Report for the SSTIC 2011 conference
Date : August 01, 2011
The SSTIC 2011 conference has held in Rennes (France) from 8th to 10th of June 2011. This is a famous French speaking conference that brings together people who are fond of techniques and security. The talks are often focused on offensive security and try to spot out weaknesses or limits in the current technologies.
The presentations this year were mainly about hardware (security of cryptographic components, and computer internal architecture) and software (fuzzing, reverse-engineering, etc…),and not so much about network (IDS, botnet, P2P, etc…). This confirms a trend that began several years ago: after much searching of weaknesses in Unix, Windows and networks, many researchers have turned to other technologies, in various directions: rfid, smart cards, hardware attacks, smartphones, etc .... Any new technology is now attracting immediate attention of researchers seeking for new vulnerabilities and weaknesses. The best example of that phenomenon is probably the soaring number of vulnerabilities currently found in the Android smartphone OS. As one of the speakers at the conference said: Android is currently the new Eldorado for vulnerability researchers. It is a brand new area, where a bunch of vulnerabilities are yet to be discovered, and that therefore generates a lot of researches and discoveries... . We could also say almost the same about SCADA ...
The SSTIC conference is one of the only ones that still asks speakers to publish an academic article about their presentation (in addition to the presentation material), and publishes a voluminous proceedings booklet that brings together all these articles (the proceeding is this year 368 pages long). Because the proceedings and presentations materials are available on the web (see this site), and several other reports have already been published (eg on the blog of sid and the blog of n0secure), we will not enter into the technical details of each presentation. Consequently we just try to tell you the key fact of each presentation and we encourage you to further read these other resources if you are interested in the topic.
Thoughts on Client Systems Security (Joanna Rutkowska - Invisible Things Lab)
This opening presentation was made by a celebrity in the world of security, well known for her work on the "pre-boot" attacks (and notably the "blue pill" attack that relies on the virtualization capabilities of the processors). Congratulations to the program committee to have convinced this famous speaker to make that presentation.
The presentation focuses on the latest project of ITL (Invisible Things Lab): the Qubes operating system. Qubes is an open source OS based on Xen, X Windows and Linux. It is designed to provide an isolation mechanism between the applications running on the same machine. It implements the concept of compartimentization. A free beta version of Qube, which supports Linux applications only, is available for download. The support of Windows applications by Qubes is under study.
The presentation does not speak only about Qubes. It takes a broader approach and gives various thoughts about the security of client systems (i.e. end-user systems). This includes:
BitLocker (Aurélien Bordes - ANSSI)
This presentation explains Bitlocker (the Microsoft whole disk encryption feature that is available with Windows Vista and higher) internals and the new features brought by Windows Seven. The speaker reviews the possible attacks scenarios (e.g. when computer is off, or when running and locked, or …). He concludes that Bitlocker design seems good enough to resist to such attacks but it is difficult to evaluate the robustness of the TPM level (TPM is a low level mechanism that is used to ensure the integrity of the boot sequence. TPM uses dedicated cryptographic chips on the computer mother board). It must be noted that Bitlocker is available with Windows edition such as " Entreprise Integral " and is not available with " Pro " editions.
Silverlight and how to surf through. NET (Thomas Caplin - Sogeti/ESEC)
This talk first presents shortly the Microsoft .NET and Silverlight technologies:
XSSF to demonstrate the danger of XSS (Ludovic Courgnaud - Conix)
The speaker describes XSSF (XSS Framework): a toolbox to perform XSS (Cross-Site Scripting) attacks. XSSF was developed to overcome the limitations of other similar projects such as XSS-Shell (which has reached its end of life) or BeEF (which not yet implemented tunnels when XSSF was created). XSSF is actually a "plugin" for Metasploit. This means that the various modules of XSSF are used from the Metasploit console. As a demonstration, the speaker used an XSS attack against an Android phone to steal a file on the smartphone.
