|
|
Log in / Subscribe / Register

Security

Encrypting users' web data with Grendel

By Jake Edge
January 27, 2010

Web sites that store personal information can be worrisome. Depending on the type of information stored, disclosure of the data can have effects ranging from embarrassment to financial loss. There are steps that web services (or "cloud" services in the parlance of our times) can take to reduce the danger of data disclosure. The Grendel encryption mechanism for sensitive data, which was recently released under the MIT license, is a reasonable approach to the problem—and one that can now be examined and possibly adopted by other web services.

Grendel comes from Wesabe, which is an online money management tool. That means that Wesabe stores some of the most sensitive information a user has, so focusing on security is important to Wesabe and its users. Unlike many other web services, though, Wesabe has been very candid about the steps it takes to safeguard its users' data. The release of Grendel is just another step along that path.

The basic idea behind Grendel is a REST-based API that a web service can use to implement an encrypted store for users' data. The encryption is done using OpenPGP, with keys being generated when the user is created. The private key is then encrypted using the user's password, so that it is only when a user is logged in that their data can be decrypted.

The interface is meant for the back-end, "behind the firewall", so the rest of the web application uses the API over a local or private network to retrieve whatever data has been stored by the user. Grendel is meant to reduce or eliminate sensitive data leaks to third parties, not to protect against malfeasance from web site operators. The recent RockYou breach is mentioned as an example of the kinds of leaks Grendel is meant to prevent.

The decryption key for the OpenPGP private key (i.e. the user's password) is only available to the application while the user is logged in. Once that session terminates (either through an explicit log out or a session time out), any attacker will be unable to access the data unless they can crack the password. So, even a complete compromise of the database contents will not easily allow access to the sensitive data.

In some ways, Grendel is an outgrowth of another technique that is used by Wesabe, called the "privacy wall". The wall makes it difficult for attackers to correlate users and their private information even if the database contents are exposed. Instead of using a user_id field to connect a user table to another table, the technique uses a cryptographic hash of the username and password as the key into the second table. That way, a particular user's data in the second table cannot be retrieved without the user's password, which is only available during the lifetime of their session.

There are some additional wrinkles, of course. If a user forgets their password, their data is essentially lost. This might be viewed by some as a weakness to the system, but from a security standpoint it makes a lot of sense. One way to handle that problem might be storing the key value (i.e. hash of username and password) encrypted with other information, such as the answer to security questions. However, security questions have risks of their own to consider.

There is nothing truly groundbreaking in these techniques, but there are certainly useful ideas embodied in them. While Grendel itself may not be of interest to other web services, due to its architecture or its Java implementation, it is heartening to see a web service that takes security seriously enough to explain its methods. It certainly stands in stark contrast to other services and their "trust us" security policies—something to consider when storing sensitive data on the web.

Comments (8 posted)

Brief items

Backdoor in e107 CMS version 0.7.17

Bogdan Calin has reported an obvious backdoor in the e107 content management system (CMS) version 0.7.17. The e107 developers have pulled the offending release and issued an update for anyone that is running the code. In addition, they have enabled an update notification feature in the administrative interface for future problems. Click below for the report to the Bugtraq mailing list.

Full Story (comments: 8)

Multiple vulnerabilities in LedgerSMB

Those of you using the LedgerSMB accounting system will probably want to look at the attached advisory; a number of vulnerabilities - including file inclusion and SQL injection - have been fixed. At least some of these vulnerabilities are present in SQL-Ledger as well.

Full Story (comments: none)

New vulnerabilities

acroread: multiple vulnerabilities

Package(s):acroread CVE #(s):CVE-2009-3953 CVE-2009-3954 CVE-2009-3955 CVE-2009-3956 CVE-2009-3959 CVE-2009-4324
Created:January 22, 2010 Updated:September 8, 2010
Description: From the Red Hat advisory:

Adobe Reader 8.1.7 is vulnerable to critical security flaws and should no longer be used. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2009-4324, CVE-2009-3953, CVE-2009-3954, CVE-2009-3955, CVE-2009-3959, CVE-2009-3956)

Alerts:
Gentoo 201009-05 acroread 2010-09-07
SuSE SUSE-SA:2010:008 acroread 2010-01-26
Red Hat RHSA-2010:0060-01 acroread 2010-01-20

Comments (none posted)

dokuwiki: multiple vulnerabilities

Package(s):dokuwiki CVE #(s):CVE-2010-0287 CVE-2010-0288 CVE-2010-0289
Created:January 22, 2010 Updated:January 27, 2010
Description: From the Debian advisory:

It was discovered that an internal variable is not properly sanitized before being used to list directories. This can be exploited to list contents of arbitrary directories. CVE-2010-0287

It was discovered that the ACL Manager plugin doesn't properly check the administrator permissions. This allow an attacker to introduce arbitrary ACL rules and thus gaining access to a closed Wiki. CVE-2010-0288

