Avoiding damage, shame and regrets: data protection for mobile client-server architectures

Avoiding damage, shame and regrets
data protection for mobile
client-server architectures
#doios @vixentael

View Slide

is intuitive,
evolution trained us for it
Real-world security

View Slide

Meet Dodo birds!
Alice Bob
data protection for client-server apps #doios @vixentael

View Slide

They are chatting together
Alice Bob
tweet hello

View Slide

Here comes Eve..
..the eavesdropping Fennec Fox

View Slide

Eve eavesdrops
danger
tweet
ack
ear radars: ON

View Slide

Birds fly away, Eve doesn’t hear them
secure place
hear nothing

View Slide

Risk (threat): Eve hears your secrets
Mitigation: physically move away
from Eve
Real-world security

View Slide

evolution did not
prepare you for that!
Cyber-world security

View Slide

Apple Secure Coding Guide
Every program is a potential target.
Your customers’ property and your reputation
are at stake.
https://developer.apple.com/library/mac/documentation/
Security/Conceptual/SecureCodingGuide/
Introduction.html

View Slide

What we protect?
User’s data!
in storage
in motion
in memory

View Slide

Data in motion

View Slide

There are hackers..
and threats these hackers exploit..
to create damage
Problem: Layer 1

View Slide

Meet Alice-the-App and Bob-the-Server
Alice-the-App Bob-the-Server

View Slide

Client and Server are communicating
passw: 123456
HTTP 1.1
Alice-the-App Bob-the-Server

View Slide

Eve-the-Hacker

View Slide

Here Eve-the-Hacker comes!
passw: 123456
HTTP 1.1

View Slide

Here Eve-the-Hacker comes!
passw: 123456
HTTP 1.1
{“passw”:“123456”}

View Slide

Let’s go deeper..
To avoid threats we need
secure programming
Problem: Layer 2

View Slide

Alice decides to implement security
puts on paper hat!

View Slide

Bob decides to implement security
builds the fence!

View Slide

..and they decide to use HTTPS!
****** : ******
HTTPS

out of the
box

View Slide

But it’s not really secure..
****** : ******
HTTPS out of
the box
{“passw”:“123456”}

View Slide

Intercept traffic using proxy
* SSL experimenting
with Android Top100
apps
http://bit.ly/1NqpheM
* Intercepting the App
Store's Traffic on iOS
http://bit.ly/1H3xMrs

View Slide

What helps Eve to eavesdrop?
๏ not encrypting user data
๏ plain HTTP
๏ self-signed certificates
๏ HTTPS with old cipher-suites
๏ using vulnerable libraries and bad examples from
StackOverflow
๏ SSL without SSL certificate pinning

View Slide

Problem: Layer 3
As the result,
Programming is rarely secure

View Slide

Software is buggy
http://blog.mindedsecurity.com/2015/03/ssl-mitm-attack-in-afnetworking-251-
do.html
AFNetworking SSL verification bug (v2.5.1-2.5.2)
https://eprint.iacr.org/2013/049.pdf
Out-of-the-box SSL is frequent subject to attacks
http://www.dwheeler.com/essays/apple-goto-fail.html
Apple “goto fail” vulnerability
http://noxxi.de/howto/ssl-debugging.html

View Slide

๏ Copying bad code from StackOverflow
๏ Debugging by tearing security suites
apart
๏ Avoiding “complicated” security
documentation
Software is buggy. Why?

View Slide

- is easy to f*ck up
- is inconvenient to implement
Cyber-world security

View Slide

- use good practice and brain
- use good tools
- minimize re-inventing the wheel
What shall we do?

View Slide

Realize threat vectors
Bad cryptography
No access control
Authentication bypass
Credential reuse
Session hijacking
Denial of Service
Data leakage
…

View Slide

Anyone can invent a security system
that he himself cannot break
— Schneier's Law
https://www.schneier.com/blog/archives/
2011/04/schneiers_law.html
Implementing security tools yourself is a threat

View Slide

Do not re-implement existing things

View Slide

View Slide

Use great tools
scientific background trust big guys good track record
libsodium/NaCL
OTRKit
RNCryptor
MIHCrypto
Themis
https://github.com/mochtu/libsodium-ios
https://github.com/ChatSecure/OTRKit
https://github.com/RNCryptor/RNCryptor
https://github.com/hohl/MIHCrypto
https://github.com/cossacklabs/themis

View Slide

Apple open sourced crypto

View Slide

Armoring your SSL

View Slide

Do your SSL/TLS right
๏use long keys
๏disable backward compatibility
๏use strong ciphers (EC vs RSA)
๏pin SSL certificate
๏use cheat sheet
https://www.cossacklabs.com/avoid-ssl-for-your-
next-app.html
SSL has a lot of problems
To survive you need to:
https://www.owasp.org/index.php/
Transport_Layer_Protection_Cheat_Sheet

View Slide

Do you pin SSL certificate?

