defending against the sneakers scenario bryan sullivan
play

Defending Against the Sneakers Scenario Bryan Sullivan, Security - PowerPoint PPT Presentation

Sep 19, 2022 •15 likes •656 views

Defending Against the Sneakers Scenario Bryan Sullivan, Security Program Manager, Microsoft SDL Crypto systems get broken eh vxuh wr gulqn brxu rydowlqh be sure to drink your ovaltine Why assume that current algorithms really are unbreakable,

  1. Defending Against the Sneakers Scenario Bryan Sullivan, Security Program Manager, Microsoft SDL

  2. Crypto systems get broken eh vxuh wr gulqn brxu rydowlqh be sure to drink your ovaltine Why assume that current algorithms really are unbreakable, unlike every other time in the history of cryptography?

  3. Consequences  Change code  Rebuild  Retest  Deploy patches to n users  Pretty big window of attack…

  4. Other concerns  Export controls  International regulations  FIPS‐140

  5. Solution  Plan for this from the beginning  Assume the crypto algorithms you use will be defeated in your application’s lifetime  Code your apps in a cryptographically agile manner  Or code‐review apps for crypto agility if you’re of the pentester persuasion and not a dev

  6. Steps toward crypto agility  Step 1: Avoid hardcoded algorithms

  7. Abstraction  Want one of these?  Are you sure?

  8. Three Cryptographically Agile Frameworks * .NET JCA CNG Java Cryptography Cryptography API Architecture Next Generation *If used correctly…

  9. .NET Cryptography

  10. .NET top‐level abstract classes  SymmetricAlgorithm  AsymmetricAlgorithm  HashAlgorithm  KeyedHashAlgorithm  HMAC  RandomNumberGenerator

  11. .NET Crypto Architecture HashAlgorithm +ComputeHash() #HashCore() +Create() SHA512 SHA1 SHA512Managed SHA512Cng SHA1Managed

  12. .NET examples  Non‐agile: MD5Cng hashObj = new MD5Cng(); byte[] result = hashObj.ComputeHash(data);

  13. .NET examples  More agile: HashAlgorithm hashObj = HashAlgorithm.Create("MD5"); byte[] result = hashObj.ComputeHash(data);

  14. Java Cryptography Architecture (JCA)

  15. JCA top‐level classes  javax.crypto.Cipher  javax.crypto.KeyAgreement  java.security.KeyFactory  javax.crypto.KeyGenerator  java.security.KeyPairGenerator  javax.crypto.Mac  java.security.MessageDigest  javax.crypto.SecretKeyFactory  java.security.SecureRandom  java.security.Signature

  16. JCA Architecture MessageDigestSpi +engineDigest() MessageDigest DigestBase +digest() +getInstance() MD5 SHA SHA2

  17. JCA example  More agile (by default, this is great!): MessageDigest md = MessageDigest.getInstance("MD5"); byte[] result = md.digest(data);

  18. JCA Architecture MessageDigestSpi +engineDigest() MessageDigest DigestBase +digest() +getInstance() MD5 SHA SHA2

  19. Cryptography API: Next Generation (CNG)

  20. CNG agile capabilities  Key generation and exchange  Object encoding and decoding  Data encryption and decryption  Hashing and digital signatures  Random number generation

  21. CNG Architecture BCRYPT_HASH_INTERFACE +GetHashInterface() BCRYPT_HASH_FUNCTION_TABLE BCRYPT_HASH_INTERFACE +Version +OpenAlgorithmProvider +GetProperty HashProvider +SetProperty +CloseAlgorithmProvider +CreateHash +HashData +FinishHash +DuplicateHash +DestroyHash

  22. CAPI example  Non‐agile: HCRYPTPROV hProv = 0; HCRYPTHASH hHash = 0; CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0); CryptCreateHash(hProv, CALG_MD5, 0, 0, &hHash); CryptHashData(hHash, data, len, 0);

  23. CNG example  More agile: BCRYPT_ALG_HANDLE hAlg = 0; BCRYPT_HASH_HANDLE hHash = 0; BCryptOpenAlgorithmProvider(&hAlg, "MD5", NULL, 0); BCryptCreateHash(hAlg, &hHash, …); BCryptHashData(hHash, data, len, 0);

