Sullivan red october-oscon-2014
-
Upload
cloudflare -
Category
Internet
-
view
188 -
download
2
description
Transcript of Sullivan red october-oscon-2014
![Page 1: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/1.jpg)
Red OctoberImplementing the Two-man Rule for Keeping Secrets
July 23, 2014 !
Nick Sullivan @grittygrease
github.com/cloudflare/redoctober
![Page 2: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/2.jpg)
Red October• A deployment story
• Secrets and threats
• Two-person rule as a service
• Software design
• Future directions
2
![Page 3: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/3.jpg)
Deployment Story
Sneakernets and evidence bags
3
![Page 4: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/4.jpg)
Sneakernet Deployment
4
![Page 5: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/5.jpg)
Sneakernet Deployment• Trusted engineer as build engineer
• Secret kept on build machine
• Check out tag
• Compile
• Burn to writable CD/DVD - Gold Master
• Deploy via sneakernet
5
![Page 6: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/6.jpg)
Sneakernet Deployment - Pros• High amount of physical security
• Deniability
• Exercise?
6
![Page 7: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/7.jpg)
Sneakernet Deployment - Cons• Inconvenient and slow
• “Trusted” engineers can leave
• Some secrets too sensitive to be revoked
7
![Page 8: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/8.jpg)
Secrets
Can they be kept?
8
![Page 9: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/9.jpg)
Secret Types• Credentials
• Cryptographic keys
9
![Page 10: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/10.jpg)
Threats to secrets
10
![Page 11: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/11.jpg)
Threats to secrets• Insider threat — don’t trust access control
!
• Insecure build machine
• Insecure production environment
• Binary disclosure
11
![Page 12: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/12.jpg)
Suggestions from compliance• PCI DSS requirement 3.5.2
• Encrypt them with a key-encrypting key that is at least as strong as the data-encrypting key and stored in a separate location
• Store them within a secure cryptographic device
• Store them in two pieces
12
![Page 13: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/13.jpg)
Improving the secret management• Encrypt with PGP
• Check into SCM
!
• Problem: single admin can walk off with secrets
13
![Page 14: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/14.jpg)
Multi-person build
14
• Two person rule
• Also called m of n
![Page 15: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/15.jpg)
Improving the secret management• Double-encrypt
• Two engineers need to PGP decrypt secret
!
!
• Hard to use in practice: no remote PGP decrypt
• PGP/GnuPG not the right tool for the job
15
![Page 16: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/16.jpg)
Double-encrypt as a service
aka Red October
16
![Page 17: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/17.jpg)
WARNING1. Don’t roll your own crypto
2. Or your own key management software
!
• But if you do, open source it and ask for help
17
![Page 18: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/18.jpg)
What the service needs to do• Encrypt secrets
• Only decrypt secrets if the right people approve it
• Fit into an automated workflow
18
![Page 19: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/19.jpg)
What the service does not need to do• Store encrypted data
19
![Page 20: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/20.jpg)
Red October
20
![Page 21: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/21.jpg)
Cryptography
21
• No new crypto
• AES, RSA, scrypt
• Elliptic curve cryptography (ECC)
![Page 22: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/22.jpg)
It’s about layers
22
![Page 23: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/23.jpg)
23
![Page 24: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/24.jpg)
24
![Page 25: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/25.jpg)
Passwords are fundamental
25
• In login: hashed+salted passwords are compared
• In Red October: hashed+salted passwords are the key
!
• Server can’t decrypt secrets without password
![Page 26: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/26.jpg)
Usage
26
• Run Red October
• pick a port
• use a TLS certificate + key
• JSON API or Web interface
• Create admin account
• Create user accounts
![Page 27: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/27.jpg)
Usage
27
• Encrypt data to a set of users
• only needs public key
• Users delegate their key for time or number of usages
• Admins can decrypt if enough users are delegated
![Page 28: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/28.jpg)
Web interface
28
![Page 29: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/29.jpg)
Web interface demo
29
![Page 30: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/30.jpg)
Why is this in Go?
And how does the code work?
30
![Page 31: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/31.jpg)
Why Go?
31
• easy and fun to write
• JSON serialization a snap
• simple to set up TLS 1.2 server
• simple to make servers multi-threaded
• crypto baked in
• simplified deployment
![Page 32: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/32.jpg)
Golang features used
32
• Structs are serialized and deserialized to JSON automatically
• Caps means public, missing means native zero
• json.Marshal type delegate struct {!! Name string!! Password string!!! Time string! Uses int! admin bool!}
{“Name":"Bob",! “Password":"Rob",! “Time":"2h",! "Uses":1}
![Page 33: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/33.jpg)
Golang features used
33
• Built in TLS support (tls.NewListener)
config := tls.Config{! Certificates: []tls.Certificate{cert},! Rand: rand.Reader,! PreferServerCipherSuites: true,! SessionTicketsDisabled: true,! }!!
!
lstnr := tls.NewListener(conn, &config)
![Page 34: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/34.jpg)
Golang features used
34
• goroutines and channels for multi-processor support
runtime.GOMAXPROCS(runtime.NumCPU())!! process := make(chan userRequest)! go func() {! for {! req := <-process! if f, ok := functions[req.rt]; ok {! r, err := f(req.in)! if err == nil {! req.resp <- r! } else {! log.Printf("Error handling %s: %s\n", req.rt, err)! }
![Page 35: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/35.jpg)
Golang features used
35
• go crypto
• Support for RSA, AES, ECC, HMAC in standard library
// encrypt! aesSession, err := aes.NewCipher(aesKey)! if err != nil {! return! }! out = make([]byte, 16)! aesSession.Encrypt(out, in)
![Page 36: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/36.jpg)
Golang features used
36
• Deployment
• no dependencies!
• single binary
![Page 37: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/37.jpg)
Code Structure
37
• cryptor: encryption and decryption of data
• keycache: storage of live encryption/decryption keys
• passvault: management of disk vault
• core: API interface
• redoctober: https server
![Page 38: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/38.jpg)
Who uses it?
38
• TheGoodData (https://thegooddata.org:81)
• U.S. Navy
• More people and projects (let me know!)
![Page 39: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/39.jpg)
Drawbacks
i.e. what to fix
39
![Page 40: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/40.jpg)
Design Drawbacks
40
• No password recovery (the password is the key)
![Page 41: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/41.jpg)
Current Implementation Drawbacks
41
• 2 of m only
• No two-factor auth, or key-based authentication (like ssh)
• Awkward workflow
• No delegation granularity
• No secure hardware support
![Page 42: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/42.jpg)
Red October 2
42
![Page 43: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/43.jpg)
2 of m only
43
• Adding support for Shamir’s scheme
![Page 44: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/44.jpg)
Key-based authentication
44
• Add support for PGP-based replacement of passwords
• Sign a challenge instead of providing a password
![Page 45: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/45.jpg)
Awkward workflow
45
• Delegation has to happen before build — bad workflow
!
• New push-based system
• Decryption request triggers push notification to file owners
• Delegation request in a mobile app or email
• Details visible to delegators
![Page 46: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/46.jpg)
Granularity of delegation
46
• All-or-nothing right now, good for one secret per server
• Only admins can encrypt/decrypt
!
• Delegators can choose which users can decrypt which files
![Page 47: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/47.jpg)
Secure hardware device
47
• Build into HSM
• Keys backed by TPM
![Page 48: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/48.jpg)
Solving the insider threat
48
![Page 49: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/49.jpg)
Conclusions
49
• Does this solve the insider threat?
!
• Red October server does not get secrets without passwords
• Admin of build machine gets temporary access — automate secret deletion?
• Who created the secret in the first place?
• What about build artifacts or binary disassembly?
![Page 50: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/50.jpg)
Open Questions
50
• How to securely create secrets
• Secure multi-party computation?
• How to adapt Red October to other types of services
• API keys
• SSL private keys
![Page 51: Sullivan red october-oscon-2014](https://reader034.fdocuments.us/reader034/viewer/2022052619/556930f6d8b42add468b4cf6/html5/thumbnails/51.jpg)
Red OctoberImplementing the Two-man Rule for Keeping Secrets
July 23, 2014 !
Nick Sullivan @grittygrease
github.com/cloudflare/redoctober