Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building user-centric security model in iOS applications

vixentael
September 02, 2016
Programming
2
290

Building user-centric security model in iOS applications

If you can't tap on the link inside slides, please open as pdf (button on the right).

-------------------
-------------------

My talk at #tryswiftnyc conference (http://www.tryswiftnyc.com/)

In this presentation we will talk about building security, that does not fail when application keys are exposed; when servers are hacked; security that lasts as long as unique user's crypto keys (or passwords) are safe. Putting secrets known by the user to be a source of trust is the ultimate way for an app to become "thin" in relation to the security model, thus lowering the risks and developer pain. We will learn about thin transparent security layers system and its applicability in client-server systems.

vixentael

September 02, 2016
Tweet

More Decks by vixentael

See All by vixentael
Using YubiKey and FIDO U2F for secure authentication
vixentael
0
1.2k
Data is a new security boundary
vixentael
0
4.3k
Cryptographic protection of ML models
vixentael
0
2.6k
e2ee != security != privacy
vixentael
0
2.1k
Maintaining cryptographic library for 12 languages
vixentael
1
3.5k
10 lines of encryption, 1500 lines of key management
vixentael
2
1.5k
Security, privacy and cryptography at WWDC19
vixentael
1
630
Data encryption: CyberKids edition
vixentael
0
560
"Defense in depth": trench warfare principles for building secure distributed applications
vixentael
3
850

Other Decks in Programming

See All in Programming
Behind VS Code Extensions for JavaScript / TypeScript Linnting and Formatting
unvalley
6
1.3k
“Seeing Like a Programmer”—Resiliency, Limits, and Moral Hazards in Software Engineering (LambdaConf 2024)
chriskrycho
0
290
Domain-Driven Transformation
hschwentner
2
1.5k
R言語の環境構築と基礎 Tokyo.R 112
bob3bob3
0
280
サイコロで理解する統計的仮説検定の考え方
tatamiya
4
1.1k
2 週間で Twitter Bot を作ってみた
contour_gara
0
800
Azure OpenAI Serviceのプロンプトエンジニアリング入門
tomokusaba
3
930
Three ways to use AI on Android: The Good, the Bad and the Ugly
marxallski
0
110
Going beyond Apache Parquet's default settings
xhochy
0
140
Kotlin Multiplatform at Stable and Beyond (Android Makers 2024)
zsmb
0
540
slow types ってなんだろう?
karad
0
150
検証も兼ねて個人開発でHonoとかと向き合った話
hanetsuki
1
1.4k

Featured

See All Featured
Ruby is Unlike a Banana
tanoku
96
10k
The Pragmatic Product Professional
lauravandoore
26
5.8k
Building Better People: How to give real-time feedback that sticks.
wjessup
356
18k
KATA
mclloyd
16
12k
The Brand Is Dead. Long Live the Brand.
mthomps
49
29k
BBQ
matthewcrist
80
8.8k
Producing Creativity
orderedlist
PRO
338
39k
Bootstrapping a Software Product
garrettdimon
PRO
302
110k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
9
1.3k
For a Future-Friendly Web
brad_frost
172
9k
Building Flexible Design Systems
yeseniaperezcruz
320
37k
Code Review Best Practice
trishagee
56
15k

Transcript

  1. Building user-centric security model in iOS apps #tryswiftnyc @vixentael

  2. Security talk ahead!

  3. #tryswiftnyc @vixentael Why we should think more about security?

  4. Users trust Apple platform Users trust us Why we should

    think more about security? #tryswiftnyc @vixentael

  5. Most users trust sensitive data to our app regardless of

    how well we protect it #tryswiftnyc @vixentael

  6. abstract app in a vacuum #tryswiftnyc @vixentael

  7. None

  8. security is set of ultimatum rules security abstract app in

    a vacuum #tryswiftnyc @vixentael

  9. security is set of ultimatum rules abstract app in a

    vacuum real apps, real ecosystems #tryswiftnyc @vixentael

  10. App Flow App Features Code User Problem #tryswiftnyc @vixentael

  11. Risk Threat Model Secure Methods Secure Implemen- tations Libs/ Code

    App Flow App Features Code User Problem #tryswiftnyc @vixentael

  12. It is secure #tryswiftnyc @vixentael

  13. It is secure against certain threat model and adversary It

    is secure #tryswiftnyc @vixentael

  14. Trust model is whose secrets you trust in a security

    system #tryswiftnyc @vixentael

  15. Everything is broken Trust no one, but the user #tryswiftnyc

    @vixentael

  16. Now let’s apply this to the real app #tryswiftnyc @vixentael

  17. None

  18. secret data paranoia pa55w0rd trust What user hero has? #tryswiftnyc

    @vixentael

  19. for saving your important docs during trips Let’s make an

    app!

