The Swift Alps security workshop

Slide 1

Slide 1 text

Security. And Swift #swiftalps @vixentael and Alps

Slide 2

Slide 2 text

@vixentael Lead Developer at stanfy.com Core Contributor at themis/ cossacklabs.com Who I am

Slide 3

Slide 3 text

No content

Slide 4

Slide 4 text

No content

Slide 5

Slide 5 text

hacking NSA watching cat movies making own crypto practicing MitM writing (yet-another) secure messenger What we gonna do? eating chocolate holy-waring

Slide 6

Slide 6 text

#swiftalps @vixentael 1. Talking about security from kitten perspective 2. Risk analysis of typical app + analyze your app 3. Storage encryption + coding 4. Transfer encryption + coding Chapters

Slide 7

Slide 7 text

T2 T3 passive MitM active MitM T1/T4 data loss/ tampering T5 verbal key leak T6 phishing / social engineering T7 rubber-hose cryptanalysis T8 satellite imaging of sensitive input T9 EM emissions T10 sandbox escaping T11 misconfiguration T12 random generator abuse T13 random generator abuse T14 EM emissions and physical side channel T15 physical access T16 malicious dependency T17 misconfigured access T18 unattended backups T19 storing keys with data T20 weak cipher random generator abuse T21

Slide 8

Slide 8 text

#swiftalps @vixentael https://cossacklabs.com/choose-your-ios-crypto.html

Slide 9

Slide 9 text

No content

Slide 10

Slide 10 text

#swiftalps @vixentael Quiz rules 1.Answer questions 2.Get points for each correct answer 3.Top winners get a !

Slide 11

Slide 11 text

See you at my table!

Slide 12

Slide 12 text

AppSecurity for kittens Chapter 1

Slide 13

Slide 13 text

#swiftalps @vixentael I’m using HTTPS, I’m safe!

Slide 14

Slide 14 text

#swiftalps @vixentael Is HTTPS enough?

Slide 15

Slide 15 text

#swiftalps @vixentael

Slide 16

Slide 16 text

#swiftalps @vixentael

Slide 17

Slide 17 text

#swiftalps @vixentael SSL/TLS in short hello client asks certificate server sends cert encrypted data key negotiation client verifies cert - domain, - expiration date, - asks CA if cert is valid and not revoked

Slide 18

Slide 18 text

#swiftalps @vixentael Where can it break? https://www.cossacklabs.com/avoid-ssl-for-your-next-app.html https://www.cossacklabs.com/whats-wrong-with-web-crypto.html

Slide 19

Slide 19 text

#swiftalps @vixentael hello client asks certificate server sends cert encrypted data key negotiation client verifies cert - domain, - expiration date, - asks CA if cert is valid and not revoked SSL/TLS in short

Slide 20

Slide 20 text

#swiftalps @vixentael SSL pinning hello client asks certificate server sends cert encrypted data key negotiation SSL pinning

Slide 21

Slide 21 text

https://github.com/Alamofire/Alamofire #swiftalps @vixentael let serverTrustPolicies:[String : ServerTrustPolicy] = [ “mydomain.com": pinCertificates( certificates: ServerTrustPolicy.certificatesInBundle(), validateCertificateChain: true, validateHost: true ), “myexpireddomain.com": disableEvaluation ]

Slide 22

Slide 22 text

#swiftalps @vixentael https://github.com/johnlui/Pitaya let certData = NSData(contentsOfFile: NSBundle.mainBundle().pathForResource(“mydomaincom", ofType: "cer")!)!  ... ... .addSSLPinning(LocalCertData: certData) { () -> Void in  print("Under Man-in-the-middle attack!")  }

Slide 23

Slide 23 text

#swiftalps @vixentael What else can be pinned?

Slide 24

Slide 24 text

#swiftalps @vixentael SSL pinning in depth https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning https://www.owasp.org/index.php/Pinning_Cheat_Sheet

Slide 25

Slide 25 text

#swiftalps @vixentael Even pinning is not enough. Why?

Slide 26

Slide 26 text

#swiftalps @vixentael SSL kill switch https://github.com/nabla-c0d3/ssl-kill-switch2

Slide 27

Slide 27 text

#swiftalps @vixentael WoSign story https://security.googleblog.com/2016/10/ distrusting-wosign-and-startcom.html https://support.apple.com/en-us/HT204132

Slide 28

Slide 28 text

#swiftalps @vixentael WoSign story https://security.googleblog.com/2016/10/ distrusting-wosign-and-startcom.html https://support.apple.com/en-us/HT204132

Slide 29

Slide 29 text

#swiftalps @vixentael Who can summarize?

