Presentation is loading. Please wait.

Presentation is loading. Please wait.

David Evans CS150: Computer Science University of Virginia Computer Science Lecture 35: Cookie Monsters and Semi-Secure.

Published byMoris Chapman Modified over 9 years ago

Similar presentations

Presentation on theme: "David Evans CS150: Computer Science University of Virginia Computer Science Lecture 35: Cookie Monsters and Semi-Secure."— Presentation transcript:

1 David Evans http://www.cs.virginia.edu/evans CS150: Computer Science University of Virginia Computer Science Lecture 35: Cookie Monsters and Semi-Secure Websites

2 2 Lecture 34: Cookie Monsters Secure Programming cs150 “Honor System” Programming All your users are nice and honest Nothing terribly bad happens if your program misbehaves cs205 “Real World” Programming Some users are mean and dishonest Bad things happen if your program misbehaves Enough to (hopefully) make you dangerous!

3 3 Lecture 34: Cookie Monsters Buffer Overflows int main (void) { int x = 9; char s[4]; gets(s); printf ("s is: %s\n“, s); printf ("x is: %d\n“, x); } Stack s[0] s[1] s[2] s[3] x return address C Program a b c d e f g h...

4 4 Lecture 34: Cookie Monsters Buffer Overflows int main (void) { int x = 9; char s[4]; gets(s); printf ("s is: %s\n“, s); printf ("x is: %d\n“, x); } > gcc -o bounds bounds.c > bounds abcdefghijkl s is: abcdefghijkl x is: 9 > bounds abcdefghijklm s is: abcdefghijklmn x is: 1828716553 > bounds abcdefghijkln s is: abcdefghijkln x is: 1845493769 > bounds aaa... [a few thousand characters] crashes shell (User input) = 0x6d000009 = 0x6e000009 Note: your results may vary (depending on machine, compiler, what else is running, time of day, etc.). This is what makes C fun! What does this kind of mistake look like in a popular server?

5 5 Lecture 34: Cookie Monsters Code Red

6 6 Lecture 34: Cookie Monsters Security in cs150 Can you have a Buffer Overflow vulnerability in Scheme, Charme, LazyCharme, StaticCharme, or Python? No (unless there is a bug in the underlying implementation)! Memory is managed by the interpreter, so you don’t have to allocate it, or worry about how much space you have.

7 7 Lecture 34: Cookie Monsters Web Application Security Malicious users can send bad input to your application Authentication: most interesting applications need user logins

8 8 Lecture 34: Cookie Monsters Cross-Site Scripting Python Code: Evaluate using Python interpreter, send output Python Interpreter to Client Database SQL Command Values #!/uva/bin/python... Output pages contain information provided by other users!

9 9 Lecture 34: Cookie Monsters Cross-Site Scripting Demo user: evans password: $1$79756$Fq4bh/ajnBmzIX.12GPnL0 function button() { while (1) alert("I 0wn you!") } Enter Review:

10 10 Lecture 34: Cookie Monsters Preventing Cross-Site Scripting Never never never ever trust users! Everything you generate from user input needs to be checked and sanitized (remove the tags) For your ps9 websites, you may assume all users are bound by the UVa Honor Code and won’t do anything evil. But, don’t forget how irresponsible it is to put something like this on the web!

11 11 Lecture 34: Cookie Monsters Authentication

12 12 Lecture 34: Cookie Monsters How do you authenticate? Something you know –Password Something you have –Physical key (email account?, transparency?) Something you are –Biometrics (voiceprint, fingerprint, etc.) Serious authentication requires at least 2 kinds

13 13 Lecture 34: Cookie Monsters Early Password Schemes UserIDPassword alyssafido benschemer daveLx.Ly.x Login: alyssa Password: spot Failed login. Guess again. Login does direct password lookup and comparison.