  20. Architecture and flow user app network server storage #tryswiftnyc @vixentael

  21. T2 T3 passive MitM active MitM T1/T4 data loss/ tampering

    Threats we can handle #tryswiftnyc @vixentael

  22. More complicated.. T2 T3 passive MitM active MitM T1/T4 data

    loss/ tampering T5 verbal key leak T6 phishing / social engineering T7 rubber-hose cryptanalysis T8 satellite imaging of sensitive input T9 EM emissions T10 sandbox escaping T11 misconfiguration T12 random generator abuse T13 random generator abuse T14 EM emissions and physical side channel T15 physical access T16 malicious dependency T17 misconfigured access T18 unattended backups T19 storing keys with data T20 weak cipher random generator abuse T21 #tryswiftnyc @vixentael

  23. Back to threats we can handle T2 T3 passive MitM

    active MitM T1/T4 data loss/ tampering #tryswiftnyc @vixentael

  24. Threats: T1/T4 attacker steals stored data or tampers it #tryswiftnyc

    @vixentael

  25. attacker steals stored data or tampers it Threats: T1/T4 Secret

    Key Crypto Protection Symmetric crypto for storing data. If user has no secret, he can’t read or change data. #tryswiftnyc @vixentael

  26. Threats: T2 attacker captures network traffic (passive MitM) #tryswiftnyc @vixentael

  27. Threats: T2 attacker captures network traffic (passive MitM) Public Key

    Cryptography, ephemeral keys Protection Asymmetric crypto for sending data. Ephemeral keys to avoid decrypting accumulated traffic if keys are leaked/cracked. #tryswiftnyc @vixentael

  28. Threats: T3 attacker redirects traffic and pretends to be remote

    party (active MitM) #tryswiftnyc @vixentael

  29. Threats: T3 attacker redirects traffic and pretends to be remote

    party (active MitM) Public Key Cryptography, certificate pinning Protection Asymmetric crypto for sending data. Check server certificate to make sure it matches with pinned one. #tryswiftnyc @vixentael

  30. Protection methods T2 T3 passive MitM active MitM T1/T4 data

    loss/ tampering Secret Key Crypto PKC + ephem. keys PKC + cert. pinning #tryswiftnyc @vixentael

  31. Public Key Crypto Perfect Forward Secrecy Secret Key Crypto Authenticated

    Encryption Certificate Pinning Trust model Trust the user only #tryswiftnyc @vixentael

  32. Relationship model plain data symmetric encryption PKC + eph. keys

    symmetric encryption PKC + eph. keys ZKP ZKP #tryswiftnyc @vixentael

  33. …what if trapdoor function fails? …what if key exchange is

    flawed? …what if we suspect that server is fraudulent? add more paranoia! #tryswiftnyc @vixentael

  34. …what if trapdoor function fails? …what if key exchange is

    flawed? add more paranoia! …what if we suspect that server is fraudulent? Zero Knowledge Proof for the rescue! #tryswiftnyc @vixentael

  35. ZKP is comparing shared secret without transmitting it does not

    require the key exchange, does not leak password https://www.cossacklabs.com/zero-knowledge-protocols-without-magic.html #tryswiftnyc @vixentael

  36. So, data model: Secret key (SK) = KDF(user password) #tryswiftnyc

    @vixentael

  37. Secret key (SK) = KDF(user password) Sensitive Data (SD) —

    passport photo Metadata (M1) — timestamp+CRC of photo Metadata (M2) — name of photo (user inputs) So, data model: #tryswiftnyc @vixentael

  38. Secret key (SK) = KDF(user password) Sensitive Data (SD) —

    passport photo Metadata (M1) — timestamp+CRC of photo Metadata (M2) — name of photo (user inputs) Mobile Key Pair (MKP) — private+public keys gen. inside app. Server Key Pair (SKP) — private+public keys gen. on server. App pins Server Public Key. So, data model: #tryswiftnyc @vixentael

  39. Pwd Key + Data model SD M1 M2 MKP SKP

    SK #tryswiftnyc @vixentael

  40. Pwd MKP SKP SK symmetric encryption PKC + eph. keys

    PKC + eph. keys Rand KDF() Rand User-centric trust #tryswiftnyc @vixentael

  41. App Flows

  42. Crypto primitives* Symmetric crypto SCell Asymmetric crypto based on ephemeral

    keys SSession SComparator ZKP implementation *based on Themis crypto lib https://github.com/cossacklabs/themis #tryswiftnyc @vixentael

  43. 2. Store EncData, M1, M2 in Local Store 3. Drop

    SD, SK from memory prepare data 1. Encrypt photo EncData = SCell_wrap(SD, SK, Context=M2) Send photo to server #tryswiftnyc @vixentael

  44. 2. Store EncData, M1, M2 in Local Store 3. Drop

    SD, SK from memory prepare data transfer data 4. Connect to Server: Session = SSession(Priv(MKP), Pub(SKP)) 5. Send EncData, M1, M2 via Session 1. Encrypt photo EncData = SCell_wrap(SD, SK, Context=M2) Send photo to server #tryswiftnyc @vixentael

