Report for the SSTIC 2012 conference (Part 1)
Date : September 06, 2012
The SSTIC 2012 conference was held in Rennes (France) from 6th to 8th of June 2012. This is a famous French speaking conference that brings together people who are fond of techniques and security. The talks are often focused on offensive security and try to spot out weaknesses or limits in the current technologies. But this year the conference was more conventional, and most of the talks were attached to explain the technologies (such as the very technical presentations on SSL, RDP or Miasm, etc…) rather than just demonstrating vulnerabilities. All in one, this 2012 edition had an academic and research taste, in a very pleasant mood.
It is also worth mentioning the efforts made by the organizing committee to encourage the sharing of knowledge:
- For most of the presentations, in addition to the usual presentation materials, a detailed article is also available to anyone on the website of the conference.
- This year, short presentation sesions (15 minutes) were introduced in the agenda. They are reserved for students and young researchers to present the result of their work.
We give below a quick report for a first set of the presentations. The other ones will be described in a new article next month.
20 years of PaX
The creator of PaX (and single member of the "PaX Team") explained the evolution of PaX since its first release in 2000. PaX is a well-known Linux package to enhance the security of the Linux kernel, by implementing mechanisms such as memory overflow protection or address space randomization. PaX has been a pioneer in this field: the same kind of protection has appeared in 2004 on Windows with Windows XP SP2. PaX is a Linux kernel patch. It is available in the "grsecurity" package but, to our knowledge, is not integrated to any major Linux distribution. The presentation reviewed the features of PaX and the successive additions over time of new features. Overall, we note that this package is still alive and continues to evolve.
SSL/TLS: review on the technology and recommendations (by the ANSSI)
This speech first presents the different versions of SSL/TLS and the security provided by each. In a second part, it analyses which versions are in-use on the Internet. We further describe both parts below, but let’s remind first the difference between SSL and TLS: SSL was created by Netscape, but, in 2001, the IETF took responsibility for the protocol and renamed it TLS (TLS V1.0 is the successor of SSL V3).
In terms of security, TLS V1.1 is considered as the first secure version (previous versions have known vulerabilities). The last version of TLS is TLS 1.2. In practice, on Internet a vast majority of servers accept TLS V1.0 (which is unsecure). TLS V1.0 is also the default protocol (i.e. in the default configuration) for IE, Firefox and Opera. Chrome uses TLS V1.1 and Safari TLS V1.2. Overall, the adoption of newer versions of TLS is slow (TLS V1.2 specification was published in 2008).
The speaker then looks at the "cipher suites" used by SSL/TLS. A cipher suite is the set of algorithms negociated between client and server for the various aspects of the protocol (authentication, key exchange, encryption and signature). And some suites are more robust than others. The negociation of these suites could induce problems: e.g. some servers (such as IIS) do not offer any choice to the client and force the usage of weak suites. Another problem on Windows is the fact that it is not possible to configure the SSL cipher suites for each application: only one configuration exists and it applies to all the applications running on the same platform. The speaker also mentionned that 40% of the web server certificates found on Internet are incorrectly constructed.
Finally, TLS is secure in theory, and can be implemented correctly when it is possible to rule the configurations for both end of the communications (on both client and server sides). But for a more general usage on Internet, the situation is much more difficult, because restricting server or client configurations (to use only secure SSL configurations) will induce a loss of compatibility with other parties.
Netzob: a tool to perform reverse-engineering on communication protocols (by AMOSSYS and Supelec)
This project addresses a complex topic: create a tool able to automatically build the protocol specification from the communication samples it observed. According to the speakers it is an active topic in the research community but very few tools have been released on the Internet so far. A tool such as Netzob can be used for example to automatically discover the communication protocol used by a botnet.
Very schematically, Netzob works as follows:
- First, it analyzes the messages exchanged and, based on similarities found, it identifies the fields and the vocabulary used.
- Secondly, it builds a graph describing the behavior of the protocol and validates this graph by « fuzzing » the protocol in a controlled environment (it sends stimuli and observes the replies it gets in a controlled environment).
The underlying theory is obviously difficult, but the video demonstration shows that Netzob obtained in this field apparently promising results.
RDP security (by ANSSI)
This presentation analyzes the security of Microsoft RDP (Remote Desktop Protocol). It shows first that, in terms of functionality and architecture, RDP is a very complex protocol (its reference guide is 2000 pages long), because of the successive additions of features (on a protocol that was first built just to provide remote display capability) and the stacking of multiple protocol layers (TPKT, X224, etc ...). It then presents the security aspects and explains that there are two variants:
- Standard RDP security: this is the model used by default and its security level is insufficient. The network traffic is here protected by a 512 bit RSA key (2048 on Windows 2008) which is insufficient (breakable).
