SLIDE 1
Tutamen: A Next-Generation Secret-Storage System
Andy Sayler, Taylor Andrews, Matt Monaco, and Dirk Grunwald
Presented by Andy Sayler
SoCC 2016 10/06/16
Tutamen: A Next-Generation Secret-Storage System Andy Sayler, - - PowerPoint PPT Presentation
Tutamen: A Next-Generation Secret-Storage System Andy Sayler, - - PowerPoint PPT Presentation
Tutamen: A Next-Generation Secret-Storage System Andy Sayler, Taylor Andrews, Matt Monaco, and Dirk Grunwald Presented by Andy Sayler SoCC 2016 10/06/16 SFg5asknmc6e SFg5asknmc6e SFg5asknmc6e DTrump GreatPassword Secrets SFg5asknmc6e
SLIDE 2
SLIDE 3
SLIDE 4
SLIDE 5
SLIDE 6
SFg5asknmc6e
SLIDE 7
SFg5asknmc6e
SLIDE 8
SFg5asknmc6e
DTrump GreatPassword
SLIDE 9
SFg5asknmc6e
DTrump GreatPassword
Secrets
SLIDE 10
Modern Use Cases
SLIDE 11
Multi-Device Access
SLIDE 12
Multi-User Sharing
SLIDE 13
Cloud Infrastructure
SLIDE 14
Secret-Storage Problem
SLIDE 15
How do we store and protect secrets while also supporting a range of modern use cases?
Secret-Storage Problem
SLIDE 16
Secret-Storage as a Service
SLIDE 17
SLIDE 18
Storage
SLIDE 19
Storage Access Control
SLIDE 20
Storage Access Control Auditing
SLIDE 21
SLIDE 22
SLIDE 23
- Requires single (semi-)trusted third party
- Not designed for automated use cases
SLIDE 24
- Requires single (semi-)trusted third party
- Not designed for automated use cases
SLIDE 25
- Lacks support for out-of-band approval
- Designed for single administrative domain
- Requires single (semi-)trusted third party
- Not designed for automated use cases
SLIDE 26
Tutamen:
Next-Gen Secret-Storage
SLIDE 27
Goals
SLIDE 28
Flexible Authentication
Plugins for Multi-factor, Out-of-Band, Etc Auth
SLIDE 29
Flexible Authentication Minimally Trusted Infrastructure
Plugins for Multi-factor, Out-of-Band, Etc Auth Sharding Across Multiple Servers
SLIDE 30
Flexible Authentication Minimally Trusted Infrastructure Beyond a Single Administrative Domain
Plugins for Multi-factor, Out-of-Band, Etc Auth Sharding Across Multiple Servers Distributed Federation Between Servers
SLIDE 31
Architecture
SLIDE 32
SLIDE 33
Storage Server
SLIDE 34
Storage Server Access Control Server
SLIDE 35
Application Storage Server Access Control Server
SLIDE 36
Application Storage Server Access Control Server
Client
SLIDE 37
Mutual TLS Application Storage Server Access Control Server
Token Request Token Response Client
SLIDE 38
Mutual TLS TLS w/ Token Application Storage Server Access Control Server
Token Request Token Response S t
- r
e S e c r e t Fetch Secret Client
SLIDE 39
Mutual TLS TLS w/ Token Application Storage Server Access Control Server
Client Public Token Signing Key Token Request Token Response S t
- r
e S e c r e t Fetch Secret
SLIDE 40
SLIDE 41
Storage Server
SLIDE 42
Storage Server Collection
SLIDE 43
Storage Server Collection
Secret
SLIDE 44
Storage Server Collection
AC Srv URL AC Srv URL AC Srv URL Secret
SLIDE 45
Storage Server Collection
AC Srv URL AC Srv URL AC Srv URL Secret # AC Srv Required
SLIDE 46
SLIDE 47
Access Control Server
SLIDE 48
Access Control Server Account
SLIDE 49
Access Control Server Account
Client
SLIDE 50
Access Control Server Authenticator Account
Client
SLIDE 51
Access Control Server Authenticator Verifier Account
Client
SLIDE 52
Access Control Server Authenticator Verifier
Account ID Account ID Account ID
Account
Client
SLIDE 53
Access Control Server Authenticator Verifier
Account ID Account ID Account ID Authenticator ID Authenticator ID Authenticator ID
Account
Client
SLIDE 54
Access Control Server Authenticator Verifier
Account ID Account ID Account ID Authenticator ID Authenticator ID Authenticator ID
Permissions
Object Type Object ID
Account
Client Permission Name
SLIDE 55
Access Control Server Authenticator Verifier
Account ID Account ID Account ID Authenticator ID Authenticator ID Authenticator ID
Permissions
Object Type Object ID Permission Name Verifier ID Verifier ID Verifier ID
Account
Client
SLIDE 56
Why Place Trust In Single Servers?
