bolt on some crypto
play

Bolt on some Crypto Michael Samuel @mik235 https://miknet.net/ - PowerPoint PPT Presentation

Jan 11, 2023 •318 likes •679 views

Bolt on some Crypto Michael Samuel @mik235 https://miknet.net/ Ruxcon 2014 Securing The Network - TLS & SSH IETF Standards: SSH - RFC 4250-4255 Remote shell File transfer TCP port forwarding, socks proxy Pipe commands over

  1. Bolt on some Crypto Michael Samuel @mik235 https://miknet.net/ Ruxcon 2014

  2. Securing The Network - TLS & SSH IETF Standards: SSH - RFC 4250-4255 ➢ Remote shell ➢ File transfer ➢ TCP port forwarding, socks proxy ➢ Pipe commands over ssh (stdin/stdout) ➢ Originally a replacement for BSD r-commands TLS - RFC 5246. ➢ https:// ➢ Optional for SMTP, IMAP, POP3, XMPP, LDAP

  3. TLS & SSH - Cryptographic Services ➢ Authentication ○ more to come on this... ➢ Integrity ○ Any tampering with the connection will be detected ○ Limitation: attacker can drop the session ○ Limitation: DoS ➢ Privacy ○ Cannot see contents of session ○ Limitation: traffic analysis (aka metadata)

  4. Public Key Cryptography Primer Keypair: Private Key - This key must be kept safe! Don’t email me your private key! Public Key - This key can be shared with anyone you need to communicate with Signing: The Private Key is used to sign a hash of a message, which can be verified by anyone with the public key Encryption: The Public Key is used to encrypt a message, which only the holder of the Private Key can decrypt

  5. MiTM Attack “Man-in-the-middle attack” (The actual attack isn’t gender specific) 1. Intercept client connection and answer like a server. 2. Connect to the real server (optional) 3. Log or modify data as it passes through https://openclipart.org/detail/151741/ninja-working-at-desk-by-hector- gomez

  6. MiTM Attack - Linux Quickstart ➢ iptables -t nat -A PREROUTING -p tcp --dport 5222 -j \ REDIRECT --to-port 5002 Run your client program, listening on 5002 ➢ Route the traffic through your linux box using arpspoof, routing protocol ➢ If using dns spoofing, IP tables not required ➢ To get the original dest IP: In C: getsockopt(s, SOL_IP, SO_ORIGINALDEST, &addr, &addrlen); In Python: packedDest = s.getsockopt(socket.SOL_IP, 80, 16) (destPort, ) = struct.unpack(">H", packedDest[2:4]) destHost = socket.inet_ntoa(packedDest[4:8])

  7. SSH Host Keys OpenSSH caches host keys: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ StrictHostKeyChecking - on seeing a new host: ➢ yes - don’t connect ➢ no - cache host key and connect ➢ ask (default) - display the fingerprint and ask user ssh-keyscan can collect host keys from remote systems - allows you to pre-populate known_hosts

  8. SSH Host Keys - API gotchas JSch: StrictHostKeyChecking=no won’t cache the host key! Paramiko: client.load_system_host_keys() client.set_missing_host_key_policy(paramiko.RejectPolicy) paramiko.WarningPolicy won’t cache the host key! Just pre-populate /etc/ssh/ssh_known_hosts if using APIs - no need for write access to known_hosts

  9. SSH MiTM - you can do ‘em Often StrictHostKeyChecking=no is set on servers with unattended ssh sessions ➢ rsync jobs ➢ remote commands OpenSSH still connects if the host key changed and you’re using public key authentication! A MiTM server could just accept pubkey auth for any key (without knowing the key).

  10. SSH Client Authentication You can create a client keypair with ssh-keygen , then add it to ~/.ssh/authorized_keys on remote hosts. This can be put in kickstart/preseed files. Even if the remote server is compromised your private key should be safe, so you don’t need a fresh one for each server you connect to. You can do “two-factor” in OpenSSH with the AuthenticationMethods sshd_config option.

