Attacking OpenSSL Shared Library Using Code Injection

코드 주입을 통한 OpenSSL 공유 라이브러리의 보안 취약점 공격

  • 안우현 (광운대학교 컴퓨터소프트웨어학과) ;
  • 김형수 (지앤비영어전문교육 소프트웨어팀)
  • Received : 2010.05.07
  • Accepted : 2010.06.12
  • Published : 2010.08.15

Abstract

OpenSSL is an open-source library implementing SSL that is a secure communication protocol. However, the library has a severe vulnerability that its security information can be easily exposed to malicious software when the library is used in a form of shared library on Linux and UNIX operating systems. We propose a scheme to attack the vulnerability of the OpenSSL library. The scheme injects codes into a running client program to execute the following attacks on the vulnerability in a SSL handshake. First, when a client sends a server a list of cryptographic algorithms that the client is willing to support, our scheme replaces all algorithms in the list with a specific algorithm. Such a replacement causes the server to select the specific algorithm. Second, the scheme steals a key for data encryption and decryption when the key is generated. Then the key is sent to an outside attacker. After that, the outside attacker decrypts encrypted data that has been transmitted between the client and the server, using the specified algorithm and the key. To show that our scheme is realizable, we perform an experiment of collecting encrypted login data that an ftp client using the OpenSSL shared library sends its server and then decrypting the login data.

OpenSSL은 보안 통신 프로토콜인 SSL을 구현한 공개 소스 기반의 라이브러리이다. 하지만, 이 라이브러리는 리눅스 혹은 유닉스 운영체제에서 공유 라이브러리 형식으로 사용될 때 보안 정보를 쉽게 노출할 수 있다는 취약점이 있다. 본 논문은 이런 취약점을 공격하는 기법을 제안한다. 이 기법은 실행중인 클라이언트 프로그램에 공격 코드를 주입하여 SSL 핸드셰이크 단계에서 보안 취약점을 다음과 같이 공격한다. 첫째, 클라이언트가 서버에게 지원 가능한 암호 알고리즘의 목록을 전송할 때 그 목록의 모든 알고리즘을 임의로 지정한 알고리즘으로 교체한다. 이 교체는 암호 알고리즘의 목록을 수신한 서버로 하여금 지정한 암호 알고리즘을 선택하도록 한다. 둘째, 암복호화에 사용되는 암호 키를 생성 과정에서 가로채고, 그 암호 키를 외부 공격자에게 전송한다. 그 후 외부 공격자는 지정한 암호 알고리즘과 가로챈 암호키를 사용하여 송수신된 암호 데이터를 복호화한다. 제안하는 기법의 실현성을 보이기 위해 본 논문은 리눅스에서 OpenSSL 공유 라이브러리를 사용하는 ftp 클라이언트가 서버로 전송하는 암호화된 로그인(login) 정보를 가로채 복호화하는 실험을 수행하였다.

