16 padding oracle attack.pptx
-
Upload
rap-payne -
Category
Technology
-
view
89 -
download
1
description
Transcript of 16 padding oracle attack.pptx
Padding Oracle Attacks
Problem and Protection
The big ASP.NET vulnerability
o Oracle attacks have been known about since 2002
o Rizzo and Duong write a white paper for Usenix in May 2010
o When companies do little to respond, they write POET and release details in September 2010
o Attackers can gain access to any encrypted data on your website
o September 17, 2010 Microsoft admits flaw o September 20 The world goes into panic mode!
An Oracle give hints, but not answers.
o From Greek mythology. A seer or diviner
Padding is needed for encryption.
o A Blowfish encryption of "DoubleRainbow" is 948FB2E965F0CE6AC557088F123DA31B
o A Blowfish encryption of "DoubleRainbowAll" is 948FB2E965F0CE6A50192C23AC24DFFD
o Note: The clear strings are different sizes but the encrypted strings are the same size
o Why?
Breaking encryption using an oracle
o Data is encrypted using a key o Attackers will bombard the oracle with
questions, using the hints to zero in on the key
o Once they have the key, they can get anything they want from our sites including encrypted values in cookies and root access to the host machine
How attackers do it
o Find Base64 strings in cookies, hidden fields o Decode it. If it is random text and is 8, 16, or 32
bits, then it is likely a ciphertext o Change the last character and send back o If error message is a “Padding error”, then we
know for sure o Send thousands of http requests using different
keys and look at the error codes returned o Certain error codes give hints o POET Simply automates the attack
How attackers do it
How we protect ourselves
o Don’t allow your site to give hints! • Don’t return actual errors. Instead, we return a
generic error page • Return these generic errors irregularly
Don’t return actual errors
o Change web.config (3.5 SP1 - up): <configuration>
<location allowOverride="false"> <system.web>
<customErrors mode="On" redirectMode="ResponseRewrite" defaultRedirect="~/ErrorPage.aspx" />
</system.web> </location>
</configuration>
o Change web.config (1.1 - 3.5): <configuration>
<location allowOverride="false"> <system.web>
<customErrors mode="On" defaultRedirect="~/error.html" /> </system.web>
</location> </configuration>
Sleep irregularly
o Add this to the page load of the error page: byte[] delay = new byte[1]; RandomNumberGenerator prng = new RNGCryptoServiceProvider(); prng.GetBytes(delay); Thread.Sleep((int)delay[0]); IDisposable disposable = prng as IDisposable; if (disposable != null) disposable.Dispose();
Summary
o Padding Oracle Attacks are very dangerous because attackers can get up to root access on your server
o Protection is as simple as hiding the real error messages and randomizing the wait time
o Simply edit web.config and add a random wait to the error page’s load event
Further study
o Rizzo and Duong’s Usenix white paper: • http://bit.ly/PaddingOracleWhitePaper
o A demo of POET • http://bit.ly/POETDemo
o Microsoft’s Security bulletin response: • http://bit.ly/PaddingOracleResponse