Open Crypto Audit Project
• OCAP originally formed to manage community- funded TrueCrypt audit • Independent technical research public interest organization • Technical Advisory Board: academic, industry, and legal experts in security • Mission: Research, analysis & education around technical security in open source software • Focus: software security, cryptography engineering, public awareness • Current project: OpenSSL audit
The Software Security Trust Chain
1 year post-Heartbleed • Most serious CVEs are rarely about the crypto • But the (most widely deployed) crypto trust chain is fragile • Key pieces of the core Internet network stack are virtually unexamined, and little understood
The Software Security Trust Chain
1 year post-Heartbleed • Most serious CVEs are (rarely) about the crypto • But the (most widely deployed) crypto trust chain is fragile • Key pieces of the core Internet network stack are virtually unexamined, and little understood
The Software Security Trust Chain
Questions How well do you know the network stack you’ve deployed? How about your technical staff? Do you/they understand your core dependencies?
The Software Security Trust Chain
Questions How well do you know the network stack you’ve deployed? How about your technical staff? Do you/they understand your core dependencies?
The Software Security Trust Chain
Questions How well do you know the network stack you’ve deployed? How about your technical staff? Do you/they understand your core dependencies?
Internet Core Trust Chain
For example: o XML parsers (libxml2, Expat, SimpleXML…) o Image generators (libpng…) o Internationalization libraries (libIDN) o Compression (libzma) o ASN.1 & x509 (everywhere) o Middleware core: BouncyCastle, Spring, Struts… o Deeper: libBFD, libCurl, IPSec netkey, pluto, l2tp
Internet Core Trust Chain
Time to look really closely, at, say: o XML parsers (libxml2, Expat, SimpleXML…) o Image generators (libpng…) o Internationalization libraries (libIDN) o Compression (libzma) o ASN.1 & x509 (everywhere) o Middleware core: BouncyCastle, Spring, Struts… o Deeper: libCurl, libBFD, IPSec netkey, pluto, l2tp
Just kidding. Understand your install base, interop and threat model. Then read tactical guidance by Mozilla, SSLLabs, Robert Love, Adam Langley, Thomas Ptacek 2015 Mainstream Distro Apache/Nginx SSL in 1 Easy Slide
Just kidding. Understand your install base, interop and threat model. Then read tactical guidance by Mozilla, SSLLabs, Robert Love, Adam Langley, Thomas Ptacek… 2015 Mainstream Distro Apache/Nginx SSL in 1 Easy Slide
For example Adam Langley: Matching primitive strengths www.imperialviolet.org/2014/05/25/strengthmatching.html Ivan Ristic Introducing TLS Maturity Model community.qualys.com/blogs/securitylabs/2015/06/08/introducing-tls-maturity- model Bulletproof SSL and TLS www.feistyduck.com/books/bulletproof-ssl-and-tls Thomas Ptacek: Cryptographic Right Answers gist.github.com/tqbf/be58d2d39690c3b366ad Mozilla: Security/Sever Side TLS wiki.mozilla.org/Security/Server_Side_TLS
The OpenSSL Audit
• Commissioned by Linux Foundation’s Core Infrastructure Initiative (CII) • Ambitious Scope o Independent review o Coordinating closely with OpenSSL core team o Delayed for v. 1.1 maturity (significant refactor) o Diverse, complex codebase o Linux, BSDs, Windows, OSX, SRV5 (AIX, HP-UX, Solaris) o Intel x86 (incl. AES-NI), ARMv7, MIPS, PowerPC, Alpha… o FIPS module
OpenSSL Audit
• Goals • Thorough public security analysis of the core code in the next major release of OpenSSL • Demonstrate viability of a reusable open source test harness framework • Foster web-scale peer-reviewed public tools & data sets for protocol & negotiation analysis
Dan Bernstein: NaCL networking and cryptography library http://nacl.cr.yp.to Frank Denis: Sodium crypto library https://www.gitbook.com/book/jedisct1/libsodium/details Moxie Marlinspike and Trevor Perrin: Advanced cryptographic ratcheting https://whispersystems.org/blog/advanced-ratcheting Andrew Gerrand: The State of Go http://talks.golang.org/2015/state-of-go-may.slide Daniel Stenberg: TLS in HTTP/2 http://daniel.haxx.se/blog/2015/03/06/tls-in-http2 GoLang team: Go crypto library https://godoc.org/golang.org/x/crypto
Docker: The tutorial www.docker.com/tryit CoreOS is building a container runtime, rkt coreos.com/blog/rocket Let's Encrypt: A public open certificate authority letsencrypt.org US CIO: HTTPS-Everywhere for Government cio.gov/https-everywhere-for-government Open Threat Exchange: OTX v. 2.0 www.alienvault.com/blogs/security-essentials/otx-20-beta-finally-a-way- beyond-the-rhetoric-of-threat-intelligence Verizon DBIR 2015 www.verizonenterprise.com/resources/reports/rp_data-breach-investigation- report-2015_en_xg.pdf
Parting Thoughts
o Encryption is rarely the problem o Understand your threat model o VZ DBIR: 99.9% of successful exploits last year relied on a CVE more than a year old o Intelligence & defense collaboration & sharing is critical o Stronger security chain will require better cooperation, more open exchanges, and trust
Parting Thoughts
We are very much in the golden age of web security. We are beginning a serious re-examination of the core stack and fundamental trust chains.
Special thanks
Paul Wouters (@letoams) Marsh Ray (@marshray) Chris Hoff (@Beaker) Wendy Nather (@451wendy) Thomas Ptacek (@tqbf) Filippo Valsorda(@FiloSottile) Scot Terban (@krypt3ia) Jeff Jarmoc (@jjarmoc)