Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The security trust chain is broken (but we're working on it!)

The security trust chain is broken (but we're working on it!)

ShowMeCon Security 2015

Kenn White

June 09, 2015
Tweet

More Decks by Kenn White

Other Decks in Technology

Transcript

  1. The  Security  Trust  Chain  is  
    Broken  
    But  we’re  working  on  it
    Kenneth White
    ShowMeCon Security 2015
    St Louis
    June 9, 2015

    View full-size slide

  2. Topics
    •  Open Crypto Audit Project
    •  Existing trust chains
    •  OpenSSL audit
    •  Emerging
    •  Final thoughts

    View full-size slide

  3. This  is  me
    Twitter @kennwhite
    Talks speakerdeck.com/kwhite
    OCAP https://opencryptoaudit.org/people

    View full-size slide

  4. Open  Crypto  Audit  Project
    •  OCAP originally formed to manage community-
    funded TrueCrypt audit
    •  Independent technical research public interest
    organization
    •  Technical Advisory Board: academic, industry,
    and legal experts in security
    •  Mission: Research, analysis & education around
    technical security in open source software
    •  Focus: software security, cryptography
    engineering, public awareness
    •  Current project: OpenSSL audit

    View full-size slide

  5. The  Software  Security  
    Trust  Chain
    1 year post-Heartbleed
    • Most serious CVEs are (rarely) about
    the crypto
    • But the (most widely deployed)
    crypto trust chain is fragile
    • Key pieces of the core Internet
    network stack are virtually
    unexamined, and little understood

    View full-size slide

  6. The  Software  Security  
    Trust  Chain
    1 year post-Heartbleed
    • Most serious CVEs are (rarely) about
    the crypto
    • But the (most widely deployed)
    crypto trust chain is fragile
    • Key pieces of the core Internet
    network stack are virtually
    unexamined, and little understood

    View full-size slide

  7. The  Software  Security  
    Trust  Chain
    Questions
    How well do you know the network
    stack you’ve deployed?
    How about your technical staff?
    Do you/they understand your core
    dependencies?

    View full-size slide

  8. The  Software  Security  
    Trust  Chain
    Questions
    How well do you know the network
    stack you’ve deployed?
    How about your technical staff?
    Do you/they understand your core
    dependencies?

    View full-size slide

  9. The  Software  Security  
    Trust  Chain
    Are you sure?

    View full-size slide

  10. Mature network hardware

    View full-size slide

  11. A $100K commercial load balancer compromised
    by a browser ID string

    View full-size slide

  12. Let’s really look at the whole
    security trust chain…

    View full-size slide

  13. Internet  Core  Trust  Chain
    For example:
    o  XML parsers (libxml2, Expat, SimpleXML…)
    o  Image generators (libpng…)
    o  Internationalization libraries (libIDN)
    o  Compression (libzma)
    o  ASN.1 & x509 (everywhere)
    o  Middleware core: BouncyCastle, Spring, Struts…
    o  Deeper: libBFD, libCurl, IPSec netkey, pluto, l2tp

    View full-size slide

  14. Internet  Core  Trust  Chain
    Time to look really closely, at, say:
    o  XML parsers (libxml2, Expat, SimpleXML…)
    o  Image generators (libpng…)
    o  Internationalization libraries (libIDN)
    o  Compression (libzma)
    o  ASN.1 & x509 (everywhere)
    o  Middleware core: BouncyCastle, Spring, Struts…
    o  Deeper: libBFD, libCurl, IPSec netkey, pluto, l2tp

