how bad apis compromise security
play

How Bad APIs Compromise Security Tale of a Frustrated Android - PowerPoint PPT Presentation

Sep 14, 2023 •575 likes •905 views

Java's SSLSocket: How Bad APIs Compromise Security Tale of a Frustrated Android Developer Dr. Georg Lukas <lukas@rt-solutions.de> About the Speaker IT Consultant at rt-solutions.de (ITSec, Smartphone Payment) Open Source developer

  1. Java's SSLSocket: How Bad APIs Compromise Security Tale of a Frustrated Android Developer Dr. Georg Lukas <lukas@rt-solutions.de>

  2. About the Speaker IT Consultant at rt-solutions.de  (ITSec, Smartphone Payment) Open Source developer  (embedded Linux, Android) Maintainer of yaxim  (yet another XMPP instant messenger) Operator of yax.im (Public XMPP service)  Mobile / Wireless / Security geek  27.11.2014 2

  3. Motivation – Why Am I Here Today Development of yaxim – Open-Source XMPP app  XMPP uses TLS for securing sessions  (logins, chat content) yaxim uses Smack for XMPP +  MemorizingTrustManager for TLS Added hostname checking to MTM  no place in Smack to add?!?  27.11.2014 3

  4. Agenda A brief history of SSL/TLS  Java TLS APIs: All-or-nothing security  Making your (Android) application more secure  TLS in the Post-Snowden Era  11/27/2014 4

  5. A Brief History of SSL/TLS Early 1990ies: Wild West Internet  Everybody uses telnet, ftp, nfs , …  1995: Netscape releases SSL 2.0 (Secure Sockets Layer)  1996: SSL 3.0 (redesign due to security flaws)  1999: TLS (Transport Layer Security) RFC based on SSLv3  1999, 2000: HTTP, IMAP, … over TLS, w/ hostname checks  2001: Sun creates JSSE library with JDK 1.4  … 2006: TLS 1.1 fixes padding and CBC attack (BEAST, 2011)  2008: TLS 1.2 fixes timing oracle (Lucky13, 2013)  2011: Deprecation of SSL… version 2  27.11.2014 5

  6. A Brief History of SSL/TLS (2) 2011: Hostname checking unified in RFC6125, named …  “Representation and Verification of Domain-Based Application Service Identity Within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS )” 27.11.2014 6

  7. A Brief History of SSL/TLS (3) 2012, 2013: CRIME and BREACH attacks on compression  2014: POODLE attack deprecates SSLv3  SSL SSL/TLS TLS 27.11.2014 7

  8. Challenges for Developers How hard can secure communication with TLS be? Certificate Verification  Is the presented certificate valid (in terms of time)?  Is it signed by a “trusted” Certificate Authority?  Hostname Verification  Does the certificate match the server we want to talk to?  Development/Production  TLS stands in the way during application development  Got a cert for „ www-dev.intranet “?  Users want Self-Signed / Expired / Wrong-hostname Certs  Typically in „private cloud “ installations  27.11.2014 8

  9. How to use TLS in Java? Theory: public abstract class SSLSocket extends Socket This class extends Sockets and provides secure socket using protocols such as the "Secure Sockets Layer" (SSL) or IETF "Transport Layer Security" (TLS) protocols. Such sockets are normal stream sockets, but they add a layer of security protections over the underlying network transport protocol, such as TCP. Those protections include: Integrity Protection . SSL protects against modification of messages by an  active wiretapper. Authentication . In most modes, SSL provides peer authentication.  Servers are usually authenticated, and clients may be authenticated as requested by servers. Confidentiality (Privacy Protection) . In most modes, SSL encrypts data  being sent between client and server. This protects the confidentiality of data, so that passive wiretappers won't see sensitive data such as financial information or personal information of many kinds. 11/27/2014 9

  10. How to use TLS in Java? Theory: public class HttpsURLConnection extends HttpURLConnection HttpsURLConnection extends HttpURLConnection with support for https- specific features . See http://www.w3.org/pub/WWW/Protocols/ and RFC 2818 for more details on the https specification. This class uses HostnameVerifier and SSLSocketFactory. There are default implementations defined for both classes. However, the implementations can be replaced on a per-class (static) or per-instance basis. All new HttpsURLConnections instances will be assigned the "default" static values at instance creation, but they can be overriden by calling the appropriate per- instance set method(s) before connecting. 11/27/2014 10

