Close Panel

17

May

2009

Grid Computing Hacking

By IPSECS Admin. Posted in Exploitation, News | No Comments »

Introduction

Grid computing is kind of new technology which has been known since 1990s. It idea was brought together by Ian Foster, Carl Kesselman, and Steve Tuecke, widely regardes as “Father of Grid”. Grid computing is defined as group of node computation which works together in distributed computing. You can find some grid project in wikipedia article here.

Each node in grid has computer cluster to perform high performance computing through parallel computation. A computer cluster consists of a headnode (master) and some computational nodes (slaves). Headnode is responsible in communicating with the other headnode in grid, managing computation resource, and scheduling computation jobs to slave. We don’t want to explain detail how computer cluster works. In this article, our interest is in grid computing and why it’s vulnerable to some hacking exploitation.

How Grid Works

Grid computing is really complex inside its technology, so the chance of being exploited is really big. Grid computing needs a good network connectivity, many TCP/IP services, encryption, parallel programming, and web service. A headnode of cluster trusts the other because valid Certificate Authority (CA) is installed on both of headnode. CA which installed on headnode is called as Host CA. TCP/IP services is needed in headnode to send or receive data or execute jobs between two or more headnodes. There is two services in headnode which need to communicate a headnode to other, 1st is GridFTP service which is responsible in data transfer between two or more headnodes and 2nd is Web Service Container which is responsible in receiving jobs from user. Both services can be activated by installing Globus Toolkit which is de facto standard open source software for grid.

Beside the two services above, headnodes need NTP to synchronize their time and also DNS forward lookup and DNS reverse lookup have to be well configured. This is needed to make CA working.

Grid Computing

Grid users can access grid resources if they have user credential which commonly called as User CA. They can access grid resources using command line (shell command) remotely through ssh or telnet. To make easy users in accessing grid resource, grid can be completed with grid portal, so users can send jobs through website. User sends jobs using facility in grid portal, jobs from grid portal are sent to headnode and received by web service container. In headnode, jobs is distributed to slave in computer cluster to be processed. When jobs is done, grid users can take the result through website and download to their own computer. The advantage of using grid is that we can access many cluster resources in many cluster nodes through a single headnode or web portal. This is because a headnode has been trusted each other since CA installed on them.

Exploiting Grid

Exploiting grid is the main interest of this article. When we talk about exploiting something, we have to know what will be exploited. This can be done by scanning and enumerating the target which commonly called as fingerprinting. In fingerprinting grid, our first target to be fingerprinted is the headnode because it is most important component of cluster. The simple way in finding headnode is by scanning machine which opens GridFTP and/or Web Service Container. Commonly, GridFTP uses port 2811/TCP and Web Service Container uses port 8443/TCP. We can use nmap to know which the machine opens that port. We also can create our own port scanner to do massive and faster scanning. The second target which is interested to be fingerprinted is grid portal which gives website service for user to access grid resources. This grid portal is commonly published, and google can easily find it.

After finding which is the headnode and grid portal, exploitation can be started. Exploitation can be done by attacking the headnode, web portal dan web service, hacking Certificate Authority (CA), attacking DNS and/or finally Denial of Services (DoS). Security researchers have found some vulnerabilities in grid application and published them in bugtraq securityfocus. This vulnerabilities make possible for intruders to attack headnode directly. Here is some vulnerability reports which possible to attack headnode.

  • Globus toolkit nexus globus-job-manager denial of service, take a look here.
  • Globus gsi-openssh duplicate block denial of service, take a look here.
  • Globus toolkit multiple local temporary insecure file handling, take a look here.

Beside exploiting globus toolkit, intruders can also exploit other middleware for grid and parallel computing such as scheduler and Message Parsing Interface (MPI). This middleware applications are mostly installed in headnode to support parallel computing.

  • Sun Grid Engine (SGE) is scheduler application, has been found some vulnerabilities inside its code, take a look at this 1, 2, and 3.
  • Load Sharing Facilities (LSF) is scheduler application, has been found some vulnerabilities inside its code, take a look at this.
  • Message Parsing Interface (MPI) is de facto standard Application Programming Interface (API) for parallel programming. In some linux distributions, MPI have been found vulnerable by its default install. take a look at this.

Grid also can be exploited through its web service. Presentation about web services hacking has been published by Shreeraj Shah since years ago and some incident on grid related to web services has been reported by Yuri Demchenko on his paper “‘White Collar’ Attacks on Webservice and Grids”. Here are some web service exploitation techniques.

  • WSDL scanning
  • WSDL parameter tempering
  • Recursive XML document (payload) content
  • Oversize XML document (payload) content
  • Malicious exploiting known vulnerabilities in application
  • Virus/Trojan Horse programs
  • Malicious XPath or XQuery built-in operation
  • SQL injection
  • Malicious XML scheme extentions (scheme poisoning)
  • External entity attack
  • SOAP flooding attack
  • Replay attacks
  • Routing deteours
  • Message eaverdropping
  • Man in the middle

Exploitation through grid portal can be done by exploiting vulnerabilities in it, for example gridsphere and gridportlet which is commonly used to build grid portal is reported vulnerable to user enumeration attack (Our researcher found this vulnerability months ago). Finally attacker can use information about grid portal user to do further attacking.

The other interested part of grid hacking is how to hack against certificate authority (CA). Basically CA is consists of public key and ID owner (signature) just like RSA. Months ago, Alexander Sotirov presented about MD5 collision which is successfully to create rogue CA trusted by all common browser. It has not been proven yet if this vulnerability is possible to create rogue CA to break headnode security, but we guess it’s really possible. Beside hacking Host CA, hacking User CA is also interested. To access grid resources, a grid user must have user CA which is commonly protected by PEM passphrase. So that’s why when an attacker successfully compromised a grid user, he still has to crack PEM passphrase to access grid resources. PEM passphrase can be guessed or cracked using public known tool called “Private Key Password Cracker”, you can also use this to crack PEM passphrase.

Once an attacker successfully cracks User CA PEM passphrase, he just starts the most interesting part of grid hacking. The real challange of grid hacking which makes differences with the other kind of hacking is how to pwn as many headnodes as possible using trusteeship between headnodes. Remember a headnode trusts the other headnode because valid Host CAs are installed on them, so we can execute any arbitrary operating system commands in remote headnode through compromised one without password if the subject of our User CA is mapped in the remote headnode.

The last part of grid hacking is in case compromising failed. Attacker usually uses Denial of Service (DoS) attack to make grid resources inaccessible. Since each node in grid may be located in different geographic location, attacker can flood network connectivity between headnodes. It’s widely known how to flood network, example using public tools to do SYN flooding, ICMP smurfing, and UDP flloding. We still have special case in grid denial of service, CA works well between headnodes if DNS forward lookup and DNS reverse lookup are well configured. By flooding DNS authority nameserver which handles both configuration, it’s really possible to make grid services inaccessible since CA can’t work. Attacker can also poison DNS to resolv miss IP address and miss domain name to make CA fails working properly. Since CA can’t work well, grid services will be inaccessible.

Finally, we already have published more complete reference grid hacking draft and grid hacking tools in Indonesian months ago. If you are interested, just take a look here.

is
Email this author | All posts by | Subscribe to Entries (RSS)

 

» Comments are closed.