Probabilistic Rainbow Tables (Alain Scheider - Lexsi)
The "rainbow tables" have been used for ten years to crack " not salted " passwords. When a RT (rainbow-table) is built, the space of passwords that will be covered by the RT must be defined first. Currently the following types of RT already exist:
The Markov chains are already used by the password cracker "John-the-ripper" and are known to give very good results. The speaker explained that the use of Markov chains also helped to significantly improve the success rate of "rainbow tables": it allows increasing the success rate of password cracking from 87% to 92%.
Memory Eye (Yoann Guillot - Sogeti/ESEC)
This is a very original project which is to develop a tool that makes a "reverse engineering" of the data structure of a program. The tool is built on the "Metasm" debugger. It first locates the process heap space chunks and then parses them to recognize data structures such as arrays and linked lists.
The approach is innovative and seems very interesting.
Covert channel attacks against cryptographic implementations (Philippe Nguyen - Secure-IC)
This presentation demonstrates how to "break" a poorly designed cryptographic chip by observing its power consumption. A demonstration is made using a specially designed test bench: first an antenna captures the radiation of the chip, then an oscilloscope transforms that radiation into an observable signal, and finally a piece of software on a PC statistically analyzes the signal to reconstruct the encryption key used. The measures of protection to counter such covert-channel analysis (such as the "dual rail" logic) are then presented.
Android Security (Nicolas Ruff - EADS)
The speaker presents the different types of vulnerabilities for Android smartphones:
Android is a new platform, relatively open and easily accessible. As a result, many researchers are studying this platform and many vulnerabilities are discovered. In particular, Android applications are often poorly developed from a security point of view (see our report about the JSSI 2011 conference where the same speaker had a presentation on the same subject and where this issue had already been mentioned).
DMA peer-to-peer attacks and counter-measures (Fernand Lone Sang - LAAS/IRIT)
The DMA (Direct Memory Access) is a hardware mechanism that allows a device (eg a firewire device, a PCI-Express card or a graphical card) to get access to the RAM of the computer. This presentation shows that with the DMA, a device can also get a direct access to another device RAM. This is called a "Peer to peer" attack (where each "peer" is device).
The speaker makes a demonstration of such an attack by connecting a computer (the computer of the attacker) on the Firewire port of a victim computer and then takes advantage of DMA to read the RAM of the graphical card of this victim computer. The attack results in the attacker (bypassing any protection mechanism that would be implemented by the central processor) spying at the screen of the attacked computer.
The speaker finally explained that the IOMMU mechanism (a-MMU - Memory Management Unit- dedicated to IO -Inputs/Ouputs- transferts), that now exists in modern processors, could be used to counter these attacks (using the mechanism ACS - Access Control services - the IOMMU).
Sticky fingers & KBC Custom Shop (Alexandre Gazet -Sogeti/ESEC)
This is a very stunning presentation that shows how the speaker did explore, step by step, the internal architecture of his laptop. He presents the "reverse-engineering" of a Dell laptop BIOS and shows that this BIOS exchanges data with a dedicated circuit on the motherboard (the KBC "Keyboard control" that controls the keyboard) to perform sensitive operations such as:
Virtualization of a physical computer from the boot (Stephane Duverger-EADS)
The speaker presents a virtualization system that has been developed by EADS and that is called "Ramooflax". It is designed to observe the behavior of the guest machine. It can be used to debug, from the supervisor, an application running in the guest system. The hardware architecture and the difficulties encountered are detailed.
Attacking and Fixing PKCS#11 Security Tokens with Tookan (Graham Steel -INRIA )
The speaker presents a tool named Tookan which is able to audit the cryptographic tokens that use the PKCS # 11 interface standard.
With PKCS # 11, the secrets stored on a cryptographic token can be retrieved through a set of "handles", and each handle has specific properties. Tookan explores all the "handles" available on the analyzed token, and combines them to see if some combinations can result in a forbidden operation to be achieved (e.g. to export a secret). On 18 tokens tested, 10 were identified as vulnerable by Tookan.
Is it possible to turn off the Internet? (Stéphane Bortzmeyer - AFNIC)
The media are often alarmist about the robustness of the Internet: the network will collapse, the end of the world is coming soon, etc ... To restore a more objective perspective, he seeks to identify all attacks that could allow "to turn off" the Internet. He concludes that it is quite easy to disrupt Internet (it even happens almost daily), but switching off the whole network is much more difficult, and probably impossible.
