Cryptography-based Vulnerabilities in Applications
Introduction to cryptography
Cryptography is designed to help protect the confidentiality, integrity and authenticity of data. By using an encryption algorithm, it is possible to transform data in a way that makes it impossible to read by anyone lacking knowledge of the secret key. Both hash functions and digital signatures can provide integrity protection, and a digital signature verifies the authenticity of a message as well.
However, these benefits of cryptographic algorithms only apply if the algorithms are used correctly. Cryptographic algorithms are very delicate, and a single mistake in design or implementation can render their protections meaningless.
Common cryptography errors
Cryptography can go wrong in a number of different ways. Some of the most common mistakes are trying to use insecure or custom algorithms, using algorithms with known weaknesses and misusing cryptography entirely.
Rolling your own cryptography
It seems that using a custom and secret encryption algorithm would protect data confidentiality better than a known one. If no one knows how an algorithm works, then it should be harder for someone to break it.
The problem with this theory is that most people are not trained cryptographers, and even trained cryptographers make mistakes when developing cryptographic algorithms. For every well-known and trusted encryption algorithm in use today, there are others that seemed like a good idea at the time but carried fatal weaknesses.
Take the Advanced Encryption Standard (AES), for example. The National Institute of Standards and Technology (NIST) put on a multi-year contest to select the AES. In August 1998, fifteen candidate algorithms were chosen from those submitted. Within a year, major vulnerabilities were discovered within five of the algorithms and another four had less-serious attacks.
These were algorithms developed by experienced cryptographers with knowledge of common cryptanalytic techniques, yet many were rapidly broken. Don’t try to create and use a custom cryptographic algorithm.
Using weak/broken cryptographic algorithms
Another common mistake when using cryptography is the use of algorithms that are known to be weak or broken. Over the years, many algorithms have been declared broken, either due to vulnerability to brute-force attacks (like DES or MD5) or flaws in the protocol itself (like those failed AES candidates).
This mistake is most common with hash algorithms, since many of the best-known and most commonly used encryption algorithms have been around for years and are still secure (like AES). Hash algorithms are often used in long-lived applications as well, which can make them difficult to change.
For example, hash functions are integral to password security. Instead of storing a copy of a user’s password, a system will store a hash and compare the stored hash with the hash of the provided password. If they match, the user is given access to the system.
This is only secure if the hash algorithm in use is collision-resistant, meaning that it is very difficult to find two inputs that produce the same hash. The MD5 and SHA1 hash functions are two examples of hash functions that are well-known but no longer collision resistant. However, some organizations are still using them for passwords, as demonstrated by the breach of CafePress discovered in August 2019.
Using cryptography incorrectly
Even if an application is using a secure cryptographic algorithm, it is still possible for something to go wrong. This is because cryptography is only secure if used correctly.
Cryptographic algorithms often have rules governing how they can be used safely. For example, it is important that random values (nonces and IVs) and stream ciphers’ keys are only used once. A failure to do so creates the potential for attack.
Cryptographic algorithms can also be used properly but have external factors that jeopardize their security. For example, the use of salting to protect passwords against rainbow tables is considered best practice. However, salting is only effective if a unique salt is used for each password, as discovered by MyFitnessPal in their 2018 data breach.
Best practices when using cryptography
Cryptography is a useful tool, but it can go wrong in a number of different ways. Some important best practices for the use of cryptographic algorithms include:
- Stick with standard libraries: Many cryptographic errors arise from trying to write a custom implementation of something. Most legitimate uses of cryptography have at least one library available that implements the functionality correctly and securely
- Use randomness properly: Cryptographic algorithms are heavily dependent upon randomness. Use a strong random number generator for secret keys, nonces, IVs and so on
- Perform data integrity checks: Data can be modified in transit, which can mess up the use of cryptographic algorithms. Always use a message authentication code (MAC) or similar to ensure data integrity
- Cryptographic Standards and Guidelines, NIST
- James Nechvatal, Elaine Barker, Donna Dodson, Morris Dworkin, James Foti and Edward Roback, “Status Report on the First Round of the Development of the Advanced Encryption Standard,” NIST Journal of Research
- CafePress Hacked, 23M Accounts Compromised. Is Yours One Of Them?, Forbes
- 620 million accounts stolen from 16 hacked websites now for sale on dark web, seller boasts, The Register