Slide 1

Slide 1 text

Avoiding damage, shame and regrets data protection for mobile client-server architectures @vixentael

Slide 2

Slide 2 text

is intuitive, evolution trained us for it Real-world security

Slide 3

Slide 3 text

Meet Dodo birds! Alice Bob data protection for client-server apps @vixentael

Slide 4

Slide 4 text

They are chatting together Alice Bob tweet hello data protection for client-server apps @vixentael

Slide 5

Slide 5 text

Here comes Eve.. ..the eavesdropping Fennec Fox data protection for client-server apps @vixentael

Slide 6

Slide 6 text

Eve eavesdrops danger tweet ack ear radars: ON data protection for client-server apps @vixentael

Slide 7

Slide 7 text

Birds fly away, Eve doesn’t hear them secure place hear nothing data protection for client-server apps @vixentael

Slide 8

Slide 8 text

Risk (threat): Eve hears your secrets Mitigation: physically move away from Eve Real-world security

Slide 9

Slide 9 text

evolution did not prepare you for that! Cyber-world security

Slide 10

Slide 10 text

Apple Secure Coding Guide Every program is a potential target. Your customers’ property and your reputation are at stake. https://developer.apple.com/library/mac/documentation/ Security/Conceptual/SecureCodingGuide/ Introduction.html data protection for client-server apps @vixentael

Slide 11

Slide 11 text

What we protect? User’s data! in storage in motion in memory data protection for client-server apps @vixentael

Slide 12

Slide 12 text

Data in motion

Slide 13

Slide 13 text

There are hackers.. and threats these hackers exploit.. to create damage Problem: Layer 1 data protection for client-server apps @vixentael

Slide 14

Slide 14 text

Meet Alice-the-App and Bob-the-Server Alice-the-App Bob-the-Server data protection for client-server apps @vixentael

Slide 15

Slide 15 text

Client and Server are communicating passw: 123456 HTTP 1.1 Alice-the-App Bob-the-Server data protection for client-server apps @vixentael

Slide 16

Slide 16 text

Eve-the-Hacker data protection for client-server apps @vixentael

Slide 17

Slide 17 text

Here Eve-the-Hacker comes! passw: 123456 HTTP 1.1 data protection for client-server apps @vixentael

Slide 18

Slide 18 text

Here Eve-the-Hacker comes! passw: 123456 HTTP 1.1 {“passw”:“123456”} data protection for client-server apps @vixentael

Slide 19

Slide 19 text

Let’s go deeper.. To avoid threats we need secure programming Problem: Layer 2 data protection for client-server apps @vixentael

Slide 20

Slide 20 text

Alice decides to implement security puts on paper hat! data protection for client-server apps @vixentael

Slide 21

Slide 21 text

Bob decides to implement security builds the fence! data protection for client-server apps @vixentael

Slide 22

Slide 22 text

..and they decide to use HTTPS! ****** : ****** HTTPS out of the box data protection for client-server apps @vixentael

Slide 23

Slide 23 text

But it’s not really secure.. ****** : ****** HTTPS out of the box {“passw”:“123456”} data protection for client-server apps @vixentael

Slide 24

Slide 24 text

Intercept traffic using proxy (1) data protection for client-server apps @vixentael

Slide 25

Slide 25 text

Intercept traffic using proxy (2) data protection for client-server apps @vixentael

Slide 26

Slide 26 text

Intercept traffic using proxy (3) * SSL experimenting with Android Top100 apps http://bit.ly/1NqpheM * Intercepting the App Store's Traffic on iOS http://bit.ly/1H3xMrs data protection for client-server apps @vixentael

Slide 27

Slide 27 text

What helps Eve to eavesdrop? ๏ not encrypting user data ๏ plain HTTP ๏ self-signed certificates ๏ HTTPS with old cipher-suites ๏ using vulnerable libraries and bad examples from StackOverflow ๏ SSL without SSL certificate pinning data protection for client-server apps @vixentael

Slide 28

Slide 28 text

Problem: Layer 3 As the result, Programming is rarely secure data protection for client-server apps @vixentael

Slide 29

Slide 29 text

Software is buggy http://blog.mindedsecurity.com/2015/03/ssl-mitm-attack-in-afnetworking-251- do.html AFNetworking SSL verification bug (v2.5.1-2.5.2) https://eprint.iacr.org/2013/049.pdf Out-of-the-box SSL is frequent subject to attacks http://www.dwheeler.com/essays/apple-goto-fail.html Apple “goto fail” vulnerability http://noxxi.de/howto/ssl-debugging.html data protection for client-server apps @vixentael

Slide 30

Slide 30 text

๏ Copying bad code from StackOverflow ๏ Debugging by tearing security suites apart ๏ Avoiding “complicated” security documentation Software is buggy. Why? data protection for client-server apps @vixentael

Slide 31

Slide 31 text

- is easy to f*ck up - is inconvenient to implement Cyber-world security

Slide 32

Slide 32 text

- use good practice and brain - use good tools - minimize re-inventing the wheel What shall we do?