Secure DNS architecture (Guillaume Valadon and Yves-Alexis Perez - ANSII)
This presentation explains the weaknesses of the DNS protocol and how we can overcome these weaknesses by using:
RRABBIDS, an intrusion detection system for Ruby on Rails application (Eric Totel - Supelec)
The speaker presents the "RRABBIDS" tools. This is an IDS designed to protect web applications developed with Ruby on Rails (ROR). The principle is that RRABBIDS adds its own code in the source code of the web application (during an instrumentation phase) which enables it to monitor the application and to detect abnormal behaviors (which are attempted attacks).
The proposed approach is original and the technologies used are derived from the world of software testing (for example, it uses the calculation of invariant using the DAIKON tool, or automatic learning phase using the Selenium tool). The "RRABBIDS" product seems to be more a research tool than an operational tool.
Offensive uses of XSLT (Nicolas Gregoire - Agarri.fr)
The XSLT engine components are responsible for rendering the raw data (in XML) to make them viewable (eg HTML). They are widely used in web applications and web browsers include so each XSLT engine. This research whether there are any exploitable vulnerabilities in the most popular XSLT engines.
The vulnerabilities are of two types:
Security flaw or lack of security? (Eric Barbry - Cabinet Bensoussan)
This speaker is a lawyer and he gives an update about the French legislation applicable in two cases:
Typology of attacks against our online freedoms (Jérémie Zimmermann - La Quadrature du Net)
The speaker is one of the spokespersons of the French group "la Quadrature du net" which defends the rights and freedoms of citizens on the Internet. This group sees the Internet as a common and inalienable asset and denounces the actions of governments and operators that result in limiting access to Internet.
On-line photo storage systems that ensure privacy of personal data (Luis Montalvo - Technicolor)
When a supplier offers to his users an online storage space, up to 90% of this space may be used to store duplicates of the 10% of the data that are truly unique. This presentation focuses on the case of photo storage and describes methods that can be used to search and eliminate duplicates. It presents the principles of "convergent encryption" (which allows to know that two pictures contain the same data without being able to determine these data) and the "visual hash" functions (which determines that two images are almost identical even if they are not binary identical).
A fuzzing framework for smart cards: application to the EMV protocol (Julien Lancia - SERMA Technologies)
The speaker belongs to a French CESTI (a Centre for the Evaluation of the Security of IT systems) which assesses the security of smart card systems before these smart cards are put in production. A fuzzing framework was developed to help these assessments. This fuzzer relies on Sulley (a fuzzing engine) and Triton (a Python API that implements the dialog with a smart card) and it compares the results returned by the tested smart card with the results produced by a reference implementation (software implementation that simulates a smart card).
On 12 smart cards tested using the fuzzer, six had defects (and two of these defects were security flaws).
Security? (Hervé Schauer - HSC)
The closing talk of the conference is usually the opportunity for the speaker to theorize and to give a vision for the future of society and security. Hervé Schauer complied with that tradition by presenting his thoughts on the subject of security and freedom (and explained that security stops where liberty begins) and on the future security. He concluded by wishing that in the future we can do better in the field of security that the poor results that were achieved during the past 15 years …
The presentations this year were mainly about hardware (security of cryptographic components, and computer internal architecture) and software (fuzzing, reverse-engineering, etc…),and not so much about network (IDS, botnet, P2P, etc…). This confirms a trend that began several years ago: after much searching of weaknesses in Unix, Windows and networks, many researchers have turned to other technologies, in various directions: rfid, smart cards, hardware attacks, smartphones, etc .... Any new technology is now attracting immediate attention of researchers seeking for new vulnerabilities and weaknesses. The best example of that phenomenon is probably the soaring number of vulnerabilities currently found in the Android smartphone OS. As one of the speakers at the conference said: Android is currently the new Eldorado for vulnerability researchers. It is a brand new area, where a bunch of vulnerabilities are yet to be discovered, and that therefore generates a lot of researches and discoveries... . We could also say almost the same about SCADA ...