    View full-size slide

  15. BFD  is  a  BFD

    View full-size slide

  16. Are you kidding me?!

    View full-size slide

  17. Wait, it gets better.
    Ever use the shell utility ‘less’?

    View full-size slide

  18. BFD  is  a  BFD.  
     

    View full-size slide

  19. BFD  is  a  BFD.  
    But  most  Linux  admins  have  
    never  even  heard  of  it

    View full-size slide

  20. Let’s go higher up

    View full-size slide

  21. Basic server certificate deployment is
    a solved problem, yes?

    View full-size slide

  22. Basic server certificate deployment is
    a solved problem, yes?

    View full-size slide

  23. Don’t underestimate the impact of applied research

    View full-size slide

  24. Don’t underestimate the impact of applied research

    View full-size slide

  25. Network transport has integrity, yes?

    View full-size slide

  26. Network transport has integrity, yes?

    View full-size slide

  27. Network transport has integrity, yes?
    https://gist.github.com/kennwhite/1f3bc4d889b02b35d8aa

    View full-size slide

  28. Ad networks are trusted for arbitrary client code, yes?

    View full-size slide

  29. But  trust  is  complicated…

    View full-size slide

  30. But  trust  is  complicated…

    View full-size slide

  31. But  trust  is  complicated…

    View full-size slide

  32. And  this  isn’t  helping

    View full-size slide

  33. The  Security  Trust  Chain  
    is  Broken  

    View full-size slide

  34. The  Security  Trust  Chain  
    is  Broken  
    But  we’re  working  on  it

    View full-size slide

  35. The  OpenSSL  Audit

    View full-size slide

  36. The  OpenSSL  Audit
    •  Commissioned by Linux Foundation’s Core
    Infrastructure Initiative (CII)
    •  Ambitious Scope
    o Independent review
    o Coordinating closely with OpenSSL core team
    o Delayed for v. 1.1 maturity (significant refactor)
    o Diverse, complex codebase
    o Linux, BSDs, Windows, OSX, SRV5 (AIX, HP-UX,
    Solaris)
    o Intel x86 (incl. AES-NI), ARMv7, MIPS, PowerPC,
    Alpha…
    o FIPS module

    View full-size slide

  37. OpenSSL  Audit
    •  Goals
    •  Thorough public security analysis of the core
    code in the next major release of OpenSSL
    •  Demonstrate viability of a reusable open
    source test harness framework
    •  Foster web-scale peer-reviewed public tools &
    data sets for protocol & negotiation analysis

    View full-size slide

  38. OpenSSL  Audit
    Rough metrics: 412-494K total SLOC
    OpenSSL v. 1.1 master (2015-03-14)

    View full-size slide

  39. OpenSSL  Audit
    •  Phase 1
    •  BigNum: multiprecision ints, constant time, blinding
    •  BIO (focus on composition & file functions)
    •  ASN.1 & x509 (cert & key parsing, DER/PEM
    decoding, structs, subordinate chains)
    •  93M cert corpus, “Frankencert” fuzzing
    •  Phase 2
    •  TLS state machine
    •  EVP (PKI constructions, H/MACs, envelopes)
    •  Protocol flows, core engine implementation
    •  Memory management
    •  Crypto core (RSA, SHA-2, DH/ECDH, CBC, GGM…)

    View full-size slide

  40. OpenSSL  Audit
    Caveats
    •  Schedule, funding, or quality: Pick 2
    •  High Priority
    •  Major architectures
    •  Modern (TLS 1.3) protocols & primitives
    •  DH, ECC, signatures, ASN.1 & x509
    •  Non-crypto constructions (data structures, memory
    management, core API/ABI hooks)
    •  Lower Priority
    •  AES implementation (finite field tables, matrix
    transformations, etc. TBD, possibly in phase 3 formal
    academic analysis)
    •  RC4
    •  S/MIME
    •  OpenSSL s_server (smtp-aware web server!)

    View full-size slide

  41. Emerging
    •  Better primitives and core crypto
    •  TLS 1.3
    •  NaCl/LibSodium, ChaCha20/Poly1305 (OpenSSL soon)
    •  Marlinspike et al’s work on OTR, axolotl ratchet
    •  Trevor Perrin’s work on public key pinning & TLS core
    •  Containers smaller surface (Docker, Rocket, LXC)
    •  Let’s Encrypt (Mozilla, Akamai, Cisco, EFF)
    •  USG: All fed websites & services HTTPS-only
    •  Open threat feeds (AlienVault Open Threat
    Exchange v2)
    •  Verizon Data Breach Investigation Report model

    View full-size slide

  42. Parting  Thoughts
    o  VZ DBIR: 99.9% of successful exploits last year
    relied on a CVE more than a year old
    o  Intelligence & defense collaboration & sharing is
    critical
    o  Encryption isn’t a magic bullet
    o  Understand your threat model
    o  Stronger security chain will require better
    cooperation, more open exchanges, and trust

    View full-size slide

  43. Parting  Thoughts
    o  We are very much in the golden age of web
    security
    o  We are beginning a serious re-examination of the
    core stack and fundamental trust chains

    View full-size slide

  44. The  Security  Trust  Chain  
    is  Broken  
    But  we’re  working  on  it

    View full-size slide

  45. Be  careful  out  there,  folks

    View full-size slide

  46. Contacts
    OCAP admin @ opencryptoaudit . org
    OCAP https://opencryptoaudit.org/people
    Twitter @kennwhite
    Talks speakerdeck.com/kwhite

    View full-size slide