Insecure Use of Cryptography

Fixing insecure algorithms and cipher modes

About insecure algorithms and cipher modes

What are insecure algorithms and cipher modes?

A cryptographic algorithm and a cipher mode are two different concepts used in cryptography.

A cryptographic algorithm is a mathematical function used to encrypt or decrypt data. It defines the rules for transforming plaintext (unencrypted) data into ciphertext (encrypted) data, and vice versa. Common cryptographic algorithms include Advanced Encryption Standard (AES), RSA, and Triple Data Encryption Standard (3DES).

On the other hand, a cipher mode is a method of applying a cryptographic algorithm to encrypt or decrypt data. It defines the way in which plaintext is broken into blocks and how these blocks are transformed into ciphertext. Common cipher modes include Electronic Codebook (ECB), Cipher Block Chaining (CBC), and Galois/Counter Mode (GCM).

The difference between a cryptographic algorithm and a cipher mode is that an algorithm defines the mathematical rules for encryption and decryption, while a cipher mode defines the specific way in which these rules are applied to transform plaintext into ciphertext.

A cryptographic algorithm is a fundamental building block of cryptography, while a cipher mode provides additional security features and determines how data is processed.

Insecure algorithms are cryptographic algorithms that are known to have vulnerabilities that can be exploited by attackers. Cryptographic algorithms are used in security systems to protect data.

An example of an insecure algorithm is the Data Encryption Standard (DES), which is vulnerable to brute-force attacks.

Insecure cipher modes are cryptographic modes that have vulnerabilities or weaknesses that can be exploited by attackers to compromise the security of the encryption. The use of insecure cipher modes can result in data being decrypted or tampered with by unauthorized parties, which can lead to serious security breaches and data leaks.

Some examples of insecure cipher modes include:

• Electronic Codebook (ECB): ECB mode is insecure because it encrypts each block of plaintext independently, which can lead to patterns in the ciphertext that reveal information about the plaintext.
• Cipher Block Chaining (CBC) with a static IV: CBC mode with a static initialization vector (IV) is vulnerable to chosen plaintext attacks, where an attacker can manipulate the plaintext and observe the resulting ciphertext to learn more about the encryption algorithm.
• Cipher Feedback (CFB) mode with a small segment size: CFB mode with a small segment size can be vulnerable to bit-flipping attacks, where an attacker can manipulate the ciphertext to change the decrypted plaintext.
• Stream cipher modes using weak key schedules: Some stream cipher modes use weak key schedules that can be easily broken by attackers, allowing them to decrypt the ciphertext and gain access to sensitive data.

Check out this video for a high-level explanation:

What is the impact of insecure algorithms and cipher modes?

Insecure algorithms in security systems can have significant impacts on the security and privacy of data.

Here are some of the potential impacts:

• Data breaches: Insecure algorithms and cipher modes can be exploited by attackers to decrypt or tamper with encrypted data, leading to data breaches and the exposure of sensitive information.
• Data loss: In some cases, the use of insecure algorithms and cipher modes can result in the loss of encrypted data, either through accidental deletion or malicious tampering by attackers.
• Compliance violations: The use of insecure algorithms and cipher modes can lead to compliance violations with industry standards and regulations, such as the Payment Card Industry Data Security Standard (PCI DSS) or the General Data Protection Regulation (GDPR).
• Reputation damage: In the event of a data breach or other security incident caused by insecure algorithms and cipher modes, organizations may suffer reputational damage, loss of customer trust, and legal or financial penalties.

How to prevent insecure algorithms and cipher modes?

Several measures can prevent the use of insecure algorithms, including:

• Use strong cryptographic algorithms: Use strong and up-to-date cryptographic algorithms that have been widely tested and validated by security experts. For example, Advanced Encryption Standard (AES) encryption algorithm is widely used and has been proven to be secure.
• Disable or remove insecure algorithms: Disable or remove insecure algorithms, such as DES or RC4, from systems and applications.
• Use well-designed cipher modes: Use well-designed cipher modes that provide strong security guarantees, such as Cipher Block Chaining (CBC) with randomized initialization vectors (IVs) or Galois/Counter Mode (GCM).
• Avoid using weak cipher modes: Avoid using insecure cipher modes such as Electronic Codebook (ECB) or Cipher Feedback (CFB) mode with a small segment size.
• Regularly update cryptographic libraries and dependencies: Keep all cryptographic libraries and dependencies up-to-date with the latest security patches and updates.
• Regularly review and update security policies and procedures: Regularly review and update security policies and procedures to ensure that they remain up-to-date with the latest best practices and standards.

