The Swift Alps security workshop

042b7c0e45c53de46667f07de2fb2614?s=47 vixentael
November 11, 2016

The Swift Alps security workshop

You may find complicated to understand what's going on these slides. But it's workshop :)

The idea was to share some knowledges about making more secure apps. We talked about:

- why SSL is not enough
- strategies to implement SSL pinning
- how to understand basic risks and threats of common mobile client-server infrastructure
- protection methods against those threats
- what is symmetric encryption; why we need it. where to store data and key.
- what is transfer encryption; when we need it.

Please download slides as PDF (button on the right) to be able to tap on the links.

Links to example repo:
https://github.com/TheSwiftAlps/theswiftalpsdemo

See more info:
https://speakerdeck.com/vixentael/
https://medium.com/@vixentael/
https://realm.io/news/tryswift-anastasiia-voitova-building-user-centric-security-model-ios-applications-swift/

042b7c0e45c53de46667f07de2fb2614?s=128

vixentael

November 11, 2016
Tweet

Transcript

  1. Security. And Swift #swiftalps @vixentael and Alps

  2. @vixentael Lead Developer at stanfy.com Core Contributor at themis/ cossacklabs.com

    Who I am
  3. None
  4. None
  5. hacking NSA watching cat movies making own crypto practicing MitM

    writing (yet-another) secure messenger What we gonna do? eating chocolate holy-waring
  6. #swiftalps @vixentael 1. Talking about security from kitten perspective 2.

    Risk analysis of typical app + analyze your app 3. Storage encryption + coding 4. Transfer encryption + coding Chapters
  7. T2 T3 passive MitM active MitM T1/T4 data loss/ tampering

    T5 verbal key leak T6 phishing / social engineering T7 rubber-hose cryptanalysis T8 satellite imaging of sensitive input T9 EM emissions T10 sandbox escaping T11 misconfiguration T12 random generator abuse T13 random generator abuse T14 EM emissions and physical side channel T15 physical access T16 malicious dependency T17 misconfigured access T18 unattended backups T19 storing keys with data T20 weak cipher random generator abuse T21
  8. #swiftalps @vixentael https://cossacklabs.com/choose-your-ios-crypto.html

  9. None
  10. #swiftalps @vixentael Quiz rules 1.Answer questions 2.Get points for each

    correct answer 3.Top winners get a !
  11. See you at my table!

  12. AppSecurity for kittens Chapter 1

  13. #swiftalps @vixentael I’m using HTTPS, I’m safe!

  14. #swiftalps @vixentael Is HTTPS enough?

  15. #swiftalps @vixentael

  16. #swiftalps @vixentael

  17. #swiftalps @vixentael SSL/TLS in short hello client asks certificate server

    sends cert encrypted data key negotiation client verifies cert - domain, - expiration date, - asks CA if cert is valid and not revoked
  18. #swiftalps @vixentael Where can it break? https://www.cossacklabs.com/avoid-ssl-for-your-next-app.html https://www.cossacklabs.com/whats-wrong-with-web-crypto.html

  19. #swiftalps @vixentael hello client asks certificate server sends cert encrypted

    data key negotiation client verifies cert - domain, - expiration date, - asks CA if cert is valid and not revoked SSL/TLS in short
  20. #swiftalps @vixentael SSL pinning hello client asks certificate server sends

    cert encrypted data key negotiation SSL pinning
  21. https://github.com/Alamofire/Alamofire #swiftalps @vixentael let serverTrustPolicies:[String : ServerTrustPolicy] = [ “mydomain.com":

    pinCertificates( certificates: ServerTrustPolicy.certificatesInBundle(), validateCertificateChain: true, validateHost: true ), “myexpireddomain.com": disableEvaluation ]
  22. #swiftalps @vixentael https://github.com/johnlui/Pitaya let certData = NSData(contentsOfFile: NSBundle.mainBundle().pathForResource(“mydomaincom", ofType: "cer")!)!


    ... ... .addSSLPinning(LocalCertData: certData) { () -> Void in
 print("Under Man-in-the-middle attack!")
 }
  23. #swiftalps @vixentael What else can be pinned?

  24. #swiftalps @vixentael SSL pinning in depth https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning https://www.owasp.org/index.php/Pinning_Cheat_Sheet

  25. #swiftalps @vixentael Even pinning is not enough. Why?

