Guest lecture to Master of Information Security and Digital Forensics students at Auckland University of Technology (AUT) on the development of the MEGAchat Cloud application on 2015-03-30.
Implementation Building a (Really) Secure Cloud Product Guest Lecture for Master of Information Security and Digital Forensics Guy Kloss [email protected] Lead Software Developer Mega Limited 30 March 2015 Guy Kloss | Building a (Really) Secure Cloud Product 1/36
Implementation Outline 1 The Product: MEGAchat 2 What is Security? 3 Infrastructure 4 Trust/Authentication 5 Protocols 6 Client/Server Implementation Guy Kloss | Building a (Really) Secure Cloud Product 2/36
Implementation Outline 1 The Product: MEGAchat 2 What is Security? 3 Infrastructure 4 Trust/Authentication 5 Protocols 6 Client/Server Implementation Guy Kloss | Building a (Really) Secure Cloud Product 3/36
Implementation The Product: MEGAchat A Cloud-based internet chat system Voice, Video and Text chat capable Offers multiple device capability for each participant (transparent synchronisation, consistent view of chat) To work in browser as well as native/mobile app Guy Kloss | Building a (Really) Secure Cloud Product 4/36
Implementation The Product: MEGAchat Why “Really” Secure? Everybody says they’re secure . . . “Security Theatre” . . . We’re doing it (we say) . . . . . . and like to be confirmed or disproven in it. → Bug bounty! (for chat so far one paid out) Guy Kloss | Building a (Really) Secure Cloud Product 5/36
Implementation Security Theatre http://geekandpoke.typepad.com/geekandpoke/2009/12/security-theatre.html Guy Kloss | Building a (Really) Secure Cloud Product 7/36
Implementation Outline 1 The Product: MEGAchat 2 What is Security? 3 Infrastructure 4 Trust/Authentication 5 Protocols 6 Client/Server Implementation Guy Kloss | Building a (Really) Secure Cloud Product 9/36
Implementation Meta-Data? c by Michael J. Swart http://michaeljswart.com/2011/06/meta-aggregate/ Guy Kloss | Building a (Really) Secure Cloud Product 11/36
Implementation Sparseness of Meta-Data Don’t store what you don’t need Then nobody can come and ask you to “comply” If you must, do it so you can’t be compromised (e. g. passwords, salted and hashed, so not even you know them in plain) → Proper mechanisms for authentication and password management/storage On Mega Most meta-data only known to customer (encrypted) Company only knows what’s needed to manage the platform and interactions Guy Kloss | Building a (Really) Secure Cloud Product 13/36
Implementation Crypto? It’s really difficult to get this right! Avoid writing it, if you can! Use off-the-shelf frameworks/helpers/packages → If you’re writing AES in your code, you’re probably doing it wrong If you can’t help it and have to build it yourself Make the conceptual system not suck! Make the implementation not suck! Guy Kloss | Building a (Really) Secure Cloud Product 14/36
Implementation Crypto? The maths is good, it’s the implementation that sucks: “No matter how strong the crypto was, he attackers walked around it,” – “Crypto Won’t Save You Either”, Peter Gutmann, 2014 http://regmedia.co.uk/2014/05/16/0955_peter_gutmann.pdf Guy Kloss | Building a (Really) Secure Cloud Product 15/36
Implementation Outline 1 The Product: MEGAchat 2 What is Security? 3 Infrastructure 4 Trust/Authentication 5 Protocols 6 Client/Server Implementation Guy Kloss | Building a (Really) Secure Cloud Product 16/36
Implementation Choice of System Components Robust base OS → Security, maintenance, reliability Many features are not necessarily important Evaluate/select server (software) carefully For required features Go get rid of not required features → Security, maintenance, reliability Is Cloud scalability a relevant factor? → Distribution, clustering, replication, . . . Guy Kloss | Building a (Really) Secure Cloud Product 17/36
Implementation Choice of System Components (continued) Prefer open source solutions Auditable Many eyes Mostly more secure If well maintained, usually very quick fixes (e. g. on security) Guy Kloss | Building a (Really) Secure Cloud Product 18/36
Implementation Secure System Setup Shut down unneeded services Configure systems securely Turn off what’s not needed Don’t log everything (production in debug mode?) Get the SSL/TLS configuration right! https://mozilla.github.io/server-side-tls/ ssl-config-generator/ Need bad examples? https://httpswatch.nz/ https://httpswatch.com/ Use additional protection schems CSP – Content Security Policy HSTS – HTTP Strict Transport Security CORS – Cross Origin Resource Sharing Guy Kloss | Building a (Really) Secure Cloud Product 19/36
