Open Crypto Audit Project
• OCAP originally formed to manage community- funded TrueCrypt audit • Independent technical research public interest organization • Technical Advisory Board: academic, industry, and legal experts in security • Mission: Research, analysis & education around technical security in open source software • Focus: software security, cryptography engineering, public awareness • Current project: OpenSSL audit
The Software Security Trust Chain
1 year post-Heartbleed • Most serious CVEs are (rarely) about the crypto • But the (most widely deployed) crypto trust chain is fragile • Key pieces of the core Internet network stack are virtually unexamined, and little understood
The Software Security Trust Chain
1 year post-Heartbleed • Most serious CVEs are (rarely) about the crypto • But the (most widely deployed) crypto trust chain is fragile • Key pieces of the core Internet network stack are virtually unexamined, and little understood
The Software Security Trust Chain
Questions How well do you know the network stack you’ve deployed? How about your technical staff? Do you/they understand your core dependencies?
The Software Security Trust Chain
Questions How well do you know the network stack you’ve deployed? How about your technical staff? Do you/they understand your core dependencies?
Internet Core Trust Chain
For example: o XML parsers (libxml2, Expat, SimpleXML…) o Image generators (libpng…) o Internationalization libraries (libIDN) o Compression (libzma) o ASN.1 & x509 (everywhere) o Middleware core: BouncyCastle, Spring, Struts… o Deeper: libBFD, libCurl, IPSec netkey, pluto, l2tp
Internet Core Trust Chain
Time to look really closely, at, say: o XML parsers (libxml2, Expat, SimpleXML…) o Image generators (libpng…) o Internationalization libraries (libIDN) o Compression (libzma) o ASN.1 & x509 (everywhere) o Middleware core: BouncyCastle, Spring, Struts… o Deeper: libBFD, libCurl, IPSec netkey, pluto, l2tp
The OpenSSL Audit
• Commissioned by Linux Foundation’s Core Infrastructure Initiative (CII) • Ambitious Scope o Independent review o Coordinating closely with OpenSSL core team o Delayed for v. 1.1 maturity (significant refactor) o Diverse, complex codebase o Linux, BSDs, Windows, OSX, SRV5 (AIX, HP-UX, Solaris) o Intel x86 (incl. AES-NI), ARMv7, MIPS, PowerPC, Alpha… o FIPS module
OpenSSL Audit
• Goals • Thorough public security analysis of the core code in the next major release of OpenSSL • Demonstrate viability of a reusable open source test harness framework • Foster web-scale peer-reviewed public tools & data sets for protocol & negotiation analysis
Parting Thoughts
o VZ DBIR: 99.9% of successful exploits last year relied on a CVE more than a year old o Intelligence & defense collaboration & sharing is critical o Encryption isn’t a magic bullet o Understand your threat model o Stronger security chain will require better cooperation, more open exchanges, and trust
Parting Thoughts
o We are very much in the golden age of web security o We are beginning a serious re-examination of the core stack and fundamental trust chains
kwhite
hiboma
kohbis
yuyakakizaki08
sinsoku
yayoi_dd
ymty
soracom
isaoshimizu
bun913
m3hiro3
whywaita
kumamatsu
michaelherold
chriscoyier
rasmusluckow
addyosmani
paulrobertlloyd
wjessup
nonsquared
mongodb
thoeni
mza
moore
shlominoach