  26. #swiftalps @vixentael SSL kill switch https://github.com/nabla-c0d3/ssl-kill-switch2

  27. #swiftalps @vixentael WoSign story https://security.googleblog.com/2016/10/ distrusting-wosign-and-startcom.html https://support.apple.com/en-us/HT204132

  28. #swiftalps @vixentael WoSign story https://security.googleblog.com/2016/10/ distrusting-wosign-and-startcom.html https://support.apple.com/en-us/HT204132

  29. #swiftalps @vixentael Who can summarize?

  30. #swiftalps @vixentael 1. Using HTTPS is must-have, but not enough

    2. Using SSL pinning is must-have, but not enough
  31. #swiftalps @vixentael 1. Using HTTPS is must-have, but not enough

    2. Using SSL pinning is must-have, but not enough Why? Because data is plain text
  32. Risk analysis Chapter 2

  33. Most users trust sensitive data to our app regardless of

    how well you protect it #swiftalps @vixentael
  34. #swiftalps @vixentael Name system that has absolute security model

  35. Nothing is absolutely secure #swiftalps @vixentael 3rd party libs ecosystem

    itself known & unknown vulnerabilities backdoors bugs
  36. But we can put efforts into protecting system against certain

    threat model and attacker #swiftalps @vixentael Nothing is absolutely secure
  37. Risk Model & Threat Model create demands for security #swiftalps

    @vixentael
  38. Risks Data is used/sold by someone Data is tampered and

    you’re operating on adversary’s plan Identity/auth is used elsewhere data leakage data tampering identity theft #swiftalps @vixentael
  39. - Encryption w/ secret or PKC - Limit access -

    Signed encryption - Protected transport with trust and integrity - Authenticated encryption - Action authentication Risk prevention #swiftalps @vixentael data leakage data tampering identity theft
  40. Trust model is whose secrets you trust in a security

    system #swiftalps @vixentael
  41. #swiftalps @vixentael Whom should we trust? (building our app)

  42. #swiftalps @vixentael Whom should we trust? (building our app)

  43. Whom should we trust? #swiftalps @vixentael The user only!

  44. Typical app architecture user app network server storage #swiftalps @vixentael

  45. More complicated.. T2 T3 passive MitM active MitM T1/T4 data

    loss/ tampering T5 verbal key leak T6 phishing / social engineering T7 rubber-hose cryptanalysis T8 satellite imaging of sensitive input T9 EM emissions T10 sandbox escaping T11 misconfiguration T12 random generator abuse T13 random generator abuse T14 EM emissions and physical side channel T15 physical access T16 malicious dependency T17 misconfigured access T18 unattended backups T19 storing keys with data T20 weak cipher random generator abuse T21 #swiftalps @vixentael
  46. Back to threats we can handle T2 T3 passive MitM

    active MitM T1/T4 data loss/ tampering #swiftalps @vixentael
  47. attacker steals stored data or tampers it Threats: T1/T4 Secret

    Key Crypto Protection Symmetric crypto for storing data. If user has no secret, he can’t read or change data. #swiftalps @vixentael
  48. Threats: T2 attacker captures network traffic (passive MitM) Public Key

    Cryptography, ephemeral keys Protection Asymmetric crypto for sending data. Ephemeral keys to avoid decrypting accumulated traffic if keys are leaked/cracked. #swiftalps @vixentael
  49. Threats: T3 attacker redirects traffic and pretends to be remote

    party (active MitM) Public Key Cryptography, certificate pinning Protection Asymmetric crypto for sending data. Check server certificate to make sure it matches with pinned one. #swiftalps @vixentael
  50. Protection methods T2 T3 passive MitM active MitM T1/T4 data

    loss/ tampering Secret Key Crypto PKC + ephem. keys PKC + cert. pinning #swiftalps @vixentael
  51. #swiftalps @vixentael Who can summarize?

  52. #swiftalps @vixentael 1. There’s no absolute security 2. Analyze your

    system from risks and threats perspective 3. Put efforts against certain threats
  53. #swiftalps @vixentael Analyze your app exercise

  54. Symmetric encryption Chapter 3

  55. #swiftalps @vixentael Where to store the data?