  11. TLS - X.509 Certificates Certificate chain from my website: 0 s:/CN=www.miknet.net i:/CN=StartCom Class 1 Primary Intermediate Server CA 1 s:/CN=StartCom Class 1 Primary Intermediate Server CA i:/CN=StartCom Certification Authority StartCom Certification Authority is trusted by my system Subject: the entity identified by the certificate Issuer: the authority that signed the certificate Domain Validated: demonstrated control of the domain to CA Extended Validation: demonstrated that you are the organisation and domain holder in the certificate

  12. The unverified certificate A Root CA is just a self-signed certificate Intermediate CAs and the certificate are signed by their parent CA You can create an entire unverified chain using the openssl command line. Only the public key matters. Even the most diligent support staff would tell users to click through.

  13. Dialogs that shouldn’t exist

  14. WARNING: TLS APIs suck There are 3 types of TLS APIs: ➢ Go verify the certificate yourself ○ Generally OpenSSL or wrappers ➢ What’s a certificate? ○ High level abstractions over OpenSSL written by programmers who don’t know/understand ○ all of the Python 2.x standard library ➢ We do what a web browser would ○ These are rare - python-requests.org, libcurl

  15. TLS - Verifying the hostname Most TLS libraries do not check that the certificate matches the hostname - even if you turn on verification. Should you trust a certificate for www.miknet.net when accessing your online banking? The hostname must match either the CN field or one of the SubjectAltName extensions . WARNING: NULL bytes are valid Match the name the user requested, not DNS SRV/MX

  16. STARTTLS <?xml version='1.0' ?> <stream:stream to='jabber.org' xmlns='jabber:client' xmlns:stream='http: //etherx.jabber.org/streams' version='1.0'> <?xml version='1.0'?> <stream:stream xmlns='jabber:client' xmlns:stream='http://etherx.jabber. org/streams' from='jabber.org' id='5ce74cfce8e91fc4' version='1.0'> <stream:features> <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/> <mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'> <mechanism>DIGEST-MD5</mechanism> <mechanism>PLAIN</mechanism> </mechanisms> </stream:features> <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/> <proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>

  17. STARTTLS removed <?xml version='1.0' ?> <stream:stream to='jabber.org' xmlns='jabber:client' xmlns:stream='http: //etherx.jabber.org/streams' version='1.0'> <?xml version='1.0'?> <stream:stream xmlns='jabber:client' xmlns:stream='http://etherx.jabber. org/streams' from='jabber.org' id='5ce74cfce8e91fc4' version='1.0'> <stream:features> <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/> <mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'> <mechanism>DIGEST-MD5</mechanism> <mechanism>PLAIN</mechanism> </mechanisms> </stream:features> <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/> <proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>

  18. STARTTLS removal Don’t negotiate whether to encrypt over the network ! ➢ XMPP, IMAP, POP3, SMTP clients ➢ SMTP server-to-server always works ➢ Dell & Cisco BMCs that use the Avocent KVM stack ( PoC||GTFO 0x5 ) ➢ HTTP ( sslstrip by Moxie )

  19. Forward Secrecy Ephemeral Key Exchange is another form of public key cryptography ➢ Protocols: Diffie-Hellman or Elliptic Curve Diffie-Hellman ➢ Known as: Forward Secrecy or PFS ➢ TLS Ciphersuits that start with DHE- or ECDHE- ➢ The SSLv3 ciphersuites use RSA encryption - if the RSA key is stolen/cracked, past traffic can be decrypted! (Wireshark supports this)

  20. Forward Secrecy - TLS Ciphersuites Apache : SSLCipherSuite ... SSLHonorCipherOrder on SSLProtocol all -SSLv2 -SSLv3 Nginx: ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers “...”; 5 Ciphers that have you covered (thanks to Kenn White) : ECDHE-RSA-AES256-GCM-SHA384 # Android 4.4+ ECDHE-RSA-AES128-SHA256 # IE 11 ECDHE-RSA-AES128-SHA # Android 4.x, Chrome/Firefox, IE8-10 DHE-RSA-AES128-SHA # Android 2 RC4-SHA # Old junk (Windows XP, Nokia 6xxx) RC4 MUST DIE!

  21. TLS - Authenticating Clients Originally SSL was for e-commerce. This only required “money green” authenticity for clients. TLS has support for client certificates Client Certificate Login Form Authentication (Password Authentication) Apache/Nginx Backend application Frontend (Servlet, PHP, etc)

  22. Entropy Most cryptography needs randomness, for both short-term and long term keys. The properties that are needed: ➢ Unable to predict future values ➢ Unable to recover past values PRNGs work but need to be seeded from truly unguessable events.