SLIDE 57
Multi-Server Operation
SLIDE 58
SLIDE 59
AC Server A AC Server B
SLIDE 60
Storage Server A AC Server A Storage Server B Storage Server C AC Server B
SLIDE 61
Application Storage Server A AC Server A Storage Server B Storage Server C AC Server B
SLIDE 62
Application Storage Server A AC Server A Storage Server B Storage Server C AC Server B
T
- k
e n s
SLIDE 63
Application Storage Server A AC Server A Storage Server B Storage Server C AC Server B
Public Signing Keys Tokens Shard
SLIDE 64
Application Storage Server A AC Server A Storage Server B Storage Server C AC Server B
T
- k
e n s S h a r d Public Signing Keys
SLIDE 65
Application Storage Server A AC Server A Storage Server B Storage Server C AC Server B
Tokens Shard Public Signing Keys
SLIDE 66
Application Storage Server A AC Server A Storage Server B Storage Server C AC Server B
Secret
SLIDE 67
Secret Retrieval
SLIDE 68
Secret Retrieval
w/ Out of Band Human-in-the-Loop
SLIDE 69
SLIDE 70
Permissions for Collection cf3529eb13be: { read: [ Verifier a74b2e2d493d ] }
SLIDE 71
Permissions for Collection cf3529eb13be: { read: [ Verifier a74b2e2d493d ] } Verifier a74b2e2d493d { Accounts: [ Account cceb832edcdb ] } Authenticators: [ Authenticator 34e85e1bb264 ] }
SLIDE 72
Permissions for Collection cf3529eb13be: { read: [ Verifier a74b2e2d493d ] } Verifier a74b2e2d493d { Accounts: [ Account cceb832edcdb ] } Authenticators: [ Authenticator 34e85e1bb264 ] } Authenticator 34e85e1bb264 { Plugin: SMS Challenge/Response }
SLIDE 73
Account ACS A ACS B T i m e SS A SS B SS C Human
SLIDE 74
Account ACS A ACS B
- 1. Request
Collection read-sec Tokens
T i m e SS A SS B SS C Human
SLIDE 75
Account ACS A ACS B
- 1. Request
Collection read-sec Tokens
T i m e SS A SS B SS C
<“col”, ”read-sec”, uuid>
Human
SLIDE 76
Account ACS A ACS B
- 1. Request
Collection read-sec Tokens
T i m e SS A SS B SS C
<“col”, ”read-sec”, uuid>
Human
1b. Confirm via SMS
SLIDE 77
Account ACS A ACS B
- 1. Request
Collection read-sec Tokens <SMS challenge>
T i m e SS A SS B SS C
<“col”, ”read-sec”, uuid>
Human
1b. Confirm via SMS
SLIDE 78
Account ACS A ACS B
- 1. Request
Collection read-sec Tokens <SMS challenge>
T i m e SS A SS B SS C
<“col”, ”read-sec”, uuid>
Human
1b. Confirm via SMS <SMS reply>
SLIDE 79
Account ACS A ACS B
- 1. Request
Collection read-sec Tokens
T i m e SS A SS B SS C
<“col”, ”read-sec”, uuid> <tokens> <SMS challenge>
Human
1b. Confirm via SMS <SMS reply>
SLIDE 80
Account ACS A ACS B
- 1. Request
Collection read-sec Tokens
T i m e SS A SS B SS C
- 2. Read Secret
from Collection <“col”, ”read-sec”, uuid> <tokens> <SMS challenge>
Human
1b. Confirm via SMS <SMS reply>
SLIDE 81
Account ACS A ACS B
- 1. Request
Collection read-sec Tokens
T i m e SS A SS B SS C
<tokens, uuid>
- 2. Read Secret
from Collection <“col”, ”read-sec”, uuid> <tokens> <SMS challenge>
Human
1b. Confirm via SMS <SMS reply>
SLIDE 82
Account ACS A ACS B
- 1. Request
Collection read-sec Tokens
T i m e SS A SS B SS C
<secret shards> <tokens, uuid>
- 2. Read Secret
from Collection <“col”, ”read-sec”, uuid> <tokens> <SMS challenge>
Human
1b. Confirm via SMS <SMS reply>
SLIDE 83
Applications
SLIDE 84
Fusebox: Tutamen-backed Dropbox Client
Implementation by Taylor Andrews
SLIDE 85
SLIDE 86
SLIDE 87
SLIDE 88
SLIDE 89
SLIDE 90
SLIDE 91
SLIDE 92
Tutamen-backed dm-crypt/LUKS FDE
Implementation by Matt Monaco
SLIDE 93
SLIDE 94
SLIDE 95
1.2.3.4/24
SLIDE 96
SMS Challenge
SLIDE 97
1.2.3.4/24 SMS Challenge
SLIDE 98
1.2.3.4/24 SMS Challenge
SLIDE 99
1.2.3.4/24
✓ ✓
SMS Challenge
✓
SLIDE 100
1.2.3.4/24
✓ ✓
SMS Challenge
✓
SLIDE 101
1.2.3.4/24
✓ ✓
SMS Challenge
✓
SLIDE 102
Evaluation
SLIDE 103
Useful Across a Range of Applications
SLIDE 104
Access Control Server - Get Token
SLIDE 105
Storage Server - Fetch Secret
SLIDE 106
Conclusion
SLIDE 107
Next-Generation Secret Storage as a Service
SLIDE 108
Tutamen
Next-Generation Secret Storage as a Service
SLIDE 109
Flexible Authentication Minimally Trusted Infrastructure Beyond a Single Administrative Domain
Plugins for Multi-factor, Out-of-Band, Etc Auth Sharding Across Multiple Servers Distributed Federation Between Servers
SLIDE 110
Thank You
SLIDE 111
Questions?