  24. Still looks hardcoded to me…  .NET HashAlgorithm.Create("MD5");  JCA MessageDigest.getInstance("MD5");  CNG BCryptOpenAlgorithmProvider(&hAlg, "MD5", NULL, 0);

  25. Steps toward crypto agility  Step 1: Avoid hardcoded algorithms  Step 2: Reconfigure the algorithm provider

  26. JCA Provider Framework Application Provider Framework SHA‐1 MD5 MD5 SHA‐256 SHA‐1 SHA‐512 Provider A Provider B Provider C

  27. JCA Provider Framework MessageDigest. Application getInstance ("MD5"); Provider Framework SHA‐1 MD5 MD5 SHA‐256 SHA‐1 SHA‐512 Provider A Provider B Provider C

  28. JCA Provider Framework MessageDigest. Application getInstance ("MD5", "Provider C"); Provider Framework SHA‐1 MD5 MD5 SHA‐256 SHA‐1 SHA‐512 Provider A Provider B Provider C

  29. Configure providers  Option #1: Modify java.security file (static) security.provider.1= sun.security.provider.Sun security.provider.2= sun.security.provider.SunJCE …

  30. Configure providers  Option #2: Add in code (dynamic) java.security.Provider provider = new MyCustomProvider(); Security.addProvider(provider);

  31. Scenario #1: Bad provider security.provider.1=foo security.provider.2=bar

  32. Scenario 2: Bad algorithm Application Provider Framework SHA‐1 MD5 MD5 “MD5” SHA‐256 SHA‐1 SHA‐512 Provider A Provider B Provider C New Custom Provider

  33. Custom provider public class Provider extends java.security.Provider { put("MessageDigest.MD5", "MyFakeMD5Implementation"); }

  34. JCA Architecture MessageDigestSpi +engineDigest() MessageDigest DigestBase +digest() +getInstance() MD5 SHA SHA2

  35. Fake implementation MessageDigestSpi +engineDigest() FakeMD5Implementation SHA +digest()

  36. CNG provider framework  Similar to JCA, but less flexible  Custom providers go in system folder  Must register programmatically  Can only specify top or bottom of the list

  37. Fake implementation BCRYPT_HASH_INTERFACE +GetHashInterface() BCRYPT_HASH_FUNCTION_TABLE BCRYPT_HASH_INTERFACE +Version +OpenAlgorithmProvider +GetProperty FakeMD5Implementation +SetProperty +CloseAlgorithmProvider +CreateHash +HashData +FinishHash +DuplicateHash +DestroyHash

  38. Registering a custom provider CRYPT_PROVIDER_REG providerReg = {…}; BCryptRegisterProvider( "FakeMD5Implementation", 0, &providerReg); BCryptAddContextFunctionProvider( CRYPT_LOCAL, NULL, BCRYPT_HASH_INTERFACE, "MD5", "FakeMD5Implementation", CRYPT_PRIORITY_TOP);

  39. Avoid hardcoded implementation BCRYPT_ALG_HANDLE hAlg = 0; BCryptOpenAlgorithmProvider( &hAlg, "SHA1", "Microsoft Primitive Provider", 0);

  40. .NET Application HashAlgorithm. Create("MD5") mscorlib machine.config

  41. Altering machine.config <configuration> <mscorlib> <cryptographySettings> <nameEntry name="MD5" class="MyPreferredHash" /> <cryptoClasses> <cryptoClass MyPreferredHash="SHA512Cng, …" /> </cryptoClasses>

  42. Remapping algorithm names is dangerous MD5 SHA‐1  This is a good thing, right?  What could possibly go wrong?

  43. Steps toward crypto agility  Step 1: Avoid hardcoded algorithms  Step 2: Avoid hardcoded implementations  Step 3: Reconfigure the algorithm provider  Step 3 (alternate): Avoid default algorithm names

  44. Unique algorithm names  .NET HashAlgorithm.Create( "ApplicationFooPreferredHash");  JCA MessageDigest.getInstance( "ApplicationBarPreferredDigest");  CNG BCryptOpenAlgorithmProvider(&hAlg, "ApplicationFooPreferredHash", …);

  45. Steps toward crypto agility  Step 1: Avoid hardcoded algorithms  Step 2: Avoid hardcoded implementations  Step 3: Reconfigure the algorithm provider  Step 3 (alternate): Avoid default algorithm names  Step 3 (alternate #2): Pull algorithm name from secure configuration store