It was discovered that the ACL Manager plugin doesn't have protections against cross-site request forgeries (CSRF). This can be exploited to change the access control rules by tricking a logged in administrator into visiting a malicious web site. CVE-2010-0289

Alerts:
Gentoo 201301-07 dokuwiki 2013-01-09
Debian DSA-1976-1 dokuwiki 2010-01-22

Comments (none posted)

kernel: missing CAP_NET_ADMIN checks

Package(s):kernel CVE #(s):CVE-2010-0007
Created:January 22, 2010 Updated:March 21, 2011
Description: From the SUSE advisory: Missing CAP_NET_ADMIN checks in the ebtables netfilter code might have allowed local attackers to modify bridge firewall settings.
Alerts:
Mandriva MDVSA-2011:051 kernel 2011-03-18
Red Hat RHSA-2010:0161-01 kernel-rt 2010-03-23
CentOS CESA-2010:0147 kernel 2010-03-18
CentOS CESA-2010:0146 kernel 2010-03-17
Red Hat RHSA-2010:0147-01 kernel 2010-03-16
Red Hat RHSA-2010:0146-01 kernel 2010-03-16
SuSE SUSE-SA:2010:014 kernel 2010-03-03
Fedora FEDORA-2010-0919 kernel 2010-01-22
SuSE SUSE-SA:2010:007 kernel 2010-01-22
Debian DSA-2004-1 linux-2.6.24 2010-02-27
Debian DSA-2003-1 linux-2.6 2010-02-22
SuSE SUSE-SA:2010:013 kernel 2010-02-18
Debian DSA-1996-1 linux-2.6 2010-02-12
SuSE SUSE-SA:2010:010 kernel 2010-02-08
SuSE SUSE-SA:2010:012 kernel 2010-02-15
Ubuntu USN-894-1 linux, linux-source-2.6.15 2010-02-05

Comments (none posted)

kernel: null pointer dereference

Package(s):kernel CVE #(s):CVE-2010-0006
Created:January 21, 2010 Updated:February 11, 2011
Description:

From the NVD entry:

The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.32.4, when network namespaces are enabled, allows remote attackers to cause a denial of service (NULL pointer dereference) via an invalid IPv6 jumbogram, a related issue to CVE-2007-4567.

Alerts:
Fedora FEDORA-2011-1138 kernel 2011-02-07
Ubuntu USN-894-1 linux, linux-source-2.6.15 2010-02-05
Fedora FEDORA-2010-0919 kernel 2010-01-22
Fedora FEDORA-2010-0823 kernel 2010-01-20
SuSE SUSE-SA:2010:010 kernel 2010-02-08

Comments (none posted)

kernel: information leak

Package(s):kernel CVE #(s):CVE-2010-0003
Created:January 25, 2010 Updated:March 23, 2010
Description:

From the Red Hat bugzilla entry:

When print-fatal-signals is enabled it's possible to dump any memory reachable by the kernel to the log by simply jumping to that address from user space.

Or crash the system if there's some hardware with read side effects.

The fatal signals handler will dump 16 bytes at the execution address, which is fully controlled by ring 3.

Alerts:
Red Hat RHSA-2010:0161-01 kernel-rt 2010-03-23
CentOS CESA-2010:0147 kernel 2010-03-18
CentOS CESA-2010:0146 kernel 2010-03-17
Red Hat RHSA-2010:0147-01 kernel 2010-03-16
Red Hat RHSA-2010:0146-01 kernel 2010-03-16
Ubuntu USN-894-1 linux, linux-source-2.6.15 2010-02-05
Fedora FEDORA-2010-0919 kernel 2010-01-22
Debian DSA-1996-1 linux-2.6 2010-02-12
SuSE SUSE-SA:2010:010 kernel 2010-02-08
SuSE SUSE-SA:2010:012 kernel 2010-02-15
SuSE SUSE-SA:2010:014 kernel 2010-03-03
Debian DSA-2004-1 linux-2.6.24 2010-02-27

Comments (none posted)

lintian: multiple vulnerabilities

Package(s):lintian CVE #(s):CVE-2009-4013 CVE-2009-4014 CVE-2009-4015
Created:January 27, 2010 Updated:January 28, 2010
Description: Debian's "lintian" package checker suffers from directory traversal, format string, and command execution vulnerabilities.
Alerts:
Ubuntu USN-891-1 lintian 2010-01-28
Debian DSA-1979-1 lintian 2009-01-27

Comments (none posted)

phpgroupware: multiple remote vulnerabilities

Package(s):phpgroupware CVE #(s):CVE-2009-4414 CVE-2009-4415 CVE-2009-4416
Created:January 27, 2010 Updated:January 27, 2010
Description: The phpgroupware system suffers from multiple remotely-exploitable vulnerabilities, including SQL injection, directory traversal vulnerabilities, and a cross-site scripting issue.
Alerts:
Debian DSA-1978-1 phpgroupware 2010-01-26

Comments (none posted)

Page editor: Jake Edge
Next page: Kernel development>>


Copyright © 2010, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds