Module CC3002 Post Implementation Issues Lecture for Week 4 AY 2013 Spring.
Week 12 Implementation Issues
description
Transcript of Week 12 Implementation Issues
![Page 1: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/1.jpg)
Week 12 Implementation Issues
Lessons Learned in Implementing and Deploying Crypto Software
Gutmann
Presented by
Kevin Spillane and Jon Lin
![Page 2: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/2.jpg)
Overview
Getting crypto right is hard Good crypto primitives, implemented
incorrectly, leads to poor security Crypto designers can safeguard their
products to make them more idiot-proof Eight problem areas addressed in the paper
Sit Back. Relax. No Math Proofs! (promise)
![Page 3: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/3.jpg)
Introduction
“The determined programmer can produce snake oil using any crypto tools”
Naugahyde Crypto ~ 2nd generation snake oil
![Page 4: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/4.jpg)
Existing Work
Very little relevant research– Ross Anderson’s papers on banking security– A paper on PGP user interface problems– Bruce Schneider in Secrets and Lies “the world
was full of bad security systems designed by people who read [his first book, Applied Cryptography]”
– Several works on how to program securely
![Page 5: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/5.jpg)
Crypto Software:
Problems and Solutions
![Page 6: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/6.jpg)
1. Private Keys Aren’t
Security is lost when private keys are revealed to others
People seem to really want to expose private keys. Why?– Certificates are expensive– Certificates are complex to obtain and setup– People don’t understand the importance of
protecting keys
![Page 7: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/7.jpg)
1. Private Keys Aren’t - Example
• Vendor discovered they had – Copies of the key on their file server with the source code
– In other locations with the application binaries
– Developers had copied the keys to their machines while testing the application and never removed them.
– Some of the developer machines had migrated to new employees with the keys still on the system
– File server had hard drives upgraded; original drives with keys were sitting on the shelf
– Servers were backed up regularly; tapes with keys were stored in the back seats of administrators cars (off-site storage)
![Page 8: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/8.jpg)
1. Private Keys Aren’t
It’s too easy to move private keys around.– Some CAs send certificate (with private key) in
a plain text e-mail with password to customers– CAs send their root certificate (with private
key) to customers so they client keys will trust the root authority
![Page 9: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/9.jpg)
1. Private Keys Aren’t
If your product allows the export of private keys in plaintext form or some other widely-readable format, you should assume that your keys will end up in every other application on the system, and occasionally spread across other systems as well.
![Page 10: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/10.jpg)
2. Everything is a Certificate
PFX -> PKCS #12
Internet Kiosks
PKCS #12 = private key + X.509 certificate
![Page 11: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/11.jpg)
2. Everything is a Certificate
Make very clear to the user the difference between public and private keys, either in the documentation/user interface or, better, by physically separating the two.
![Page 12: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/12.jpg)
3.Making Key Management Easy
Key management is difficult Ways users have found to make key
management easy– Symmetric Keys
• Embedding keys in messages (EDI, XML)
• Same key for everyone (WEP)
– Public Key • Same key for everyone. Problem solved!
![Page 13: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/13.jpg)
3.Making Key Management Easy
Straight Diffie-Hellman requires no key management. This is always better than other no-key-management alternatives which users will create.
![Page 14: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/14.jpg)
4. What Time is it Anyway?
Assuming synchronized time among systems in a PKI is dangerous.– Many published works– Time isn’t synchronized– Time zone offsets and DST – Time isn’t security-relevant
![Page 15: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/15.jpg)
4. What Time is it Anyway?
Don’t incorporate the system clock (or other parties’ system clocks) in your security baseline. If you need synchronization, use nonces.
In the presence of arbitrary end user systems, relative time measures work. Absolute time measures don’t.
![Page 16: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/16.jpg)
End of Part 1
Any Questions?
![Page 17: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/17.jpg)
5. RSA in CBC Mode
Key Data
RSA 3 DES
Data
RSA
![Page 18: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/18.jpg)
5. RSA in CBC Mode Encrypt with RSA
– Perform bulk data encryption• SLOW
– Key exchange mechanism – Java Cryptographic Extension API
• Allows weird combinations– RSA in CBC mode
“ Don’t include insecure or illogical security mechanisms in your crypto tools ”
![Page 19: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/19.jpg)
PRNG
Pseudo Random Number Generator
Seed PRNG Random #
![Page 20: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/20.jpg)
6. Exercise for the User
•OpenSSL 0.9.5
•Problems
•Constant Text String
•Rand() output
•Dummy data file
•Hash of files in current directory
•/etc/passwd
•/var/log/syslog
•Output of Unseeded Generator
•“0123456789ABCDEF0”
•Empty (requires change to library)
![Page 21: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/21.jpg)
6. Exercise for the User (2)
– Outcome• Easily Attacked
– Fix• /dev/random
![Page 22: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/22.jpg)
6. Exercise for the User
“ If a security-related problem is difficult for a crypt developer to solve, there is no way a non-crypto user can be expected to solve it. Don’t leave hard problems as an exercise for the user ”
![Page 23: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/23.jpg)
7. This Function NEVER FAILS
MessageRSA
Encrypt SentError
ReceiveRSA
DecryptMessageError
![Page 24: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/24.jpg)
7. This Function NEVER FAILS
Microsoft Outlook– Under load
• Anti-Virus– Almost 90% mail never scanned
![Page 25: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/25.jpg)
Microsoft Internet Information Server (IIS)
Thread 1
Thread 2
Receive BufferDecrypt
Buffer Send
SSL
SSL
Encrypt
![Page 26: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/26.jpg)
Microsoft Internet Information Server (IIS)
Thread 1
Thread 2
Receive BufferDecrypt
Buffer Send
SSL
SSL
Encrypt
![Page 27: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/27.jpg)
Microsoft Internet Information Server (IIS)
Thread 1
Thread 2
Receive BufferDecrypt
Send
SSL
SSL
Encrypt
Buffer 2
![Page 28: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/28.jpg)
7. This Function Never Fails
Solution– Set output data to non-value– Use Handles to State Information
“ Make security-critical functions fail obviously even if the user ignores return codes ”
![Page 29: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/29.jpg)
8. Careful with that Axe, Eugene
New that we have good primitives, people use them incorrectly– ECB instead of CBC
Reading Applied Cryptography makes you a cryptographer, right?
![Page 30: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/30.jpg)
8. Careful with that Axe, Eugene
“ Provide crypto functionality at the highest level possible in order to prevent users from injuring themselves and others through misuse of low-level crypto functions with properties they aren’t aware of ”
![Page 31: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/31.jpg)
Conclusion
Crypto Good– Key Management Hard
Crypto Primitives Good– Using Properly Hard
Library– No Holes
![Page 32: Week 12 Implementation Issues](https://reader035.fdocuments.us/reader035/viewer/2022062802/5681462a550346895db33787/html5/thumbnails/32.jpg)
Questions
?