How to Secure Your Secret

Transcript

1. How to Secure Your Secret 2019.05.08 Brice Bang Buzzvil

2. How to Secure Your Secret 2019.05.08 Brice Bang Buzzvil

3. How to Secure Your Secret 2019.05.08 Brice Bang Buzzvil No

   one knows but you Security Goal

4. How to Secure Your Secret 2019.05.08 Brice Bang Buzzvil No

   one knows but you Security Goal Password
5. None

6. Authentication

7. Contents • A Password-ful World • Beyond Password • A

   Password-less World

8. A Password-ful World

9. A chain is as strong as its weakest link

10. Security Chain

11. How to create/manage password securely

12. https://haveibeenpwned.com/ (HIBP)

13. The input sequence of 我的密嗎(my password) in Chinese Zhuyin Keyboard

    https://haveibeenpwned.com/ (HIBP)

14. https://haveibeenpwned.com/ (HIBP)

15. ‘비밀번호’ in 2-Set 🡨 QWERTY https://haveibeenpwned.com/ (HIBP)

16. Strong Password Guidelines • Increase Entropy (the number of all

    cases) • as long as possible • as random as possible • Do not reuse password • Check if the password is compromised (HIBP) • Its API is implemented with K-Anonymity • Different password for different sites

17. Length vs Complexity for Passwords • Password length increases the

    complexity exponentially

18. Length vs Complexity for Passwords

19. Length vs Complexity for Passwords pneumonoultramicroscopicsilicovolcanoconiosis [명] (병리) =pneumoconiosis. 가장

    긴 단어로서 종종 인용된다. [N] (pathology) It is often quoted as the longest word.

20. Length vs Complexity for Passwords pneumonoultramicroscopicsilicovolcanoconiosis [명] (병리) =pneumoconiosis. 가장

    긴 단어로서 종종 인용된다. [N] (pathology) It is often quoted as the longest word. Isn’t it good for password?

21. Length vs Complexity for Passwords Do not make the password

    too long if you type frequently

22. Password Frequency Follows Zipf Distribution

23. According to the UK Cyber Survey of NCSC Most used

    in total Names Premier League football teams Musicians Fictional characters 123456 (23.2m) ashley (432,276) liverpool (280,723) blink182 (285,706) superman (333,139) 123456789 (7.7m) michael (425,291) chelsea (216,677) 50cent (191,153) naruto (242,749) qwerty (3.8m) daniel (368,227) arsenal (179,095) eminem (167,983) tigger (237,290) password (3.6m) jessica (324,125) manutd (59,440) metallica (140,841) pokemon (226,947) 1111111 (3.1m) charlie (308,939) everton (46,619) slipknot (140,833) batman (203,116)

24. histories = { 00000: {0: 2, 1: 3}, 00001: {0:

    3, 1: 1}, 00010: {0: 9, 1: 0}, 00011: {0: 5, 1: 4}, …. }

25. histories = { 00000: {0: 2, 1: 3}, 00001: {0:

    3, 1: 1}, 00010: {0: 9, 1: 0}, 00011: {0: 5, 1: 4}, …. } randomize! 🡨 🡨

26. Use Password Generator to Create Random Passwords It also •

    Dramatically decreases the probability of using the compromised password • Prevents password reuse

27. Strong Password Guidelines • Increase Entropy (the number of all

    cases) • as long as possible • as random as possible • Do not reuse password • Check if the password is compromised (HIBP) • Its API is implemented with K-Anonymity • Different password for different sites ✓ ✓ ✓ ✓

28. Strong Password Guidelines • Increase Entropy (the number of all

    cases) • as long as possible • as random as possible • Do not reuse password • Check if the password is compromised (HIBP) • Its API is implemented with K-Anonymity • Different password for different sites ✓ ✓ ✓ ✓

29. How to Manage Lots of Password • Limited human memory

    • Too many passwords to remember if we use different passwords for different sites • Do you remember the password Chrome suggested? • Write somewhere • In TXT file • Take pictures • In cloud storage with encryption (Evernote, Dropbox, Google Drive, …) • …

30. Use A Password Manager

31. A Password Manager • Assists in • generating and retrieving

    complex passwords (password generator) • storing passwords in encrypted database • auto-typing the password in the login form: Autofill • Pros • Only need to remember one master password • Easy to create, store and type the password • Prevent phishing • Cons • Some flaws may be exist • Save my password on cloud Autofill