14 14 Lecture 34: Cookie Monsters Login: alyssa Password: fido Terminal Trusted Subsystem Eve Login Process login sends

15 15 Lecture 34: Cookie Monsters Password Problems Need to store the passwords –Dangerous to rely on database being secure Need to transmit password from user to host –Dangerous to rely on Internet being confidential Today Later Class

16 16 Lecture 34: Cookie Monsters First Try: Encrypt Passwords UserIDPassword alyssaencrypt K (“fido”) benencrypt K (“schemer”) daveencrypt K (“Lx.Ly.x”) Problem if K isn’t so secret: decrypt K (encrypt K (P)) = P Instead of storing password, store password encrypted with secret K. When user logs in, encrypt entered password and compare to stored encrypted password.

17 17 Lecture 34: Cookie Monsters Hashing 0 1 2 3 4 5 6 7 8 9 “neanderthal” “dog” H (char s[]) = (s[0] – ‘a’) mod 10 “horse” Many-to-one: maps a large number of values to a small number of hash values Even distribution: for typical data sets, probability of ( H(x) = n) = 1/N where N is the number of hash values and n = 0..N – 1. Efficient: H(x) is easy to compute.

18 18 Lecture 34: Cookie Monsters Cryptographic Hash Functions One-way Given h, it is hard to find x such that H(x) = h. Collision resistance Given x, it is hard to find y  x such that H(y) = H(x).

19 19 Lecture 34: Cookie Monsters Example One-Way Function Input: two 100 digit numbers, x and y Output: the middle 100 digits of x * y Given x and y, it is easy to calculate f (x, y) = select middle 100 digits (x * y) Given f (x, y) hard to find x and y.

20 20 Lecture 34: Cookie Monsters A Better Hash Function? H(x) = encrypt x (0) Weak collision resistance? –Given x, it should be hard to find y  x such that H(y) = H(x). –Yes – encryption is one-to-one. (There is no such y.) A good hash function? –No, its output is as big as the message!

21 21 Lecture 34: Cookie Monsters Actual Hashing Algorithms Based on cipher block chaining –Start by encrypting 0 with the first block –Use the next block to encrypt the previous block SHA [NIST95] – 512 bit blocks, 160-bit hash MD5 [Rivest92] – 512 bit blocks, produces 128-bit hash –This is what we use in HoosHungry –It has been broken!

22 22 Lecture 34: Cookie Monsters Hashed Passwords UserIDPassword alyssamd5 (“fido”) benmd5 (“schemer”) davemd5 (“Lx.Ly.x”)

23 23 Lecture 34: Cookie Monsters Dictionary Attacks Try a list of common passwords –All 1-4 letter words –List of common (dog) names –Words from dictionary –Phone numbers, license plates –All of the above in reverse Simple dictionary attacks retrieve most user-selected passwords Precompute H(x) for all dictionary entries

24 24 Lecture 34: Cookie Monsters (at least) 86% of users are dumb and dumber Single ASCII character0.5% Two characters2% Three characters14% Four alphabetic letters14% Five same-case letters21% Six lowercase letters18% Words in dictionaries or names15% Other (possibly good passwords)14% (Morris/Thompson 79)

25 25 Lecture 34: Cookie Monsters Salt of the Earth UserIDSaltPassword alyassa1125DES+ 25 (0, “Lx.Ly.x”, 1125 ) ben2437DES+ 25 (0, “schemer”, 2437) dave932DES+ 25 (0, “Lx.Ly.x”, 932) How much harder is the off-line dictionary attack? DES+ (m, key, salt) is an encryption algorithm that encrypts in a way that depends on the salt. Salt: 12 random bits (This is the standard UNIX password scheme.)