  45. Send photo to server 1. Encrypt photo EncData = SCell_wrap(SD,

    SK, Context=M2) 6. Receive OK 7. Terminate Session 8. Mark EncData in Local Store as Synced 2. Store EncData, M1, M2 in Local Store 3. Drop SD, SK from memory 4. Connect to Server: Session = SSession(Priv(MKP), Pub(SKP)) 5. Send EncData, M1, M2 via Session prepare data transfer data terminate session

  46. Send photo to server 1. Encrypt photo EncData = SCell_wrap(SD,

    SK, Context=M2) 6. Receive OK 7. Terminate Session 8. Mark EncData in Local Store as Synced 2. Store EncData, M1, M2 in Local Store 3. Drop SD, SK from memory 4. Connect to Server: Session = SSession(Priv(MKP), Pub(SKP)) 5. Send EncData, M1, M2 via Session prepare data transfer data terminate session

  47. 1. Connect to Server: Session = SSession(Priv(MKP), Pub(SKP)) 2. Request

    EncData proof via ZKP: 2.1 Send M1 2.2 Request Server to prove he has M2 by performing SComparator(M2) initialize connection Read photo from server #tryswiftnyc @vixentael

  48. 1. Connect to Server: Session = SSession(Priv(MKP), Pub(SKP)) 3. Receive

    EncData 2. Request EncData proof via ZKP: 2.1 Send M1 2.2 Request Server to prove he has M2 by performing SComparator(M2) initialize connection transfer data Read photo from server #tryswiftnyc @vixentael

  49. Read photo from server 1. Connect to Server: Session =

    SSession(Priv(MKP), Pub(SKP)) 3. Receive EncData 2. Request EncData proof via ZKP: 2.1 Send M1 2.2 Request Server to prove he has M2 by performing SComparator(M2) 4. Request password from user 5. Decrypt data: SD = SCell_unwrap(EncData, SK, Context=M2) initialize connection transfer data decrypt data

  50. Read photo from server 1. Connect to Server: Session =

    SSession(Priv(MKP), Pub(SKP)) 3. Receive EncData 2. Request EncData proof via ZKP: 2.1 Send M1 2.2 Request Server to prove he has M2 by performing SComparator(M2) 4. Request password from user 5. Decrypt data: SD = SCell_unwrap(EncData, SK, Context=M2) initialize connection transfer data decrypt data

  51. Make it tough even more

  52. Apple enforces good security practices iOS 10 use HTTPS everywhere!

    https://developer.apple.com/videos/play/wwdc2016/706/ http://useyourloaf.com/blog/privacy-settings-in-ios-10/ add purpose strings for accessing private data https://nabla-c0d3.github.io/blog/2016/08/14/ats-enforced-2017/ read more about Apple security care in Additional reading section drop TLS < 1.2 #tryswiftnyc @vixentael

  53. https://www.blackhat.com/docs/us-16/materials/us-16-Krstic.pdf Apple enforces good security practices

  54. ̣ Security is a system, not a set of methods

    ̣ You may need to re-read this slides when you will plan your next app ̣ User-centric trust is simple to implement, yet almost impossible to hack Key points! #tryswiftnyc @vixentael

  55. My other security talks https://medium.com/@vixentael/upgrading-approaches-to-the-secure-mobile- architectures-7a8fcb10d28a#.ffbsjwqx6 Upgrading Approaches to the

    Secure Mobile Architectures https://medium.com/stanfy-engineering-practices/data-protection-for-mobile-client- server-architectures-6e6dcabd871a Data Protection For Mobile Client-Server Architectures https://speakerdeck.com/vixentael/users-data-security-in-ios-applications Users' data security in iOS applications #tryswiftnyc @vixentael

  56. Additional reading by Apple https://developer.apple.com/videos/play/wwdc2016/705/ How iOS Security Really Works

    https://developer.apple.com/videos/play/wwdc2016/706/ What's New in Security https://www.blackhat.com/docs/us-16/materials/us-16-Krstic.pdf Behind the Scenes with iOS Security https://developer.apple.com/videos/play/wwdc2016/709/ Engineering Privacy for Your Users #tryswiftnyc @vixentael

  57. Additional reading by smarties https://nabla-c0d3.github.io/blog/2016/08/14/ats-enforced-2017/ Getting Ready for ATS Enforcement

    in 2017 http://useyourloaf.com/blog/privacy-settings-in-ios-10/ Privacy Settings in iOS 10 https://www.cossacklabs.com/zero-knowledge-protocols-without-magic.html Zero Knowledge Protocols Without Magic https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf Technical Analysis of Pegasus Spyware #tryswiftnyc @vixentael https://medium.com/@9gunpi/side-effects-of-pegasus-malware-32c9a112ec1c Side effect of Pegasus malware

  58. The last slide Need help? Talk to me :) @vixentael

    Lead Developer at stanfy.com Core Contributor at themis/ cossacklabs.com