The SSTIC conference is one of the only ones that still asks speakers to publish an academic article about their presentation (in addition to the presentation material), and publishes a voluminous proceedings booklet that brings together all these articles (the proceeding is this year 368 pages long). Because the proceedings and presentations materials are available on the web (see this site), and several other reports have already been published (eg on the blog of sid and the blog of n0secure), we will not enter into the technical details of each presentation. Consequently we just try to tell you the key fact of each presentation and we encourage you to further read these other resources if you are interested in the topic.
Thoughts on Client Systems Security (Joanna Rutkowska - Invisible Things Lab)
This opening presentation was made by a celebrity in the world of security, well known for her work on the "pre-boot" attacks (and notably the "blue pill" attack that relies on the virtualization capabilities of the processors). Congratulations to the program committee to have convinced this famous speaker to make that presentation.
The presentation focuses on the latest project of ITL (Invisible Things Lab): the Qubes operating system. Qubes is an open source OS based on Xen, X Windows and Linux. It is designed to provide an isolation mechanism between the applications running on the same machine. It implements the concept of compartimentization. A free beta version of Qube, which supports Linux applications only, is available for download. The support of Windows applications by Qubes is under study.
The presentation does not speak only about Qubes. It takes a broader approach and gives various thoughts about the security of client systems (i.e. end-user systems). This includes:
- The insecurity of current systems. The speaker explains here that, in her opinion, Linux and Unix are the worst systems on the topic of application isolation (because of X11 component),
- The technologies available that could help implementing isolation, and in particular: the old MMU mechanism or, more recently, other mechanisms related to virtualization (e.g VT-X and IOMMU). The speaker thinks that, in one hand, the new VT-x is not really more efficient than the old MMU, but in the other hand, IOMMU really enhances security if some pitfalls are avoided.
- The theoretical elements and architectural principals to take into account when designing isolation feature (security model, microkernel, etc…
BitLocker (Aurélien Bordes - ANSSI)
This presentation explains Bitlocker (the Microsoft whole disk encryption feature that is available with Windows Vista and higher) internals and the new features brought by Windows Seven. The speaker reviews the possible attacks scenarios (e.g. when computer is off, or when running and locked, or …). He concludes that Bitlocker design seems good enough to resist to such attacks but it is difficult to evaluate the robustness of the TPM level (TPM is a low level mechanism that is used to ensure the integrity of the boot sequence. TPM uses dedicated cryptographic chips on the computer mother board). It must be noted that Bitlocker is available with Windows edition such as " Entreprise Integral " and is not available with " Pro " editions.
Silverlight and how to surf through. NET (Thomas Caplin - Sogeti/ESEC)
This talk first presents shortly the Microsoft .NET and Silverlight technologies:
- .NET is an environment that can be compared (by far) to Java: a .NET virtual machine (the CLR - Common Language Runtime) executes a bytecode (the CIL - Common Intermediary Language) that it compiles on the fly using a JIT (Just In Time) compiler.
- Silverlight is a plugin for web browsers (IE, Firefox, etc. ..) that is used to create animations embedded in web pages. It provides the same kind of services as Flash animations. The Silverlight animations are developed with .NET technology.
- perform the attack through the web and to target the user's browser,
- bypass ASLR and DEP protection in Windows (because these protections are incompatible with the .NET technology)
- bypass " Silverlight sandbox " protection. Such protection exists only for the IE plugins, and neither Firefox nor Chrome have a Silverlight sandbox protection.
XSSF to demonstrate the danger of XSS (Ludovic Courgnaud - Conix)
The speaker describes XSSF (XSS Framework): a toolbox to perform XSS (Cross-Site Scripting) attacks. XSSF was developed to overcome the limitations of other similar projects such as XSS-Shell (which has reached its end of life) or BeEF (which not yet implemented tunnels when XSSF was created). XSSF is actually a "plugin" for Metasploit. This means that the various modules of XSSF are used from the Metasploit console. As a demonstration, the speaker used an XSS attack against an Android phone to steal a file on the smartphone.