  23. Not Entropy ➢ mt_rand() ○ Can recover all state from output. ○ Often a small input ➢ rand() / random() ○ Small input ○ Can recover some/all state from output ➢ rand_r() / qrand() / java.util.Random ○ Small input ○ Small state ○ Can recover some state from output https://www.miknet.net/rux2013/

  24. Entropy - Don’t fork it up ➢ Unix-like systems: read from /dev/urandom ○ Userland PRNGs probably not fork() safe ➢ Windows: CryptGenRandom for strong entropy ➢ Linux early boot (only): /dev/random ○ Encrypted swap ○ SSH host key generation

  25. Hash Functions - attack types A fixed-length digest of variable length input ➢ (First)-Preimage resistance ○ Hard to find the original input from the hash ○ Guessing inputs still works! ➢ Second-Preimage resistance ○ Hard to find a second input that produces a given hash An ideal hash function would provide 2 hash length resistance to this ○ ➢ Collision Resistance ○ Hard to find two inputs that produce the same hash ○ Birthday attack - requires 256-bit hash for 128-bit security ○ When a hash function is broken this is usually first to go

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Bolt on some Crypto Michael Samuel @mik235 https://miknet.net/ Ruxcon 2014 Why you should bolt

Bolt on some Crypto Michael Samuel @mik235 https://miknet.net/ Ruxcon 2014 Why you should bolt

Bolt on some Crypto Michael Samuel @mik235 https://miknet.net/ Ruxcon 2014 Why you should bolt on some crypto There could be 25+ routers between client and server on the internet. One of them is operated by the barista that burnt your latte.

403 views • 28 slides
bolt bolt Leading bolt Competitor bolt bolt Keyless Electric System + Simplified Lock Form

bolt bolt Leading bolt Competitor bolt bolt Keyless Electric System + Simplified Lock Form

bolt bolt Leading bolt Competitor bolt bolt Keyless Electric System + Simplified Lock Form Convenience bolt Degrees of Freedom bolt Degrees of Freedom bolt Keyless Unlocking &gt; 5 ft &lt; 5 ft bolt Keyless Unlocking &gt; 5 ft

693 views • 30 slides
CRYPTO HERE, CRYPTO THERE, CRYPTO, CRYPTO EVERYWHERE WORLD AQUATIC HEALTH CONFERENCE

CRYPTO HERE, CRYPTO THERE, CRYPTO, CRYPTO EVERYWHERE WORLD AQUATIC HEALTH CONFERENCE

CRYPTO HERE, CRYPTO THERE, CRYPTO, CRYPTO EVERYWHERE WORLD AQUATIC HEALTH CONFERENCE WILLIAMSBURG, VA THURSDAY, OCTOBER 17 TH , 2019 JOHN KELLY, PE IOWA DEPARTMENT OF PUBLIC HEALTH DISCLAIMER THIS PRESENTATION: IS INTENDED FOR

843 views • 40 slides
David Bolt David Apelt Kapsch Transmax david.bolt@kapsch.net david.apelt@transmax.com.au

David Bolt David Apelt Kapsch Transmax david.bolt@kapsch.net david.apelt@transmax.com.au

David Bolt David Apelt Kapsch Transmax david.bolt@kapsch.net david.apelt@transmax.com.au LinkedIn @davidbolt LinkedIn @davidapelt Austria Graph Integration Platform http://www.gip.gv.at/ US inspired DATEX II https://www.datex2.eu/ US

388 views • 10 slides
Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Bart Jacobs

Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Bart Jacobs

Crypto intro Crypto intro Symmetric crypto Symmetric crypto Achieving security goals with symmetric crypto Radboud University Nijmegen Achieving security goals with symmetric crypto Radboud University Nijmegen e-Passport example

269 views • 7 slides
WHAT DEPTH ? Drillers Depth Determination Harald Bolt 1 45 th General Meeting March 17 th ,

WHAT DEPTH ? Drillers Depth Determination Harald Bolt 1 45 th General Meeting March 17 th ,

WHAT DEPTH ? Drillers Depth Determination Harald Bolt 1 45 th General Meeting March 17 th , 2017 The Hague, The Netherlands Wellbore Positioning Technical Section Speaker Information Harald Bolt What Depth ? March 17, 2017

