Lecture 12: 18th October 2019 Flashcards
Secure communications and application vulnerabilities part 2
What is STARTTLS?
An extension to SMTP facilitates secure and encrypted communications between SMTP clients and servers. Tries to use TLS and falls back to SSL.
What is STARTTLS stripping?
This attack takes advantage of the fail-open design of STARTTLS, that is, the SMTP servers using cleartext if the STARTTLS handshake fails. Like many security mechanisms, STARTTLS is designed to “fail open” rather than “fail closed,” meaning that when certain errors happen, servers will simply send e-mail in unencrypted form rather than failing to send the message at all. Network actors can exploit this design by sending certain types of packets that trigger a fail-open error.
What was the POODLE vulnerabiltiy?
A MITM attack for SSL connections to browsers. The attacker forces the connection to use SSL 3.0 then exploits design flaw in SSL 3.0 that allows the padding of data at the end of a block cipher to be changed so that the encryption cipher becomes less secure each time it is passed. It eventually reveals the plaintext input after repeatedly padding messages.
What is SMTP over TLS?
An extension to SMTP that allows an SMTP server and client to use transport-layer security to provide private, encrypted, and authenticated communication over the Internet using TLS.
What are some vulnerabilities of SMTP over TLS??
- ~30% of handshakes fail
- weak cipher suites are used: DES, RC4, MD5
- only ~ a quarter of servers support strong cipher suites, and cipher agreed can be derated to less secure ciphers (most secure common one) even in those that do
- some email servers after derating to less secure cipher suites or even unencrypted emails entirely
What can you do to email packets to attack them?
- interception - some organisations protect email up to the edge of the network, and some may copy all emails (legal or government companies) as email are evidence or legal documents
- monitoring - some organisations monitor email for business patterns or for information disclosure. Some companies state they have the right to access email at any time.
- anonymisation - some companies (Yahoo, Hotmail) offer free email addresses which can be treated as once use disposable emails.
- remailers - these are 3rd party mailers who forward email onto a designated recipient. The third party keeps detailed records to allow forwarding in both directions to recipient and sender. Essentially this is not anonymity but pseudonimity. However, a TOR like setup can allow a series of co-operating servers to hide sender details under asymmetric encryption.
- spoofing- the SMTP protocol does not check for legitimacy or accuracy. (See https://tools.ietf.org/html/rfc821 or rfc7435)
How can firewalls ensure email privacy?
Can ensure that no outbound emails are unencrypted or use ciphers that are too weak. Can ensure no inbound emails are from blacklisted domains or addresses. Can filter spam?
What factors should be considered to ensure security with databases?
- Access Control: restriction levels of read, write (update). Delete must be at admin level.
- Authentication: Pre phase of authentication needed for access.
- Physical DB integrity: power failures, disc failure etc should not affect the data.
- Logical DB integrity: The structure of the DB is preserved after data modification (no loss of fields, keys etc).
- Auditability: for forensic or legal reasons as well as reconstruction.
- Two phase update: designed to prevent problems during update (long intent phase and then commit phase when commit flag is set)
What are inference attacks?
Using public or non-sensitive information to deduce or infer private or sensitive information. This may use real-world causalities, statistics, reasoning, etc.
How do inference attacks work?
Either directly query public records in a way to gain few results to gain sensitive information on those subjects outright or perform stats to derive sensitive information.
How were AIDS patients identified in an inference attack?
Who were AIDs patients was not public knowledge - is sensitive. Newspapers investigated deliveries of AZT drugs to treat it to different hospitals and regions to find where there were the most patients.
What is suppression?
Not providing data results at all when under the k-anonymity value.
What is concealment?
Slightly altering data results at all when under the k-anonymity value.
What is k-anonymity protection?
Stopping the release of data if it only applies to a certain number of subjects less than or equal to a minimum number, k. At or below k, inference attacks would otherwise become possible.
How can multilevel security be implemented with databases?
Consider sensitive data in a database; is it the cell/element or the tuple/row?
- Data could be partitioned - at a cost of redundancy, access efficiency, etc.
- Data or tuples could be encrypted.
- An integrity code could be applied to each cell (colour or level coded). Sometimes called an Integrity Lock.
- A sensitivity lock could be applied - a different lock for each record which indicates the sensitivity level, e.g. an encryption-based on record number and sensitivity level so that an attacker can not infer much from two records with the same sensitivity level.