard link pointing to the descriptor immediately afterwards (this is a race condition)
The file still exists but nobody else (except with difficulty, the superuser) can access it
![Page 12: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/12.jpg)
Mini Lab
Take the previous lock.c example Modify it to use mkstemp to generate a temporary
file with a unique name Of course, the temporary file created that way is not
a lock file anymore, and would be used to store temporary data instead
![Page 13: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/13.jpg)
Windows Shared Directories
No equivalent to mkstemp() GetTempFileName
– Creates names by incrementing a counter!– Predictable file name
Race condition between getting the name and creating the file– Attacker could create the file to prevent you from using it– If you use the CREATE_ALWAYS flag, see next slide
Under Windows, you have no choice but to write your own function
Still a race condition, limitation due to lack of OS support (use secured directories instead)
![Page 14: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/14.jpg)
Windows CreateFile Problems
Recommended use with the "CREATE_ALWAYS" flag is dangerous– "CREATE_ALWAYS" flag recommended by MSDN,
Howard and Leblanc 2003 Overwrites the file Does not set the security descriptor specified by the
SECURITY_ATTRIBUTES structure– Do the SECURITY_ATTRIBUTES matter to your application?
Perfect opportunity to trick you into overwriting a sensitive file– e.g., with a hard link– Can't use the flag to not follow reparse points– Note that links being uncommonly used in Windows FS
won't prevent an attack from succeeding
![Page 15: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/15.jpg)
Windows CreateFile
TRUNCATE_EXISTING will follow a hard link and could truncate something else than intended
Use "CREATE_NEW"– "The function fails if the specified file already exists. "
(MSDN) – You need to check for errors and loop until the file is
successfully created
![Page 16: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/16.jpg)
GetTempPath
MSDN recommends that software use the GetTempPath function to get the location of the temp dir, but this is dangerous
Checks for the existence of environment variables in the following order and uses the first path found:1. The path specified by the TMP environment variable.
2. The path specified by the TEMP environment variable.
3. The path specified by the USERPROFILE environment variable.
4. The Windows directory."
Are the environment variables safe to use?– Probably not unless you set them yourself
![Page 17: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/17.jpg)
Exercise (Windows): Creating Temporary Files
Go to http://msdn.microsoft.com/library/default.asp?url=/library/en-us/fileio/base/creating_and_using_a_temporary_file.asp
Discuss things that you would do differently, compared to the example, when creating a temporary file in Windows– Find the race condition (hint: MoveFileEx)
![Page 18: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/18.jpg)
Exercise Answers
Possible answers:– They used the CREATE_ALWAYS flag instead of
CREATE_NEW Add a loop until success
– Use randomly generated file names How to do that on Windows? (see next slides)
![Page 19: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/19.jpg)
The Need for Random Numbers
Unique file or directory names Session IDs that carry proof of authentication
(nonces), passwords Games (data, behavior, opponent generation,
character generation) Encryption Cryptographic protocols
![Page 20: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/20.jpg)
How Random Numbers Are Generated
Linear Congruential Generators– Simple way to generate pseudo-random numbers– Easily cracked– Produce finite sequences of numbers– Each number is tied to the others– Some sequences of numbers will not ever be generated
Cryptographic random number generators Entropy sensors (i.e., extracted randomness)
![Page 21: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/21.jpg)
Seeded Random Number Generators
Pseudo-random generators depend solely on a seed, which determines the entire sequence of numbers returned
How random is the seed?– Process ID, UserID: Bad Idea– Current time: if you’re running NTP (Network Time
Protocol) all systems are synchronized up to some precision. If you use the time, maybe I can guess which seed you used (microsecond part might be difficult to guess, but is limited)
![Page 22: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/22.jpg)
How to Cheat At Random Number Generation
Find a seed that will produce the numbers you want Seed the generator with it Convince someone: "it's random, see?"
– RPG Character generation, etc...
![Page 23: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/23.jpg)
Roll Your Own Generator?
What matters is not only the average and the variance of the numbers generated
All sequences of numbers must be possible LCGs travel definite, limited “paths” through the
universe of possible sequences Need to incorporate entropy as it becomes available Need to avoid betraying the internal state of the
generator... It's difficult to do correctly
![Page 24: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/24.jpg)
Which Generator to use?
