openssl after heartbleed
play

OpenSSL after HeartBleed Tim Hudson Cryptsoft, OpenSSL Team Rich - PowerPoint PPT Presentation

May 10, 2023 •403 likes •755 views

OpenSSL after HeartBleed Tim Hudson Cryptsoft, OpenSSL Team Rich Salz Akamai Technologies, OpenSSL Team The most important date April 3, 2014 LinuxCon/Europe 2016 2 The most important date April 3, 2014 HeartBleed Re-key the

  1. OpenSSL after HeartBleed Tim Hudson Cryptsoft, OpenSSL Team Rich Salz Akamai Technologies, OpenSSL Team

  2. The most important date • April 3, 2014 LinuxCon/Europe 2016 2

  3. The most important date • April 3, 2014 • HeartBleed • Re-key the Internet LinuxCon/Europe 2016 3

  4. So what was HeartBleed? • Massive mainstream press coverage LinuxCon/Europe 2016 4

  5. So what was HeartBleed? • A very simple bug, the code didn’t check a buffer length. Source: http://xkcd.com/1354/ courtesy Randall Munroe LinuxCon/Europe 2016 5

  6. So what was HeartBleed? To the best of our knowledge, Heartbleed is the first computer systems bug to have both its own website and its own logo, the cute bleeding heart. As such, Heartbleed sets a precedent that will have both positive and negative ramifications for future vulnerabilities and malware. … Even among the vast majority of the population who have no idea what OpenSSL is, people everywhere quickly found out that a major bug could compromise their Internet security. Source: VDC Research - http://blog.vdcresearch.com/embedded_sw/2014/04/exploiting-the-exploit-the-marketing-of-heartbleed.html LinuxCon/Europe 2016 6

  7. The sky is falling … • CVE-2011-0014 - infoleak, true impact unknown • CVE-2012-2110 - possibly arbitrary code execution on reading certificates • CVE-2012-2333 - buffer over-read, true impact unknown • CVE-2014-1266 - “ goto fail” server spoofing (Apple) • CVE-2014-0160 – Heartbleed • CVE-2014-0224 - “early CCS” disables encryption • CVE-2014-1568 - RSA signature forgery (NSS) LinuxCon/Europe 2016 7

  8. Or is it … LinuxCon/Europe 2016 8

  9. So what was HeartBleed? • Basically missed validating a variable containing a length • Contributed code had a bug – bug was in code base for three years ! • Project team member review missed the bug • Other team members either didn’t review or also simply missed the bug • Multiple external security reviewers and auditors missed the bug • OpenSSL external developers and users missed the bug • Security review teams in major OpenSSL using organisations missed the bug • All existing code analysis tools missed the bug • Bug allowed clients to attack servers and servers to attack clients LinuxCon/Europe 2016 9

  10. So what was HeartBleed?  LinuxCon/Europe 2016 10

  11. Life before HeartBleed • Project had effectively become somewhat moribund • Releases were not pre-announced, no documented policies • Source code was complex and arcane • Hard to maintain; harder to contribute • Main developers were overworked and overcommitted • Project donations minimal (sub USD$2000 per annum) LinuxCon/Europe 2016 11

  12. Repo activity, 2012 - 2014 LinuxCon/Europe 2016 12

  13. How did we let this happen? • Very little time spent on building community • Long lead time to understand code • Static project team membership • Need to focus on consulting dollars (FIPS140) to keep project alive • No ability to make, announce, and keep to plans • … all added up to “ultra cautious” to any change attitude LinuxCon/Europe 2016 13

  14. The usual questions … • How could the project let this happen? • How could the project members be so stupid? • What other nasty break-the-internet bugs are yet to be found? • Why didn’t the project fix this sooner? • Why didn’t all those companies making money off OpenSSL contribute? • How could we possibly trust the team to not make the same mistake in future? • Why shouldn’t I simply switch over to one of the forks? LinuxCon/Europe 2016 14

  15. After-affects • Wider recognition of dependency on critical under-funded projects • Creation of the Core Infrastructure Initiative, a multi-million dollar effort to add effective resources to the open source projects that make the Internet work LinuxCon/Europe 2016 15

  16. Growing the Team • Prior to April 2014 – Two main developers (one primary committer) entirely on volunteer basis; all other team members focused on other areas; main developer basically funded by paid OpenSSL consulting work – No formal decision making process • As of December 2014 – Fifteen project team members; a couple inactives – Two full time funded by CII; two full time funded by donations – Formal decision making process LinuxCon/Europe 2016 16

  17. After-affects • We had the first-ever F2F • Drafted major policies: – Release strategy – Security policy – Coding style • Socialized with each other; POODLE helped LinuxCon/Europe 2016 17

