sensitive data exposure - benoist...sensitive data exposure owasp top 10 a3:2017 where sensitive...

Sensitive Data Exposure

Emmanuel BenoistFall Term 2020/2021

Berner Fachhochschule | Haute ecole specialisee bernoise | Berne University of Applied Sciences 1

Table of Contents

� ExamplesAttacks

� Recommendations

� PCI Data Security Standard

� Conclusion


Sensitive Data Exposure

OWASP TOP 10 A3:2017

Where sensitive data can be accessed due to lack ofencryption

Local StorageDatabaseTransit (LAN)

Backups contain sensitive dataBackup policy is part of security policyData stored must be readable... but not to much!


Exploitability

Attackers typically don’t break crypto directlyBreak something elseSteal keysman-in-the-middle

Steal clear text dataon the serverin transitfrom user’s browser


Hard to exploit

Simple: no encryption at allthe most common flaw

When crypto is employedweak key generationweak key managementweak algorithm usage

Difficult to detect server side flawslimited accesshard to exploit


Impact is Severe

Compomises sensitive dataHealth recordscredentialspersonal datacredit cards. . .

Impact on your businessValue of data for competitorsReputationCompliance


NSA vs. Google

Wikileaks showed that NSA was spying on google mailTons of mails were readableNSA listened to communication between datacentersCommunication was cleartext

Google strengthtened its systemsHTTPS for any client to gmailencryption of data between servers


Heartbleed

Disovered in 2014Bug in the library Open SSLImplementation of Heartbeat by a PhD studentHeartbeat : extension for TLS (Transport Layer Security)

PrincipleEach heartbeat exposed up to 64kB of memory

VictimsCanada Revenue Agency : theft of 900 taxpayers SocialInsurance Numbersin UK, Mumsnet had accounts hijacked (including CEO’s one)


Scenario: encrypted database

A Database is stored encryptedAutomatic encryption is doneData stored on the disk are unreadableBut SQL injection can read Credit Card Numbers

SolutionEncrypt data with a public keyCards can only be read from back-endusing private keyData are “write only”


Scenario: HTTP vs HTTPS

A site has HTTP pagesLogin occures in HTTPS pagesRest of pages are HTTPSAnother part of site is HTTP

If cookie is not “secure”SessionID is sent also for HTTP pages / resources (images,css, . . . )Can be spyed by third partyCan be used for inpersonating the victim


Are you exposed?

First define which data are sensitiveHealth dataCredit Card informationpersonal informationCredentials (passwords, keys, . . . )

Are they stored clear text?Including Backup

Are they transmitted clear text?On the internetInside the internal network


Are you exposed? (Cont)

Do you use weak or old crypto?Some algorithms are proven weak (MD5 for instance)Configuration is crutialNo self made crypto library : details are important

Do you use the browser correctly?security directives or headers missing?


Store sensitive data that you need

Credit Card numberMany shops use third party payment providersNo need to store Credit Card numbersReceives a transaction number certified by the bank

ExamplesZalando uses “Verified by Visa” or “MasterCard secure code”The bank verifies the validity of the card (using TAN forinstance)


Only use strong cryptographicalgorithms

Use only approved public algorithmsAES for symetric encryption,RSA for public key crypto,SHA-256 or better for hash functions

Don’t use weak algorithmsMD5SHA1

Classification changes with the timeFor more details: CAPV program validates crypto algorithmshttp://csrc.nist.gov/groups/STM/cavp/index.html

Configuration is also importantChoice of saltsIntegrity with MAC (HMAC-SHA256 or HMAC-SAH512)


http://csrc.nist.gov/groups/STM/cavp/index.html

Ensure that random numbers arecryptographically strong

Random generators are used forrandom numbersrandom file namesrandom userID’s or sessionID’srandom strings

Should be generated in a cryptographically strongfashion

No one should guessSeeded with sufficient entropy

Bad exampleSeed = current time in milliseconds or microsecondsVery easy to know (or brute force)