Slide 30

Slide 30 text

#swiftalps @vixentael 1. Using HTTPS is must-have, but not enough 2. Using SSL pinning is must-have, but not enough

Slide 31

Slide 31 text

#swiftalps @vixentael 1. Using HTTPS is must-have, but not enough 2. Using SSL pinning is must-have, but not enough Why? Because data is plain text

Slide 32

Slide 32 text

Risk analysis Chapter 2

Slide 33

Slide 33 text

Most users trust sensitive data to our app regardless of how well you protect it #swiftalps @vixentael

Slide 34

Slide 34 text

#swiftalps @vixentael Name system that has absolute security model

Slide 35

Slide 35 text

Nothing is absolutely secure #swiftalps @vixentael 3rd party libs ecosystem itself known & unknown vulnerabilities backdoors bugs

Slide 36

Slide 36 text

But we can put efforts into protecting system against certain threat model and attacker #swiftalps @vixentael Nothing is absolutely secure

Slide 37

Slide 37 text

Risk Model & Threat Model create demands for security #swiftalps @vixentael

Slide 38

Slide 38 text

Risks Data is used/sold by someone Data is tampered and you’re operating on adversary’s plan Identity/auth is used elsewhere data leakage data tampering identity theft #swiftalps @vixentael

Slide 39

Slide 39 text

- Encryption w/ secret or PKC - Limit access - Signed encryption - Protected transport with trust and integrity - Authenticated encryption - Action authentication Risk prevention #swiftalps @vixentael data leakage data tampering identity theft

Slide 40

Slide 40 text

Trust model is whose secrets you trust in a security system #swiftalps @vixentael

Slide 41

Slide 41 text

#swiftalps @vixentael Whom should we trust? (building our app)

Slide 42

Slide 42 text

#swiftalps @vixentael Whom should we trust? (building our app)

Slide 43

Slide 43 text

Whom should we trust? #swiftalps @vixentael The user only!

Slide 44

Slide 44 text

Typical app architecture user app network server storage #swiftalps @vixentael

Slide 45

Slide 45 text

More complicated.. T2 T3 passive MitM active MitM T1/T4 data loss/ tampering T5 verbal key leak T6 phishing / social engineering T7 rubber-hose cryptanalysis T8 satellite imaging of sensitive input T9 EM emissions T10 sandbox escaping T11 misconfiguration T12 random generator abuse T13 random generator abuse T14 EM emissions and physical side channel T15 physical access T16 malicious dependency T17 misconfigured access T18 unattended backups T19 storing keys with data T20 weak cipher random generator abuse T21 #swiftalps @vixentael

Slide 46

Slide 46 text

Back to threats we can handle T2 T3 passive MitM active MitM T1/T4 data loss/ tampering #swiftalps @vixentael

Slide 47

Slide 47 text

attacker steals stored data or tampers it Threats: T1/T4 Secret Key Crypto Protection Symmetric crypto for storing data. If user has no secret, he can’t read or change data. #swiftalps @vixentael

Slide 48

Slide 48 text

Threats: T2 attacker captures network traﬃc (passive MitM) Public Key Cryptography, ephemeral keys Protection Asymmetric crypto for sending data. Ephemeral keys to avoid decrypting accumulated traffic if keys are leaked/cracked. #swiftalps @vixentael

Slide 49

Slide 49 text

Threats: T3 attacker redirects traﬃc and pretends to be remote party (active MitM) Public Key Cryptography, certiﬁcate pinning Protection Asymmetric crypto for sending data. Check server certificate to make sure it matches with pinned one. #swiftalps @vixentael

Slide 50

Slide 50 text

Protection methods T2 T3 passive MitM active MitM T1/T4 data loss/ tampering Secret Key Crypto PKC + ephem. keys PKC + cert. pinning #swiftalps @vixentael

Slide 51

Slide 51 text

#swiftalps @vixentael Who can summarize?

Slide 52

Slide 52 text

#swiftalps @vixentael 1. There’s no absolute security 2. Analyze your system from risks and threats perspective 3. Put efforts against certain threats

Slide 53

Slide 53 text

#swiftalps @vixentael Analyze your app exercise

Slide 54

Slide 54 text

Symmetric encryption Chapter 3

Slide 55

Slide 55 text

#swiftalps @vixentael Where to store the data?

Slide 56

Slide 56 text

#swiftalps @vixentael Where to store the data? UserDefaults sqllite Realm plist mydata.txt

Slide 57

Slide 57 text

#swiftalps @vixentael

Slide 58

Slide 58 text

#swiftalps @vixentael File protection

Slide 59

Slide 59 text

#swiftalps @vixentael * NSFileProtectionNone * NSFileProtectionComplete Cannot be accessed while device is locked or booting. * NSFileProtectionCompleteUnlessOpen Opens only when device is unlocked; can be accessed whenever. * NSFileProtectionCompleteUntilFirstUserAuthentication Opens only after device is booted; can be accessed whenever. File protection

Slide 60

Slide 60 text

#swiftalps @vixentael File protection pros & cons 1. “Out of the box” 2. System-dependent 3. Jailbreak :( 4. Doesn’t depend on user actions inside your app

Slide 61

Slide 61 text

#swiftalps @vixentael File protection pros & cons 1. “Out of the box” 2. System-dependent 3. Jailbreak :( 4. Doesn’t depend on user actions inside your app -> encrypt stored data!

