The security trust chain is broken (but we're working on it!)

The security trust chain is broken (but we're working on it!)

ShowMeCon Security 2015

671d41cff530fadcbc82a5d6e7070c4a?s=128

Kenneth White

June 09, 2015
Tweet

Transcript

  1. The  Security  Trust  Chain  is   Broken   But  we’re

     working  on  it Kenneth White ShowMeCon Security 2015 St Louis June 9, 2015
  2. Topics •  Open Crypto Audit Project •  Existing trust chains

    •  OpenSSL audit •  Emerging •  Final thoughts
  3. This  is  me Twitter @kennwhite Talks speakerdeck.com/kwhite OCAP https://opencryptoaudit.org/people

  4. Open  Crypto  Audit  Project •  OCAP originally formed to manage

    community- funded TrueCrypt audit •  Independent technical research public interest organization •  Technical Advisory Board: academic, industry, and legal experts in security •  Mission: Research, analysis & education around technical security in open source software •  Focus: software security, cryptography engineering, public awareness •  Current project: OpenSSL audit
  5. The  Software  Security   Trust  Chain 1 year post-Heartbleed • Most

    serious CVEs are (rarely) about the crypto • But the (most widely deployed) crypto trust chain is fragile • Key pieces of the core Internet network stack are virtually unexamined, and little understood
  6. The  Software  Security   Trust  Chain 1 year post-Heartbleed • Most

    serious CVEs are (rarely) about the crypto • But the (most widely deployed) crypto trust chain is fragile • Key pieces of the core Internet network stack are virtually unexamined, and little understood
  7. The  Software  Security   Trust  Chain Questions How well do

    you know the network stack you’ve deployed? How about your technical staff? Do you/they understand your core dependencies?
  8. The  Software  Security   Trust  Chain Questions How well do

    you know the network stack you’ve deployed? How about your technical staff? Do you/they understand your core dependencies?
  9. The  Software  Security   Trust  Chain Are you sure?

  10. None
  11. None
  12. Mature network hardware

  13. A $100K commercial load balancer compromised by a browser ID

    string
  14. Let’s really look at the whole security trust chain…

  15. Internet  Core  Trust  Chain For example: o  XML parsers (libxml2,

    Expat, SimpleXML…) o  Image generators (libpng…) o  Internationalization libraries (libIDN) o  Compression (libzma) o  ASN.1 & x509 (everywhere) o  Middleware core: BouncyCastle, Spring, Struts… o  Deeper: libBFD, libCurl, IPSec netkey, pluto, l2tp
  16. Internet  Core  Trust  Chain Time to look really closely, at,

    say: o  XML parsers (libxml2, Expat, SimpleXML…) o  Image generators (libpng…) o  Internationalization libraries (libIDN) o  Compression (libzma) o  ASN.1 & x509 (everywhere) o  Middleware core: BouncyCastle, Spring, Struts… o  Deeper: libBFD, libCurl, IPSec netkey, pluto, l2tp
  17. None
  18. BFD  is  a  BFD

  19. Are you kidding me?!

  20. Wait, it gets better. Ever use the shell utility ‘less’?

  21. None
  22. None
  23. BFD  is  a  BFD.    

  24. BFD  is  a  BFD.   But  most  Linux  admins  have

      never  even  heard  of  it
  25. libcurl

  26. None
  27. Let’s go higher up

  28. Basic server certificate deployment is a solved problem, yes?

  29. Basic server certificate deployment is a solved problem, yes?

  30. Don’t underestimate the impact of applied research

  31. Don’t underestimate the impact of applied research

  32. Network transport has integrity, yes?

  33. Network transport has integrity, yes?

  34. Network transport has integrity, yes? https://gist.github.com/kennwhite/1f3bc4d889b02b35d8aa

  35. Ad networks are trusted for arbitrary client code, yes?

  36. None
  37. None
  38. None
  39. But  trust  is  complicated…

  40. But  trust  is  complicated…

  41. But  trust  is  complicated…

  42. And  this  isn’t  helping

  43. The  Security  Trust  Chain   is  Broken  

  44. The  Security  Trust  Chain   is  Broken   But  we’re

     working  on  it
  45. The  OpenSSL  Audit

  46. The  OpenSSL  Audit •  Commissioned by Linux Foundation’s Core Infrastructure

    Initiative (CII) •  Ambitious Scope o Independent review o Coordinating closely with OpenSSL core team o Delayed for v. 1.1 maturity (significant refactor) o Diverse, complex codebase o Linux, BSDs, Windows, OSX, SRV5 (AIX, HP-UX, Solaris) o Intel x86 (incl. AES-NI), ARMv7, MIPS, PowerPC, Alpha… o FIPS module
  47. OpenSSL  Audit •  Goals •  Thorough public security analysis of

    the core code in the next major release of OpenSSL •  Demonstrate viability of a reusable open source test harness framework •  Foster web-scale peer-reviewed public tools & data sets for protocol & negotiation analysis
  48. OpenSSL  Audit Rough metrics: 412-494K total SLOC OpenSSL v. 1.1

    master (2015-03-14)
  49. OpenSSL  Audit •  Phase 1 •  BigNum: multiprecision ints, constant

    time, blinding •  BIO (focus on composition & file functions) •  ASN.1 & x509 (cert & key parsing, DER/PEM decoding, structs, subordinate chains) •  93M cert corpus, “Frankencert” fuzzing •  Phase 2 •  TLS state machine •  EVP (PKI constructions, H/MACs, envelopes) •  Protocol flows, core engine implementation •  Memory management •  Crypto core (RSA, SHA-2, DH/ECDH, CBC, GGM…)
  50. OpenSSL  Audit Caveats •  Schedule, funding, or quality: Pick 2

    •  High Priority •  Major architectures •  Modern (TLS 1.3) protocols & primitives •  DH, ECC, signatures, ASN.1 & x509 •  Non-crypto constructions (data structures, memory management, core API/ABI hooks) •  Lower Priority •  AES implementation (finite field tables, matrix transformations, etc. TBD, possibly in phase 3 formal academic analysis) •  RC4 •  S/MIME •  OpenSSL s_server (smtp-aware web server!)
  51. Emerging

  52. Emerging •  Better primitives and core crypto •  TLS 1.3

    •  NaCl/LibSodium, ChaCha20/Poly1305 (OpenSSL soon) •  Marlinspike et al’s work on OTR, axolotl ratchet •  Trevor Perrin’s work on public key pinning & TLS core •  Containers smaller surface (Docker, Rocket, LXC) •  Let’s Encrypt (Mozilla, Akamai, Cisco, EFF) •  USG: All fed websites & services HTTPS-only •  Open threat feeds (AlienVault Open Threat Exchange v2) •  Verizon Data Breach Investigation Report model
  53. Parting  Thoughts o  VZ DBIR: 99.9% of successful exploits last

    year relied on a CVE more than a year old o  Intelligence & defense collaboration & sharing is critical o  Encryption isn’t a magic bullet o  Understand your threat model o  Stronger security chain will require better cooperation, more open exchanges, and trust
  54. Parting  Thoughts o  We are very much in the golden

    age of web security o  We are beginning a serious re-examination of the core stack and fundamental trust chains
  55. The  Security  Trust  Chain   is  Broken   But  we’re

     working  on  it
  56. Be  careful  out  there,  folks

  57. Contacts OCAP admin @ opencryptoaudit . org OCAP https://opencryptoaudit.org/people Twitter

    @kennwhite Talks speakerdeck.com/kwhite