Jörg Schwenk

On Technical Security Issues in Cloud Computing

The Cloud Computing concept offers dynamically scalable resources provisioned as a service over the Internet. Economic benefits are the main driver for the Cloud, since it promises the reduction of capital expenditure (CapEx) and operational expenditure (OpEx). In order for this to become reality, however, there are still some challenges to be solved. Amongst these are security and trust issues, since the users data has to be released to the Cloud and thus leaves the protection-sphere of the data owner. Most of the discussions on this topics are mainly driven by arguments related to organizational means. This paper focuses on technical security issues arising from the usage of Cloud services and especially by the underlying technologies used to build these cross-domain Internet-connected collaborations.

Combining digital watermarks and collusion secure fingerprints for digital images

Digital watermarking is the enabling technology to prove ownership on copyrighted material, detect originators of illegally made copies, monitor the usage of the copyrighted multimedia data, and analyze the spread spectrum of the data over networks and servers. Embedding of unique customer identification as a watermark into data is called fingerprinting to identify illegal copies of documents. Basically, watermarks embedded into multimedia data for enforcing copyrights must uniquely identify the data and must be difficult to remove, even after various media transformation processes. Digital fingerprinting raises the additional problem that we produce different copies for each customer. Attackers can compare several fingerprinted copies to find and destroy the embedded identification string by altering the data in those places where a difference was detected. In our paper we present a technology for combining a collusion-secure fingerprinting scheme based on finite geometries and a watermarking mechanism with special marking points for digital images. The only marking positions the pirates cannot detect are those positions which contain the same letter in all the compared documents, called intersection of different fingerprints. The proposed technology for a maximal number d of pirates, puts enough information in the intersection of up to d fingerprints to uniquely identify all the pirates.

On the Security of TLS-DHE in the Standard Model

TLS is the most important cryptographic protocol in use today. However, up to now there is no complete cryptographic security proof in the standard model, nor in any other model. We give the first such proof for the core cryptographic protocol of TLS ciphersuites based on ephemeral Diffie-Hellman key exchange TLS-DHE, which include the cipher suite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA mandatory in TLS 1.0 and TLS 1.1. It is impossible to prove security of the TLS Handshake protocol in any classical key-indistinguishability-based security model like for instance the Bellare-Rogaway or the Canetti-Krawczyk model, due to subtle issues with the encryption of the final Finished messages. Therefore we start with proving the security of a truncated version of the TLS-DHE Handshake protocol, which has been considered in previous works on TLS. Then we define the notion of authenticated and confidential channel establishment ACCE as a new security model which captures precisely the security properties expected from TLS in practice, and show that the combination of the TLS Handshake with data encryption in the TLS Record Layer can be proven secure in this model.

Scriptless attacks: stealing the pie without touching the sill

Due to their high practical impact, Cross-Site Scripting (XSS) attacks have attracted a lot of attention from the security community members. In the same way, a plethora of more or less effective defense techniques have been proposed, addressing the causes and effects of XSS vulnerabilities. NoScript, and disabling scripting code in non-browser applications such as e-mail clients or instant messengers. As a result, an adversary often can no longer inject or even execute arbitrary scripting code in several real-life scenarios. In this paper, we examine the attack surface that remains after XSS and similar scripting attacks are supposedly mitigated by preventing an attacker from executing JavaScript code. We address the question of whether an attacker really needs JavaScript or similar functionality to perform attacks aiming for information theft. The surprising result is that an attacker can also abuse Cascading Style Sheets (CSS) in combination with other Web techniques like plain HTML, inactive SVG images or font files. Through several case studies, we introduce the so called scriptless attacks and demonstrate that an adversary might not need to execute code to preserve his ability to extract sensitive information from well protected websites. More precisely, we show that an attacker can use seemingly benign features to build side channel attacks that measure and exfiltrate almost arbitrary data displayed on a given website. We conclude this paper with a discussion of potential mitigation techniques against this class of attacks. In addition, we have implemented a browser patch that enables a website to make a vital determination as to being loaded in a detached view or pop-up window. This approach proves useful for prevention of certain types of attacks we here discuss.

