Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ITT 2017 - Rob Napier - Practical Security

Istanbul Tech Talks
April 03, 2017
Programming
0
120

ITT 2017 - Rob Napier - Practical Security

Keychain, disk encryption, Common Crypto, certificates. Security can be daunting for Cocoa developers. There are so many frameworks filled with words you’ve never heard before solving problems you don’t understand. And why does so much of it have to be in C?

The truth is that good security is hard, but the code doesn’t have to be. This session will show you how to best use the many security tools Apple provides. You’ll learn how to properly encrypt with AES, how to make the most of iOS’s device encryption features, how to best manage SSL, and more. If you’re using AES for anything, but don’t know what an HMAC is, you need to attend Rob Napier's session.

Istanbul Tech Talks

April 03, 2017
Tweet

More Decks by Istanbul Tech Talks

See All by Istanbul Tech Talks
ITT 2019 - Constance Caramanolis - High severity incident response leveraging Envoy
istanbultechtalks
0
140
ITT 2019 - Mark West - A Practical(ish) Introduction to Data Science
istanbultechtalks
1
140
ITT 2019 - Kavya Joshi - Let's talk locks!
istanbultechtalks
1
140
ITT 2019 - Martin Beeby - A Developer Primer on Blockchain
istanbultechtalks
1
42
ITT 2019 - Nikolas Burk - Boost your API Development with GraphQL & Prisma
istanbultechtalks
0
82
ITT 2019 - Michael Hüttermann - Continuous Delivery/DevOps Live Cooking Show
istanbultechtalks
0
68
ITT 2019 - Kief Morris - Building Evolvable Infrastructure
istanbultechtalks
1
45
ITT 2019 - Nic Jackson - From the first photocopy to modern failure detection in distributed systems
istanbultechtalks
2
77
ITT 2018 - Randy Shoup - Service Architectures at Scale
istanbultechtalks
0
57

Other Decks in Programming

See All in Programming
RuboCop Philosophy
koic
2
680
テキストエディタのブラウザ実装 / tokyo_study
oliver_diary
0
150
Asynchronous programming with PHP and OpenSwoole - ConFoo 2023
johanjanssens
0
230
Recon Slides by Anon_Y0gi
y0gi
0
210
\ 祝!/AWS 大阪リージョン 2 周年の歩み
track3jyo
PRO
0
130
プルリク毎の検証環境を建てよう
takashimiyahara
0
2.7k
JavaScript学園ポモドーロ科を主席で卒業するためのテクニック
tokky0425
0
2.6k
Androidアプリで安定して動作させ継続的に開発するために設計の原則を利用して開発した話
takahirom
0
600
How to hide the key
akkeylab
0
120
WEARのEKSコストを救いたい
mikobaaaaa0920
1
1.3k
鹿児島からRubyではじめるスタートアップ
yoshikouki
0
670
フロントエンド開発のためのセキュリティ入門について
masashi
1
170

Featured

See All Featured
GraphQLとの向き合い方2022年版
quramy
21
10k
JazzCon 2018 Closing Keynote - Leadership for the Reluctant Leader
reverentgeek
176
9.2k
We Have a Design System, Now What?
morganepeng
37
6k
Put a Button on it: Removing Barriers to Going Fast.
kastner
56
2.6k
Designing the Hi-DPI Web
ddemaree
273
32k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
2
460
Six Lessons from altMBA
skipperchong
15
2.4k
Adopting Sorbet at Scale
ufuk
65
7.9k
What's new in Ruby 2.0
geeforr
336
30k
Intergalactic Javascript Robots from Outer Space
tanoku
261
26k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
44
14k
Docker and Python
trallard
30
2k

Transcript

  1. PRACTICAL SECURITY
    Rob Napier
    github.com/rnapier/practical-security

    View Slide

  2. •Encrypting Network Traffic
    •Data Protection
    •Handling Passwords
    •Encrypting with AES
    TODAY’S TOPICS
    github.com/rnapier/practical-security

