We are living on earth. The human being ancestor went through different generations of reforms. As a result modern civilization today. The foundation of civilization build by different elements and objects. A major element named logic, it structure cause and effect. Above definition involve successful factor of result. However some sort of things happen on earth looks mystery. Quote an example, Friday the 13th is considered an unlucky day in Western superstition. From scientific view point, such superstition it doesn’t make sense and no background factor support. By coincidence when you go to cosmopolitan city like Chicago or New York. You couldn’t found 13th Floor on escalator? Even though without scientific factor support this superstition whereas No.13th or Black Friday bring us psychological impact. We continue this discussion but our focus will go to cyber security. Up to this point, you might have question to ask? Why do we spend time on preface mention superstition topic?
Do you remember Jerusalem virus?
A virus first detected in Jerusalem, in 13th October 1987 (Black Friday). This virus hook itself on MS DOS services and capable run malware function. But internet communicate services not available at 80’s. How does it work? The virus program contains one destructive payload that is set to go off on black Friday (Friday the 13th). This is the 1st time let IT guru know a cyber attack schedule Friday the 13th Jan 2016. Below is the source code highlight for reference:
mov ah,02Ah ; Get system data int 021h mov byte cs:[zap],00H cmp cx,07C3h ; CX->Year, 7C4h=1987 jz done ; Do nothing if1987 cmp al,05h ; AL->Day,05h=Friday jnz otherpload ; No zap if not Fri cmp dl,00h ; DL->Date, 00h=13 jnz otherpload ; No zap if not 13th inc byte cs:[zap] ; Else turn on ZapFlag jmp done nop
Attack concept and idea – take advantage of the computer instruction set design limitation. For more details, please see below:
- If the interrupt flag (IF) is set (=1) then external hardware can initiate an interrupt via the INTR input of the microprocessor.
- If IF flag is clear (=) then the external device cannot initiate an interrupt.
Jerusalem code itself hooks into interrupt processing and other low level DOS services. This type of infection technique looks similar of the privileges escalation method run by malware today!
Keep away from anything labeled thirteen
Unfortunately, cyber incident occurs in 2013, coincidence that magic number thirteen was involved in the naming convention scheme. It is a crypto TLS vulnerability. Before we discuss what is lucky 13. Let’s do a quick review of TLS & SSL/TLS protocol architecture in below info graphic diagram.
Overview of TLS & SSL/TLS protocol architecture
As we know, there are total 4 types of SSL attack recently.
- Beast attack
- Crime attack
- Lucky 13 attack
- RC4 attack
To be honest, lucky 13 not equivalent to the meaning of his name. It is a cryptographic timing attack against implementations of the Transport Layer Security (TLS) protocol originally.
What is timing attack? (see below)
The attack allows a man-in-the-middle attacker to recover plaintext from a TLS/DTLS connection when CBC-mode (cipher-block chaining) encryption is used. Man-in-the-middle timing attack against TLS that exploits the interaction between how the protocol implements AES in CBC mode for encryption, and HMAC-SHA1 for authentication.
CVE-2013-0169 – The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets.
Predict more security bug in future, it is a fundamental design limitation so called MAC then encrypt
Encryption algorithm tried to apply it to TCP/IP but the model does not match well TCP/IP. Some things don’t fit in the layers, and SSL/TLS is one of them.
D(TLS) encryption process (see below):
- SSL/TLS uses an underlying transport medium that provides a bidirectional stream of bytes. That would put it somewhere above layer 4.
- SSL/TLS organizes data as records, that may contain, in particular, handshake messages. Handshake messages look like layer 5. This would put SSL/TLS at layer 6 or 7.
- However, what SSL/TLS conveys is “application data”, which is, in fact, a bidirectional stream of bytes. Applications that use SSL/TLS really use it as a transport protocol. They then use their own data representation and messages and semantics within that “application data”. Therefore, SSL/TLS cannot be, in the OSI model, beyond layer 4.
The Lucky13 attack triggered a series of TLS technical concerns . Yet another Padding Oracle vulnerability found in May 2016 (see below)
Padding oracle in AES-NI CBC MAC check (CVE-2016-2107) ====================================================== Severity: High A MITM attacker can use a padding oracle attack todecrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI. This issue was introduced as part of the fix for Lucky 13 padding attack (CVE-2013-0169). The padding check was rewritten to be inconstanttimeby making sure that always the same bytesarereadand compared against either the MAC or padding bytes. But it no longer checked that there was enough datato have both the MAC and padding bytes. OpenSSL 1.0.2users should upgradeto1.0.2h OpenSSL 1.0.1users should upgradeto1.0.1t This issue was reported to OpenSSL on13th of April 2016by Juraj Somorovsky using TLS-Attacker. The fix was developed by Kurt Roeckx of the OpenSSL development team.
A good practise on web server to mitigate the risk:
Control requirement on web server
- Do not configure wild card certificates
- Certificate to be signed by trusted certificate authority (CA)
- Ensure session cookies have “secure=true” flag set
- Ensure HSTS header is set for domain and sub domain