26 26 Lecture 34: Cookie Monsters Python Code // We use the username as a "salt" (since they must be unique) encryptedpass = md5crypt.encrypt (password, user) userpassword alyssa 9928ef0d7a0e4759ffefbadb8bc84228 evans bafd72c60f450ed665a6eadc92b3647f

27 27 Lecture 34: Cookie Monsters Authenticating Users User proves they are a worthwhile person by having a legitimate email address –Not everyone who has an email address is worthwhile –Its not too hard to snoop (or intercept) someone’s email But, provides much better authenticating than just the honor system

28 28 Lecture 34: Cookie Monsters Registering for Account User enters email address Sent an email with a temporary password rnd = str(random.randint (0, 9999999)) + str(random.randint (0, 9999999)) encrnd = md5crypt.encrypt (rnd, str(random.randint (0, 99999))) users.userTable.createUser (user, email, firstnames, \ lastname, encrnd)... From register-process.cgi Do you trust Pythons random number generator?

29 29 Lecture 34: Cookie Monsters Users and Passwords def createUser(self, user, email, firstnames, lastname, password) : c = self.db.cursor () encpwd = md5crypt.encrypt (password, user) query = "INSERT INTO users (user, email, firstnames, lastname, password) " \ + "VALUES ('" + user + "', '" + email + "', '" \ + firstnames + "', '" + lastname + "', '" + encpwd"')" c.execute (query) self.db.commit () From users.py (cookie processing and exception code removed) def checkPassword(self, user, password): c = self.db.cursor () query = "SELECT password FROM users WHERE user='" + user + "'" c.execute (query) pwd = c.fetchone ()[0] if not pwd: return False else: encpwd = md5crypt.encrypt (password, user) return encpwd == pwd

30 30 Lecture 34: Cookie Monsters Cookies HTTP is stateless: every request is independent Don’t want user to keep having to enter password every time A cookie is data that is stored on the browser’s machine, and sent to the web server when a matching page is visited

31 31 Lecture 34: Cookie Monsters Using Cookies Cookie must be sent before any HTML is sent (util.printHeader does this) Be careful how you use cookies – anyone can generate any data they want in a cookie –Make sure they can’t be tampered with: use md5 hash with secret to authenticate –Don’t reuse cookies - easy to intercept them (or steal them from disks): use a counter than changes every time a cookie is used

32 32 Lecture 34: Cookie Monsters Hungry vs. Cookies def checkCookie (): try: if 'HTTP_COOKIE' in os.environ: cookies = os.environ['HTTP_COOKIE'] c = Cookie.SimpleCookie(cookies) user = c['user'].value auth = c['authenticator'].value count = users.userTable.getCookieCount (user) ctest = md5crypt.encrypt (constants.ServerSecret + str(count) + user, \ str(count)) if True: users.userTable.setCurrentUser (user) return True else: users.userTable.setCurrentUser (False) return False else: return False except: return False ctest == auth:

33 33 Lecture 34: Cookie Monsters Problems Left The database password is visible in plaintext in the Python code –No way around this (with UVa mysql server) –Anyone who can read UVa filesystem can access your database The password is transmitted unencrypted over the Internet (later) Proving you can read an email account is not good enough to authenticate for important applications

34 34 Lecture 34: Cookie Monsters Charge Feel free to use the ps8 users/cookies code for your ps9 site unchanged But, don’t put anything really valuable on your websites without paying more attention to security!

Download ppt "David Evans CS150: Computer Science University of Virginia Computer Science Lecture 35: Cookie Monsters and Semi-Secure."

Similar presentations

Lecture 5: Cryptographic Hashes

Lecture 5: Cryptographic Hashes
ATTACKING AUTHENTICATION The Web Application Hacker’s Handbook, Ch. 6 Presenter: Jie Huang 10/31/2012.

ATTACKING AUTHENTICATION The Web Application Hacker’s Handbook, Ch. 6 Presenter: Jie Huang 10/31/2012.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 11: Birthday Paradoxes.

David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 11: Birthday Paradoxes.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.

It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.

Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.

CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.

Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
David Evans CS150: Computer Science University of Virginia Computer Science Class 36: Public Key Crypto.

David Evans CS150: Computer Science University of Virginia Computer Science Class 36: Public Key Crypto.
Strong Password Protocols

Strong Password Protocols
Authentication Approaches over Internet Jia Li

Authentication Approaches over Internet Jia Li
DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.

DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.

Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

Similar presentations

Ads by Google