32. How to create/manage password securely

33. How to create/manage password securely A. Use a password manager

    (generator)
34. None

35. Thanks to Your Professional Care I assumes that your devices

    are secure

36. How to transfer password securely

37. Outsider (Korean Rapper) Company ID: Buzzvil ID: brice.bang PW: strongpassword

38. Outsider (Korean Rapper) Company ID: Buzzvil ID: brice.bang PW: strongpassword

39. Outsider (Korean Rapper) Company ID: Buzzvil ID: brice.bang PW: strongpassword

    ID: employee number PW: (same as main page) strongpassword

40. Outsider (Korean Rapper) Company ID: Buzzvil ID: brice.bang PW: strongpassword

    ID: employee number PW: (same as main page) strongpassword

41. Outsider (Korean Rapper) Company ID: Buzzvil ID: brice.bang PW: strongpassword

    ID: employee number PW: (same as main page) strongpassword

42. Outsider (Korean Rapper) Company ID: Buzzvil ID: brice.bang PW: strongpassword

    ID: employee number PW: (same as main page) strongpassword

43. Outsider (Korean Rapper)

44. Outsider (Korean Rapper)

45. Outsider (Korean Rapper)

46. Outsider (Korean Rapper) How to protect the password in transit?

47. None

48. Hello, TLS 1.3 – Buzzvil Blog • https://www.buzzvil.com/ko/2019/02/11/atech-blog-hello-tls-1-3/

49. Hello, TLS 1.3 – Buzzvil Blog • https://www.buzzvil.com/ko/2019/02/11/atech-blog-hello-tls-1-3/

50. How to transfer password securely

51. How to transfer password securely A. Use TLS1.2+

52. How to save password securely

53. The Updated Version of This Naver Blog https://d2.naver.com/helloworld/3187 32

54. Save as Plain Text I don’t know

55. Save as Plain Text The hacker uploaded the database dump

    on PasteBin Winwinsoft denied our proposal to negotiate with us. But, we are generous and our window to negotiations is still open. We will disclose every information we have in a few days if the negotiation is denied. Until then, stay tuned :) P.S. Here are some informations that we have.

56. Save as Plain Text The hacker uploaded the database dump

    on PasteBin Winwinsoft denied our proposal to negotiate with us. But, we are generous and our window to negotiations is still open. We will disclose every information we have in a few days if the negotiation is denied. Until then, stay tuned :) P.S. Here are some informations that we have.

57. Save as Plain Text The hacker uploaded the database dump

    on PasteBin Winwinsoft denied our proposal to negotiate with us. But, we are generous and our window to negotiations is still open. We will disclose every information we have in a few days if the negotiation is denied. Until then, stay tuned :) P.S. Here are some informations that we have. It is dangerous because people generally use the same password on multiple services

58. NEVER PLAINTEXT • We need a cryptographic primitive

59. Requirements • Based on user’s password • Available for authentication

    • Don’t save as plain text • … Symmetric key cryptography Asymmetric key cryptography Cryptographic hash function One-time password Cryptographic random Public key infrastructure Diffie-Hellman key exchange

60. Cryptographic Hash Function • Hash Function with cryptographic properties •

    Hash Function • Any function that maps data of arbitrary size to data of a fixed size • Cryptographic Properties • Pre-image resistance • given h1, find m1 that h(m1) = h1 • Second pre-image resistance • given m1, find m2 that h(m1)=h1=h(m2) • Collision resistance • find any m1, m2 that h(m1)=h(m2) • if P = Pi, h(P) = Pi • ex) MD5, SHA-N

61. Cryptographic Hash Function • mystrongpassword • 40B4FCF08C5AA55DE46384513B21F0888AAFEEFCD73EB7CBA1BCC 5A84E97117A • mystrongpassword2

    • 24038067DB337E1726EDBCBA90ED56EEF17A573A666A73D2E9D1C A628055BBA0

62. Cons of Cryptographic Hash Function • Surprisingly, cryptographic hash functions

    are not designed for hashing password • Why? • Recognizability • Too Fast

63. Cons of One-Way Hash Function - Recognizability • Same passwords

    have same hashes • Rainbow Table id password_hash john 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 young 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8