References

Taxonomies

• OWASP Top 10 - A02 Cryptographic Failures
• CWE-327: Use of a Broken or Risky Cryptographic Algorithm
• CWE-780: Use of RSA Algorithm without OAEP

Explanation & Prevention

• OWASP: Using a broken or risky cryptographic algorithm article
• OWASP: Cryptographic Storage Cheat Sheet
• OWASP: Testing for Weak Encryption
• Holistic Infosec: Cryptography on the Client
• NIST: Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths
• CAPEC: Padding Oracle Crypto Attack

Related CVEs

• CVE Details: CWE-327

Training

• Secure Code Warrior: Use of a Broken or Risky Cryptographic Algorithm

RDS Storage Not Encrypted

AWS RDS DB Instance should be encrypted.

Rule-specific references:

• AWS RDS DBInstance

Option A: Make sure Storage Encrypted is True

Resources of type "AWS::RDS::DBInstance" should have a Properties.StorageEncrypted present and it's value should be set to true.

1. If you can locate one of the following two patterns:

   Pattern one (StorageEncrypted key with value of false);

   AWSTemplateFormatVersion: 2010-09-09
   Description: RDS Storage Encrypted
   Parameters:
     SourceDBInstanceIdentifier:
       Type: String
     DBInstanceType:
       Type: String
     SourceRegion:
       Type: String
   Resources:
     MyKey:
       Type: "AWS::KMS::Key"
       Properties:
         KeyPolicy:
           Version: 2012-10-17
           Id: key-default-1
           Statement:
             - Sid: Enable IAM User Permissions
               Effect: Allow
               Principal:
                 AWS: !Join
                   - ""
                   - - "arn:aws:iam::"
                     - !Ref "AWS::AccountId"
                     - ":root"
               Action: "kms:*"
               Resource: "*"
     MyDBSmall:
       Type: "AWS::RDS::DBInstance"
       Properties:
         DBInstanceClass: !Ref DBInstanceType
         SourceDBInstanceIdentifier: !Ref SourceDBInstanceIdentifier
         SourceRegion: !Ref SourceRegion
         KmsKeyId: !Ref MyKey
         StorageEncrypted: false

   Pattern two (StorageEncrypted key not present at all);

   AWSTemplateFormatVersion: 2010-09-11
   Description: RDS Storage Encrypted2
   Parameters:
     SourceDBInstanceIdentifier:
       Type: String
     DBInstanceType:
       Type: String
     SourceRegion:
       Type: String
   Resources:
     MyKey2:
       Type: "AWS::KMS::Key"
       Properties:
         KeyPolicy:
           Version: 2012-10-17
           Id: key-default-1
           Statement:
             - Sid: Enable IAM User Permissions
               Effect: Allow
               Principal:
                 AWS: !Join
                   - ""
                   - - "arn:aws:iam::"
                     - !Ref "AWS::AccountId"
                     - ":root"
               Action: "kms:*"
               Resource: "*"
     MyDBSmall2:
       Type: "AWS::RDS::DBInstance"
       Properties:
         DBInstanceClass: !Ref DBInstanceType
         SourceDBInstanceIdentifier: !Ref SourceDBInstanceIdentifier
         SourceRegion: !Ref SourceRegion
         KmsKeyId: !Ref MyKey

