Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Avoiding damage, shame and regrets: data protection for mobile client-server architectures

042b7c0e45c53de46667f07de2fb2614?s=47 vixentael
December 18, 2015

Avoiding damage, shame and regrets: data protection for mobile client-server architectures

If you can't tap on the link inside slides, please open as pdf (button on the right).

-------------------
-------------------

Blog post
https://medium.com/@vixentael/data-protection-for-mobile-client-server-architectures-6e6dcabd871a

My talk at #doios (Amsterdam), #CocoaConfBy (Minks) and #CocoaHeadsKyiv conferences =)

- communication with server: security, reliability, ease of use, choose two
- applied cryptography: should you manually configure CommonCrypto or ...?
- practical example: protecting network transport without breaking the app
- storage security: how to prevent anyone reading your sexy chat messages

042b7c0e45c53de46667f07de2fb2614?s=128

vixentael

December 18, 2015
Tweet

More Decks by vixentael

Other Decks in Programming

Transcript

  1. Avoiding damage, shame and regrets data protection for mobile client-server

    architectures @vixentael
  2. is intuitive, evolution trained us for it Real-world security

  3. Meet Dodo birds! Alice Bob data protection for client-server apps

    @vixentael
  4. They are chatting together Alice Bob tweet hello data protection

    for client-server apps @vixentael
  5. Here comes Eve.. ..the eavesdropping Fennec Fox data protection for

    client-server apps @vixentael
  6. Eve eavesdrops danger tweet ack ear radars: ON data protection

    for client-server apps @vixentael
  7. Birds fly away, Eve doesn’t hear them secure place hear

    nothing data protection for client-server apps @vixentael
  8. Risk (threat): Eve hears your secrets Mitigation: physically move away

    from Eve Real-world security
  9. evolution did not prepare you for that! Cyber-world security

  10. Apple Secure Coding Guide Every program is a potential target.

    Your customers’ property and your reputation are at stake. https://developer.apple.com/library/mac/documentation/ Security/Conceptual/SecureCodingGuide/ Introduction.html data protection for client-server apps @vixentael
  11. What we protect? User’s data! in storage in motion in

    memory data protection for client-server apps @vixentael
  12. Data in motion

  13. There are hackers.. and threats these hackers exploit.. to create

    damage Problem: Layer 1 data protection for client-server apps @vixentael
  14. Meet Alice-the-App and Bob-the-Server Alice-the-App Bob-the-Server data protection for client-server

    apps @vixentael
  15. Client and Server are communicating passw: 123456 HTTP 1.1 Alice-the-App

    Bob-the-Server data protection for client-server apps @vixentael
  16. Eve-the-Hacker data protection for client-server apps @vixentael

  17. Here Eve-the-Hacker comes! passw: 123456 HTTP 1.1 data protection for

    client-server apps @vixentael
  18. Here Eve-the-Hacker comes! passw: 123456 HTTP 1.1 {“passw”:“123456”} data protection

    for client-server apps @vixentael
  19. Let’s go deeper.. To avoid threats we need secure programming

    Problem: Layer 2 data protection for client-server apps @vixentael
  20. Alice decides to implement security puts on paper hat! data

    protection for client-server apps @vixentael
  21. Bob decides to implement security builds the fence! data protection

    for client-server apps @vixentael
  22. ..and they decide to use HTTPS! ****** : ****** HTTPS

    out of the box data protection for client-server apps @vixentael
  23. But it’s not really secure.. ****** : ****** HTTPS out

    of the box {“passw”:“123456”} data protection for client-server apps @vixentael
  24. Intercept traffic using proxy (1) data protection for client-server apps

    @vixentael
  25. Intercept traffic using proxy (2) data protection for client-server apps

    @vixentael
  26. Intercept traffic using proxy (3) * SSL experimenting with Android

    Top100 apps http://bit.ly/1NqpheM * Intercepting the App Store's Traffic on iOS http://bit.ly/1H3xMrs data protection for client-server apps @vixentael
  27. What helps Eve to eavesdrop? ๏ not encrypting user data