64. Salt • A random string added to password before hashing

    • Saved alongside the hashed output in the database id salt to_be_hashed password_hash john k5kgHa2Rta k5kgHa2Rtapassword e020a56cc237fa2a6640aef6bf5b262256c603bc young sJXIhDiK3q sJXIhDiK3qpassword 9ffbf61794b11ebe929a18b722b0cec38bdefd51

65. Cons of One-Way Hash Function – Speed

66. Cons of One-Way Hash Function – Speed len(PRINTABLE_ASCII)

67. Cons of One-Way Hash Function – Speed len(PRINTABLE_ASCII) 🡨 DELETE

    Control

68. Cons of One-Way Hash Function – Speed len(PRINTABLE_ASCII) 🡨 DELETE

    Control

69. Cons of One-Way Hash Function – Speed

70. Cons of One-Way Hash Function – Speed

71. Cons of One-Way Hash Function – Speed

72. Cons of One-Way Hash Function – Speed

73. Cons of One-Way Hash Function – Speed

74. Cons of One-Way Hash Function – Speed

75. Cons of One-Way Hash Function – Speed Original password can

    be found on average of • 9.2 hours on a single core • 1.15 hours on a 8 cores

76. Key Stretching • Techniques used to make a key more

    secure by increasing the resources (time and space) it takes to test each possible key

77. Key Derivation Function (KDF) • It derives one or more

    secret keys from a secret value using pseudorandom function • Has the characteristics for a password hash function • DK = KDF(key, salt, iterations) • ex) • PBKDF2: NIST standard, government-friendly • bcrypt • scrypt • argon2: Password Hashing Competition Winner Master Key KDF Secret Key

78. How About Buzzvil

79. How About Buzzvil

80. How to save password securely

81. How to save password securely A. Use argon2 or PBKDF2

82. None

83. Our Solutions 1. How to create password securely • Password

    generator 2. How to manage password securely • Password manager 3. How to transfer password securely • TLS 1.2+ 4. How to save password securely • argon2, PBKDF2

84. Our Solutions 1. How to create password securely • Password

    generator 2. How to manage password securely • Password manager 3. How to transfer password securely • TLS 1.2+ 4. How to save password securely • argon2, PBKDF2 Do you feel safe?

85. REALIT Y

86. Vulnerability of Password Managers Password Managers: Under the Hood of

    Secrets Management

87. Vulnerability of Your Machine In memory

88. Vulnerability of Your Network - Phishing TLS and HTTPS don’t

    mean that you’re connecting a safe

89. Vulnerability of Your Browser - Phishing What we see is

    not always true

90. Vulnerability of Your Browser - Phishing What we see is

    not always true Fake Address Bar Real Address Bar

91. Vulnerability of Your Service

92. None

93. There is no one to believe

94. Contents • A Password-ful World • Beyond Password • A

    Password-less World

95. Contents • A Password-ful World • Beyond Password • A

    Password-less World

96. Beyond Password

97. Multi-Factor Authentication

98. Multi-Factor Authentication – Examples

99. OTP won’t save you from Phishing

100. The Avengers

101. None

102. FIDO Alliance • FIDO: Fast IDentify Online • Problems •

     Create a standard for interoperability among strong authentication devices • Solve the problems users face creating and remembering multiple accounts • Core values • Easy of use • privacy and security • standardizations

103. What is the problem of password and OTP? First Factor

     Second Factor

104. Symmetric Encryption

105. Symmetric Encryption Ev e

106. IDEA1: Use Asymmetric Encryption PRVAT E KEY PUBLI C KEY

107. IDEA2: Offline User Verification On offline As Is To Be

108. FIDO’s Solutions • FIDO U2F: The Replacement for The Second

     Factor • FIDO UAF: The Replacement for The First Factor

109. FIDO U2F: The Replacement for The Second Factor

110. U2F: A Phishing-proof Secret Key for General Human Beings Yubico

     YubiKey

111. FIDO Universal Second Factor (U2F) • An open authentication standard

     that strengthens and simplifies 2FA hosted by the FIDO Alliance • What if I lost? Yubico YubiKey

112. FIDO Universal Second Factor (U2F) • An open authentication standard

     that strengthens and simplifies 2FA hosted by the FIDO Alliance • What if I lost? • The acquired can use it as his own U2F without knowing my account credentials Yubico YubiKey
113. None
114. None