Use only widely acceptedimplementations of crypto algorithms

Do not implement an existing algo on your ownNo matter how easy it appearsExample : heartbleed

Ensure that implementation involved crypto specialistsFor the designand for the review

If possible: implementation should be FIPS 140-2certified


Always ensure data integrity andauthenticity

Encryption must be combined with data integrityOtherwise the ciphertext can be changedEspecially over an untrusted chanel (e.g. URL or cookie)

Use crpytographic cipher modes that offer bothconfidentiality and authenticity

CCM, GCM, OCB

If not combine encryption in cipher-block chaining modeCBC with MAC (Message Authentication Code)

CBC = Cipher Block ChainingMessage Authentication Code : HMAC, UMACDo not use ECB mode (Electronic codebook)


Store passwords hashed and salted

Clear textVulnerable to SQL injection and the like

Just hashedPresent in rainbow tables

Hashed with a user specific saltA salt is an information added to the value before passing tothe hash function.Attack must be conducted for each of the users

Use hash functions with work factorsArgon2, scrypt, bcrypt or PBKDF2


Ensure that any secret key isprotected from unauthorized access

Define a key lifecycle

Store unencrypted keys away from the encrypted data

Use independent keys when multiple keys are required

Protect keys in a key vault

Document concrete procedures for managing keysthrough the lifecycle

Build support for changing keys periodically


Insecure Cryptographic Storage

Data and Credentials are rarely protected withcryptographic functions

Data collected can be used by attackersFor Identity Theftor other crimes like Credit Card Fraud

Most common problemsNot encrypting sensitive dataUsing home grown algorithmsInsecure use of strong algorithmsContinued use of proven weak algorithms (MD5, SHA-1, RC3,RC4, etc.)Hard coding keys, and storing keys in unprotected stores


Examples


Attacks


E-Commerce Web Site

Suppose we manage a e-shopWe sell goods and clients pay using their credit cardsWe have to store the address and references of all our clientsfor the legal issues.Data stored: name, address, e-mail, phone, Credit CardsNumbers

Our web site is attackedAttackers access to our DatabaseThey can harvest the whole content of our customer clients


E-Commerce Web Site (Cont.)Damages?

For the ClientsUse of Credit Cards Number by attackersPrivacy violationIdentity Theft. . .

For The Web SiteReputationClients data stolen (can be resold to a competitor)Business secrets stolen

For the Credit Card CompanyReputation


Which assets should be protected?

Passwords of users

Clear-text : accessible by SQL injection, or insidersHashed : can be verified, but not readProblem : Easy to check using lists of hashed passwords(dictionary attack)Hashed with the same salt : Attackers need to find the saltHashed using a generic salt and a specific salt

Credit Card Numbers

Ruled by the Credit card industry (see later)

Private keysShould always been stored encryptedAt least protected using a passphrase

Business dependantPrivate dataSocial Security Number (AHV / AVS in Switzerland)


Cryptographic tools

EncryptionIf you need to read and write data: symmetric encryption (e.g.DES, AES)If reading and writing are done by different entities:asymmetric encryption (e.g. RSA)

One-way hash functionsOne input has always the same outputImpossible to go from the output back to the inputNo collision can be generated (two inputs having the sameoutput)Example : SHA-256


Example: Self Made CryptoAlgorithmHash Function

We want to hash a Medical Record NumberHighly Sensitive dataRequire One-Way hashingNeeds to be implemented by a partner.

Partner delivers a self-made algorithmBased on ModuloThis function is so complicated that it can not be reversed.


Self Made Crypto Algorithm

AlgorithmTransform all the chars in the string into numbersTake an arbitrary number (always the same)Add this number to the last char, and modulo to remains ininterval where conversion of number and char is automaticAdd the obtained number to the penultimate char and moduloetc.The numbers obtained form a stringThe string is “secure”

AttackTake the obtained string, start from the firstSubstract the arbitrary name to the char, we obtain theoriginal valueGo on the sameIf the obtained number is negative, then modulo was used,attacker just needs to substract this value.


