The PKI Lie Attacking Certificate Based Authentication Ofer Maor CTO, Hacktics OWASP & WASC AppSec 2007 Conference San Jose Nov 2007 Copyright 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike 2.5 License. To view this license, visit http://creativecommons.org/licenses/by-sa/2.5/ http://www.webappsec.org/ The OWASP Foundation http://www.owasp.org/
Introduction More and more organizations are examining PKI solutions (client cert authentication) to provide an answer to modern authentication threats This presentation will examine the common notions about PKI in web applications and present various threats This lecture is: NOT going to reveal any flaws in RSA or Digital Signatures technology IS going to present how poor implementation can allow hackers to work around it OWASP & WASC AppSec 2007 Conference San Jose Nov 2007 2
Agenda Common Credential Theft Threats Suggested PKI Authentication Solution Attacks on PKI Implementation Poor Application Integration Trojans PKI Phishing Demo Conclusion Mitigation OWASP & WASC AppSec 2007 Conference San Jose Nov 2007 3
Common Credentials Theft Threats Phishing/Pharming Malicious Links DNS Hijacking Trojan/Malware Online Phishing Against OTP Trojans HTTP Monitoring Key Loggers XSS Attacks Session Hijacking XSS Based Phishing OWASP & WASC AppSec 2007 Conference San Jose Nov 2007 4
Suggested Solution PKI & Client Certs PKI Authentication Combines: Something you Have (Smartcard / Token) Something you Know (PIN) Some modern implementations are seeking to replace the PIN with biometric authentication Authentication requires the physical device to be plugged in (Private key stored on device) The combination of smart card, PIN, and the strength of RSA, is why many consider PKI authentication as hack proof. OWASP & WASC AppSec 2007 Conference San Jose Nov 2007 5
The PKI Lie A Hack Proof Solution The Hack Proof notion, urges organizations to switch to PKI based authentication at high costs Financial Organizations Many banks are deploying PKI authentication for customers The solutions are considered so secure that previous Phishing/Pharming warnings are removed! Governments Digital signatures are now legally valid In some countries they are considerably more abiding than normal signatures OWASP & WASC AppSec 2007 Conference San Jose Nov 2007 6
The PKI (sad) Truth PKI Authentication is not Hack Proof Secure in Theory Very strong encryption & authentication algorithms Verified robust implementation (Common Criteria) Fails in Practice: Integration of the solution with the surrounding environment may allow compromise End Point Integration (PC/User) Web Application Integration Allows performing real time attacks OWASP & WASC AppSec 2007 Conference San Jose Nov 2007 7
Application Integration Flaws Poor Authentication Verification by Application Poor Session Integration Relying on session information for authentication No binding of application session and SSL session XSS Vulnerabilities Data Theft Execution of Operations Invocation of Signing Operations (if cached) The sky is the limit OWASP & WASC AppSec 2007 Conference San Jose Nov 2007 8
Client Side Attacks Trojans Trojans - No #1 Pharming Technique But also useful for direct data compromise OWASP & WASC AppSec 2007 Conference San Jose Nov 2007 9
Client Side Attacks - Trojans Complete takeover of smartcard / token The Simple Way Cached PIN The Hard Way Stealing & Using PIN Step #1 Obtaining PIN Key Loggers USB Sniffers (Encryption might be a problem ) Driver Manipulation Step #2 Utilizing Card GUI Based Macro (Visible to user ) Direct DLL Access Silent Mode OWASP & WASC AppSec 2007 Conference San Jose Nov 2007 10
Client Side Attacks - Phishing One of the most prominent attacks today Surely solved by PKI (or not?) OWASP & WASC AppSec 2007 Conference San Jose Nov 2007 11
Real Time PKI Phishing - Overview Real Time Phishing provides a mean for overcoming the need of credentials theft. Rather than being stolen, the credentials are used in real time, while the device is plugged Once hijacked, the attacker can exploit the existing credentials using CSRF, Reflected XSS or other means As common with other CSRF/XSS attacks, the user has little, if any, way of preventing this. OWASP & WASC AppSec 2007 Conference San Jose Nov 2007 12
Real Time PKI Phishing - Analysis The attack is performed by creating a faked site (much like regular Phishing attacks) The site has no content, and contains 2 frames: Frame I - Uses entire screen area and presents the real site Frame II Invisible, and is used for taking advantage of the logged on user Utilizing cross domain techniques (CSRF, JavaScript inclusion, etc.) Frame II, already authenticated, is used to launch attacks OWASP & WASC AppSec 2007 Conference San Jose Nov 2007 13
Real Time PKI Phishing - Flow User follows link to malicious (Phished) site The response includes an empty content HTML, as following: <HTML> <IFRAME WIDTH=100% HEIGHT=100% NAME=REAL FRAMEBORDER=1 SRC= http://www.myrealsite.com/ ></IFRAME> <IFRAME WIDTH=0% HEIGHT=0% NAME=EVIL FRAMEBODER=1> </IFRAME> <SCRIPT SRC=http://www.myFAKEsite.com/dobad.js></SCRIPT> </HTML> OWASP & WASC AppSec 2007 Conference San Jose Nov 2007 14
Real Time PKI Phishing Flow (Cont d) The user is then presented with the Certificate selection The user experience is IDENTICAL OWASP & WASC AppSec 2007 Conference San Jose Nov 2007 15
Real Time PKI Phishing Flow (Cont d) Once the user has logged on, the user is able to browser through the site The malicious site is now able to perform navigation events on the 2 nd IFrame. This allows execution of any operation in the site on behalf of the user OWASP & WASC AppSec 2007 Conference San Jose Nov 2007 16
Real Time PKI Phishing Demo OWASP & WASC AppSec 2007 Conference San Jose Nov 2007 17
Real Time PKI Phishing Limitations Data Viewing May not be possible (Cross Site Limitations) Relies on CSRF Capabilities (Won t work well in.net ) However both limitations are easily bypassed with Reflected XSS The Phishing site provides the persistency platform XSS can then be used to access sensitive data XSS can also be used to obtaining whatever random data required to overcome CSRF protection OWASP & WASC AppSec 2007 Conference San Jose Nov 2007 18
Additional Real Time PKI Phishing Aspects Proprietary ActiveX based authentication (As opposed to integrated browser certificates) Identifying when the main frame has been successfully authenticated can be performed using cross domain exploits (e.g. JS includes) Man in the Middle Techniques An Alternative to CSRF/XSS Attacks Establish a connection with the client, and relay the challenge from the original server to the client. Might generate some warnings, but users tend to ignore those OWASP & WASC AppSec 2007 Conference San Jose Nov 2007 19
Conclusion Embedding PKI authentication in web applications is not a magic solution! Trojans, Pharming, Phishing, CSRF, XSS, as well as other applications vulnerabilities, remain a significant concern These problems must be addressed well before implementing client side certificates With that said client side certificates stored on secure physical device are still a very strong form of authentication OWASP & WASC AppSec 2007 Conference San Jose Nov 2007 20
Mitigation CSRF Protection Massively discussed yesterday XSS Protection Massively discussed for the past few years Trojans Protection Tricky (Requires taking the PC out of the equation ) On-Device PIN Input & Verification On-Device Biometric Verification On-Device OK confirmation Clean From-Device OS Boot (Might work with virtualization as well ) OWASP & WASC AppSec 2007 Conference San Jose Nov 2007 21
Thank You! Questions? OWASP & WASC AppSec 2007 Conference San Jose Nov 2007 22