Cloud Security and Mobile Application Security

SBA Research & Vienna University of Technology

Edgar R. Weippl

Target Audience

Graduate students in computer science

• Some knowledge in in security but no focus on information security

• Interest in Privacy and Security

Trust

• Humans interact with humans.

• Computer and communication security as a mechanism to implement trust.

Bruce Schneier, Liars and Outliers: Enabling the Trust that Society Needs to Thrive, John Wiley & Sons, 2012.

Trust

Observation & Empirical Research

Observation of complex systems

Empirical Research

• Dropbox Martin Mulazzani, Sebastian Schrittwieser, Manuel Leithner, Markus Huber, and Edgar R. Weippl. Dark clouds on the horizon: Using cloud storage as attack vector and online slack space. USENIX Security, 8/2011.

• WhatsApp Sebastian Schrittwieser, Peter Fruehwirt, Peter Kieseberg, Manuel Leithner, Martin Mulazzani, Markus Huber, and Edgar R. Weippl. Guess who is texting you? evaluating the security of smartphone messaging applications. In Network and Distributed System Security Symposium (NDSS 2012), 2 2012.

• Facebook Markus Huber, Sebastian Schrittwieser, Martin Mulazzani, and Edgar Weippl. Appinspect: Large-scale evaluation of social networking apps. In ACM Conference on Online Social Networks (COSN 2013), 2013.

• Amazon Amir Herzberg and Haya Shulman and Johanna Ullrich and Edgar R. Weippl, Cloudoscopy: Services Discovery and Topology Mapping, in Proceedings of the ACM Cloud Computing Security Workshop (CCSW) at ACM CCS 2013, 2013.

Empirical Research

• Dropbox Martin Mulazzani, Sebastian Schrittwieser, Manuel Leithner, Markus Huber, and Edgar R. Weippl. Dark clouds on the horizon: Using cloud storage as attack vector and online slack space. USENIX Security, 8/2011.

• WhatsApp Sebastian Schrittwieser, Peter Fruehwirt, Peter Kieseberg, Manuel Leithner, Martin Mulazzani, Markus Huber, and Edgar R. Weippl. Guess who is texting you? evaluating the security of smartphone messaging applications. In Network and Distributed System Security Symposium (NDSS 2012), 2 2012.

• Facebook Markus Huber, Sebastian Schrittwieser, Martin Mulazzani, and Edgar Weippl. Appinspect: Large-scale evaluation of social networking apps. In ACM Conference on Online Social Networks (COSN 2013), 2013.

• Amazon Amir Herzberg and Haya Shulman and Johanna Ullrich and Edgar R. Weippl, Cloudoscopy: Services Discovery and Topology Mapping, in Proceedings of the ACM Cloud Computing Security Workshop (CCSW) at ACM CCS 2013, 2013.

Cloudoscopy

Amir Herzberg and Haya Shulman

Computer Science Dept. Bar-Ilan University

- and -

Johanna Ullrich and Edgar Weippl

SBA Research, Wien

Cloud Computing / IaaS

Infrastructure for on-demand IT services

Rent storage, cycles, infrastructure, data hosting, outsource expertise and maintenance

Some popular providers

Amazon EC2, Microsoft Azure, Google, Rackspace

Resource sharing between a number of VMs

CPU

Memory

Bandwidth

New Threats

Malicious cloud tenants, e.g., conflicting interests Resource sharing can be exploited for attacks by

malicious tenants on other tenants, e.g., cross VM attacks

Malicious cloud operator, e.g., may cheat to save resources

Placement of instances on same physical region, same host…

Charges the subscriber not proportionally to service provided

Rerouting traffic inefficiently

Selling the list of its clients to data hoarders

Cloud Computing Security

Isolation to prevent attacks by other tenants Network and host isolation

Cloud service verification to establish trust in cloud Known (traditional) services verification:

storage and computation. Extensively studied

New (infrastructure) services verification: placement and communication

Cloud Computing Security

Verify placement and communication To prevent single point of failure

To reduce latency and guarantee quality of service

To avoid snooping on traffic by attackers

Efficient placement of instances and communication

To prevent cross VM attacks, e.g., memory side channel attacks

Cloud security is difficult to measure Need tools to enable clients to verify cloud services

Cloudoscopy

1. IP address deanonymisation: Expose the internal IP address of a victim instance

2. Hop-count measuring: measure its hop-count distance from adversarial cloud instances

3. Co-residence testing: test to find a specific instance which is close enough to the victim (e.g., co-resident) to allow (denial of service or side-channel) attacks.

