Slide 1

Slide 1 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Slide 2

Slide 2 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Crypto manifesto 2015 Alvaro Munoz, Principal Security Researcher Yekaterina O’Neil, Principal Security Researcher #HPProtect

Slide 3

Slide 3 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Agenda • Why now? • Common misuses • What to do? • Food for thought

Slide 4

Slide 4 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. A few terms • Entropy • Pseudo-random number generator (PRNG) • Hash function • Password-based key derivation function (PBKDF) • Asymmetric encryption • Symmetric encryption • Password-based encryption (PBE) • Mode of operation • Padding • Digital signature • Protocol • Ciphersuite

Slide 5

Slide 5 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Why now? High-profile vulnerabilities

Slide 6

Slide 6 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Slide 7

Slide 7 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Attacks on SSL 2011 2012 2013 2014 2015 September BEAST September POODLE September CRIME August BREACH April Heartbleed March FREAK May Logjam

Slide 8

Slide 8 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Common themes • Attacks on SSL and TLS • Require man-in-the-middle • Exploit protocols that use cryptography known to be broken for many years – Export ciphers – RC4 stream cipher – Block ciphers in CBC mode • Exploit protocols’ backwards compatibility with broken versions for interoperability with legacy systems • Result in ability to extract plaintext from encrypted sessions

Slide 9

Slide 9 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. POODLE • POODLE = Padding Oracle on Downgraded Legacy Encryption • CVE-2014-3566 • September 2014 • SSL 3.0 uses: – RC4 stream cipher or a block cipher in – CBC mode with – Non-deterministic padding – Not covered by Message Authentication Code (MAC) à integrity of padding cannot be fully verified at decryption • Allows to steal “secure” HTTP cookies or HTTP Authorization header contents using BEAST techniques • On average, requires 256 SSL 3.0 requests in order to reveal one byte of encrypted message

Slide 10

Slide 10 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. POODLE in action Server Browser Attacker TLS 1.2 TLS 1.1 TLS 1.0 SSL 3.0

Slide 11

Slide 11 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Padding Oracle attack in action Attacker Server Pi = D(Ci ) Ci-1 Padding Cn = xxxxxxxxxxxxxxxx15 We want to know Pi [15] Attacker replaces Cn with Ci Fail? Yes No D(Ci )[15] Cn-1 [15] = 15 Pi [15] = 15 Cn-1 [15] Ci-1 [15]

Slide 12

Slide 12 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Why now? Evolution of standards

Slide 13

Slide 13 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Standards • Elaine Barker and Allen Roginsky. “Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths”. NIST Special Publication 800-131A, 2011. http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf • Payment Card Industry (PCI) Data Security Standard (DSS). “Requirements and Security Assessment Procedures”. Version 3.0, November 2013. https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf • Payment Card Industry (PCI) Data Security Standard (DSS). “Requirements and Security Assessment Procedures”. Version 3.1, April 2015. https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf

Slide 14

Slide 14 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. NIST SP 800-131A Encryption transitions

Slide 15

Slide 15 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. NIST SP 800-131A Encryption transitions cont.

Slide 16

Slide 16 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. NIST SP 800-131A Digital signatures generation transitions

Slide 17

Slide 17 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. NIST SP 800-131A Digital signatures verification transitions

Slide 18

Slide 18 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. NIST SP 800-131A Random number generation transitions

Slide 19

Slide 19 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. NIST SP 800-131A RSA-based key length transitions

Slide 20

Slide 20 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. NIST SP 800-131A Hash function transitions

Slide 21

Slide 21 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. PCI DSS Version 3.0 Version 3.1

Slide 22

Slide 22 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Common misuses

Slide 23

Slide 23 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Categories of flaws related to: • Seeds and entropy sources • Password management and key derivation functions • Cryptographic hashes and password-based encryption • Digital signatures • Encryption • Key management