    View Slide

  3. ENCRYPT YOUR TRAFFIC

    View Slide

  4. • Payload Encryption
    • URL Encryption
    • Cookie Encryption
    • Server
    Authentication
    •Session Hijack
    Prevention
    •Replay Attack
    Prevention
    HTTPS

    View Slide

  5. •Sure, they’re fine… but…
    •Self-signed is better
    COMMERCIAL CERTS

    View Slide

  6. A LOT OF TRUST
    You Expect...
    •Verisign
    •Network Solutions
    •Thawte
    •RSA
    •Digital Signature
    Trust
    But Also...
    •AOL, Cisco, Apple, ...
    •US, Japan, Taiwan, ...
    •Camerfirma, Dhimyotis,
    Echoworx, QuoVadis,
    Sertifitseerimiskeskus, Starfield,
    Vaestorekisterikeskus, ...
    http://support.apple.com/kb/ht5012

    View Slide

  7. IT’S ALWAYS RISKIER TO TRUST
    YOURSELF AND SOMEONE ELSE,
    THAN TO JUST TRUST YOURSELF.

    View Slide

  8. SELF SIGNED CERTIFICATE

    View Slide

  9. CERTIFICATE PINNING

    View Slide

  10. try! validator = CertificateValidator(certificateURL: certificateURL)
    session = URLSession(configuration: .default, delegate: validator,
    delegateQueue: nil)
    task = session.dataTask(with: URLRequest(url: fetchURL)) { … }
    https://github.com/rnapier/CertificateValidator

    View Slide

  11. ENCRYPT YOUR TRAFFIC
    •Use HTTPS for all traffic
    •Pin your certs
    https://github.com/rnapier/CertificateValidator

    View Slide

  12. DATA PROTECTION

    View Slide

  13. Device Encryption
    Data Protection
    iOS ENCRYPTION

    View Slide

  14. NSFileProtectionComplete
    • • • •
    I can see by
    my watch,
    without
    taking my
    hand from
    the left grip
    of the
    cycle,
    SSBjYW4gc
    2VlIGJ5IG1
    5IHdhdGN
    oLCB3aXR
    ob3V0IHRh
    a2luZyBteS
    BoYW5kIG
    Z
    DATA PROTECTION
    (SIMPLIFIED)

    View Slide

  15. I can see by
    my watch,
    without
    taking my
    hand from
    the left grip
    of the
    cycle,
    SSBjYW4gc
    2VlIGJ5IG1
    5IHdhdGN
    oLCB3aXR
    ob3V0IHRh
    a2luZyBteS
    BoYW5kIG
    Z
    NSFileProtectionComplete
    • • • •
    DATA PROTECTION
    (SIMPLIFIED)

    View Slide

  16. •Complete
    •Complete Unless Open
    •Complete Until First User Authentication
    PROTECTION LEVELS

    View Slide

  17. HOW EASY?

    View Slide

  18. DATA PROTECTION IN
    CODE
    extension FileManager {
    func protectFileAtPath(path: String) throws {
    try setAttributes([
    .protectionKey: FileProtectionType.completeUnlessOpen
    ],
    ofItemAtPath: path)
    }
    }
    try data.write(to: url,
    options: .completeFileProtectionUnlessOpen)

    View Slide

  19. func applicationProtectedDataWillBecomeUnavailable(UIApplication)
    func applicationProtectedDataDidBecomeAvailable(UIApplication)
    let UIApplicationProtectedDataWillBecomeUnavailable: NSNotification.Name
    let UIApplicationProtectedDataDidBecomeAvailable: NSNotification.Name
    var isProtectedDataAvailable: Bool { get }
    UIApplicationDelegate Methods
    UIApplication Notifications
    UIApplication Methods

    View Slide

  20. https://www.apple.com/business/docs/iOS_Security_Guide.pdf

    View Slide

  21. DATA PROTECTION
    • Turn it on automatically in Xcode
    • Use Complete by default
    • For background file access, try to use CompleteUnlessOpen
    • Upgrade to Complete as soon as you can
    https://www.apple.com/business/docs/iOS_Security_Guide.pdf