  18. Transparency • We use GitHub for many things. • We have public policies for security fixes, a release schedule and high-level content, code of conduct, and so on. • Email traffic increased, and (seems) more useful LinuxCon/Europe 2016 18

  19. 2016 Activity (so far) • 3246 commits • One major release, 15 bugfix releases; 29 CVE’s • GitHub: – 281 users created 122 issues, 63 PR’s. – Team closed 972 issues; 733 PR’s (usually merged) Page 19

  20. Repo Activity, 2014-2016  LinuxCon/Europe 2016 20

  21. Transparency: security fixes Source: OpenSSL Blog Entry LinuxCon/Europe 2016 21

  22. 1000 1500 2000 2500 3000 3500 4000 4500 500 0 4/4/2002 4/4/2003 4/4/2004 4/4/2005 Bug tracking 4/4/2006 4/4/2007 LinuxCon/Europe 2016 4/4/2008 4/4/2009 4/4/2010 4/4/2011 4/4/2012 4/4/2013 4/4/2014 4/4/2015 4/4/2016 22

  23. Project Supported Releases • Version 1.1.0 will be supported until 2018-04-30. • Version 1.0.2 will be supported until 2019-12-31 (LTS). • Support for version 1.0.1 will cease on 2016-12-31. No further releases of 1.0.1 will be made after that date. Security fixes only will be applied to 1.0.1 until then. • Version 1.0.0 is no longer supported. • Version 0.9.8 is no longer supported. LinuxCon/Europe 2016

  24. Renewed focus • Security researchers more actively looking for issues • More fuzz testing going on • Increased focus on automated testing • Static code analysis tools rapidly updated • Reported issues more quickly analyzed • Mandatory team member code reviews LinuxCon/Europe 2016 24

  25. Project Roadmap • Roadmap has been published and progress against roadmap updated - https://www.openssl.org/policies/roadmap.html • Major items: – clear bug backlog – code reviews – documentation – release plan – complexity – platform strategy – coding style – security strategy LinuxCon/Europe 2016 25

  26. Vitality is its own reward LinuxCon/Europe 2016 26

  27. Future Plans • TLS 1.3 • Apache v2 license • More testing • FIPS • … what else is needed? LinuxCon/Europe 2016 Page 27

  28. FIPS140 • FIPS140 related work effectively entirely funded the OpenSSL project for the last five years • Selling into USA Government where FIPS140-2 support is mandatory is important to most large vendors • The validation process is time consuming and subject to changed requirements • Coordinating multiple sponsors on a multi-year journey with no guarantee of successful outcome is in itself challenging LinuxCon/Europe 2016 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Heartbleed Presented by Duc Tran Agenda Background TLS OpenSSL TLS

Heartbleed Presented by Duc Tran Agenda Background TLS OpenSSL TLS

Heartbleed Presented by Duc Tran Agenda Background TLS OpenSSL TLS Heartbeat Extension The Hearbleed Bug Whos Vulnerable Demo Why its bad Protections Background What is Transport

562 views • 17 slides
We SSL Emilia Ksper OpenSSL / Google Lets start with a guessing game... What is this

We SSL Emilia Ksper OpenSSL / Google Lets start with a guessing game... What is this

We SSL Emilia Ksper OpenSSL / Google Lets start with a guessing game... What is this graph about? Myth: Heartbleed broke the Internet Fact: Internet-breaking bugs are common CVE-2011-0014 - infoleak, true impact unknown

301 views • 18 slides
Testing TLS Hubert Kario Quality Engineer 24-10-2015 2014 Heartbleed 24-10-2015 3/55

Testing TLS Hubert Kario Quality Engineer 24-10-2015 2014 Heartbleed 24-10-2015 3/55

Testing TLS Hubert Kario Quality Engineer 24-10-2015 2014 Heartbleed 24-10-2015 3/55 OpenSSL CCS bug 24-10-2015 4/55 gotofail 24-10-2015 5/55 Certifjcate handling 24-10-2015 6/55 CVE-2014-6321 in schannel a.k.a. Winshock

774 views • 55 slides
SSL/TLS OpenSSL OpenSSL is a very common SSL/TLS library Written in C Wrappers exist

SSL/TLS OpenSSL OpenSSL is a very common SSL/TLS library Written in C Wrappers exist

SSL/TLS OpenSSL OpenSSL is a very common SSL/TLS library Written in C Wrappers exist for many languages Can be used for many encryption needs Generating keys Signing certs Validating certs We'll use OpenSSL in the

287 views • 6 slides
OpenSSL is not an oxymoron Rich Salz Akamai Technologies OpenSSL Dev Team

OpenSSL is not an oxymoron Rich Salz Akamai Technologies OpenSSL Dev Team

Software Engineering and OpenSSL is not an oxymoron Rich Salz Akamai Technologies OpenSSL Dev Team rsalz@{akamai.com,openssl.org} Main lesson Its not the crypto that kills you (or your open source project) Rich Salz Real World Crypto