- Enhanced RDP security: this model has two sub-variants: TLS and NLA/CredSSP. The security level is better. One of the problems identified, however, is that when an abnormality is identified by RDP about the server identity, if the configuration is not the most restrictive one, the user is warned but has the ability to still accept the connection. This makes MITM attacks (Man In The Middle) possible.
At the end of the presentation, the speaker gives the following recommendations:
- use NLA/CredSSP for machines connected to a domain,
- use TLS for machines outside a domain (but the security level of TLS is lower that NLA/CredSSP),
- protect the RDP trafic by routing it on isolated/dedicated networks.
WinRT (by QuarksLab)
This presentation analyzes the security of WinRT (Windows RunTime) on Windows 8. WinRT is the software layer on which "Metro", the new Windows 8 GUI, relies. With Windows 8 there will be two distinct GUI modes:
- The regular « Desktop » GUI where conventional applications are launched.
- The « Metro » GUI which presents the applications (named "Metro apps") as clickable tiles (like on a Windows Phone). "Metro apps" will be downloaded on the WindowsStore (the Microsoft equivalent of the Apple AppStore or the Android Market) .
From a security standpoint, WinRT implements a sandbox mechanism that allows to isolate each "Metro app". Speakers indicate that the security level of this sandbox seems to us satisfactory.
Information is the intangible assets of the company (by a lawyer)
This presentation analyses how the abstract concept of "information" is protected by the French law. As there is no definition for "information" in the French law, the task is not easy and must be achieved by seeking the French law for any aspects that seem relevant. For example, the French law speaks about information concealment, or about the spreading of false information. It also sometimes uses other terms such as "data" or refers to information containers such as "database".
Auditing permissions in an Active Directory environment (by ANSSI)
The Microsoft Active Directory sizes are larger and larger (some AD contain millions of objects) and finding suspicious entries in an AD (e.g. an illegal account or permission entries added by a hacker) is a difficult task. To ease this audit activity, the ANSSI developed a tool (available here) that parses the raw files which contain the AD data to extract security related entries (and this is a big achievement in view of the complexity of the internal AD structure !), and presents them in a graphical interface.
During the talk, the speakers give some advices to AD security auditors:
- Discard all the regular entries to make questionnable entries to emerge (progressive reduction of the number of records to analyze)
- Search for top 10 grantees and verify that the result is normal.
- Check Exchange mailbox rights to verify that a user has not been granted the right to read the mailboxes of other users.
- Check the "adminSDHolder" object because this object defines access rights that will be automatically re-assigned every hour. A modification on this object can be used to implement a hidden mechanism to illegally increase rights.
Security in Windows 8 : an overview of (some) new features (by Microsoft)
This presentation presents some security enhancements of Windows 8, such as :
- The low level protections : the adoption of UEFI (Universal Extensible Firmware Interface) as a replacement for BIOS, TPM V2, or the possibility to launch an antivirus during the boot (via the ELAM feature - Early Launch Anti-Malware).
- The implementation of a virtual smart card concept, thanks to TPM: owning the computer and providing a secret information (such as PIN) will be considered as a 2-factors authentication.
- Improvements to facilitate BitLocker deployment.
- An improved ACL model with a new "claim" capability. Such capability will make possible to express a complex condition such as: "this directory is accessible if the user is connected to the company internal network".
Compromising JavaCard banking application via software attacks (by SERMA Technologies)
The speaker presents the security audit he has performed on a smart card that embeds a banking application made of Java applets. As he has a copy of the loading keys (which a regular attacker lacks) he can install offensive applets on the card. He shows that it is thus possible to defeat the standard security mechanisms of Java Card and to alter the banking application. This allows him to perform attack such as "Yes card" (the card considers any PIN as valid) or even to extract the cryptographic keys embedded in the card (which is the worst attack scenario for a bank card).
IronHide : I/O Attack platform
This presentation is a continuation of the presentations made by the same speaker in previous years. His interest is on low level and hardware focused attacks on PC platforms via I/O devices (graphical cards, I/O controllers, etc ...). This year the speaker presents "Ironhide", a PCI-Express card specifically built to spy on the internal bus of the PC. It can be used for example to discover undocumented messages exchanged on the internal bus, or to inject arbitary requests on this bus. The speaker shows a demo where IronHide captures the BIOS password when this password is exchanged between the keyboard and the BIOS. IronHide later sent the captured password to the BIOS to boot the PC while nobody is there to type the BIOS password. In his conclusion, the speaker explains that this kind of card could be used as a PC internal IDS : the card monitors the bus activity to detect if an internal component has an abnormal behavior (detection of a trapped hardware components).
The rest of this report will be published next month.
For more information:
- The conference web site: https://www.sstic.org/2012/actes/
- Some of the blogs which published reports about this conference (in French):