Slide 24

Slide 24 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Categories of flaws related to: • Seeds and entropy sources – Insecure Randomness: Hardcoded seed – Insecure Randomness: User-controlled seed – Insecure Randomness: Weak entropy source • Password management and key derivation functions • Cryptographic hashes and password-based encryption • Digital signatures • Encryption • Key management

Slide 25

Slide 25 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 25 CSPRNG PRNG 12345601110110111001001000101011101010010101010100010010 100010110101111110010101010101010000101010101010101110 12345601110110111001001000101011101010010101010100010010 100010110101111110010101010101010000101010101010101110

Slide 26

Slide 26 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 26 CSPRNG PRNG 12345611111000101000001111100011101010100001111010101111 010101011000001010101000010010010010010101010100001010 12345601110110111001001000101011101010010101010100010010 100010110101111110010101010101010000101010101010101110

Slide 27

Slide 27 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Example: Weak entropy source • CWE-332: Insufficient Entropy in PRNG • A PRNG is as strong as its entropy • Low entropy means seed is predictable • If seed is predictable, PRNG internal state will also be and so the generated sequence • Weak entropy sources: – Non-hardware sources of randomness • System clock • System/input/output buffers • User/system/hardware/network serial numbers or addresses and timing • User controlled input • PIDs

Slide 28

Slide 28 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Slide 29

Slide 29 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Slide 30

Slide 30 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Categories of flaws related to: • Seeds and entropy sources • Password management and key derivation functions – Password Management: Lack of Key Derivation Function • Cryptographic hashes and password-based encryption • Digital signatures • Encryption • Key management

Slide 31

Slide 31 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. KDF in a nutshell Derived key Salt Password Key length Pseudo random function Iteration count

Slide 32

Slide 32 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Password storage evolution • Completely insecure Clear passwords • Vulnerable to dictionary attacks (rainbow tables) Hashed passwords • Still brute-forceable with modern HW Hashed salted passwords • Computationally expensive Derived functions 32

Slide 33

Slide 33 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Estimated cost of hardware to crack a password in 1 year KDF 6 letters 8 letters 8 chars 10 chars 40-char text 80-char text DES CRYPT < $1 < $1 < $1 < $1 < $1 < $1 MD5 < $1 < $1 < $1 $1.1k $1 $1.5T MD5 CRYPT < $1 < $1 $130 $1.1M $1.4k $1.5 x 10^15 PBKDF2 (100 ms) < $1 < $1 $18k $160M $200k $2.2 x 10^17 bcrypt (95 ms) < $1 $4 $130k $1.2B $1.5M $48B scrypt (64 ms) < $1 $150 $4.8M $43B $52M $6 x 10^19 PBKDF2 (5.0 s) < $1 $29 $920k $8.3B $10M $11 x 10^18 bcrypt (3.0 s) < $1 $130 $4.3M $39B $47M $1.5T scrypt (3.8 s) $900 $610k $19B $175T $210B $2.3 x 10^23 33 Source: https://www.tarsnap.com/scrypt/scrypt.pdf

Slide 34

Slide 34 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Categories of flaws related to: • Seeds and entropy sources • Password management and key derivation functions • Cryptographic hashes and password-based encryption – Weak Cryptographic Hash: Hardcoded PBE Salt – Weak Cryptographic Hash: User-Controlled PBE Salt – Weak Cryptographic Hash: Insecure PBE Iteration Count – Weak Cryptographic Hash: User-Controlled Algorithm – Weak Cryptographic Hash: Predictable Salt – Weak Cryptographic Hash: Missing Required Step • Digital signatures • Encryption • Key management

Slide 35

Slide 35 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Example: Insecure PBE count • CWE-916: Use of Password Hash With Insufficient Computational Effort • Again: a system is as strong as its weakest link • Weakest links: – Hardcoded salt – Not unique-per-user salt – Predictable salt – Low iteration count