346 views • 23 slides
Birth of LibreSSL and its current status Frank Timmers Consutant, Snow B.V. Background What is

Birth of LibreSSL and its current status Frank Timmers Consutant, Snow B.V. Background What is

Birth of LibreSSL and its current status Frank Timmers Consutant, Snow B.V. Background What is LibreSSL A fork of OpenSSL 1.0.1g Being worked on extensively by a number of OpenBSD developers What is OpenSSL OpenSSL is an open

830 views • 24 slides
US/win10/tools/IoTAPIPortingT ool.htm https://www.openssl.org/ GetMemoryStatus

US/win10/tools/IoTAPIPortingT ool.htm https://www.openssl.org/ GetMemoryStatus

Any questions please contact winhectpe@microsoft.com http://ms-iot.github.io/content/en- US/win10/tools/IoTAPIPortingT ool.htm https://www.openssl.org/ GetMemoryStatus GetMemoryStatusEx trusted random number generator - readscreen()

734 views • 42 slides
The Heartbleed Bug and Attack Background: the Heartbeat Protocol TLS/SSL protocols provide a

The Heartbleed Bug and Attack Background: the Heartbeat Protocol TLS/SSL protocols provide a

The Heartbleed Bug and Attack Background: the Heartbeat Protocol TLS/SSL protocols provide a secure channel between two communicating applications TLS/SSL is widely used Heartbeat extension: implement keep-alive feature of TLS.

196 views • 8 slides
RSA RSA RSA in OpenSSL RSA in Python Cryptography School of Engineering and Technology

RSA RSA RSA in OpenSSL RSA in Python Cryptography School of Engineering and Technology

Cryptography RSA RSA Algorithm Analysis of RSA Implementations of RSA RSA RSA in OpenSSL RSA in Python Cryptography School of Engineering and Technology CQUniversity Australia Prepared by Steven Gordon on 20 Feb 2020, rsa.tex, r1799

869 views • 29 slides
RSA Implementations of RSA RSA in OpenSSL RSA in Python Cryptography School of Engineering

RSA Implementations of RSA RSA in OpenSSL RSA in Python Cryptography School of Engineering

Cryptography RSA RSA Algorithm Analysis of RSA RSA Implementations of RSA RSA in OpenSSL RSA in Python Cryptography School of Engineering and Technology CQUniversity Australia Prepared by Steven Gordon on 20 Feb 2020, rsa.tex, r1799 1

522 views • 29 slides
OpenSSLNTRU: experiences integrating a post-quantum KEM into TLS 1.3 via an OpenSSL ENGINE

OpenSSLNTRU: experiences integrating a post-quantum KEM into TLS 1.3 via an OpenSSL ENGINE

OpenSSLNTRU: experiences integrating a post-quantum KEM into TLS 1.3 via an OpenSSL ENGINE Speaker: Daniel J. Bernstein Joint work with: Billy Bob Brumley, Ming-Shing Chen ( libsntrup761 leader), Nicola Tuveri ( engntru leader)

509 views • 9 slides
H Healing Heartbleed li H bl d Vulnerability Mitigation with Internet wide Scanning

H Healing Heartbleed li H bl d Vulnerability Mitigation with Internet wide Scanning

H Healing Heartbleed li H bl d Vulnerability Mitigation with Internet wide Scanning Vulnerability Mitigation with Internet wide Scanning J. Alex Halderman Mining Your Ps and Qs: Widespread Weak Keys in Network Devices Nadia Heninger, Zakir

640 views • 53 slides
Towards a sustainable solution to open source sustainability Tobie Langel, Principal, UnlockOpen

Towards a sustainable solution to open source sustainability Tobie Langel, Principal, UnlockOpen

Towards a sustainable solution to open source sustainability Tobie Langel, Principal, UnlockOpen The Heartbleed Bug Heartbleed bug impact ! 4.5 MILLION The number of US patient records whose confidentiality was compromised. " $500

887 views • 39 slides
The Matter of Heartbleed IMC 2014 Zakir Durumeric, Frank Li, James Kasten, Johanna Amann, Jethro

The Matter of Heartbleed IMC 2014 Zakir Durumeric, Frank Li, James Kasten, Johanna Amann, Jethro

The Matter of Heartbleed IMC 2014 Zakir Durumeric, Frank Li, James Kasten, Johanna Amann, Jethro Beekman, Mathias Payer, Nicholas Weaver, David Adrian, Vern Paxson, Michael Bailey, J. Alex Halderman U.C. Berkeley CS294-105 Fall 2014 1

705 views • 17 slides
How broken is TLS? A tale of BEAST, CRIME, Lucky Thirteen and Heartbleed Hanno B ock,