Slide 33

Slide 33 text

Realize threat vectors Bad cryptography No access control Authentication bypass Credential reuse Session hijacking Denial of Service Data leakage … data protection for client-server apps @vixentael

Slide 34

Slide 34 text

Anyone can invent a security system that he himself cannot break — Schneier's Law https://www.schneier.com/blog/archives/ 2011/04/schneiers_law.html Implementing security tools yourself is a threat data protection for client-server apps @vixentael

Slide 35

Slide 35 text

Do not re-implement existing things data protection for client-server apps @vixentael

Slide 36

Slide 36 text

No content

Slide 37

Slide 37 text

Use great tools scientific background trust big guys good track record libsodium/NaCL OTRKit RNCryptor MIHCrypto Themis https://github.com/mochtu/libsodium-ios https://github.com/ChatSecure/OTRKit https://github.com/RNCryptor/RNCryptor https://github.com/hohl/MIHCrypto https://github.com/cossacklabs/themis data protection for client-server apps @vixentael

Slide 38

Slide 38 text

Apple open sourced crypto data protection for client-server apps @vixentael

Slide 39

Slide 39 text

Swift CommonCrypto wrapper https://github.com/iosdevzone/IDZSwiftCommonCrypto/ https://realm.io/news/danny-keogan-swift-cryptography/ https://news.ycombinator.com/item?id=10733215 data protection for client-server apps @vixentael

Slide 40

Slide 40 text

Armoring your SSL

Slide 41

Slide 41 text

Do your SSL/TLS right ๏use long keys ๏disable backward compatibility ๏use strong ciphers (EC vs RSA) ๏pin SSL certificate ๏use cheat sheet https://www.cossacklabs.com/avoid-ssl-for-your- next-app.html SSL has a lot of problems To survive you need to: https://www.owasp.org/index.php/ Transport_Layer_Protection_Cheat_Sheet data protection for client-server apps @vixentael

Slide 42

Slide 42 text

Do you pin SSL certificate? data protection for client-server apps @vixentael

Slide 43

Slide 43 text

SSL/TLS in short hello client asks certificate server sends cert encrypted data client verifies cert - domain, - expiration date, - asks CA if cert is valid and not revoked key negotiation data protection for client-server apps @vixentael

Slide 44

Slide 44 text

Where can it break? hello client asks certificate server sends cert encrypted data client verifies cert - domain, - expiration date, - asks CA if cert is valid and not revoked key negotiation data protection for client-server apps @vixentael

Slide 45

Slide 45 text

SSL pinning hello client asks certificate server sends cert encrypted data client verifies cert - compares cert against pinned cert key negotiation data protection for client-server apps @vixentael

Slide 46

Slide 46 text

SSL pinning on iOS https://possiblemobile.com/2013/03/ssl-pinning-for-increased-app-security/ https://www.paypal-engineering.com/2015/10/14/key-pinning-in-mobile- applications/ - (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge { SecTrustRef serverTrust = challenge.protectionSpace.serverTrust; id sender = challenge.sender; SecCertificateRef certificate = SecTrustGetCertificateAtIndex(serverTrust, 0); NSData * remoteCertificateData = CFBridgingRelease(SecCertificateCopyData(certificate)); NSString * cerPath = [[NSBundle mainBundle] pathForResource:@"MyLocalCertificate" ofType:@"cer"]; NSData * localCertData = [NSData dataWithContentsOfFile:cerPath]; if ([remoteCertificateData isEqualToData:localCertData]) { NSURLCredential * credential = [NSURLCredential credentialForTrust:serverTrust]; [sender useCredential:credential forAuthenticationChallenge:challenge]; } else { [sender cancelAuthenticationChallenge:challenge]; } } data protection for client-server apps @vixentael

Slide 47

Slide 47 text

SSL pinning more easy :) let certData = NSData(contentsOfFile: NSBundle.mainBundle().pathForResource("lvwenhancom", ofType: "cer")!)!
 ... ... .addSSLPinning(LocalCertData: certData) { () -> Void in
 print("Under Man-in-the-middle attack!")
 } Swift lib for HTTPS and SSL pinning https://github.com/johnlui/Pitaya https://github.com/iSECPartners/ssl-conservatory data protection for client-server apps @vixentael

Slide 48

Slide 48 text

Nah. SSL is not enough :( So, we’re done?