SLIDE 112
Extra Slides
SLIDE 113
How can we secure and control our data?
(even in the presence third parties) (while also supporting modern use cases)
SLIDE 114
Client-Side Encryption?
SLIDE 115
“My Data”
SLIDE 116
Cryptography!
SLIDE 117
“My Data”
SLIDE 118
TXkgU2VjcmV0 “My Data” Encrypt
SLIDE 119
TXkgU2VjcmV0 “My Data” Encrypt
SLIDE 120
TXkgU2VjcmV0 “My Data” Encrypt Decrypt
SLIDE 121
Cryptography!
SLIDE 122
Cryptography!
+ - * / ^
SLIDE 123
TXkgU2VjcmV0 “My Data” Encrypt Decrypt
SLIDE 124
TXkgU2VjcmV0 “My Data” Encrypt Decrypt
SLIDE 125
TXkgU2VjcmV0 “My Data” Encrypt Decrypt
? ?
SLIDE 126
TXkgU2VjcmV0 “My Data” Encrypt Decrypt
SLIDE 127
Tutamen-backed QEMU VM Encryption
SLIDE 128
1.2.3.4/24
✓ ✓
SMS Challenge
✓
SLIDE 129
Tutamen Management Utility
SLIDE 130
SLIDE 131
SLIDE 132
SLIDE 133
SLIDE 134
Traditional Trust Model
Feature Provider
User Data Unrestricted Access Full Trust Features
SLIDE 135
Traditional Trust Model
Feature Provider
User Data Unrestricted Access Full Trust Features
Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)
SLIDE 136
SSaaS Trust Model
Feature Provider
Encrypted User Data Controlled Access by Proxy Minimal Trust Features
Secret Storage Provider
Secrets Controlled Access
SLIDE 137
SSaaS Trust Model
Feature Provider
Encrypted User Data Controlled Access by Proxy Minimal Trust Features
Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)
SLIDE 138
SSaaS Trust Model
Minimal Trust
Secret Storage Provider
Secrets
Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)
SLIDE 139
SSaaS Trust Model
Feature Provider
Encrypted User Data Controlled Access by Proxy Minimal Trust Features
Secret Storage Provider
Secrets Controlled Access
Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)
SLIDE 140
SSaaS Trust Model
Feature Provider
Encrypted User Data Controlled Access by Proxy Minimal Trust Features
Secret Storage Providers
Secret Shard Controlled Access
Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)
Controlled Access Secret Shard
SLIDE 141
SSaaS Security & Trust
SLIDE 142
Single SSP
SLIDE 143
Client Application Private Key
SLIDE 144
SSP
Key Store Client Application Private Key
SLIDE 145
SSP
Key Store Client Application Private Key
SLIDE 146
Should we trust a single provider?
SLIDE 147
Maybe
SLIDE 148
Incentives aligned with upholding trust Reputation at stake Still a “minimally trusted” entity
SLIDE 149
Incentives aligned with upholding trust Reputation at stake Still a “minimally trusted” entity
SLIDE 150
Incentives aligned with upholding trust Reputation at stake Still a “minimally trusted” entity
SLIDE 151
Must we trust a single provider?
SLIDE 152
No
SLIDE 153
Multiple SSPs
SLIDE 154
Client Application Private Secret
SLIDE 155
Client Application
SLIDE 156
Secret Store
SSP A
Client Application
SLIDE 157
SSP B
Secret Store
SSP A
Secret Store Client Application
SLIDE 158
SSP C SSP B
Secret Store
SSP A
Secret Store Secret Store Client Application
SLIDE 159
SSP D SSP C SSP B
Secret Store
SSP A
Secret Store Secret Store Secret Store Client Application
SLIDE 160
SSP D SSP C SSP B
Secret Store
SSP A
Secret Store Secret Store Secret Store Client Application Attacker
SLIDE 161
SSP D SSP C SSP B
Secret Store
SSP A
Secret Store Secret Store Secret Store Client Application Attacker
?