How broken is TLS? A tale of BEAST, CRIME, Lucky Thirteen and Heartbleed Hanno B ock,

Introduction Software CAs X.509 Symmetric encryption TLS misc Misc End How broken is TLS? A tale of BEAST, CRIME, Lucky Thirteen and Heartbleed Hanno B ock, https://hboeck.de 2014-04-19 1 / 44 Introduction Software CAs Introduction

821 views • 44 slides
Data Encryption Standard Simplified-DES Details of DES DES in OpenSSL Cryptography DES in

Data Encryption Standard Simplified-DES Details of DES DES in OpenSSL Cryptography DES in

Cryptography Data Encryption Standard Overview of the Data Encryption Standard (DES) Data Encryption Standard Simplified-DES Details of DES DES in OpenSSL Cryptography DES in Python School of Engineering and Technology CQUniversity

594 views • 30 slides
CRATerre, In ternatjonal center for earth constructjon Marc AUZET, October 2011, Xiamen

CRATerre, In ternatjonal center for earth constructjon Marc AUZET, October 2011, Xiamen

Internatjonal workshop on rammed earth materials and sustainable structures CRATerre, In ternatjonal center for earth constructjon Marc AUZET, October 2011, Xiamen University, China Rammed earth farm, North-Isre between Lyon and Grenoble,

454 views • 21 slides
On Key -collisions in (EC)DSA Schemes (1) Let ( m , S ) be a message and its signature.

On Key -collisions in (EC)DSA Schemes (1) Let ( m , S ) be a message and its signature.

On Key -collisions in (EC)DSA Schemes CRYPTO 2002 Rump Session Tom Rosa tomas.rosa@i.cz, http://crypto.hyperlink.cz ICZ, a.s. Dept. of Computer Science, CTU in Prague CZECH REPUBLIC On Key -collisions in (EC)DSA Schemes (1) Let ( m

519 views • 5 slides
Value-driven Approach Designing Extended Data Warehouses Nabila BERKANI & Selma KHOURI

Value-driven Approach Designing Extended Data Warehouses Nabila BERKANI & Selma KHOURI

Laboratoire dInformatique et dAutomatique pour les Systmes Value-driven Approach Designing Extended Data Warehouses Nabila BERKANI & Selma KHOURI Carlos ORDONEZ Ladjel BELLATRECHE ESI University of Houston LIAS/ISAE-ENSMA

494 views • 13 slides
7. Refined Verification Condition Generation Program Verification ETH Zurich, Spring Semester

7. Refined Verification Condition Generation Program Verification ETH Zurich, Spring Semester

7. Refined Verification Condition Generation Program Verification ETH Zurich, Spring Semester 2018 Alexander J. Summers 158 Weakest Preconditions So Far Weakest preconditions provide a means of reducing the question: does a program have

339 views • 16 slides
Sambamba : A Runtime System for Online Adaptive Parallelization Clemens Hammacher Kevin Streit

Sambamba : A Runtime System for Online Adaptive Parallelization Clemens Hammacher Kevin Streit

Sambamba : A Runtime System for Online Adaptive Parallelization Clemens Hammacher Kevin Streit Sebastian Hack Andreas Zeller A well-known challenge Modern Legacy Code Hardware The Problem ... The Problem ... Thread 1 Thread 2 Thread 3

379 views • 16 slides
A Design Phase for Data Sharing Agreements Ilaria Matteucci, Marinella Petrocchi, Marco Sbodio,

A Design Phase for Data Sharing Agreements Ilaria Matteucci, Marinella Petrocchi, Marco Sbodio,

A Design Phase for Data Sharing Agreements Ilaria Matteucci, Marinella Petrocchi, Marco Sbodio, and Luca Wiegand Istituto di Informatica e Telematica Consiglio Nazionale delle Ricerche - Pisa Italy & HP Innovation Center Torino

1.28k views • 32 slides
Distributed Constraint Optimization DSA-1, MGM-1 (exchange individual assignments)

Distributed Constraint Optimization DSA-1, MGM-1 (exchange individual assignments)

10/05/2014 Approximate Algorithms: outline No guarantees Distributed Constraint Optimization DSA-1, MGM-1 (exchange individual assignments) (Approximate approaches) Max-Sum (exchange functions) Off-Line guarantees

529 views • 13 slides
The State of the DSL Art in Ruby Glenn Vanderburg Relevance, Inc. glenn@thinkrelevance.com

The State of the DSL Art in Ruby Glenn Vanderburg Relevance, Inc. glenn@thinkrelevance.com

The State of the DSL Art in Ruby Glenn Vanderburg Relevance, Inc. glenn@thinkrelevance.com State of the Art Focus on internal DSLs Rubyists pushing the leading edge Rubys features make it a good match DSLs Are Overhyped Evolution

432 views • 22 slides

More recommend