  11. How to use TLS in Java? Practice: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:282) at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.jav anchor?!? at de.duenndns.ssl.MemorizingTrustManager.checkCertTrusted(MemorizingTrustManager.java:392) at de.duenndns.ssl.MemorizingTrustManager.checkServerTrusted(MemorizingTrustManager.java:430) path!?! at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketIm at org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSL_do_handshake(Native Method) at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java: at libcore.net.http.HttpConnection.setupSecureSocket(HttpConnection.java:209) at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.makeSslConnection(HttpsURLConnectionImpl.j at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.connect(HttpsURLConnectionImpl.java:433) at libcore.net.http.HttpEngine.sendSocketRequest(HttpEngine.java:290) at libcore.net.http.HttpEngine.sendRequest(HttpEngine.java:240) at libcore.net.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:81) at libcore.net.http.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:165) at de.duenndns.mtmexample.MTMExample$2.run(MTMExample.java:101) Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. ... 15 more Certificate Verification is too secure!  27.11.2014 11

  12. Certificate Verification in Java 1.4-1.6 SSLSocket / SSLEngine (basic building blocks)  somehow uses X509TrustManager to check certificates  interface X509TrustManager extends TrustManager { void checkClientTrusted(X509Certificate[], String) throws CertificateException; void checkServerTrusted (X509Certificate[], String) throws CertificateException ; X509Certificate[] getAcceptedIssuers(); } SSLSocket created by SSLSocketFactory  SSLSocketFactory obtained from SSLContext  SSLContext initialized with TrustManager(s)!  void checkServerTrusted (X509Certificate[], String) { return; // accepts all certificates, buried deep in your production code } Certificate Verification: All-or-Nothing solution  27.11.2014 12

  13. Hostname Verification in Java 1.4-1.6 SSLSocket documentation: Yes, sir! We are Secure!  SSLSocket reality: this is an application-layer problem!  Application layer code in Java JRE: HttpsUrlConnection  HttpsUrlConnection.setHostnameVerifier(HostnameVerifier v): public interface HostnameVerifier { boolean verify(String hostname, SSLSession session); } To be called right after the TLS handshake  Attention: returns boolean instead of exception!  27.11.2014 13

  14. Hostname Verification in Java 1.4-1.6 Hostname verification in your own (non-HTTPS) code: Call hostnameVerifier.verify(hostname, session) right after  completing the TLS handshake … … and check the return value!   HostnameVerifier hostnameVerifier = ??? Reference implementation in Java?  None available   HttpsUrlConnection.getDefaultHostnameVerifier() ?  It always returns false   „ [Only] if [ HttpsUrlConnection’s ] standard hostname verification logic fails, the implementation will call the verify method“ 27.11.2014 14

  15. Hostname Verification in Java 1.4-1.6 Use Java’s Secure Socket Extension Reference Guide:  “For example: public class MyHostnameVerifier implements HostnameVerifier { public boolean verify(String hostname, SSLSession session) { // pop up an interactive dialog box // or insert additional matching logic if ( good_address ) { return true; } else { return false; } } } “ 27.11.2014 15

  16. Hostname Verification in Java 1.4-1.6 Sounds easy! Lets write our own HostnameVerifier!  CommonName vs. SubjectAltName(s)  International Domain Name (IDN) encoding  WildCard certificates (think „*.co.uk“)  IP addresses  IPv6 addresses  Embedded NUL bytes  …  RFC6125 is 57 pages  27.11.2014 16

  17. Hostname Verification: Apache Maybe somebody else wrote one? Apache HttpClient has a working verifier (also in Android)  interface X509HostnameVerifier extends HostnameVerifier Watch out for the API!  Apache: void, throws SSLException  Java: returns boolean   StrictHostnameVerifier BrowserCompatHostnameVerifier (less strict with wildcards)  AllowAllHostnameVerifier (not strict at all)  Once again: All-or-Nothing  27.11.2014 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Simpson-Bowles Social Security Framework: A Bipartisan Compromise Worthy of Support Charles

The Simpson-Bowles Social Security Framework: A Bipartisan Compromise Worthy of Support Charles

The Simpson-Bowles Social Security Framework: A Bipartisan Compromise Worthy of Support Charles Blahous Presentation to NASI Conference National Press Club January 27, 2010 Point #1: Simpson-Bowles strikes a reasonable compromise between

336 views • 11 slides
Network impact of Web access to device APIs W3C Workshop on Security for Access to Device APIs

Network impact of Web access to device APIs W3C Workshop on Security for Access to Device APIs

Network impact of Web access to device APIs W3C Workshop on Security for Access to Device APIs from the Web December 10-11, 2008 Mat Ford http://www.isoc.org Background ISOC is focused on continued operation of the global Internet

512 views • 12 slides
Analysis of Security APIs (ASA-2) June 26, 2008 Minimizing Threats from Flawed Security APIs:

Analysis of Security APIs (ASA-2) June 26, 2008 Minimizing Threats from Flawed Security APIs:

Minimizing Threats from Flawed Security APIs Analysis of Security APIs (ASA-2) June 26, 2008 Minimizing Threats from Flawed Security APIs: A Banking PIN Example Mohammad Mannan Carleton University Mohammad Mannan June 26, 2008 1/21