Slide 62

Slide 62 text

#swiftalps @vixentael Encrypt / decrypt storage data Storage encryption exercise

Slide 63

Slide 63 text

#swiftalps @vixentael https://cossacklabs.com/choose-your-ios-crypto.html

Slide 64

Slide 64 text

#swiftalps @vixentael Secure Cell is container for symmetric encryption Storage encryption exercise download demo project https://github.com/TheSwiftAlps/theswiftalpsdemo

Slide 65

Slide 65 text

#swiftalps @vixentael Secure Cell Cell wrap context encrypted message Cell unwrap plaintext message encrypted message plaintext message

Slide 66

Slide 66 text

#swiftalps @vixentael Secure Cell - integrity protection (calculates ~hmac to ensure that message was not changed) - context-dependent (both key and context are important) - tampering protection vs any AES wrapper -> more security guaranties out of the box https://github.com/cossacklabs/themis/wiki/Swift-Howto

Slide 67

Slide 67 text

#swiftalps @vixentael Run CellDemo Encrypt-decrypt several messages Can you decrypt messages using other context? Storage encryption exercise CellDemo().runDemo()

Slide 68

Slide 68 text

#swiftalps @vixentael What was wrong in this demo code?

Slide 69

Slide 69 text

#swiftalps @vixentael -> plain text keys What was wrong in this demo code?

Slide 70

Slide 70 text

#swiftalps @vixentael Where to store the key? UserDefaults sqllite keychain plist mysecretkey.txt

Slide 71

Slide 71 text

#swiftalps @vixentael 1. Store plain text 2. Store encrypted (decrypt before using) 3. Do not store at all (user input) 4. Calculate key 5. Combine (decrypted piece + user input) Key storage technique

Slide 72

Slide 72 text

#swiftalps @vixentael 1. Imagine any String key 2. Encrypt it 3. Save encrypted version 4. Decrypt before using Store encrypted key

Slide 73

Slide 73 text

#swiftalps @vixentael let key: String = myString.reverse() Calculate key

Slide 74

Slide 74 text

#swiftalps @vixentael KDF https://github.com/krzyzanowskim/CryptoSwift

Slide 75

Slide 75 text

#swiftalps @vixentael Improve sample by adding key storage techniques Encryption exercise 1. Store plain text 2. Store encrypted (decrypt before using) 3. Do not store at all (user input) 4. Calculate key 5. Combine (decrypted piece + user input)

Slide 76

Slide 76 text

Asymmetric encryption Chapter 4

Slide 77

Slide 77 text

Combining things: secure app v.1 SSL storage encryption storage encryption data leakage MiTM weak SSL #swiftalps @vixentael

Slide 78

Slide 78 text

Combining things: secure app v.2 end-to-end encryption storage encryption storage encryption weak auth blind trust ephemeral keys protected transport #swiftalps @vixentael

Slide 79

Slide 79 text

Combining things: secure app v.3 end-to-end encryption storage encryption storage encryption ephemeral keys protected transport MFA ZKP #swiftalps @vixentael

Slide 80

Slide 80 text

#swiftalps @vixentael Create iOS app and server system to exchange the messages Transfer exercise 1. secure end-to-end communication 2. perfect forward secrecy 3. strong mutual peer authentication

Slide 81

Slide 81 text

#swiftalps @vixentael https://cossacklabs.com/choose-your-ios-crypto.html

Slide 82

Slide 82 text

#swiftalps @vixentael Establish session between two peers, within which data can be securely exchanged with higher security guarantees. Secure session make sure that demo project is downloaded https://github.com/TheSwiftAlps/theswiftalpsdemo

Slide 83

Slide 83 text

#swiftalps @vixentael Transfer exercise 1. Open server, grab serverId, url and public key 2. Send a message to the server 3. See it on the dashboard Improve sample by adding key storage techniques http://alps.cossacklabs.com/

Slide 84

Slide 84 text

#swiftalps @vixentael What was wrong in this demo code?

Slide 85

Slide 85 text

#swiftalps @vixentael What was wrong in this demo code? -> plain text keys -> ATS

Slide 86

Slide 86 text

#swiftalps @vixentael 1. It’s easy to encrypt the transport layer 2. Don’t rely only on SSL 3. Make everything possible to protect your app

Slide 87

Slide 87 text

The last slide Need help? Talk to me :) @vixentael Lead Developer at stanfy.com Core Contributor at themis/ cossacklabs.com