  56. #swiftalps @vixentael Where to store the data? UserDefaults sqllite Realm

    plist mydata.txt
  57. #swiftalps @vixentael

  58. #swiftalps @vixentael File protection

  59. #swiftalps @vixentael * NSFileProtectionNone * NSFileProtectionComplete Cannot be accessed while

    device is locked or booting. * NSFileProtectionCompleteUnlessOpen Opens only when device is unlocked; can be accessed whenever. * NSFileProtectionCompleteUntilFirstUserAuthentication Opens only after device is booted; can be accessed whenever. File protection
  60. #swiftalps @vixentael File protection pros & cons 1. “Out of

    the box” 2. System-dependent 3. Jailbreak :( 4. Doesn’t depend on user actions inside your app
  61. #swiftalps @vixentael File protection pros & cons 1. “Out of

    the box” 2. System-dependent 3. Jailbreak :( 4. Doesn’t depend on user actions inside your app -> encrypt stored data!
  62. #swiftalps @vixentael Encrypt / decrypt storage data Storage encryption exercise

  63. #swiftalps @vixentael https://cossacklabs.com/choose-your-ios-crypto.html

  64. #swiftalps @vixentael Secure Cell is container for symmetric encryption Storage

    encryption exercise download demo project https://github.com/TheSwiftAlps/theswiftalpsdemo
  65. #swiftalps @vixentael Secure Cell Cell wrap context encrypted message Cell

    unwrap plaintext message encrypted message plaintext message
  66. #swiftalps @vixentael Secure Cell - integrity protection (calculates ~hmac to

    ensure that message was not changed) - context-dependent (both key and context are important) - tampering protection vs any AES wrapper -> more security guaranties out of the box https://github.com/cossacklabs/themis/wiki/Swift-Howto
  67. #swiftalps @vixentael Run CellDemo Encrypt-decrypt several messages Can you decrypt

    messages using other context? Storage encryption exercise CellDemo().runDemo()
  68. #swiftalps @vixentael What was wrong in this demo code?

  69. #swiftalps @vixentael -> plain text keys What was wrong in

    this demo code?
  70. #swiftalps @vixentael Where to store the key? UserDefaults sqllite keychain

    plist mysecretkey.txt
  71. #swiftalps @vixentael 1. Store plain text 2. Store encrypted (decrypt

    before using) 3. Do not store at all (user input) 4. Calculate key 5. Combine (decrypted piece + user input) Key storage technique
  72. #swiftalps @vixentael 1. Imagine any String key 2. Encrypt it

    3. Save encrypted version 4. Decrypt before using Store encrypted key
  73. #swiftalps @vixentael let key: String = myString.reverse() Calculate key

  74. #swiftalps @vixentael KDF https://github.com/krzyzanowskim/CryptoSwift

  75. #swiftalps @vixentael Improve sample by adding key storage techniques Encryption

    exercise 1. Store plain text 2. Store encrypted (decrypt before using) 3. Do not store at all (user input) 4. Calculate key 5. Combine (decrypted piece + user input)
  76. Asymmetric encryption Chapter 4

  77. Combining things: secure app v.1 SSL storage encryption storage encryption

    data leakage MiTM weak SSL #swiftalps @vixentael
  78. Combining things: secure app v.2 end-to-end encryption storage encryption storage

    encryption weak auth blind trust ephemeral keys protected transport #swiftalps @vixentael
  79. Combining things: secure app v.3 end-to-end encryption storage encryption storage

    encryption ephemeral keys protected transport MFA ZKP #swiftalps @vixentael
  80. #swiftalps @vixentael Create iOS app and server system to exchange

    the messages Transfer exercise 1. secure end-to-end communication 2. perfect forward secrecy 3. strong mutual peer authentication
  81. #swiftalps @vixentael https://cossacklabs.com/choose-your-ios-crypto.html

  82. #swiftalps @vixentael Establish session between two peers, within which data

    can be securely exchanged with higher security guarantees. Secure session make sure that demo project is downloaded https://github.com/TheSwiftAlps/theswiftalpsdemo
  83. #swiftalps @vixentael Transfer exercise 1. Open server, grab serverId, url

    and public key 2. Send a message to the server 3. See it on the dashboard Improve sample by adding key storage techniques http://alps.cossacklabs.com/
  84. #swiftalps @vixentael What was wrong in this demo code?

  85. #swiftalps @vixentael What was wrong in this demo code? ->

    plain text keys -> ATS
  86. #swiftalps @vixentael 1. It’s easy to encrypt the transport layer

    2. Don’t rely only on SSL 3. Make everything possible to protect your app
  87. The last slide Need help? Talk to me :) @vixentael

    Lead Developer at stanfy.com Core Contributor at themis/ cossacklabs.com