2. Modify the config to something like the following:

   AWSTemplateFormatVersion: 2010-09-09
   Description: RDS Storage Encrypted
   Parameters:
     SourceDBInstanceIdentifier:
       Type: String
     DBInstanceType:
       Type: String
     SourceRegion:
       Type: String
   Resources:
     MyKey:
       Type: "AWS::KMS::Key"
       Properties:
         KeyPolicy:
           Version: 2012-10-17
           Id: key-default-1
           Statement:
             - Sid: Enable IAM User Permissions
               Effect: Allow
               Principal:
                 AWS: !Join
                   - ""
                   - - "arn:aws:iam::"
                     - !Ref "AWS::AccountId"
                     - ":root"
               Action: "kms:*"
               Resource: "*"
     MyDBSmall:
       Type: "AWS::RDS::DBInstance"
       Properties:
         DBInstanceClass: !Ref DBInstanceType
         SourceDBInstanceIdentifier: !Ref SourceDBInstanceIdentifier
         SourceRegion: !Ref SourceRegion
         KmsKeyId: !Ref MyKey
         StorageEncrypted: true

3. Test it

4. Ship it 🚢 and relax 🌴

S3 Bucket SSE Disabled

The first thing to check is that there is a BucketEncryption block. If there isn't then add one.

If the algorithm is AES256 then the master key is null, empty or undefined, otherwise the master key is required.

Rule-specific references:

• AWS S3 Bucket Server Side Encryption By Default

Options A: Make sure S3 Bucket Server Side Encryption is enabled

There are several options for server-side encryption depending on your threat model.

1. The SSEAlgorithm parameter can be set to either "AES256" or "aws:kms"

2. If you use "AES256" for the SSEAlgorithm parameter then the KMSMasterKeyID parameter should not exist

3. If you use "aws:kms" for the SSEAlgorithm parameter then you should specify a value for the KMSMasterKeyID parameter

4. Locate one of the following vulnerable patterns:

   Using "aws:kms":

   AWSTemplateFormatVersion: '2010-09-09'
   Description: S3 bucket with default encryption
   Resources:
     EncryptedS3Bucket:
       Type: 'AWS::S3::Bucket'
       Properties:
         BucketName:
           'Fn::Sub': 'encryptedbucket-${AWS::Region}-${AWS::AccountId}'
         BucketEncryption:
           ServerSideEncryptionConfiguration:
             - ServerSideEncryptionByDefault:
                 SSEAlgorithm: 'aws:kms'
       DeletionPolicy: Delete

   Using "AES256":

   AWSTemplateFormatVersion: '2010-09-09'
   Description: S3 bucket with default encryption
   Resources:
     EncryptedS3Bucket:
       Type: 'AWS::S3::Bucket'
       Properties:
         BucketName:
           'Fn::Sub': 'encryptedbucket-${AWS::Region}-${AWS::AccountId}'
         BucketEncryption:
           ServerSideEncryptionConfiguration:
             - ServerSideEncryptionByDefault:
                 SSEAlgorithm: 'AES256'
                 KMSMasterKeyID: KMS-KEY-ARN
       DeletionPolicy: Delete

5. Modify the config to something like the following:

   Using "aws:kms"

   AWSTemplateFormatVersion: '2010-09-09'
   Description: S3 bucket with default encryption
   Resources:
     EncryptedS3Bucket:
       Type: 'AWS::S3::Bucket'
       Properties:
         BucketName:
           'Fn::Sub': 'encryptedbucket-${AWS::Region}-${AWS::AccountId}'
         BucketEncryption:
           ServerSideEncryptionConfiguration:
             - ServerSideEncryptionByDefault:
                 SSEAlgorithm: 'aws:kms'
                 KMSMasterKeyID: KMS-KEY-ARN
       DeletionPolicy: Delete

   Using "AES256":

   AWSTemplateFormatVersion: '2010-09-09'
   Description: S3 bucket with default encryption
   Resources:
     EncryptedS3Bucket:
       Type: 'AWS::S3::Bucket'
       Properties:
         BucketName:
           'Fn::Sub': 'encryptedbucket-${AWS::Region}-${AWS::AccountId}'
         BucketEncryption:
           ServerSideEncryptionConfiguration:
             - ServerSideEncryptionByDefault:
                 SSEAlgorithm: 'AES256'
                 KMSMasterKeyID: KMS-KEY-ARN
       DeletionPolicy: Delete

6. Test it

7. Ship it 🚢 and relax 🌴