    View Slide

  22. HANDLING PASSWORDS

    View Slide

  23. HASHING
    S3kr3t! d39ee8e54ac7...
    Password Hash

    View Slide

  24. CHOOSE YOUR HASH
    SHA-2
    SHA-224
    SHA-256
    SHA-384
    SHA-512
    SHA-512/224
    SHA-512/256

    View Slide

  25. CHOOSE YOUR HASH
    SHA-2
    SHA-224
    SHA-256
    SHA-384
    SHA-512
    SHA-512/224
    SHA-512/256

    View Slide

  26. WHAT WENT WRONG AT LINKEDIN?
    d39ee8e54ac7f65311676d0cb92ec248319f7d27
    Passw0rd 2acf37c868c0dd80513a4efa9ab4b4444a4d5c94
    MyPass b97698a2b0bf77a3e31e089ac5d43e96a8c34132
    S3kr3t! d39ee8e54ac7f65311676d0cb92ec248319f7d27
    ... ...

    View Slide

  27. SALTING
    d39ee8e54ac7f65311676d0cb92ec248319f7d27
    S3kr3t!
    d39ee8e54ac7f65311676d0cb92ec248319f7d27
    S3kr3t!
    Site 1
    Site 2

    View Slide

  28. SALTING
    48fc6c1a82882c0084185c3e6f317d6cdabfbc88
    XXX:S3kr3t!
    7802cd6060f13349da21652e4bc8cd31e3058842
    YYY:S3kr3t!
    Site 1
    Site 2

    View Slide

  29. DETERMINISTIC SALT
    Prefix + userid
    com.example.MyGreatSite:[email protected]

    View Slide

  30. STRETCHING
    • Real passwords are easy to guess
    • To protect against that, make guessing expensive

    View Slide

  31. TIME TO CRACK
    Guesses per
    second
    Crack 8-char
    password
    Native 1 billion 2 months
    +80ms/guess 12,5 15 million years

    View Slide

  32. PBKDF2
    import CryptoSwift
    let password = Array(“s33krit".utf8)
    let salt = Array(“com.example.MyGreatSite:[email protected]".utf8)
    let bytes = try PKCS5.PBKDF2(password: password,
    salt: salt,
    iterations: 4096,
    variant: .sha256).calculate()
    let data = Data(bytes: bytes)
    https://github.com/krzyzanowskim/CryptoSwift

    View Slide

  33. STORE A HASH
    •Before storing the key in the database,
    hash it one more time with SHA-2

    View Slide

  34. GOOD PASSWORD HANDLING
    •Hash to hide the password
    •Salt to make your hashes unique
    •Stretch to make guessing slow
    •Hash once more before storing

    View Slide

  35. CORRECT AES
    ENCRYPTION

    View Slide

  36. USE MY LIBRARY
    https://github.com/RNCryptor

    View Slide

  37. USING RNCRYPTOR
    • Swift
    • Objective-C
    • ANSI C
    • C++
    • C#
    • Erlang
    • Go
    • Haskell
    • Java
    • PHP
    • Python
    • JavaScript
    • Ruby
    // Encryption
    let data: NSData = ...
    let password = "Secret password"
    let ciphertext = RNCryptor.encryptData(data, password: password)
    // Decryption
    do { let originalData = try RNCryptor.decryptData(ciphertext,
    password: password)
    // ...
    } catch { . . . }

    View Slide

  38. WHAT IS CORRECT AES?
    Hold that thought…

    View Slide

  39. P1 P2 P3 P4
    P5 P6 P7 P8
    P9 P10 P11 P12
    P13 P14 P15 P16
    C1 C2 C3 C4
    C5 C6 C7 C8
    C9 C10 C11 C12
    C13 C14 C15 C16
    Key
    Encrypt
    P1 P2 P3 P4
    P5 P6 P7 P8
    P9 P10 P11 P12
    P13 P14 P15 P16
    C1 C2 C3 C4
    C5 C6 C7 C8
    C9 C10 C11 C12
    C13 C14 C15 C16
    Key
    Decrypt