Read description, avoid Linear Congruential Generators such as these:– “C” rand(3)– rand (Windows CE, Visual C++, Visual Basic, etc...)– Perl rand – C# Random– PHP rand
![Page 25: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/25.jpg)
Good Generators
Hardware-based– Noise
Cryptographical quality software, entropy-seeded– Fast, secure
Pure Entropy– Random timing of events
Packets Mouse movement, clicks Keyboard
– Slow
![Page 26: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/26.jpg)
Linux/UNIX Devices
/dev/random:– MacOS X: same as urandom– Linux: this is a blocking call that returns only when
sufficient entropy has been captured– Good for seeding pseudo-random number generators
/dev/urandom:– Implements a fairly complex algorithm that varies between
“random” and a well-seeded LCG depending on the availability of entropy
– Non-blocking call– Try "cat /dev/urandom"
![Page 27: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/27.jpg)
Portability
FreeBSD, OpenBSD, NetBSD compatible Several projects ported the functionality to Solaris,
HP-UX, AIX, IRIX MacOS X implements Yarrow for both random and
urandom (so the behavior of “random” is unexpected).
![Page 28: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/28.jpg)
Windows
Windows developers must use the function CryptGenRandom(), which uses the same idea as /dev/urandom
There is no directly accessible entropy collector provided by the OS– Reference: "Secure Programming Cookbook", section
11.4 (Viega et al.)
![Page 29: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/29.jpg)
Randomness Visualization
Strange attractors–Zalewski 2001, 2002 "Strange Attractors and TCP/IP
Sequence Number Analysis"
Given a sequence of numbers s[n] compute:–x[n] = s[n-2] - s[n-3]–y[n] = s[n-1] - s[n-2]–z[n] = s[n] - s [n-1]
These are the x,y,z coordinates of a point–Plot them to see hidden dependencies
![Page 30: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/30.jpg)
Cisco IOS 12.2 (Zalewski 2002)
![Page 31: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/31.jpg)
IRIX (Zalewski 2002)
![Page 32: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/32.jpg)
Windows XP (Zalewski 2002)
![Page 33: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/33.jpg)
ISN Vulnerabilities
Predictable–Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise
Firewall 6.5.2 and 7.0, VelociRaptor Models 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 generate easily predictable initial sequence numbers (ISN), which allows remote attackers to spoof connections.
CAN-2002-1463
–Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
CVE-2001-0288
–etc...
![Page 34: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/34.jpg)
TCP RST Flag
TCP reset (RST) flag is used to abort TCP connections, usually to signify an irrecoverable error
–Receiver deletes the connection, frees data structures
RST messages are accepted only if they fit inside the sequence number window
–Prevents delayed RST messages from previous connections to affect the current connection
![Page 35: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/35.jpg)
TCP RST Attack
Send a RST (TCP RESET flag) packet with a spoofed IP address to either side of a valid connection
–Need to guess a sequence number inside the appropriate window
Or sniff traffic to know which number to use
–The range can be guessed fairly efficiently for RST attacks–Sequence numbers: 32 bits–Window size: up to 16 bits–Number of guesses 32-16 = 16 bit address space
65535 RST attempts, ~ 4 min on DSL connectionFaster connection or zombies, faster RSTThis is the brute force RST attack
![Page 36: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/36.jpg)
TCP Session Hijacking
Idea: all that’s required to mess up someone else’s TCP session is guessing or knowing the sequence numbers for their connection.
–Only need to fall within the needed range, exact guess not needed
Send a spoofed IP packet, with a TCP payload that inserts dataBlast the legitimate client off the net
–Replies are still sent to client but client is incapacitated–You do not get to see replies: “blind” hijacking
Unless you can sniff traffic, in which case the sequence numbers to use are also known
![Page 37: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/37.jpg)
Questions or Comments?
![Page 38: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/38.jpg)
About These Slides
You are free to copy, distribute, display, and perform the work; and to
make derivative works, under the following conditions.
– You must give the original author and other contributors credit
– The work will be used for personal or non-commercial educational uses
only, and not for commercial activities and purposes
– For any reuse or distribution, you must make clear to others the terms of
use for this work
– Derivative works must retain and be subject to the same conditions, and
contain a note identifying the new contributor(s) and date of modification
– For other uses please contact the Purdue Office of Technology
Commercialization.
Developed thanks to the support of Symantec Corporation
![Page 39: CS390S week 13: Randomness Pascal Meunier, Ph.D., M.Sc., CISSP November 15, 2006 Developed thanks to the support of Symantec Corporation, NSF SFS Capacity](https://reader030.vdocuments.us/reader030/viewer/2022032523/56649d785503460f94a5ba47/html5/thumbnails/39.jpg)
Pascal [email protected]:Jared Robinson, Alan Krassowski, Craig Ozancin, Tim Brown, Wes Higaki, Melissa Dark, Chris Clifton, Gustavo Rodriguez-Rivera, Michael Howard