Slide 36

Slide 36 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Slide 37

Slide 37 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Slide 38

Slide 38 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Now think what this can do …

Slide 39

Slide 39 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Too expensive for you? Rent it Source: https://www.cloudcracker.com/

Slide 40

Slide 40 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Categories of flaws related to: • Seeds and entropy sources • Password management and key derivation functions • Cryptographic hashes and password-based encryption • Digital signatures – Weak Cryptographic Signature: Insufficient Key Size – Weak Cryptographic Signature: User-Controlled Key Size – Weak Cryptographic Signature: Missing Required Step • Encryption • Key management

Slide 41

Slide 41 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Example: Missing required step • CWE-325: Missing Required Cryptographic Step • Signing and encryption processes are implemented as s sequence of steps in certain libraries • Missing required steps can compromise your crypto • Use libraries that abstract developers from algorithm details and internal steps • Crypto should be straight forward for developers

Slide 42

Slide 42 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Slide 43

Slide 43 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Categories of flaws related to: • Seeds and entropy sources • Password management and key derivation functions • Cryptographic hashes and password-based encryption • Digital signatures • Encryption – Weak Encryption: Insecure Mode of Operation – Weak Encryption: Stream Cipher – Weak Encryption: Insecure Initialization Vector – Weak Encryption: Missing Required Step – Weak Encryption: User-Controlled Key Size • Key management

Slide 44

Slide 44 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 44 D(k,⋅) D(k,⋅) p[0] p[1] p[2] ⊕ ⊕ D(k,⋅) ⊕ c[0] c[1] c[2] IV D(k,⋅) p[0] p[1] p[2] ⊕ D(k,⋅) ⊕ D(k,⋅) ⊕ CBC mode

Slide 45

Slide 45 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Example: Insecure initializationvector • CWE-329: Not Using a Random IV with CBC Mode • IV is not secret, its sent with ciphertext • IVs should be random • IVs should not be reused • IVs should not be controlled by user • Insecure IVs: – IV = key – All zeros – Anything hardcoded – Default values when initialization step is not performed • Eg: PyCryptoAPI does not require an IV and if not passed, it defaults to 0. – def AES ( key , mode , IV = 0) – User controlled values

Slide 46

Slide 46 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 46 D(k,⋅) D(k,⋅) p[0] p[1] p[2] ⊕ ⊕ D(k,⋅) ⊕ c[0] c[1] c[2] IV=Key D(k,⋅) p[0] p[1] p[2] ⊕ D(k,⋅) ⊕ D(k,⋅) ⊕ IV = Key

Slide 47

Slide 47 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 47 D(k,⋅) D(k,⋅) p[0] p[1] p[2] ⊕ ⊕ D(k,⋅) ⊕ c[0] 0 c[0] IV=Key D(k,⋅) p[0] p[1] p[2] ⊕ D(k,⋅) ⊕ D(k,⋅) ⊕ IV = Key

Slide 48

Slide 48 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 48 D(k,⋅) D(k,⋅) D(k, c[0]) ^ k D(k, 0) ^ c[0] D(k, c[0]) ^ 0 ⊕ ⊕ D(k,⋅) ⊕ c[0] 0 c[0] IV=Key D(k,⋅) p[0] p[1] p[2] ⊕ D(k,⋅) ⊕ D(k,⋅) ⊕ IV = Key

Slide 49

Slide 49 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 49 D(k,⋅) D(k,⋅) D(k, c[0]) ^ k D(k, c[0]) ^ 0 ⊕ ⊕ D(k,⋅) ⊕ c[0] 0 c[0] IV=Key D(k,⋅) p[0] p[1] p[2] ⊕ D(k,⋅) ⊕ D(k,⋅) ⊕ IV = Key D(k, 0) ^ c[0]