IP Address Deanonymisation

Expose the internal IP address of a victim in- stance, then • Simple: tracert, ping

• New approach: interrupt-overloading side-

channel – general and not protocol specific

• New approach: server-bounce scan – In some protocols, e.g., SMTP, servers open a

connection using a domain name from an incoming connection.

IP Address Deanonymisation: Discovery via Interrupts

IP Address Deanonymisation: Discovery via Interrupts

IP Address Deanonymisation: Discovery via Interrupts

IP Address Deanonymisation: Discovery via Interrupts

Hop-count measuring

Once IP is found, find path to victim

Cloud platforms block ICMP errors/ control messages

Our idea: Scan with incrementing TTL

Use timing side-channel to count hosts

Co-residence Testing

Place prober on same host as victim

Check if TTL scan to victim is 0

Check patterns to prober via interrupt-based side-channel

If both pass – attacker is co-resident with victim

Co-residence Testing

• Legitimate use:

– Ensure location (EU vs. US laws)

– Ensure separation of locations (redundancy)

• Attacks based on

– tenant-to-tenant and tenant-provider communication

– Blocking is not the solution, because 1/3 of communication would be less efficient

Summary

Empirical Research

• Dropbox Martin Mulazzani, Sebastian Schrittwieser, Manuel Leithner, Markus Huber, and Edgar R. Weippl. Dark clouds on the horizon: Using cloud storage as attack vector and online slack space. USENIX Security, 8/2011.

• WhatsApp Sebastian Schrittwieser, Peter Fruehwirt, Peter Kieseberg, Manuel Leithner, Martin Mulazzani, Markus Huber, and Edgar R. Weippl. Guess who is texting you? evaluating the security of smartphone messaging applications. In Network and Distributed System Security Symposium (NDSS 2012), 2 2012.

• Facebook Markus Huber, Sebastian Schrittwieser, Martin Mulazzani, and Edgar Weippl. Appinspect: Large-scale evaluation of social networking apps. In ACM Conference on Online Social Networks (COSN 2013), 2013.

• Amazon Amir Herzberg and Haya Shulman and Johanna Ullrich and Edgar R. Weippl, Cloudoscopy: Services Discovery and Topology Mapping, in Proceedings of the ACM Cloud Computing Security Workshop (CCSW) at ACM CCS 2013, 2013.

Apps, Mobile Devices, Cloud Services

• So many new opportunities

• Building on experience of previous decades

• Things can only get better

• Really?

Martin Mulazzani, Sebastian Schrittwieser, Manuel Leithner, Markus Huber, and Edgar R. Weippl. Dark clouds on the horizon: Using cloud storage as attack vector and online slack space. USENIX Security, 8/2011.

Data Deduplication

• At the server

– Same file only stored once

– Save storage space at server

• At the client

– Calculate hash or other digest

– Reduce communication

Attacks

• Hash manipulation

• Stolen Host ID

• Direct Up-/Download

– Uploading without linking

– Simple HTTPS request https://dl-clientXX.dropbox.com/store

Evaluation

Time until (hidden) chunks get deleted: • Random data in multiple

files • Hidden upload: at least 4

weeks • Regular upload: unlimited

undelete possible (> 6 months)

Popular files on Dropbox: • thepiratebay.org

Top 100 Torrent files • Downloaded copyright-free

content (.sfv, .nfo, ...) • 97 % (n = 368) were

retrievable • 20 % of torrents were less

than 24 hours old

Interpretation: • At least one of the seeders

uses Dropbox

Solutions

• Aftermath – Dropbox fixed the flaws

– HTTPS Up-/Download Attack

– Host ID is now encrypted

– No more client-side deduplication

• Proof of ownership

• Take down notice

Victim using Dropbox

Attackers PC

1. Steal hashes2. Send hashes to Attacker

3. Link hashes with

fake client

4. Download all files

of the victim

Underlying Problems

• Access Control

– Identification based on hash values

Access Control Structures

• Requirements on access control structures:

– The access control structure should help to express your desired access control policy.

– You should be able to check that your policy has been captured correctly.

• Access rights can be defined individually for each combination of subject and object.

• For large numbers of subjects and objects, such structures are cumbersome to manage. Intermediate levels of control are preferable.

Access Control Matrix

• Notation

– S … set of subjects

– O … set of objects

– A … set of access operations

• Access control matrix: M = (Mso)sS,oO, MsoA.