Slide 49

Slide 49 text

Government MitM http://habrahabr.ru/post/272207/ data protection for client-server apps @vixentael

Slide 50

Slide 50 text

Implementing Forward Secrecy

Slide 51

Slide 51 text

Forward Secrecy: Threat Eve records encrypted traffic New crypto vulnerability allows to extract keys Eve physically extracts keys from one of the birds Eve decrypts all encrypted traffic data protection for client-server apps @vixentael

Slide 52

Slide 52 text

data protection for client-server apps @vixentael Forward Secrecy: Mitigation Forward Secrecy ephemeral keys + key rotation scheme https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf SSL/TLS has forward secrecy but it’s weak: =

Slide 53

Slide 53 text

Using ephemeral key key negotiation (RSA or EC) create symmetric temp key use temp key to encrypt messages during session close session open session data protection for client-server apps @vixentael

Slide 54

Slide 54 text

Implementing ephemeral keys 1. establish session 2. encrypt message with SecureSession before sending 3. decrypt message after receive 4. encrypt history with SecureCell https://github.com/cossacklabs/themis Themis has built-in forward secrecy inside SecureSession object data protection for client-server apps @vixentael

Slide 55

Slide 55 text

Implementing ephemeral keys https://github.com/cossacklabs/mobile-websocket-example data protection for client-server apps @vixentael

Slide 56

Slide 56 text

Data in storage

Slide 57

Slide 57 text

iOS data protection data protection for client-server apps @vixentael

Slide 58

Slide 58 text

Storing in plain text is bad idea data protection for client-server apps @vixentael

Slide 59

Slide 59 text

What we need to do 1. Choose good storage library with efficient crypto 2. Embed it on read/write 3. Store keys safely data protection for client-server apps @vixentael

Slide 60

Slide 60 text

RNCryptor example Themis SecureCell example Storage libraries data protection for client-server apps @vixentael

Slide 61

Slide 61 text

Storing the keys SSKeychain example Valet example https://github.com/square/Valet https://github.com/soffes/sskeychain data protection for client-server apps @vixentael

Slide 62

Slide 62 text

compute key and use KDF to derive Storing the keys: Computable obfuscation https://www.mikeash.com/pyblog/friday-qa-2012-08-10-a-tour-of- commoncrypto.html key = KDF(sqrt(42)*len(user_id)/parity(user_id)) data protection for client-server apps @vixentael

Slide 63

Slide 63 text

Ending notes

Slide 64

Slide 64 text

Practical app security step by step 1.Use HTTPS with good TLS settings 2.Enable SSL pinning 3.Encrypt user data in motion with ephemeral keys 4.Encrypt stored data and protect the key data protection for client-server apps @vixentael

Slide 65

Slide 65 text

Alice is more secure now SSL pinning encrypted storage data ephemeral keys data protection for client-server apps @vixentael

Slide 66

Slide 66 text

Bob is more secure now encrypted storage data ephemeral keys data protection for client-server apps @vixentael

Slide 67

Slide 67 text

data protection for client-server apps @vixentael Chatting is more secure 5720b3c2 fe674f54 73e10ad4 ... HTTPS SSL pinning ephemeral keys

Slide 68

Slide 68 text

Security is full of adventures and discoveries. And fun. and shiny metal birds!

Slide 69

Slide 69 text

The last slide @vixentael iOS developer at stanfy.com [creating awesome mobile and IoT apps] take care! data protection for client-server apps @vixentael

Slide 70

Slide 70 text

More to read ̣ The Mobile Application Hacker's Handbook https://books.google.com.ua/books?id=UgVhBgAAQBAJ ̣ Designing Secure User Interfaces https://developer.apple.com/library/ios/documentation/Security/ Conceptual/SecureCodingGuide/Articles/AppInterfaces.html#//apple_ref/ doc/uid/TP40002862-SW1 ̣ CryptoCat iOS app security audit https://nabla-c0d3.github.io/documents/iSEC_Cryptocat_iOS.pdf ̣ Storing secret keys http://www.splinter.com.au/2014/09/16/storing-secret-keys/

Slide 71

Slide 71 text

More to watch ̣ All talks of Moxie Marlinspike https://www.youtube.com/watch?v=ibF36Yyeehw https://www.youtube.com/watch?v=8N4sb-SEpcg https://www.youtube.com/watch?v=tOMiAeRwpPA