Slide 50

Slide 50 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. D(k, 0) ^ c[0] 50 D(k,⋅) D(k,⋅) D(k, c[0]) ^ k D(k, c[0]) ^ 0 ⊕ ⊕ D(k,⋅) ⊕ c[0] 0 c[0] IV=Key D(k,⋅) p[0] p[1] p[2] ⊕ D(k,⋅) ⊕ D(k,⋅) ⊕ IV = Key To recover the key, just XOR the first and third unencrypted bytes: p’[0] ^ p’[2] = D(k, c[0]) ^ k ^ D(k, c[0]) ^ 0 = k

Slide 51

Slide 51 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 51 D(k,⋅) D(k,⋅) p[0] p[1] p[2] ⊕ ⊕ D(k,⋅) ⊕ c[0] c[1] c[2] IV=0 D(k,⋅) p[0] p[1] p[2] ⊕ D(k,⋅) ⊕ D(k,⋅) ⊕ IV = 0

Slide 52

Slide 52 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 52 D(k,⋅) D(k,⋅) p[0] p[1] p[2] ⊕ ⊕ D(k,⋅) ⊕ c[1] c[2] IV=0 D(k,⋅) p[0] p[1] p[2] ⊕ D(k,⋅) ⊕ D(k,⋅) ⊕ IV = 0 c[0]

Slide 53

Slide 53 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 53 D(k,⋅) D(k,⋅) p[1] p[2] p[3] ⊕ ⊕ D(k,⋅) ⊕ c[1] c[2] IV=0 D(k,⋅) p[1] p[2] p[3] ⊕ D(k,⋅) ⊕ D(k,⋅) ⊕ IV = 0 c[1]

Slide 54

Slide 54 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 54 D(k,⋅) D(k,⋅) p[2] p[3] p[4] ⊕ ⊕ D(k,⋅) ⊕ c[3] c[4] IV=0 D(k,⋅) p[2] p[3] p[4] ⊕ D(k,⋅) ⊕ D(k,⋅) ⊕ IV = 0 c[2]

Slide 55

Slide 55 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Example: Insecure mode of operation • CWE-327: Use of a Broken or Risky Cryptographic Algorithm • Modes of Operation: – ECB • Yep, you can see penguins in ECB mode, but there is much more than that – Byte-at-a-time ECB decryption – Cut-and-paste attack – CTR (Stream mode) • Stream ciphers are ok for communication, but not good for storage. If you use the same section of stream cipher twice, you have 0 security. As long as there is a fresh IV and you're not reading/writing to/from same file, you're ok. – CBC • Bit Flipping Attacks • Padding Oracles

Slide 56

Slide 56 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 56 D(k,⋅) D(k,⋅) p[0] p[1] p[2] ⊕ ⊕ D(k,⋅) ⊕ c[0] c[1] c[2] IV D(k,⋅) p[0] p[1] p[2] ⊕ D(k,⋅) ⊕ D(k,⋅) ⊕ Bit flip attacks

Slide 57

Slide 57 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 57 D(k,⋅) D(k,⋅) p[0] p[1] p[2] ⊕ ⊕ D(k,⋅) ⊕ Attacker supplied byte IV D(k,⋅) p[0] p[1] p[2] ⊕ D(k,⋅) ⊕ D(k,⋅) ⊕ Bit flip attacks c[0] c[2]

Slide 58

Slide 58 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 58 D(k,⋅) D(k,⋅) p[0] Garbage p[2] ⊕ ⊕ D(k,⋅) ⊕ Attacker supplied byte IV D(k,⋅) p[0] p[1] p[2] ⊕ D(k,⋅) ⊕ D(k,⋅) ⊕ Bit flip attacks c[0] c[2]

Slide 59

Slide 59 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Attacker controlled 59 D(k,⋅) D(k,⋅) p[0] Garbage ⊕ ⊕ D(k,⋅) ⊕ Attacker supplied IV D(k,⋅) p[0] p[1] p[2] ⊕ D(k,⋅) ⊕ D(k,⋅) ⊕ Bit flip attacks c[0] c[2]