Recommendations


Recommendations

Recommendations


Use only Strong Crypto Algorithms

Do not create cryptographic algorithmsOnly use approved public algorithms such as:AES, RSA public key cryptography and SHA-256 or better

Do not use weak algorithmsMD5 / SHA1 hash functions have been proven weakFavor safer alternatives such as SHA-256

Use TLS with Perfect Forward SecrecyTo protect the future if a private key is leaked.The communication is done using a session key that can notbe found, even it key is leaked later.


Handle Keys with extra Care

Generate keys offline and store private keys withextreme care

Never transmit private keys over insecure channels

Store if possible your private key encryptedUsing a pass-phraseOr in a Password Manager


Protect Infrastructure Credentials

Data Base credentialsUse tight file system permissions and controlsEncrypt securely credentials

Encrypted data should not be easy to decryptdatabase encryption,useless if database connection pool provides unencryptedaccess


PCI Data Security Standard


PCI Data Security Standard

Payment Card Industry Data Security StandardDeveloped by major credit card companies (e.g. Visa,Mastercard, American Express)to help organizations preventing credit card fraud

Must be implemented by any merchant using CreditCards

A company processing, storing or transmitting payment carddata must be PCI DSS compliantRisk: losing their ability to process credit card payment

Compliance must be validated periodicallyValidation conducted by auditors (Qualified Security Assessors(QSAs)Smaller companies just fill a self-assessment questionnaire.


PCI-DSS Requirements IBuild and Maintain a Secure network

Install and maintain a firewallDo not use vendor-supplied default password and othersecurity parameters

Protect Card-holder DataProtect stored card-holder dataEncrypt transmission of card-holder data across open, publicnetworks

Maintain a Vulnerability Management ProgramProtect all systems against malware and use and regularlyupdate anti-virus software or programsDevelop and maintain secure systems and applications

Implement Strong Access Control MeasuresRestrict access to card-holder data by business need-to-knowIdentify and authenticate access to system componentsRestrict physical access to card-holder data


PCI-DSS Requirements II

Regularly Monitor and Test NetworksTrack and monitor all access to network resources andcard-holder dataRegularly test security systems and processes

Maintain an Information Security PolicyMaintain a policy that addresses information security for allpersonnel


PCI DSS - Storage of data

Card-holder DataPrimary Account Number (PAN, a.k.a. credit card number)Card-holder nameService CodeExpiration DateCan be storedRequire protection

Sensitive Authentication DataFull Magnetic StripeCVC2/CVV2/CIDPINCan in no case be stored


Store only necessary data

Develop a data retention and disposal policyLimit storage and retention time to which is requiredfor business, legal, and/or regulatory

Protect PANTruncate card-holder data if full PAN is not neededNever send PAN in unencrypted e-mailsMask PAN when displayed

Render PAN unreadable anywhere it is storedStrong one-way hash functionsTruncationIndex tokens and pads (pads must be securely stored)Strong cryptography with associated key managementprocesses and procedures


Conclusion


Conclusion

Define which data are sensitiveDepends on regulation

Protect dataUse cryptography

Discard data as soon as possibleAny non existent data can not be stollen!


Sources

OWASP Top 10, A3:2017

Wikipedia Heartbleed

OWASP Cryptograhic storage cheat sheethttps://www.owasp.org/index.php/Cryptographic_

Storage_Cheat_Sheet

Payment Card Industry Data Security Standards (PCI DSS)https://www.pcisecuritystandards.org/


https://www.owasp.org/index.php/Cryptographic_Storage_Cheat_Sheet

https://www.owasp.org/index.php/Cryptographic_Storage_Cheat_Sheet

https://www.pcisecuritystandards.org/

sensitive data exposure - benoist...sensitive data exposure owasp top 10 a3:2017 where sensitive...

Documents