266 views • 24 slides
- The First Crypto Merchant - Crypto Payment Crypto Payment for online shops for retail shops

- The First Crypto Merchant - Crypto Payment Crypto Payment for online shops for retail shops

- The First Crypto Merchant - Crypto Payment Crypto Payment for online shops for retail shops Did you know? Our payment system has ZERO FEES for processing payments How it works? It takes only a few minutes to complete Merchant Initiate

269 views • 11 slides
Javascript Crypto &amp; The Case Against Crypto Reductionism Ben Adida Mozilla Workshop on

Javascript Crypto &amp; The Case Against Crypto Reductionism Ben Adida Mozilla Workshop on

Javascript Crypto &amp; The Case Against Crypto Reductionism Ben Adida Mozilla Workshop on Real-World Crypto January 2013 promote openness, innovation &amp; opportunity on the Web. previously easy to deploy easy to use privacy

610 views • 22 slides
2015 Seniors: Leah Robertson, Etienne Westphal, Abby McGrath, Saskia Bolt, Josh Keene, Chloe

2015 Seniors: Leah Robertson, Etienne Westphal, Abby McGrath, Saskia Bolt, Josh Keene, Chloe

2015 Seniors: Leah Robertson, Etienne Westphal, Abby McGrath, Saskia Bolt, Josh Keene, Chloe Westphal. Juniors: Gabby Bolt, Chloe Westphal, Helen Vrancken, Molly Barnard, Emi McGee, Jenny Rielly. Intermediate Team: Francesca Davies,

775 views • 36 slides
Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Achieving security

Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Achieving security

Crypto intro Crypto intro Symmetric crypto Symmetric crypto Achieving security goals with symmetric crypto Achieving security goals with symmetric crypto Radboud University Nijmegen Radboud University Nijmegen e-Passport example

1.11k views • 12 slides
Event Streams at Groupon Storm, Mesos and Griddle AJ &amp; Erik Weathers (with special guest

Event Streams at Groupon Storm, Mesos and Griddle AJ &amp; Erik Weathers (with special guest

Event Streams at Groupon Storm, Mesos and Griddle AJ &amp; Erik Weathers (with special guest Brian McCallister) Storm Bolt A Bolt B Spout P Bolt X @Override public void execute(final Tuple tuple) { Span span = (Span)

604 views • 37 slides
Computer Security: Secret Key Crypto B. Jacobs Institute for Computing and Information Sciences

Computer Security: Secret Key Crypto B. Jacobs Institute for Computing and Information Sciences

Crypto intro Symmetric crypto Achieving security goals with symmetric crypto Radboud University Nijmegen e-Passport example Encryption: modes of operation Computer Security: Secret Key Crypto B. Jacobs Institute for Computing and Information

856 views • 73 slides
Outline Public key crypto RSA Essentials Computer Security: Public Key Crypto Public Key Crypto

Outline Public key crypto RSA Essentials Computer Security: Public Key Crypto Public Key Crypto

Public key crypto Public key crypto RSA Essentials RSA Essentials Public Key Crypto in Java Public Key Crypto in Java Radboud University Nijmegen Radboud University Nijmegen Public key protocols Public key protocols Diffie-Hellman and El

448 views • 16 slides
w w w . a d i t u s . n e t Crypto-currencies have created a new class of a ffl uent individuals

w w w . a d i t u s . n e t Crypto-currencies have created a new class of a ffl uent individuals

Aditus Luxury Access Platform for Crypto A ffl uents Presentation 21 Nov 2017 w w w . a d i t u s . n e t Crypto-currencies have created a new class of a ffl uent individuals Crypto-currency values have been the best performing asset class

206 views • 19 slides
Algorithms, cryptography and protocols DONT EVER ROLL YOUR OWN PROTOCOL, CRYPTO ALGO, CRYPTO

Algorithms, cryptography and protocols DONT EVER ROLL YOUR OWN PROTOCOL, CRYPTO ALGO, CRYPTO

Algorithms, cryptography and protocols DONT EVER ROLL YOUR OWN PROTOCOL, CRYPTO ALGO, CRYPTO Use this space to add an image. IMPLEMENTATION, OR CRYPTO RNG Insert an image and change the scale to cover this box. ALSO, KEY MANAGEMENT IS

1.01k views • 81 slides
19 big enough? What marketing says Generate public keys 56-bit crypto: Broken. on a