    View Slide

  40. THE HELPERS
    •Key Generation
    •Block Cipher Modes
    •Authentication

    View Slide

  41. // This is broken
    NSString *password = @"P4ssW0rd!";
    char key[kCCKeySizeAES256+1];
    bzero(key, sizeof(key));
    [key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];
    // This is broken
    INCORRECT KEY
    GENERATION
    •Truncates long passwords
    •Uses only a tiny part of the key space
    •Best case is ~ 0.00001% of a 128-bit key.

    View Slide

  42. Use a PBKDF
    (scrypt, bcrypt, PBKDF2)

    View Slide

  43. REQUIREMENT 1: PBKDF2 SALT
    • To be a secure password-based format, we need a salt
    for PBKDF2. Ideally it should be totally random.

    View Slide

  44. INITIALIZATION
    VECTOR
    And Modes of Operation

    View Slide

  45. Insecure

    View Slide

  46. ECB
    Source image by Larry Ewing and The GIMP

    View Slide

  47. View Slide

  48. CCCryptorStatus CCCryptorCreate(
    CCOperation op, /* kCCEncrypt, etc. */
    CCAlgorithm alg, /* kCCAlgorithmDES, etc. */
    CCOptions options, /* kCCOptionPKCS7Padding, etc. */
    const void *key, /* raw key material */
    size_t keyLength,
    const void *iv, /* optional initialization vector */
    CCCryptorRef *cryptorRef) /* RETURNED */
    __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0);
    SO MUCH CONFUSION
    FROM ONE COMMENT
    Use an unpredictable IV, not NULL.

    View Slide

  49. REQUIREMENT 2: RANDOM IV
    • To be a secure format with CBC, we need a random IV.

    View Slide

  50. UNAUTHENTICATED
    ENCRYPTION

    View Slide

  51. HASH BASED MESSAGE
    AUTHENTICATION CODE

    View Slide

  52. REQUIREMENT 3
    • To be a secure format using CBC, we need an HMAC.

    View Slide

  53. ENCRYPTION PITFALLS
    • Poor KDF choice
    • Truncating multi-byte passwords
    • Insufficiently random salt
    • Key truncation
    • Poor block cipher mode choice
    • Predictable IV
    • No HMAC
    • Failure to HMAC entire message
    • Poor cipher choice
    • Key/IV reuse
    • Failure to validate padding
    • Failure to validate HMAC
    • Length-extension attacks
    • Timing attacks
    • Side-channel attacks
    • Ciphertext truncation attacks

    View Slide

  54. ENCRYPTION PITFALLS
    •Poor KDF choice
    •Truncating multi-byte passwords
    •Insufficiently random salt
    •Key truncation
    •Poor block cipher mode choice
    •Predictable IV
    •No HMAC
    •Failure to HMAC entire message
    •Poor cipher choice
    •Key/IV reuse
    •Failure to validate padding
    •Failure to validate HMAC
    •Length-extension attacks
    •Timing attacks
    •Side-channel attacks
    •Ciphertext truncation attacks

    View Slide

  55. DON’T BUILD YOUR
    OWN AES FORMAT

    View Slide

  56. AES BEST PRACTICE
    • Key-Derivation Function (PBKDF2)
    • Proper Mode (usually CBC)
    • Random Initialization Vector
    • Authentication (HMAC or authenticated mode)

    View Slide

  57. PRACTICAL SECURITY
    •Encrypt your traffic with SSL
    •Pin and verify your certs (CertificateValidator)
    •Encrypt your files with ProtectionComplete
    •Salt and stretch your passwords
    •Use AES securely

    View Slide

  58. github.com/rnapier/practical-security
    [email protected]
    @cocoaphony
    robnapier.net

    View Slide