    ๏ plain HTTP ๏ self-signed certificates ๏ HTTPS with old cipher-suites ๏ using vulnerable libraries and bad examples from StackOverflow ๏ SSL without SSL certificate pinning data protection for client-server apps @vixentael
  28. Problem: Layer 3 As the result, Programming is rarely secure

    data protection for client-server apps @vixentael
  29. Software is buggy http://blog.mindedsecurity.com/2015/03/ssl-mitm-attack-in-afnetworking-251- do.html AFNetworking SSL verification bug (v2.5.1-2.5.2)

    https://eprint.iacr.org/2013/049.pdf Out-of-the-box SSL is frequent subject to attacks http://www.dwheeler.com/essays/apple-goto-fail.html Apple “goto fail” vulnerability http://noxxi.de/howto/ssl-debugging.html data protection for client-server apps @vixentael
  30. ๏ Copying bad code from StackOverflow ๏ Debugging by tearing

    security suites apart ๏ Avoiding “complicated” security documentation Software is buggy. Why? data protection for client-server apps @vixentael
  31. - is easy to f*ck up - is inconvenient to

    implement Cyber-world security
  32. - use good practice and brain - use good tools

    - minimize re-inventing the wheel What shall we do?
  33. Realize threat vectors Bad cryptography No access control Authentication bypass

    Credential reuse Session hijacking Denial of Service Data leakage … data protection for client-server apps @vixentael
  34. Anyone can invent a security system that he himself cannot

    break — Schneier's Law https://www.schneier.com/blog/archives/ 2011/04/schneiers_law.html Implementing security tools yourself is a threat data protection for client-server apps @vixentael
  35. Do not re-implement existing things data protection for client-server apps

    @vixentael
  36. None
  37. Use great tools scientific background trust big guys good track

    record libsodium/NaCL OTRKit RNCryptor MIHCrypto Themis https://github.com/mochtu/libsodium-ios https://github.com/ChatSecure/OTRKit https://github.com/RNCryptor/RNCryptor https://github.com/hohl/MIHCrypto https://github.com/cossacklabs/themis data protection for client-server apps @vixentael
  38. Apple open sourced crypto data protection for client-server apps @vixentael

  39. Swift CommonCrypto wrapper https://github.com/iosdevzone/IDZSwiftCommonCrypto/ https://realm.io/news/danny-keogan-swift-cryptography/ https://news.ycombinator.com/item?id=10733215 data protection for client-server

    apps @vixentael
  40. Armoring your SSL

  41. Do your SSL/TLS right ๏use long keys ๏disable backward compatibility

    ๏use strong ciphers (EC vs RSA) ๏pin SSL certificate ๏use cheat sheet https://www.cossacklabs.com/avoid-ssl-for-your- next-app.html SSL has a lot of problems To survive you need to: https://www.owasp.org/index.php/ Transport_Layer_Protection_Cheat_Sheet data protection for client-server apps @vixentael
  42. Do you pin SSL certificate? data protection for client-server apps

    @vixentael
  43. SSL/TLS in short hello client asks certificate server sends cert

    encrypted data client verifies cert - domain, - expiration date, - asks CA if cert is valid and not revoked key negotiation data protection for client-server apps @vixentael
  44. Where can it break? hello client asks certificate server sends

    cert encrypted data client verifies cert - domain, - expiration date, - asks CA if cert is valid and not revoked key negotiation data protection for client-server apps @vixentael
  45. SSL pinning hello client asks certificate server sends cert encrypted

    data client verifies cert - compares cert against pinned cert key negotiation data protection for client-server apps @vixentael
  46. SSL pinning on iOS https://possiblemobile.com/2013/03/ssl-pinning-for-increased-app-security/ https://www.paypal-engineering.com/2015/10/14/key-pinning-in-mobile- applications/ - (void)connection:(NSURLConnection *)connection

    willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge { SecTrustRef serverTrust = challenge.protectionSpace.serverTrust; id<NSURLAuthenticationChallengeSender> sender = challenge.sender; SecCertificateRef certificate = SecTrustGetCertificateAtIndex(serverTrust, 0); NSData * remoteCertificateData = CFBridgingRelease(SecCertificateCopyData(certificate)); NSString * cerPath = [[NSBundle mainBundle] pathForResource:@"MyLocalCertificate" ofType:@"cer"]; NSData * localCertData = [NSData dataWithContentsOfFile:cerPath]; if ([remoteCertificateData isEqualToData:localCertData]) { NSURLCredential * credential = [NSURLCredential credentialForTrust:serverTrust]; [sender useCredential:credential forAuthenticationChallenge:challenge]; } else { [sender cancelAuthenticationChallenge:challenge]; } } data protection for client-server apps @vixentael
  47. SSL pinning more easy :) let certData = NSData(contentsOfFile: NSBundle.mainBundle().pathForResource("lvwenhancom",

    ofType: "cer")!)!
 ... ... .addSSLPinning(LocalCertData: certData) { () -> Void in
 print("Under Man-in-the-middle attack!")
 } Swift lib for HTTPS and SSL pinning https://github.com/johnlui/Pitaya https://github.com/iSECPartners/ssl-conservatory data protection for client-server apps @vixentael
  48. Nah. SSL is not enough :( So, we’re done?