543 views • 21 slides
Updatable Encryption with Post-Compromise Security Anja Lehmann &amp; Bjrn Tackmann IBM

Updatable Encryption with Post-Compromise Security Anja Lehmann &amp; Bjrn Tackmann IBM

Updatable Encryption with Post-Compromise Security Anja Lehmann &amp; Bjrn Tackmann IBM Research Zurich Motivation | Outsourced Storage Data owner stores encrypted data at (untrusted) data host symmetric encryption Proactive

763 views • 24 slides
All Your Cloud Are Belong to Us Hunting Compromise in Azure Nate Warfield Microsoft Security

All Your Cloud Are Belong to Us Hunting Compromise in Azure Nate Warfield Microsoft Security

All Your Cloud Are Belong to Us Hunting Compromise in Azure Nate Warfield Microsoft Security Response Center The opinions expressed are my own and do not necessarily reflect those of Microsoft Corporation. Whoami: Nate Warfield (@dk_effect)

506 views • 24 slides
2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response

2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response

2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action April 11, 2018 Contact Information Theodore J. Kobus, III Casie D. Collignon Leader, Privacy and Data Protection Practice

448 views • 23 slides
Whats wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs Mikhail Egorov /

Whats wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs Mikhail Egorov /

Whats wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs Mikhail Egorov / @0ang3el #DeepSec2019 # whoami Security researcher / full-time bug hunter https://bugcrowd.com/0ang3el https://hackerone.com/0ang3el

989 views • 67 slides
Mission Objective: Compromise Nuclear Facility Using Virtual Reality to Improve Cyber Security and

Mission Objective: Compromise Nuclear Facility Using Virtual Reality to Improve Cyber Security and

Mission Objective: Compromise Nuclear Facility Using Virtual Reality to Improve Cyber Security and Physical Protection of Nuclear Material and Nuclear Facilities 1. Mission Briefing 10. Mission Recap High sense of realism Browse thru this

506 views • 11 slides
Tripwire Inferring Internet Site Compromise Joe DeBlasio Stefan Savage UC San Diego Geoffrey

Tripwire Inferring Internet Site Compromise Joe DeBlasio Stefan Savage UC San Diego Geoffrey

Tripwire Inferring Internet Site Compromise Joe DeBlasio Stefan Savage UC San Diego Geoffrey M. Voelker Alex C. Snoeren On account compromise Compromise of email/social network/etc is devastating Personal/professional reputational, financial

798 views • 49 slides
Security Considerations for Mobile Apps and APIs John DiLeo, D.Sc. (@gr4ybeard) OWASP New

Security Considerations for Mobile Apps and APIs John DiLeo, D.Sc. (@gr4ybeard) OWASP New

Security Considerations for Mobile Apps and APIs John DiLeo, D.Sc. (@gr4ybeard) OWASP New Zealand - Auckland August 2019 Wellhow did I get here? Born and raised in northeastern US Straight to university from high school

700 views • 34 slides
A New Approach to Online Location Privacy W3C Workshop: Security for Access to Device APIs from

A New Approach to Online Location Privacy W3C Workshop: Security for Access to Device APIs from

A New Approach to Online Location Privacy W3C Workshop: Security for Access to Device APIs from the Web December 10, 2008 John Morris Center for Democracy &amp; Technology 1 Need for New Approach Current failed model for privacy on the web

227 views • 7 slides
Security Assurance for Web Device APIs Maritza Johnson and Steven M. Bellovin

Security Assurance for Web Device APIs Maritza Johnson and Steven M. Bellovin

Security Assurance for Web Device APIs Maritza Johnson and Steven M. Bellovin http://www.cs.columbia.edu/~ { maritzaj,smb } Columbia University December 9, 2008 1 / 7 The Problem Web servers want access to very sensitive The Problem

260 views • 12 slides
IRS &amp; FTB Offers in Compromise December 12, 2012 Thank you for attending this seminar. Your

IRS &amp; FTB Offers in Compromise December 12, 2012 Thank you for attending this seminar. Your

IRS &amp; FTB Offers in Compromise December 12, 2012 Thank you for attending this seminar. Your work on behalf of ALRP clients can reduce, or eliminate, the financial burdens that result from having tax problems. FEDERAL OFFERS IN COMPROMISE

403 views • 8 slides
$ CURRENT STATE FUTURE: STATE DIGITAL ENTERPRISE Access layer (APIs) SECURITY INTEGRATION

$ CURRENT STATE FUTURE: STATE DIGITAL ENTERPRISE Access layer (APIs) SECURITY INTEGRATION

$ CURRENT STATE FUTURE: STATE DIGITAL ENTERPRISE Access layer (APIs) SECURITY INTEGRATION PERF/SCALE STANDARDS HOW: DIGITAL TRANSFORMATION WEB SERVICES REST MICROSERVICES TASKS (PROCESSES) DECISIONS IF IF (RULES) BUSINESS ON