Keywords

Acknowledgement

Supported by : 한국과학재단

References

  1. S. A. Thomas, SSL and TLS Essentials: Securing the Web, John Wiley & Sons, 2000.
  2. OpenSSL: The Open Source Toolkit for SSL/TLS. Web Site: http://www.openssl.org.
  3. R. Rivest, A. Shamir, and L. Adleman, "A Method for Obtaining Digital Signatures and Public-key Cryptosystems," Communications of the ACM, vol.21, pp.120-126, February 1978. https://doi.org/10.1145/359340.359342
  4. D. Brumley and D. Boneh, "Remote Timing Attacks are Practical," In Proc. of the 12th USENIX Security Symposium, pp.1-14, August 2003.
  5. A. Pellegrini, V. Bertacco, and T. Austin, "Fault- Based Attack of RSA Authentication," In Proc. of the Conference on Design Automation and Test in Europe (DATE), March 2010.
  6. N. P. Smith, "Stack Smashing Vulnerabilities in the UNIX Operating System," http://destroy.net/machines/security/nate-buffer.pdf, 1997.
  7. Cert Vulnerability Note VU#102795, "OpenSSL Servers Contain a Buffer Overflow during the SSL2 Handshake Process," http://www.kb.cert.org/vuls/id/102795.
  8. Cert Vulnerability Note VU#561275, "OpenSSL Servers Contain a Remotely Exploitable Buffer Overflow Vulnerability during the SSL3 Handshake Process, http://www.kb.cert.org/vuls/id/561275.
  9. ptrace(2) - Linux man page. Web site: http://linux.die.net/man/2/ptrace.
  10. A. Baliga, P. Kamat, and L. Iftode, "Lurking in the Shadows: Identifying Systemic Threats to Kernel Data," In Proc. of the 2007 IEEE Symposium on Security and Privacy, pp.246-251, May 2007.
  11. B. Jeffrey, R. O'Hare, A. Baliga, Arati, V. Ganapathy, and L. Iftode, "Rootkits on smart phones: attacks, implications and opportunities," In Proc. of the 11th ACM HotMobile, pp.49-54, February 2010.
  12. Ninja-Privilege escalation detection system for GNU/Linux, http://www.ubuntugeek.com/ninja-privilege-escalation-detection-system-for-gnulinux.html.
  13. L. Dorrendorf, Z. Gutterman, and B. Pinkas, "Cryptanalysis of the random number generator of the Windows operating system," ACM Transactions on Information and System Security, vol.13, no.1, pp.1-32, 2009.
  14. Fedora home page. Web Site: http://fedoraproject.org.
  15. lftp program home page. Web Site: http://lftp.yar.ru or http://en.wikipedia.org/wiki/Lftp
  16. J. R. Levine, Linkers and Loaders, Morgan Kaufmann, 2000.
  17. G. Altekar, I. Bagrak, P. Burstein, and A. Schultz. "OPUS: Online Patches and Updates for Security," In Proc. of the 14th USENIX Security Symposium, pp.287-302, August 2005.
  18. J. Xu, P. Ning, C. Kil, Y. Zhai, and C. Bookholt, "Automatic Diagnosis and Response to Memory Corruption Vulnerabilities," In Proc. of the 12th ACM Conference on Computer and Communications Security, pp.223-234, October 2007.
  19. "Runtime Process Infection," Phrack Magazine, vol.0x0b, no.0x3b, July 2002.
  20. R. Love, Linux Kernel Development, 2nd Ed., Novell, 2005.
  21. P. Padala, "Playing with ptrace, Part III," Linux Journal, vol.2002 no.104, p.5, December 2002.
  22. G. Hoglund and J. Butler, Rootkits: Subverting the Windows Kernel, Addison-Wesley, 2005.
  23. vsftpd program home page. Web Site: http://vsftpd.beasts.org.
  24. wireshark program home page. Web Site: http://www.wireshark.org.
  25. ssldump program home page. Web Site: http://www.rtfm.com/ssldump.
  26. avast anti-virus home page. Web Site: http://www.avast.com/eng/avast-for-linux-work station.html
  27. klamav anti-virus home page. Web Site: http://klamav.sourceforge.net/klamavwiki/index.php/Main_Page.
  28. P. Kocher, "Timing Attacks on Implementations of Diffie-hellman, RSA, DSS, and Other Systems," Advances in Cryptology, pp.104-113, 1996.
  29. Debian OpenSSL Predictable PRNG Toys. Web Site: http://metasploit.com/users/hdm/tools/debian-openssl.
  30. C. Cowan, C. Pu, D. Maier, H. Hinton, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang, "StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks," In Proc. of the 7th USENIX Security Conference, pp.63-78, January 1998.
  31. StackShield home page. Website: http://www.angelfire.com/sk/stackshield.
  32. S. Cesare, "Shared Library Call Redirection via ELF PLT Infection," Phrack Magazine, vol.0x0a, no.0x38, May 2000.
  33. A. Chuvakin, "An Overview of UNIX Rootkits," iALERT White Paper, iDefense Labs, http://www.megasecurity.org/papers/Rootkits.pdf, February 2003.
  34. Plaguez, "Weakening the Linux Kernel," Phrack Magazine, vol.8, no.52, January 1998.
  35. K. Jones, "Loadable Kernel Modules," USENIX login: Magazine, http://www.usenix.org/publications/login/2001-11/pdfs/jones2.pdf, November 2001.
  36. Sd and Devik, "'Linux On-The-Fly Kernel Patching without LKM," Phrack Magazine, vol.0x0b, no.0x3a, December 2001.
  37. Linux malware: an incident and some solutions. Web site: https://lwn.net/Articles/367874.
  38. Badbunny (computer worm). Web site: http://en.wikipedia.org/wiki/Badbunny.