IoT Application Layer
Identifying Critical Software Security Flaws For IoT Application Layers –
Part 3
This series of articles is focused on software security flaws and access
control flaws, specifically application layer vulnerability because it can
be exploited to compromise the confidentiality, integrity or availability
of resources used by the application and its users. This layer may be
difficult to protect so it is important to understand how it could be
compromised. It is also very accessible to cyber criminals, so the best
way to make the application layer secure is to ensure you develop secure
applications.
In this third part of our four-part series of articles about IoT
application layer vulnerability we will review:
Sensitive data exposure
Missing function level access control
Cross-site request forgery
Sensitive Data Exposure
IoT Application LayerAs the name suggests, sensitive data exposure occurs
when an application does not sufficiently protect confidential material
such as personal information, financial information, information related
to healthcare records and user account information. Exposure to sensitive
data usually results from unsafe cryptography or lack of proper data
protection policies. These errors can result in an attacker obtaining
access to sensitive information which can lead to anything from privacy
violations to monetary loss or identity theft.
It is a good first step to clearly define what data is considered
sensitive when designing an application and then employing best practices
to ensure it is protected. The best way to protect sensitive data is
through encryption. Using cryptography methods with strong standard
algorithms and strong key generation and management is critical.
And data must be encrypted not just while it is stored in the database and
on the server, but throughout its path – while it is in transit over
private or public networks and while it is displayed to users and used by
an application. Using HTTPS for data communication and SSL or TLS
encryption on pages displaying data is essential. Providing the same level
of encryption protection for backup data is important.
In addition, data should be stored only as long as needed, and then
discarded. These are the highlights to avoid sensitive data exposure;
however, detailed security recommendations for programmers have been
published and are continually updated on this topic.
Missing Function Level Access Control
A missing function level access control flaw occurs when unauthorized
users are able to access functionality not intended for them. This happens
when user authentication checks in sensitive request handlers are
insufficient. This flaw is similar to the fourth entry on our list –
insecure direct object references flaw.
The distinction here is that this refers specifically to access of
unintended functionality in a web application while the insecure direct
object references flaw refers to unintended access to data.
This vulnerability exists, for instance, if a user is able to spoof a URL
to gain access to functionality not intended for them based on a URL he is
permitted to access. Or, perhaps an unauthorized user could view the HTML
and JavaScript code of a webpage to see how a function call is made. This
flaw typically occurs if the web application isn’t configured for proper
function level protection or doesn’t include the proper code checks to
ensure functionality is provided only to those users who have been
authorized for such capability.
The same prevention techniques discussed for the insecure direct object
reference flaw regarding data access can be applied to a missing function
level access control flaw regarding functionality access. In general, a
deny-by-default approach is the best starting point to disallow access to
all functions and then white-listing them as appropriate. Blocking file
types that should not be available can prevent an attacker from getting
access to forgotten databases, log files, or configuration files that were
mistakenly exposed without authorization. Checking every URL, button, and
all ways to access functions to make sure all user levels have access only
to those functions needed is also important.
Cross-Site Request Forgery
A cross-site request forgery vulnerability allows an attacker to exploit a
valid authenticated session in a user’s browser to make requests to
perform an undesired function on his behalf. This occurs, for instance, if
a user logs into a secure web application and then visits other sites
while the connection to the secure application is still valid.
In this situation, the attacker embeds malicious commands in the
third-party web pages visited which are then sent to the secure web
application. A cross-site request forgery attack results in an end
client-side action generated by the attacker, such as posting a forged
comment to a social media site or changing a user’s email address or
password. This is more likely to occur for web applications that have
users who are always online, such as social networking sites, or email
providers.
To prevent a cross-site request forgery vulnerability, a random token that
is unique to each user session could be incorporated which would allow the
web application to validate a command is from an authenticated user.
Another common approach is to require that all user requests require
re-authorization. For example, a customary practice is to require a user
to enter their current password in order to change their password even
though they are currently authenticated. Other approaches for
re-authentication could be a randomly selected CAPTCHA, a one-time token
sent to a trusted device, or a PIN code that only the user should know.
Re-authentication may be impractical for all user functions which is why
the random token approach is more ubiquitous. Some systems take a combined
approach, implementing a token protection system and using
re-authorization for a few chosen functions.
Are you planning an IoT project?
Whether you are planning a new project or want to upgrade your current IoT
application, ciqada can help. We offer a complete, fully-integrated
internet of things solution that includes device and cloud management,
end-to-end security and as well as a dedicated helpdesk and server
management team. Want to learn more? Contact us today.