488 views • 30 slides
Missouri Compromise, 1820 Firebell in the Night The Missouri Compromise, 1820 Divides the

Missouri Compromise, 1820 Firebell in the Night The Missouri Compromise, 1820 Divides the

Missouri Compromise, 1820 Firebell in the Night The Missouri Compromise, 1820 Divides the Louisiana Purchase into Free and Slave territory along 36 30 Admits Missouri as a Slave state and Maine as a Free state Keeps Equal Political Power

378 views • 24 slides
Spotting and Stopping Business Email Compromise Attacks How spear phishing and BEC attacks

Spotting and Stopping Business Email Compromise Attacks How spear phishing and BEC attacks

Spotting and Stopping Business Email Compromise Attacks How spear phishing and BEC attacks require a full- lifecycle approach to email security Paul Roberts, Editor in Chief Speakers Kevin OBrien, CEO 2:00 - 2:05 Introductions,

483 views • 23 slides
Midterm II Review STA 104 - Summer 2017 Project proposal due tomorrow at 2 pm Duke

Midterm II Review STA 104 - Summer 2017 Project proposal due tomorrow at 2 pm Duke

Announcements Midterm II Review STA 104 - Summer 2017 Project proposal due tomorrow at 2 pm Duke University, Department of Statistical Science Friday 12.30 pm, PS 5 and PA 5 due and RA 6 Prof. van den Boom Slides posted at

412 views • 8 slides
SAM-T04: whats new for CASP6 Kevin Karplus Richard Hughey Jenny Draper, Sol Katzman, Martina

SAM-T04: whats new for CASP6 Kevin Karplus Richard Hughey Jenny Draper, Sol Katzman, Martina

SAM-T04: whats new for CASP6 Kevin Karplus Richard Hughey Jenny Draper, Sol Katzman, Martina Koeva, George Shackelford Bret Barnes, Marcia Soriano karplus@soe.ucsc.edu Biomolecular Engineering University of California, Santa Cruz CASP6,

917 views • 43 slides
Presentation by Adam Lee If you would like to have a similar presentation done at your event, or

Presentation by Adam Lee If you would like to have a similar presentation done at your event, or

Presentation by Adam Lee If you would like to have a similar presentation done at your event, or if you have questions about the presentation, contact Adam at: adamrlee@gmail.com Echoes of Harlem - Duke Ellington A Geographical Look A look at

547 views • 18 slides
Earth's Layers Three Types of Rocks Early Life on Earth / Fossils Rock Strata

Earth's Layers Three Types of Rocks Early Life on Earth / Fossils Rock Strata

Slide 1 / 75 Slide 2 / 75 6th Grade Earth's Materials and Systems Part 1: The History of Planet Earth 2015-08-27 www.njctl.org Slide 3 / 75 Slide 4 / 75 Table of Contents: The History of Planet Earth Click on the topic to go to that

308 views • 13 slides
Learning Progressions and Fluency for Multiplication and Division gfletchy@gmail.com @gfletchy

Learning Progressions and Fluency for Multiplication and Division gfletchy@gmail.com @gfletchy

Learning Progressions and Fluency for Multiplication and Division gfletchy@gmail.com @gfletchy www.gfletchy.com What is the value of this picture? Memorize in Minutes: The Times Tables by Alan Walker What is the value of this picture?

1.06k views • 101 slides
1 Welcome! In this session we will explore computers and coding and how to talk to

1 Welcome! In this session we will explore computers and coding and how to talk to

1 Welcome! In this session we will explore computers and coding and how to talk to computers! First, lets play some Fact or Fiction Games. Game 1: Of the following three statements. Which one is false? 1. Smartphones and tablets are

649 views • 22 slides
J_ J_sus W[ W[lks ks J_ J_rus us[l_m Before the Assyrian invasion of Judah, around 700

J_ J_sus W[ W[lks ks J_ J_rus us[l_m Before the Assyrian invasion of Judah, around 700

J_ J_sus W[ W[lks ks J_ J_rus us[l_m Before the Assyrian invasion of Judah, around 700 B.C, Hezekiah built a tunnel under the City of David. Before the Assyrian invasion of Judah, around 700 B.C, Hezekiah built a tunnel under

515 views • 50 slides
1 2 2 Peter 1:19 21 We have also a more sure word of prophecy ; whereunto ye do well that ye

1 2 2 Peter 1:19 21 We have also a more sure word of prophecy ; whereunto ye do well that ye

1 2 2 Peter 1:19 21 We have also a more sure word of prophecy ; whereunto ye do well that ye take heed, as unto a light that shineth in a dark place , until the day dawn, and the day star arise in your hearts: Knowing this first, that no

1.32k views • 64 slides

More recommend