  46. Unique provider vs. config Unique provider Configuration store  Pros  Pros  Much easier to  Security to perform this implement action already part of the system  Cons  Cons  Probably prohibitive in  Must remember to terms of secure the store! implementation cost

  48. What went wrong?  Changing the algorithms is one thing…  …but changing stored data is another.

  49. Steps toward crypto agility  Step 1: Avoid hardcoded algorithms  Step 2: Avoid hardcoded implementations  Step 3: Reconfigure the algorithm provider  Step 3 (alternate): Avoid default algorithm names  Step 3 (alternate #2): Pull algorithm name from secure configuration store  Step 4: Store and consume algorithm metadata

  50. What metadata to store  Hashes  Algorithm name  Salt size  Output size  (Max input size)  Size considerations  Local variables (ie source code)  Database columns

  51. What metadata to store  Symmetric encryption  Algorithm name  Block size  Key size  Mode  Padding mode  Feedback size

  52. What metadata to store  Asymmetric encryption  Algorithm name  Key sizes  Key exchange algorithm  Signature algorithm

  53. What metadata to store  MAC  Algorithm name  Key size  Key derivation function  Function algorithm  Salt size  Iteration count  Output size  (Max input size)

  54. MS‐OFFCRYPTO  Office Document Cryptography Structure Specification  http://msdn.microsoft.com/en‐us/library/ cc313071(office.12).aspx

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Tom Tofigh, AT&amp;T Nic Viljoen, Netronome Bryan Sullivan, AT&amp;T Agenda Problem

Tom Tofigh, AT&amp;T Nic Viljoen, Netronome Bryan Sullivan, AT&amp;T Agenda Problem

The Need for Complex Analytics from Forwarding Pipelines Tom Tofigh, AT&amp;T Nic Viljoen, Netronome Bryan Sullivan, AT&amp;T Agenda Problem Statement Proposed SDN Based Observability Gaps in Real Time Observability

329 views • 17 slides
Announcing Coastal Expansion 2019-2020 WHO WE ARE Muddy Sneakers is a 501(c)(3) nonprofit that

Announcing Coastal Expansion 2019-2020 WHO WE ARE Muddy Sneakers is a 501(c)(3) nonprofit that

Announcing Coastal Expansion 2019-2020 WHO WE ARE Muddy Sneakers is a 501(c)(3) nonprofit that delivers high-quality outdoor science education to fifth-grade public school students. It was founded in Brevard in 2007 with the goal of

386 views • 27 slides
Lender Liability: Evaluating, Minimizing and Defending Claims Defending Against Attacks on Loans in

Lender Liability: Evaluating, Minimizing and Defending Claims Defending Against Attacks on Loans in

Presenting a live 90 minute webinar with interactive Q&amp;A Lender Liability: Evaluating, Minimizing and Defending Claims Defending Against Attacks on Loans in Workouts, Defaults, and Bankruptcy TUES DAY, DECEMBER 21, 2010 1pm Eastern |

1.33k views • 131 slides
MANA MANAGING HOME BIA GING HOME BIAS: : DEFENDING THE V DEFENDING THE VALUE OF LUE OF GL

MANA MANAGING HOME BIA GING HOME BIAS: : DEFENDING THE V DEFENDING THE VALUE OF LUE OF GL

MANA MANAGING HOME BIA GING HOME BIAS: : DEFENDING THE V DEFENDING THE VALUE OF LUE OF GL GLOBAL EQUITIES OBAL EQUITIES TO US PRIV US PRIVATE CLIENT E CLIENTS Jonathan F Jonathan Foster ster President &amp; CEO Angeles Wealth

643 views • 19 slides
Pursuing or Defending Claims Assessing Claims, Proving or Defending Liability, Navigating Complex

Pursuing or Defending Claims Assessing Claims, Proving or Defending Liability, Navigating Complex

Presenting a live 90-minute webinar with interactive Q&amp;A Wrongful Death Claims and Survival Actions: Pursuing or Defending Claims Assessing Claims, Proving or Defending Liability, Navigating Complex Valuation and Settlement Issues WEDNESDAY,

481 views • 26 slides
A Regions First Foray into Scenario Planning What is Scenario Planning? Scenario planning

A Regions First Foray into Scenario Planning What is Scenario Planning? Scenario planning