Slide 60

Slide 60 text

Demo: Bit flipping attack on AES-CBC encrypted cookies

Slide 61

Slide 61 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Categories of flaws related to: • Seeds and entropy sources • Password management and key derivation functions • Cryptographic hashes and password-based encryption • Digital signatures • Encryption • Key management – Key Management: Hardcoded HMAC Key – Key Management: Empty HMAC Key – Key Management: Null HMAC Key – Key Management: Hardcoded PBE Password – Key Management: Empty PBE Password – Key Management: Null PBE Password – Key Management: Unencrypted Private Key

Slide 62

Slide 62 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. What to do?

Slide 63

Slide 63 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Crypto manifesto 2009 2015

Slide 64

Slide 64 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Fortify SCA categories • Insecure SSL: Server Identity Verification Disabled • Insecure SSL: Android Customized Implementation • Insecure SSL: Android Hostname Verification Disabled • Insecure SSL: Android Socket • Insecure Storage: Insufficient Data Protection • Insecure Storage: Lacking Data Protection • Insecure Transport: Weak SSL Protocol • Insecure Randomness • Password Management: Weak Cryptography • Key Management: Empty Encryption Key • Key Management: Hardcoded Encryption Key • Key Management: Null Encryption Key • Weak Cryptographic Hash: Hardcoded Salt • Weak Cryptographic Hash: User-Controlled Salt • Weak Encryption: Weak Encryption • Weak Encryption: Inadequate RSA Padding • Weak Encryption: Insufficient Key Size • Insecure Randomness: Hardcoded Seed • Insecure Randomness: User-Controlled Seed • Insecure Randomness: Weak Entropy Source • Password Management: Lack of Key Derivation Function • Weak Cryptographic Hash: Hardcoded PBE Salt • Weak Cryptographic Hash: User-Controlled PBE Salt • Weak Cryptographic Hash: Insecure PBE Iteration Count • Weak Cryptographic Hash: User-Controlled Algorithm • Weak Cryptographic Hash: Predictable Salt • Weak Cryptographic Hash: Missing Required Step • Weak Cryptographic Signature: Insufficient Key Size • Weak Cryptographic Signature: User-Controlled Key Size • Weak Cryptographic Signature: Missing Required Step • Weak Encryption: Insecure Mode of Operation • Weak Encryption: Stream Cipher • Weak Encryption: Insecure Initialization Vector • Weak Encryption: Missing Required Step • Weak Encryption: User-Controlled Key Size • Key Management: Hardcoded HMAC Key • Key Management: Empty HMAC Key • Key Management: Null HMAC Key • Key Management: Hardcoded PBE Password • Key Management: Empty PBE Password • Key Management: Null PBE Password • Key Management: Unencrypted Private Key 17 existing categories across 13 languages 25 new categories across 14 languages

Slide 65

Slide 65 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Fortify WebInspect categories • Insecure Transport • Insecure Transport: Channel Mixing • Insecure Transport: Inadequate SSL Policy Enforcement • Insecure Transport: OAuth Communication Channel • Insecure Transport: Mail Transmission • Insecure Transport: Secure Section Access Not SSL-Enabled • Insecure Transport: Weak SSL Cipher • Insecure transport: Wek SSL Protocol 8 categories that cover 17 checks

Slide 66

Slide 66 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Food for thought

Slide 67

Slide 67 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Some concluding thoughts • Trusting “lower layers” to “do the right thing” is not always a valid assumption • What are possible approaches to dealing with such risk? • Open-source vs. proprietary crypto

Slide 68

Slide 68 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Q&A

Slide 69

Slide 69 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Please give us your feedback Please fill out a survey. Hand it to the door monitor on your way out. Thank you for providing your feedback, which helps us enhance content for future events. Session B4005 Speakers Alvaro Munoz and Yekaterina O’Neil © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Slide 70

Slide 70 text

© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Thank you [email protected] [email protected]