115. Google Titan Key

116. Android 7.0+ Device as U2F Security Key

117. FIDO U2F: The Best Solution for The Second Factor

118. Contents • A Password-ful World • Beyond Password • A

     Password-less World

119. Contents • A Password-ful World • Beyond Password • A

     Password-less World

120. FIDO UAF: The Replacement for The First Factor

121. Recall Our Solutions 1. How to create password securely •

     Password generator 2. How to manage password securely • Password manager 3. How to transfer password securely • TLS 1.2+ 4. How to save password securely • argon2, PBKDF2 5. Beyond Password • Multi-factor authentication (U2F)

122. Recall Our Solutions 1. How to create password securely •

     Password generator 2. How to manage password securely • Password manager 3. How to transfer password securely • TLS 1.2+ 4. How to save password securely • argon2, PBKDF2 5. Beyond Password • Multi-factor authentication (U2F) What is the REAL problem?

123. Security

124. Security: No one knows but you

125. Security: No one knows but you and server

126. Security: No one knows but you and server and your

     computer

127. Security: No one knows but you and server and your

     computer and your password manager

128. Security: No one knows but you and server and your

     computer and your password manager and JD

129. Security: No one knows but you and server and your

     computer and your password manager and JD

130. Yeah, get rid of it!

131. IDEA: Use Asymmetric Encryption for Password PRVAT E KEY PUBLI

     C KEY

132. Authentication with Password Client Server id: user, pw: P@ssw0rd check

     hash = H(P@ssw0rd + salt) POST Request (id, pw) Search the ‘user’ entry Get salt and hash Response succeeded or failed

133. Authentication without Password Client Server return create_challenge(id) POST Request (id)

     return validate(attestation, (challenge, domain), public_key) User verification attestation = sign((challenge, domain), private_key) Send response with the attestation Get public key from database Domain Id Private Key Public Key site.com user 0x570930d6 0x6b6bac8c Id Public Key user 0x6b6bac8c

134. Authentication without Password Authenticator (UAF) Server return create_challenge(id) POST Request

     (id) return validate(attestation, (challenge, domain), public_key) User verification attestation = sign((challenge, domain), private_key) Send response with the attestation Get public key from database Domain Id Private Key Public Key site.com user 0x570930d6 0x6b6bac8c Id Public Key user 0x6b6bac8c Client

135. Authentication without Password Authenticator (UAF) Server return create_challenge(id) POST Request

     (id) return validate(attestation, (challenge, domain), public_key) User verification attestation = sign((challenge, domain), private_key) Send response with the attestation Get public key from database Domain Id Private Key Public Key site.com user 0x570930d6 0x6b6bac8c Id Public Key user 0x6b6bac8c Client Password-Less World

136. FIDO2: The Password-less World

137. Password-less World • Hackers cannot get the passwords or private

     keys • Because it is not in the world • Servers save and manage the public key with a little less effort • Because it is meaningless for others • Client vulnerabilities are meaningless • Because there is no protocol that retrieves the private key from the authenticator • Easy to human beings • Don’t need to create, remember and type the complicated passwords

138. Authenticator • There are two things you must keep safe

     • The authenticator • The verification code (PIN, biometrics) • The private keys never leave it • Physically separated from other devices • Authenticator doesn’t save your verification code • No one knows but you • Separates user verification from authentication Feitian (飞天) BioPass FIDO2

139. Authentication without Password Authenticator Server return create_challenge(id) POST Request (id)

     return validate(attestation, (challenge, domain), public_key) User verification attestation = sign((challenge, domain), private_key) Send response with the attestation Get public key from database Domain Id Private Key Public Key site.com user 0x570930d6 0x6b6bac8c Id Public Key user 0x6b6bac8c Client

140. Authentication without Password Authenticator Server return create_challenge(id) POST Request (id)

     return validate(attestation, (challenge, domain), public_key) User verification attestation = sign((challenge, domain), private_key) Send response with the attestation Get public key from database Domain Id Private Key Public Key site.com user 0x570930d6 0x6b6bac8c Id Public Key user 0x6b6bac8c Client FIDO UAF (Universal Authentication Framework)