19 big enough? What marketing says Generate public keys 56-bit crypto: Broken. on a

Is 2 255 19 big enough? What marketing says Generate public keys 56-bit crypto: Broken. on a strong elliptic curve 128-bit crypto: Okay. over the field Z (2 255 19). 256-bit crypto: High security! Is that safe? 512-bit

121 views • 11 slides
Identification and Authentication CSM27 Computer Security Dr Hans Georg Schaathun University of

Identification and Authentication CSM27 Computer Security Dr Hans Georg Schaathun University of

Identification and Authentication CSM27 Computer Security Dr Hans Georg Schaathun University of Surrey Autumn 2009 Week 4 Dr Hans Georg Schaathun Identification and Authentication Autumn 2009 Week 4 1 / 32 Introduction Background

809 views • 65 slides
1 Cryptography basics Secret-key encryption Algorithms (E, D) are widely known Also

1 Cryptography basics Secret-key encryption Algorithms (E, D) are widely known Also

Security The security environment Basics of cryptography User authentication Chapter 9: Security Attacks from inside the system Attacks from outside the system Protection mechanisms Trusted systems CS 1550, cs.pitt.edu

538 views • 11 slides
PRIVACY ENHANCING TECHNOLOGIES INTRODUCTION INTRODUCTION TO PRIVACY ENHANCING TECHNOLOGIES OUR

PRIVACY ENHANCING TECHNOLOGIES INTRODUCTION INTRODUCTION TO PRIVACY ENHANCING TECHNOLOGIES OUR

PRIVACY ENHANCING TECHNOLOGIES INTRODUCTION INTRODUCTION TO PRIVACY ENHANCING TECHNOLOGIES OUR MISSION Least Authoritys mission is to build and support ethical and usable technology solutions that advance digital security and privacy as

552 views • 13 slides
Theoretical Foundations of SBSE Xin Yao CERCIA, School of Computer Science University of

Theoretical Foundations of SBSE Xin Yao CERCIA, School of Computer Science University of

Theoretical Foundations of SBSE Xin Yao CERCIA, School of Computer Science University of Birmingham Some Theoretical Foundations of SB SE Xin Yao and Many Others CERCIA, School of Computer Science University of Birmingham

667 views • 21 slides
GSP Stakeholder Committee Stakeholder Committee Meeting July 22, 2019 Agenda Welcome,

GSP Stakeholder Committee Stakeholder Committee Meeting July 22, 2019 Agenda Welcome,

GSP Stakeholder Committee Stakeholder Committee Meeting July 22, 2019 Agenda Welcome, Introductions, and Agenda Review Presentation by Woodard &amp; Curran on GSP development Coordinating Committee Update 1. Public Draft GSP

785 views • 54 slides
Andrew Stacy Andrew.Stacy@mail.wvu.edu www.3riversquest.org WEST VIRGINIA UNIVERSITY BACKGROUND

Andrew Stacy Andrew.Stacy@mail.wvu.edu www.3riversquest.org WEST VIRGINIA UNIVERSITY BACKGROUND

Andrew Stacy Andrew.Stacy@mail.wvu.edu www.3riversquest.org WEST VIRGINIA UNIVERSITY BACKGROUND High TDS events in late summer/early fall 2008 Lead to a shut down of some municipal water intakes when the river exceeded the EPAs

573 views • 13 slides
Earnings Conference Call April 21th, 2016 Forward-Looking Statement The information herein

Earnings Conference Call April 21th, 2016 Forward-Looking Statement The information herein

F i r s t Q u a r t e r Earnings Conference Call April 21th, 2016 Forward-Looking Statement The information herein contained (Information) has been prepared by Grupo Herdez, S.A.B. de C.V., its associates, subsidiaries and/or affiliated

252 views • 9 slides
World 2012 Friday, 13 July 12 SNMP Monitoring of Devices using Lithium Matthew Tilney The

World 2012 Friday, 13 July 12 SNMP Monitoring of Devices using Lithium Matthew Tilney The

World 2012 Friday, 13 July 12 SNMP Monitoring of Devices using Lithium Matthew Tilney The Australian National University XW12 Friday, 13 July 12 Introduction About Me About ANU Device Monitoring SNMP Workshop XW12

1.21k views • 52 slides

More recommend