A Regions First Foray into Scenario Planning What is Scenario Planning? Scenario planning is a strategic planning method that organizations and communities can use to plan for an uncertain future by exploring the possibilities of what might

624 views • 20 slides
Risk of Eucalyptus tortoise beetle control Jon Sullivan Jon Sullivan Biology of the pest in NZ

Risk of Eucalyptus tortoise beetle control Jon Sullivan Jon Sullivan Biology of the pest in NZ

Risk of Eucalyptus tortoise beetle control Jon Sullivan Jon Sullivan Biology of the pest in NZ Egg parasitoids Enoggera nassaui and Neopolycystus insectifurax provide good Adults and larvae strip all control of 2 nd generation eggs in NZ:

376 views • 22 slides
SybilGuard: Defending Against Sybil Attacks SybilGuard: Defending Against Sybil Attacks via

SybilGuard: Defending Against Sybil Attacks SybilGuard: Defending Against Sybil Attacks via

SybilGuard: Defending Against Sybil Attacks SybilGuard: Defending Against Sybil Attacks via Social Networks via Social Networks Intel Research Pittsburgh / CMU Haifeng Yu National University of Singapore Michael Kaminsky Intel Research

501 views • 22 slides
Cross Cultural Perspectives in Analysis design approach scenario 1 scenario 2 scenario 3

Cross Cultural Perspectives in Analysis design approach scenario 1 scenario 2 scenario 3

Cross Cultural Perspectives in Analysis design approach scenario 1 scenario 2 scenario 3 alternate settings 2. Progression of Design 2. Design: traditional Kazakh Tribe Hierarchy 2. Design: representing power and FNE 2. Design:

947 views • 27 slides
Defending ERISA Conflict of Interest Discovery Requests Limiting the Scope of Discovery,

Defending ERISA Conflict of Interest Discovery Requests Limiting the Scope of Discovery,

Presenting a live 90-minute webinar with interactive Q&amp;A Defending ERISA Conflict of Interest Discovery Requests Limiting the Scope of Discovery, Preparing and Defending 30(b)(6) Depositions, and More THURSDAY, MARCH 27, 2014 1pm Eastern

711 views • 41 slides
Collective Model Fusion for Multiple Black-Box Experts MINH HOANG, NGHIA HOANG, BRYAN LOW, CARL

Collective Model Fusion for Multiple Black-Box Experts MINH HOANG, NGHIA HOANG, BRYAN LOW, CARL

Collective Model Fusion for Multiple Black-Box Experts MINH HOANG, NGHIA HOANG, BRYAN LOW, CARL KINGSFORD Collaborative AI: A health-care scenario Disease Prediction Related work: Data Fusion Clinical Notes Medical Codes Vital Signs over

523 views • 10 slides
Lender Liability: Evaluating, Minimizing Lender Liability: Evaluating, Minimizing and Defending

Lender Liability: Evaluating, Minimizing Lender Liability: Evaluating, Minimizing and Defending

Presenting a live 90 minute webinar with interactive Q&amp;A Lender Liability: Evaluating, Minimizing Lender Liability: Evaluating, Minimizing and Defending Claims Defending Against Attacks on Loans in Workouts, Defaults and Bankruptcy THURS

979 views • 95 slides
186 SULLIVAN STREET EXTERIOR WORK APPLICATION LPC 19-38221 May 2, 2019 ARMAND LEGARDEUR

186 SULLIVAN STREET EXTERIOR WORK APPLICATION LPC 19-38221 May 2, 2019 ARMAND LEGARDEUR

186 SULLIVAN STREET EXTERIOR WORK APPLICATION LPC 19-38221 May 2, 2019 ARMAND LEGARDEUR ARCHITECT 242 West 30th Street, Suite 1500 New Y ork, NY 10001 Existing Conditions Designation Images 186 Sullivan Street May 2, 2019 1 Sullivan

366 views • 9 slides
BRYAN ISD PATHWAY TO MIDDLE SCHOOL 7 - 8 PARENT AND STUDENT INFORMATION NIGHT SPRING 2017 BRYAN

BRYAN ISD PATHWAY TO MIDDLE SCHOOL 7 - 8 PARENT AND STUDENT INFORMATION NIGHT SPRING 2017 BRYAN

BRYAN ISD PATHWAY TO MIDDLE SCHOOL 7 - 8 PARENT AND STUDENT INFORMATION NIGHT SPRING 2017 BRYAN ISD MISSION AND VISION Bryan ISD, the district of choice, will provide positive educational experiences that ensure high school graduation and