Probabilistic Rainbow Tables (Alain Scheider - Lexsi)
The "rainbow tables" have been used for ten years to crack " not salted " passwords. When a RT (rainbow-table) is built, the space of passwords that will be covered by the RT must be defined first. Currently the following types of RT already exist:
- exhaustive (brute-force approach)
- dictionary
- hybrid
The Markov chains are already used by the password cracker "John-the-ripper" and are known to give very good results. The speaker explained that the use of Markov chains also helped to significantly improve the success rate of "rainbow tables": it allows increasing the success rate of password cracking from 87% to 92%.
Memory Eye (Yoann Guillot - Sogeti/ESEC)
This is a very original project which is to develop a tool that makes a "reverse engineering" of the data structure of a program. The tool is built on the "Metasm" debugger. It first locates the process heap space chunks and then parses them to recognize data structures such as arrays and linked lists.
The approach is innovative and seems very interesting.
Covert channel attacks against cryptographic implementations (Philippe Nguyen - Secure-IC)
This presentation demonstrates how to "break" a poorly designed cryptographic chip by observing its power consumption. A demonstration is made using a specially designed test bench: first an antenna captures the radiation of the chip, then an oscilloscope transforms that radiation into an observable signal, and finally a piece of software on a PC statistically analyzes the signal to reconstruct the encryption key used. The measures of protection to counter such covert-channel analysis (such as the "dual rail" logic) are then presented.
Android Security (Nicolas Ruff - EADS)
The speaker presents the different types of vulnerabilities for Android smartphones:
- Vulnerabilities in the system (the OS itself or the basic components such as "WebKit")
- Vulnerabilities in the applications
- Malicious applications
- Leakage of information (through applications)
- Logical errors (design weaknesses, particularly in the manufacturers customizations)
- Etc ...
Android is a new platform, relatively open and easily accessible. As a result, many researchers are studying this platform and many vulnerabilities are discovered. In particular, Android applications are often poorly developed from a security point of view (see our report about the JSSI 2011 conference where the same speaker had a presentation on the same subject and where this issue had already been mentioned).
DMA peer-to-peer attacks and counter-measures (Fernand Lone Sang - LAAS/IRIT)
The DMA (Direct Memory Access) is a hardware mechanism that allows a device (eg a firewire device, a PCI-Express card or a graphical card) to get access to the RAM of the computer. This presentation shows that with the DMA, a device can also get a direct access to another device RAM. This is called a "Peer to peer" attack (where each "peer" is device).
The speaker makes a demonstration of such an attack by connecting a computer (the computer of the attacker) on the Firewire port of a victim computer and then takes advantage of DMA to read the RAM of the graphical card of this victim computer. The attack results in the attacker (bypassing any protection mechanism that would be implemented by the central processor) spying at the screen of the attacked computer.
The speaker finally explained that the IOMMU mechanism (a-MMU - Memory Management Unit- dedicated to IO -Inputs/Ouputs- transferts), that now exists in modern processors, could be used to counter these attacks (using the mechanism ACS - Access Control services - the IOMMU).
Sticky fingers & KBC Custom Shop (Alexandre Gazet -Sogeti/ESEC)
This is a very stunning presentation that shows how the speaker did explore, step by step, the internal architecture of his laptop. He presents the "reverse-engineering" of a Dell laptop BIOS and shows that this BIOS exchanges data with a dedicated circuit on the motherboard (the KBC "Keyboard control" that controls the keyboard) to perform sensitive operations such as:
- First, to check the BIOS password,
- And more important, to implement some SMI (System Management Interrupts) handlers.
Virtualization of a physical computer from the boot (Stephane Duverger-EADS)
The speaker presents a virtualization system that has been developed by EADS and that is called "Ramooflax". It is designed to observe the behavior of the guest machine. It can be used to debug, from the supervisor, an application running in the guest system. The hardware architecture and the difficulties encountered are detailed.
Attacking and Fixing PKCS#11 Security Tokens with Tookan (Graham Steel -INRIA )
The speaker presents a tool named Tookan which is able to audit the cryptographic tokens that use the PKCS # 11 interface standard.
With PKCS # 11, the secrets stored on a cryptographic token can be retrieved through a set of "handles", and each handle has specific properties. Tookan explores all the "handles" available on the analyzed token, and combines them to see if some combinations can result in a forbidden operation to be achieved (e.g. to export a secret). On 18 tokens tested, 10 were identified as vulnerable by Tookan.