View Slide

SSL/TLS in short
hello
client asks certificate
server sends cert
encrypted data
client verifies cert
- domain,
- expiration date,
- asks CA if cert is valid and not revoked
key negotiation

View Slide

Where can it break?
hello
server sends cert
encrypted data
- domain,
- expiration date,
- asks CA if cert is valid and not revoked
key negotiation

View Slide

SSL pinning
hello
server sends cert
encrypted data
- compares cert against pinned
cert
key negotiation

View Slide

SSL pinning on iOS
https://possiblemobile.com/2013/03/ssl-pinning-for-increased-app-security/
https://www.paypal-engineering.com/2015/10/14/key-pinning-in-mobile-
applications/
-‐ (void)connection:(NSURLConnection *)connection
willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
SecTrustRef serverTrust = challenge.protectionSpace.serverTrust;
id sender = challenge.sender;
SecCertificateRef certificate = SecTrustGetCertificateAtIndex(serverTrust, 0);
NSData * remoteCertificateData =
CFBridgingRelease(SecCertificateCopyData(certificate));

NSString * cerPath = [[NSBundle mainBundle] pathForResource:@"MyLocalCertificate"
ofType:@"cer"];
NSData * localCertData = [NSData dataWithContentsOfFile:cerPath];
if ([remoteCertificateData isEqualToData:localCertData]) {
NSURLCredential * credential = [NSURLCredential credentialForTrust:serverTrust];
[sender useCredential:credential forAuthenticationChallenge:challenge];
} else {
[sender cancelAuthenticationChallenge:challenge];
}
}

View Slide

SSL pinning more easy :)
let certData = NSData(contentsOfFile:
NSBundle.mainBundle().pathForResource("lvwenhancom", ofType: "cer")!)! 
... ...
.addSSLPinning(LocalCertData: certData) { () -‐> Void in 
print("Under Man-‐in-‐the-‐middle attack!") 
}
Swift lib for HTTPS and SSL pinning
https://github.com/johnlui/Pitaya
https://github.com/iSECPartners/ssl-conservatory

View Slide

Nah.
SSL is not enough :(
So, we’re done?

View Slide

Implementing
Forward Secrecy

View Slide

Forward Secrecy: Threat
Eve records encrypted
traffic
New crypto vulnerability
allows to exact keys
Eve physically extracts keys
from one of the birds
Eve decrypts all encrypted
traffic

View Slide

Forward Secrecy: Mitigation
Forward Secrecy
ephemeral keys + key rotation scheme
https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf
SSL/TLS has forward secrecy but it’s weak:
=

View Slide

Using ephemeral key
key negotiation (RSA or EC)
create symmetric temp key
use temp key to
encrypt messages
during session
close session
open session

View Slide

Implementing ephemeral keys
1. establish session
2. encrypt message with SecureSession before sending
3. decrypt message after receive
4. encrypt history with SecureCell
https://github.com/cossacklabs/themis
Themis has built-in forward secrecy inside
SecureSession object

View Slide

Implementing ephemeral keys
https://github.com/cossacklabs/mobile-websocket-example

View Slide

Data in storage

View Slide

What we need to do
1. Choose good storage library with
efficient crypto
2. Embed it on read/write
3. Store keys safely

View Slide

RNCryptor example
Themis SecureCell example
Storage libraries

View Slide

Storing the keys
SSKeychain example
Valet example
https://github.com/square/Valet
https://github.com/soffes/sskeychain

View Slide

compute key and use KDF to derive
Storing the keys: Computable obfuscation
https://www.mikeash.com/pyblog/friday-qa-2012-08-10-a-tour-of-
commoncrypto.html
key = KDF(sqrt(42)*len(user_id)/parity(user_id))

View Slide

Ending notes

View Slide

Practical app security step by step
1.Use HTTPS with good TLS settings
2.Enable SSL pinning
3.Encrypt user data in motion with ephemeral keys
4.Encrypt stored data and protect the key

View Slide

Alice is more secure now
SSL pinning
encrypted

storage data
ephemeral keys

View Slide

Bob is more secure now
encrypted

storage data
ephemeral keys

View Slide

Chatting is more secure
5720b3c2 fe674f54
73e10ad4 ...
HTTPS
SSL pinning
ephemeral keys

View Slide

Security is full of
adventures and
discoveries.
And fun.
and shiny metal birds!

View Slide

The last slide
@vixentael iOS developer
at stanfy.com
[creating awesome mobile
and IoT apps]
take
care!

View Slide

More to read
★ The Mobile Application Hacker's Handbook
https://books.google.com.ua/books?id=UgVhBgAAQBAJ
★ Designing Secure User Interfaces
https://developer.apple.com/library/ios/documentation/Security/
Conceptual/SecureCodingGuide/Articles/AppInterfaces.html#//apple_ref/
doc/uid/TP40002862-SW1
★ CryptoCat iOS app security audit
https://nabla-c0d3.github.io/documents/iSEC_Cryptocat_iOS.pdf
★ Storing secret keys
http://www.splinter.com.au/2014/09/16/storing-secret-keys/

View Slide

More to watch
★ All talks of Moxie Marlinspike
https://www.youtube.com/watch?v=ibF36Yyeehw
https://www.youtube.com/watch?v=8N4sb-SEpcg
https://www.youtube.com/watch?v=tOMiAeRwpPA

View Slide

Avoiding damage, shame and regrets: data protection for mobile client-server architectures

Avoiding damage, shame and regrets: data protection for mobile client-server architectures

do{iOS} conference

More Decks by do{iOS} conference

Other Decks in Programming

Featured

Transcript