Universally Composable Security Analysis of TLS

We present a security analysis of the complete TLS protocol in the Universal Composable security framework. This analysis evaluates the composition of key exchange functionalities realized by the TLS handshake with the message transmission of the TLS record layer to emulate secure communication sessions and is based on the adaption of the secure channel model from Canetti and Krawczyk to the setting where peer identities are not necessarily known prior the protocol invocation and may remain undisclosed. Our analysis shows that TLS, including the Diffie-Hellman and key transport suites in the uni-directional and bi-directional models of authentication, securely emulates secure communication sessions.

Analysis of Signature Wrapping Attacks and Countermeasures

In recent research it turned out that Boolean verification of digital signatures in the context of WS-Security is likely to fail: If parts of a SOAP message are signed and the signature verification applied to the whole document returns true, then nevertheless the document may have been significantly altered.In this paper, we provide a detailed analysis on the possible scenarios that enable these signature wrapping attacks. Derived from this analysis, we propose a new solution that uses a subset of XPath instead of ID attributes to point to the signed subtree, and show that this solution is both efficient and secure.

Security Prospects through Cloud Computing by Adopting Multiple Clouds

Clouds impose new security challenges, which are amongst the biggest obstacles when considering the usage of cloud services. This triggered a lot of research activities in this direction, resulting in a quantity of proposals targeting the various security threats. Besides the security issues coming with the cloud paradigm, it can also provide a new set of unique features which open the path towards novel security approaches, techniques and architectures. This paper initiates this discussion by contributing a concept which achieves security merits by making use of multiple distinct clouds at the same time.

Breaking and fixing the inline approach

McIntosh and Austel (SWS 2005, [12] ) have shown that standard semantics of digital signatures in context of WS-Security fail: If parts of the document are signed and the signature verification applied to the whole document returns a Boolean value, then the document can be significantly altered without invalidating the signature. Rahaman, Schaad and Rits (SWS 2006, [15] ) introduce the inline approach against the flaw. We analyze the inline approach and demonstrate weaknesses by the construction of counterexamples. Finally, we study solution ideas that mitigate XML wrapping attacks.

Penetration Testing Tool for Web Services Security

XML-based SOAP Web Services are a widely used technology, which allows the users to execute remote operations and transport arbitrary data. It is currently adapted in Service Oriented Architectures, cloud interfaces, management of federated identities, eGovernment, or millitary services. The wide adoption of this technology has resulted in an emergence of numerous - mostly complex - extension specifications. Naturally, this has been followed by a rise in large number of Web Services attacks. They range from specific Denial of Service attacks to attacks breaking interfaces of cloud providers [1], [2] or confidentiality of encrypted messages [3]. By implementing common web applications, the developers evaluate the security of their systems by applying different penetration testing tools. However, in comparison to the wellknown attacks as SQL injection or Cross Site Scripting, there exist no penetration testing tools for Web Services specific attacks. This was the motivation for developing the first automated penetration testing tool for Web Services called WS-Attacker. In this paper we give an overview of our design decisions and provide evaluation of four Web Services frameworks and their resistance against WS-Addressing spoofing and SOAPAction spoofing attacks.

Visual spoofing of SSL protected web sites and effective countermeasures

Today the standard means for secure transactions in the World Wide Web (WWW) are the SSL/TLS protocols, which provide secure (i.e., private and authentic) channels between browsers and servers. As protocols SSL/TLS are considered secure. However, SSL/TLSs protection ends at the “transport/session layer” and it is up to the application (here web browsers) to preserve the security offered by SSL/TLS. In this paper we provide evidence that most web browsers have severe weaknesses in the browser-to-user communication (graphical user interface), which attackers can exploit to fool users about the presence of a secure SSL/TLS connection and make them disclose secrets to attackers. These attacks, known as “Visual Spoofing”, imitate certain parts of the browsers user interface, pretending that users communicate securely with the desired service, while actually communicating with the attacker. Therefore, most SSL/TLS protected web applications can not be considered secure, due to deficiencies in browsers user interfaces. Furthermore, we characterise Visual Spoofing attacks and discuss why they still affect todays WWW browsers. Finally, we introduce practical remedies, which effectively prevent these attacks and which can easily be included in current browsers or (personal) firewalls to preserve SSL/TLSs security in web applications.