Implementation Secure System Setup SSL Labs Server Test SSL Labs is your friend https://www.ssllabs.com Guy Kloss | Building a (Really) Secure Cloud Product 20/36
Implementation Secure System Setup Keep system upgraded (esp. security fixes quickly), short reaction times Best one service per (virtual) host (don’t slam them onto one host) Use logfiles with logrotation on a system level wisely Allows for forensic analysis later Without it, you’ve shut yourself out from most root cause analysis Stay on top of security things This can be hard work! Guy Kloss | Building a (Really) Secure Cloud Product 21/36
Implementation Outline 1 The Product: MEGAchat 2 What is Security? 3 Infrastructure 4 Trust/Authentication 5 Protocols 6 Client/Server Implementation Guy Kloss | Building a (Really) Secure Cloud Product 23/36
Implementation System/Infrastructure Level Always use HTTPS/SSL/TLS as a minimum Too bad the whole CA system and SSL is a bit broken And some of the ciphers/cipher suites “advertised” for use are also broken On the client side, always verify the full certificate chain Many tools/implementations are lazy by default (in Java, Python, C/C++, . . . ) Prefer to use certificate pinning E. g. a mobile app for a known service Recent Superfish scandal with Lenovo and others Guy Kloss | Building a (Really) Secure Cloud Product 24/36
Implementation Application Layer User to server Commonly username/password Alternative: Certificates, other authentication mechanisms Too many concepts for secure authentication, beyond the scope of this talk User to user Difficult if one can’t trust the platform/server On Mega Verification of user’s public (signing) key via fingerprint comparison (out of band) Authenticating further crypto keys via signature by authenticated key pair Guy Kloss | Building a (Really) Secure Cloud Product 25/36
Implementation Avoid Security Warnings “MRI Shows Our Brain Shuts Down When We See Security Warnings on Computers” http://ema-tech.blogspot.co.nz/2015/03/mri-shows-our-brain-shuts-down-when-we.html Guy Kloss | Building a (Really) Secure Cloud Product 26/36
Implementation Trust from the “Community” Open source it! Really! Make the money with your service, not the code. Why & What? For peer review/audits At least the core of the security-related stuff Really important for crypto! Wouldn’t it be more secure if it was proprietary/closed? Guy Kloss | Building a (Really) Secure Cloud Product 27/36
Implementation Outline 1 The Product: MEGAchat 2 What is Security? 3 Infrastructure 4 Trust/Authentication 5 Protocols 6 Client/Server Implementation Guy Kloss | Building a (Really) Secure Cloud Product 28/36
Implementation The “Big Problem” (TM) Use secured protocols Nothing available to solve our problem We had to “roll our own” . . . Guy Kloss | Building a (Really) Secure Cloud Product 29/36
Implementation Key Design Features of Chat Protocol Group chat capable (multiple “devices” of identities) Outsiders can’t eavesdrop (decrypt) New members only participate after “join” Excluded members cannot decrypt any more Guy Kloss | Building a (Really) Secure Cloud Product 30/36
Implementation Desired Security Properties Confidentiality → Needs to be encrypted Forward secrecy → Using (group) Diffie-Hellman with ephemeral key pairs Identity authenticity → Sign some confirmation with identity key Message authenticity → Sign messages with member’s session signing key Session freshness → Use of nonces (to avoid replay attacks) Guy Kloss | Building a (Really) Secure Cloud Product 32/36
Implementation Desired Security Properties Plausible deniability → Ephemeral signing keys for every individual session (private key published at the end) Room participants consistency → Key agreement requires participation of every member Chat transcript consistency → Agreed and cryptographically enforced partial ordering Reducing the foot print of “leaking” meta-data → Exponential message size padding Guy Kloss | Building a (Really) Secure Cloud Product 33/36
Implementation Outline 1 The Product: MEGAchat 2 What is Security? 3 Infrastructure 4 Trust/Authentication 5 Protocols 6 Client/Server Implementation Guy Kloss | Building a (Really) Secure Cloud Product 34/36
Implementation Do it right! Follow best practices . . . Follow OWASP, that’s much more comprehensive than this talk on this subject Open Web Application Security Project http://owasp.org Guy Kloss | Building a (Really) Secure Cloud Product 35/36
xemacs
yokawasa
kawaguti
masahirokawahara
makky_tyuyan
sansantech
kyohmizu
kaz29
nagix
qsona
ch1aki
poteboy
kzkmaeda
philhawksworth
notwaldorf
chriscoyier
hursman
michaelherold
geoffreycrofte
zenorocha
holman
andyhume
palkan
destraynor
colly