  49. Government MitM http://habrahabr.ru/post/272207/ data protection for client-server apps @vixentael

  50. Implementing Forward Secrecy

  51. Forward Secrecy: Threat Eve records encrypted traffic New crypto vulnerability

    allows to extract keys Eve physically extracts keys from one of the birds Eve decrypts all encrypted traffic data protection for client-server apps @vixentael
  52. data protection for client-server apps @vixentael Forward Secrecy: Mitigation Forward

    Secrecy ephemeral keys + key rotation scheme https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf SSL/TLS has forward secrecy but it’s weak: =
  53. Using ephemeral key key negotiation (RSA or EC) create symmetric

    temp key use temp key to encrypt messages during session close session open session data protection for client-server apps @vixentael
  54. Implementing ephemeral keys 1. establish session 2. encrypt message with

    SecureSession before sending 3. decrypt message after receive 4. encrypt history with SecureCell https://github.com/cossacklabs/themis Themis has built-in forward secrecy inside SecureSession object data protection for client-server apps @vixentael
  55. Implementing ephemeral keys https://github.com/cossacklabs/mobile-websocket-example data protection for client-server apps @vixentael

  56. Data in storage

  57. iOS data protection data protection for client-server apps @vixentael

  58. Storing in plain text is bad idea data protection for

    client-server apps @vixentael
  59. What we need to do 1. Choose good storage library

    with efficient crypto 2. Embed it on read/write 3. Store keys safely data protection for client-server apps @vixentael
  60. RNCryptor example Themis SecureCell example Storage libraries data protection for

    client-server apps @vixentael
  61. Storing the keys SSKeychain example Valet example https://github.com/square/Valet https://github.com/soffes/sskeychain data

    protection for client-server apps @vixentael
  62. compute key and use KDF to derive Storing the keys:

    Computable obfuscation https://www.mikeash.com/pyblog/friday-qa-2012-08-10-a-tour-of- commoncrypto.html key = KDF(sqrt(42)*len(user_id)/parity(user_id)) data protection for client-server apps @vixentael
  63. Ending notes

  64. Practical app security step by step 1.Use HTTPS with good

    TLS settings 2.Enable SSL pinning 3.Encrypt user data in motion with ephemeral keys 4.Encrypt stored data and protect the key data protection for client-server apps @vixentael
  65. Alice is more secure now SSL pinning encrypted storage data

    ephemeral keys data protection for client-server apps @vixentael
  66. Bob is more secure now encrypted storage data ephemeral keys

    data protection for client-server apps @vixentael
  67. data protection for client-server apps @vixentael Chatting is more secure

    5720b3c2 fe674f54 73e10ad4 ... HTTPS SSL pinning ephemeral keys
  68. Security is full of adventures and discoveries. And fun. and

    shiny metal birds!
  69. The last slide @vixentael iOS developer at stanfy.com [creating awesome

    mobile and IoT apps] take care! data protection for client-server apps @vixentael
  70. More to read ̣ The Mobile Application Hacker's Handbook https://books.google.com.ua/books?id=UgVhBgAAQBAJ

    ̣ Designing Secure User Interfaces https://developer.apple.com/library/ios/documentation/Security/ Conceptual/SecureCodingGuide/Articles/AppInterfaces.html#//apple_ref/ doc/uid/TP40002862-SW1 ̣ CryptoCat iOS app security audit https://nabla-c0d3.github.io/documents/iSEC_Cryptocat_iOS.pdf ̣ Storing secret keys http://www.splinter.com.au/2014/09/16/storing-secret-keys/
  71. More to watch ̣ All talks of Moxie Marlinspike https://www.youtube.com/watch?v=ibF36Yyeehw

    https://www.youtube.com/watch?v=8N4sb-SEpcg https://www.youtube.com/watch?v=tOMiAeRwpPA