440 views • 17 slides
Creating a Road Map for Educational Scholarship Presenters Patricia O Sullivan , EdD

Creating a Road Map for Educational Scholarship Presenters Patricia O Sullivan , EdD

Creating a Road Map for Educational Scholarship Presenters Patricia O Sullivan , EdD http://www.ucsfcme.com/MedEd21c/ #UCSFMedEd21 Uijtdehaage S, Kalishman S, O'Sullivan P, Robins L. How to succeed as a medical education scholar:

515 views • 12 slides
Defending Networks with Incomplete Information: A Machine Learning Approach Alexandre Pinto

Defending Networks with Incomplete Information: A Machine Learning Approach Alexandre Pinto

Defending Networks with Incomplete Information: A Machine Learning Approach Alexandre Pinto alexcp@mlsecproject.org @alexcpsec @MLSecProject WARNING! This is a talk about DEFENDING not attacking NO systems were harmed on the

801 views • 47 slides
Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric

Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric

CS573 Data Privacy and Security Cryptographic Primitives and Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation Problem and

779 views • 47 slides
Basics of Cryptography and Cybersecurity Protecting Against Harm That May Come via Network

Basics of Cryptography and Cybersecurity Protecting Against Harm That May Come via Network

Basics of Cryptography and Cybersecurity Protecting Against Harm That May Come via Network Access Security Goal: Confidentiality q Suppose you are a customer using a credit card to order an item from a website q Threat: - An adversary may

305 views • 27 slides
Hierarchical Approach in RNS Base Extension for Asymmetric Cryptography Libey Djath 1 , Karim

Hierarchical Approach in RNS Base Extension for Asymmetric Cryptography Libey Djath 1 , Karim

Hierarchical Approach in RNS Base Extension for Asymmetric Cryptography Libey Djath 1 , Karim Bigou 1 , Arnaud Tisserand 2 1 Universit e de Bretagne Occidentale / Lab-STICC, UMR CNRS 6285 2 CNRS / Lab-STICC, UMR 6285 ARITH-26, 10-12 June 2019,

529 views • 23 slides
Introduction to symmetric cryptography Joan Daemen Institute for Computing and Information

Introduction to symmetric cryptography Joan Daemen Institute for Computing and Information

Introduction to symmetric cryptography Joan Daemen Institute for Computing and Information Sciences Radboud University ibenik summer school 2016 Page 1 of 51 Joan Daemen ibenik summer school 2016 Symmetric Crypto Outline Security

1.38k views • 58 slides
Modeling and verification of security protocols Part I: Basics of cryptography and introduction to

Modeling and verification of security protocols Part I: Basics of cryptography and introduction to

Modeling and verification of security protocols Part I: Basics of cryptography and introduction to security protocols Dresden University of Technology Martin Pitt martin@piware.de Paper and slides available at http://www.piware.de/docs.shtml

549 views • 33 slides
Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key

Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key

Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key Cryptography Security Requirements Advantages Modes of Use Diffie-Hellman Key Exchange RSA Cryptosystem ElGamal

584 views • 32 slides
CS CS 683 683 - Security y and Privacy Fa Fall 2019 In Instructor or: Ka Karim El Elde

CS CS 683 683 - Security y and Privacy Fa Fall 2019 In Instructor or: Ka Karim El Elde

CS CS 683 683 - Security y and Privacy Fa Fall 2019 In Instructor or: Ka Karim El Elde defrawy Un University ty of of Sa San Francisco http://www.cs.usfca.edu/~keldefrawy/teaching/f all2019/cs683/cs683_main.htm 1 Lectures 3 and 4

976 views • 81 slides
Recall: symmetric setting CS 4803 A Computer and Network Security K K Alexandra (Sasha)

Recall: symmetric setting CS 4803 A Computer and Network Security K K Alexandra (Sasha)

Recall: symmetric setting CS 4803 A Computer and Network Security K K Alexandra (Sasha) Boldyreva S R Public-key encryption 1 2 Public-key (asymmetric) setting Asymmetric encryption schemes A scheme AE is specified a key generation

280 views • 4 slides

More recommend