Is it possible to turn off the Internet? (Stéphane Bortzmeyer - AFNIC)
The media are often alarmist about the robustness of the Internet: the network will collapse, the end of the world is coming soon, etc ... To restore a more objective perspective, he seeks to identify all attacks that could allow "to turn off" the Internet. He concludes that it is quite easy to disrupt Internet (it even happens almost daily), but switching off the whole network is much more difficult, and probably impossible.
Secure DNS architecture (Guillaume Valadon and Yves-Alexis Perez - ANSII)
This presentation explains the weaknesses of the DNS protocol and how we can overcome these weaknesses by using:
- DNSSEC, which ensures the integrity of the exchange between the DNS servers,
- TSIG and DNSCurve, which ensure the integrity of the exchanges between a DNS client and its DNS server.
RRABBIDS, an intrusion detection system for Ruby on Rails application (Eric Totel - Supelec)
The speaker presents the "RRABBIDS" tools. This is an IDS designed to protect web applications developed with Ruby on Rails (ROR). The principle is that RRABBIDS adds its own code in the source code of the web application (during an instrumentation phase) which enables it to monitor the application and to detect abnormal behaviors (which are attempted attacks).
The proposed approach is original and the technologies used are derived from the world of software testing (for example, it uses the calculation of invariant using the DAIKON tool, or automatic learning phase using the Selenium tool). The "RRABBIDS" product seems to be more a research tool than an operational tool.
Offensive uses of XSLT (Nicolas Gregoire - Agarri.fr)
The XSLT engine components are responsible for rendering the raw data (in XML) to make them viewable (eg HTML). They are widely used in web applications and web browsers include so each XSLT engine. This research whether there are any exploitable vulnerabilities in the most popular XSLT engines.
The vulnerabilities are of two types:
- First XSLT functions are inherently dangerous (eg they allow to create files locally or to run commands)
- Secondly some are poorly implemented (they contain vulnerabilities).
Security flaw or lack of security? (Eric Barbry - Cabinet Bensoussan)
This speaker is a lawyer and he gives an update about the French legislation applicable in two cases:
- A vulnerability allows an attacker to penetrate a company,
- A lack of security allows an attacker to penetrate a company
Typology of attacks against our online freedoms (Jérémie Zimmermann - La Quadrature du Net)
The speaker is one of the spokespersons of the French group "la Quadrature du net" which defends the rights and freedoms of citizens on the Internet. This group sees the Internet as a common and inalienable asset and denounces the actions of governments and operators that result in limiting access to Internet.
On-line photo storage systems that ensure privacy of personal data (Luis Montalvo - Technicolor)
When a supplier offers to his users an online storage space, up to 90% of this space may be used to store duplicates of the 10% of the data that are truly unique. This presentation focuses on the case of photo storage and describes methods that can be used to search and eliminate duplicates. It presents the principles of "convergent encryption" (which allows to know that two pictures contain the same data without being able to determine these data) and the "visual hash" functions (which determines that two images are almost identical even if they are not binary identical).
A fuzzing framework for smart cards: application to the EMV protocol (Julien Lancia - SERMA Technologies)
The speaker belongs to a French CESTI (a Centre for the Evaluation of the Security of IT systems) which assesses the security of smart card systems before these smart cards are put in production. A fuzzing framework was developed to help these assessments. This fuzzer relies on Sulley (a fuzzing engine) and Triton (a Python API that implements the dialog with a smart card) and it compares the results returned by the tested smart card with the results produced by a reference implementation (software implementation that simulates a smart card).
On 12 smart cards tested using the fuzzer, six had defects (and two of these defects were security flaws).
Security? (Hervé Schauer - HSC)
The closing talk of the conference is usually the opportunity for the speaker to theorize and to give a vision for the future of society and security. Hervé Schauer complied with that tradition by presenting his thoughts on the subject of security and freedom (and explained that security stops where liberty begins) and on the future security. He concluded by wishing that in the future we can do better in the field of security that the poor results that were achieved during the past 15 years …