• The entry Mso specifies the operations subject s may perform on object o.

Alice

Bob

-

{read,write}

bill.doc

{exec}

{exec}

edit.exe

{exec,read}

{exec,read,write}

fun.com

Access Control Matrix ctd.

• The access control matrix is

– an abstract concept

– not very suitable for direct implementation

– not very convenient for managing security

• How do you answer the question: Has your security policy been implemented correctly?

• Bell LaPadula (and Orange Book): access control matrix defines discretionary access control (DAC).

Capabilities

• Focus on the subject

– access rights are stored with the subject

– capabilities rows of the access control matrix

• Subjects may grant rights to other subjects. Subjects may grant the right to grant rights.

• Problems:

– How to check who may access a specific object?

– How to revoke a capability?

• Distributed system security has created renewed interest in capabilities.

Alice edit.exe: {exec} fun.com: {exec,read}

Access Control Lists (ACLs)

• Focus on the object

– access rights are stored with the object

– ACLs columns of the access control matrix

• Access rights are often defined for groups of users.

– Unix: owner, group, others

– VMS: owner, group, world, system

• Problem: How to check access rights of a specific subject?

• ACLs are typical for secure operating systems of Orange Book class C2.

fun.com Alice: {exec} Bill: {exec,read,write}

Intermediate Controls

• Intermediate controls facilitate better security management.

• To deal with complexity, introduce more levels of indirection.

users

roles

procedures

data types

objects

Groups and Negative Permissions

• Groups are an intermediate layer between users and objects.

• To deal with special cases, negative permissions withdraw rights

users

groups

objects

users

groups

objects

Role Based Access Control (RBAC)

• Several intermediate concepts can be inserted between subjects and objects – Roles: collection of procedures assigned to users; a user

can have more than one role and more than one user can have the same role.

– Procedures: ‘high level’ access control methods with a more complex semantic than read or write; procedures can only be applied to objects of certain data types; example: funds transfer between bank accounts.

– Data types: each object is of a certain data type and can be accessed only through procedures defined for this data type.

RBAC continued

• RBAC itself does not have a generally accepted meaning, and it is used in different ways by different vendors and users.

• Controlling access to an object by restricting the procedures that may access this object is a general programming practice. It is a fundamental concept in the theory of abstract data types and object-oriented programming.

• Examples: user profiles in IBM’s OS/400; global groups and local groups in Windows NT.

RBAC

• NIST model of RBAC (shown in Sandhu et al., 2000) is organized into four levels of increasing functional capabilities

• flat RBAC

• hierarchical RBAC

• constrained RBAC

• symmetric RBAC.

Flat RBAC

Hierarchical RBAC

User Role Permission

* *

membership authorization

* *

*

Session

* *activation

User:Session: 1:n

+super-role 1 +sub-role*

Constrained RBAC

Sebastian Schrittwieser, Peter Fruehwirt, Peter Kieseberg, Manuel Leithner, Martin Mulazzani, Markus Huber, and Edgar R. Weippl. Guess who is texting you? evaluating the security of smartphone messaging applications. In Network and Distributed System Security Symposium (NDSS 2012), 2 2012.

WhatsApp

Man-in-the-Middle

CERTIFICATES?

Authentication

In Reality

Even Worse

Code = “Hi!”

Completely Stealthy

WowTalk

Status Messages

• https://s.whatsapp.net/client/

iphone/u.php?cc=countrycode&me

=phonenumber&s=statusmessage

Enumeration Attack

Enumeration Attack

Enumeration Attack

On vacation

Sleeping

at work but not doing shit

Nicaragua in

4 days!!

Heartbroken

Missing my love!

At work ... Bleh.

On my way to Ireland!

I’m never

drinking

again

WhatsApp WowTalk

Viber Forfone

Tango EasyTalk Voypi

eBuddy XMS

HeyTell

Results

Summary

• Authentication protocols: 6 out of 9 similar applications had the same problems

• Unintended use (reverse hash in Dropbox)

• Trust in client application

• Missing input validation

• Everything you should learn in Security 101

• Software Obfuscation as possible temporary solution

Questions?

DBSec 2013 – March 1

ARES 2014 Submission Deadline – March 1 http://www.ares-conference.eu/conf/

IPICS Summerschool – contact me personally (new Website not yet available)

What can you do?

• Analyze communication protocols

• Reverse engineering of applications

• Make guesses on how something could have been implemented and try to confirm / refute it

Edgar.Weippl@tuwien.ac.at

eweippl@sba-research.org