141. Authentication without Password Authenticator Server return create_challenge(id) POST Request (id)

     return validate(attestation, (challenge, domain), public_key) User verification attestation = sign((challenge, domain), private_key) Send response with the attestation Get public key from database Domain Id Private Key Public Key site.com user 0x570930d6 0x6b6bac8c Id Public Key user 0x6b6bac8c Client FIDO UAF (Universal Authentication Framework) CTAP (Client to Authenticator Protocol)

142. Authentication without Password Authenticator Server return create_challenge(id) POST Request (id)

     return validate(attestation, (challenge, domain), public_key) User verification attestation = sign((challenge, domain), private_key) Send response with the attestation Get public key from database Domain Id Private Key Public Key site.com user 0x570930d6 0x6b6bac8c Id Public Key user 0x6b6bac8c Client FIDO UAF (Universal Authentication Framework) CTAP (Client to Authenticator Protocol) W3C’s WebAuthn (Web Authentication)

143. Authentication without Password Authenticator Server return create_challenge(id) POST Request (id)

     return validate(attestation, (challenge, domain), public_key) User verification attestation = sign((challenge, domain), private_key) Send response with the attestation Get public key from database Domain Id Private Key Public Key site.com user 0x570930d6 0x6b6bac8c Id Public Key user 0x6b6bac8c Client FIDO UAF (Universal Authentication Framework) CTAP (Client to Authenticator Protocol) W3C’s WebAuthn (Web Authentication) FIDO2

144. FIDO1 • FIDO U2F (CTAP1) • Universal Second Factor •

     Add strong second factor • Press button • FIDO UAF • Universal Authentication Framework • Replace the password • Register the device to the online services • thumbprint, camera, mic, PIN, …

145. FIDO2

146. FIDO2

147. WebAuthn Status

148. Status of Web Browsers Adoption of FIDO2

149. Status of Windows Adoption of FIDO2

150. Status of Android Adoption of FIDO2

151. Status of Android Adoption of FIDO2

152. Status of iOS Adoption of FIDO2

153. Status of iOS Adoption of FIDO2

154. Status of FIDO2 Authenticator • YubiKey 5 of Yubico •

     The popular secret key • https://www.yubico.com/ • concerns • Moved to closed source • Solo • The first open source FIDO2 security key • https://shop.solokeys.com/

155. Security: No one knows but you

156. Security: No one knows but you your authenticator

157. HOLD ON! How about username-less!

158. Username-Less Login

159. Welcome to the world of tomorrow

160. Recommended Resources • https://fidoalliance.org/fido2/ • https://www.w3.org/TR/webauthn/ • https://medium.com/@herrjemand/introduction-to-webauthn-api-5fd 1fb46c285 •

     https://slides.com/fidoalliance/jan-2018-fido-seminar-webauthn-tuto rial • PasswordsCon 2018: WebAuthn and security keys (video, slide) • Google I/O ‘18: What's new with sign up and sign in on the web • BSidesSF 2019 - Navigating Passwordless Authentication with FIDO2 & WebAuthn • Google and Microsoft Debut: Replacing Passwords with FIDO2 Authentication • https://www.reddit.com/r/passwords

161. Thank you • TLDL • Use FIDO2 for a first

     factor (Former UAF) • Use FIDO2 for a second factor (Former U2F)

162. Have I Been Pwned (HIBP) API with K-Anonymity Client Server

     Get a string to be checked: P@ssw0rd SHA1(P@ssw0rd)=21BD12DC183F740EE76F27B78EB39C8AD972A 757 GET Request first 5 characters (https://api.pwnedpasswords.com/range/21BD1) Search the hashes start from query param 1.(21BD1) 0018A45C4D1DEF81644B54AB7F969B88D65:1 (password "lauragpe") 2.(21BD1) 00D4F6E8FA6EECAD2A3AA415EEC418D38EC:2 (password "alexguo029") 3.(21BD1) 011053FD0102E94D6AE2F8B83D76FAF94F6:1 (password "BDnd9102") 4.(21BD1) 012A7CA357541F0AC487871FEEC1891C49C:2 (password "melobie") 5.(21BD1) 0136E006E24E7D152139815FB0FC6A50B15:2 (password "quvekyny") Return the list with its count Find the correct hash

163. Salt and Pepper • Salt • A random string added

     to password before hashing • Saved alongside the hashed output in the database • Pepper • A secret added to password prevent • Stored separately

164. Yubic o