SLIDE 162
Storage Applications
SLIDE 163
Cloud Storage Provider
SSP API Storage API Storage Server Encryption + Verification Engine File Browser VFS File Locker
Enc File Enc File Enc File
User Laptop
Secret Server
Key Key
Secret Storage Provider
Key
SLIDE 164
Secret Server
Key
Cloud Storage Provider
SSP API Storage API Storage Server Encryption + Verification Engine File Browser VFS File Locker
Enc File Enc File Enc File
User Laptop
Key
Secret Storage Provider
SSP API Storage API Encryption + Verification Engine File Browser VFS File Locker
Desktop
Key
SLIDE 165
Communication Applications
SLIDE 166
Sender’s SSP Sender
Msg Key ...
Recipient A
Cleartext Msg
SSP API SMTP Mail Client SSP API SMTP Mail Client
Cleartext Msg Encrypted Msg Rules Encryption Key Key
SLIDE 167
Sender’s SSP Sender
Msg Key ...
Recipient A
Cleartext Msg
SSP API SMTP Mail Client SSP API SMTP Mail Client
Cleartext Msg
Recipient B
Cleartext Msg
SSP API SMTP Mail Client
Encrypted Msg Rules Encryption Key Key
SLIDE 168
Personal Data Repository
SLIDE 169
SSP API E-Commerce App
Web Storefront SSP A User
SSN Shard A CC # Shard A
Order 1234
Payment Info Shipping Info
SSP B
SSN Shard B CC # Shard B Access Control Rules User Data User Data
SLIDE 170
SSP API E-Commerce App
Web Storefront SSP A User
SSN Shard A CC # Shard A
Order 1234
Payment Info Shipping Info
SSP B
SSN Shard B CC # Shard B Access Control Rules User Data User Data
Banking App
Bank
Account
Deposit Info Tax Info
SSP API
SLIDE 171
Authentication Applications
SLIDE 172
Secret Server
Remote System
SSP API SSH Server Key Engine SSH Client Socket SSH Agent
User A Public Key
User A Laptop Secret Storage Provider
User A Private Key User B Public Key ... ...
SLIDE 173
Secret Server
Remote System
SSP API SSH Server Key Engine SSH Client Socket SSH Agent
User A Public Key
User A Laptop Secret Storage Provider
User A Private Key User B Public Key ... ...
SSP API Key Engine SSH Client Socket SSH Agent
Desktop
SLIDE 174
Crypto Processing Applications
SLIDE 175
Secret Server
User
PKCS11 Web Browser httpd HTTPS Server
Web Server
Private Key
SSP
SSP API Crypto Engine PKCS11 Server
Crypto Processor
Public Key
SSL PKCS11
...
SLIDE 176
Management Server
SLIDE 177
SSP Management Interface
SSP API
User Secret Server
SSP
Web Browser
HTTPS OU Query Enc Key Enc Key ACS ACS
Management Server
SLIDE 178
SSH Server Key Management
SLIDE 179
SSH
VM Instance A
SSH User
SSH Login
Destroy
VM Instance A
SSP API
VM Instance B
SSH Users Re-create User
Server Verification SSH Login Server Verification
SSP
Key Access
Server SSP API
Key Access
SSP API
SLIDE 180
EncFS: Custos-Backed Encrypted File System
SLIDE 181
Base Filesystem (ext4) EncFS (fuse)
File (Encrypted) [On Disk] libcustos encrypt decrypt File (Decrypted) [In Memory]
User Custos Server
User’s Computer SSP
write read write read ACS ACS Key Key
SLIDE 182
Base Filesystem (Dropbox) EncFS (fuse)
File (Encrypted) [On Disk] libcustos encrypt decrypt File (Decrypted) [In Memory]
User Custos Server
User’s Computer SSP
write read write read Key Key ACS ACS
SLIDE 183
Mutual TLS TLS w/ Token Application Storage Server Access Control Server
Client Cert CSR Key Public Signing Key Token Request Token Response S t
- r
e S e c r e t Fetch Secret
SLIDE 184
Storage Server Collection
Col AC Srv Set AC Srv URL AC Srv URL AC Srv URL Secret Secret Data Metadata SS AC Srv Set AC Srv URL AC Srv URL AC Srv URL AC Srv URL Col # AC Srv Required SS # AC Srv Required
SLIDE 185
Access Control Server Authenticator
Auth Plugin Plugin Data
Verifier
Account Set Account ID Account ID Account ID Authenticator Set Authenticator ID Authenticator ID Authenticator ID
Permissions
Object Type Object ID Permission Name Verifier Set Verifier ID Verifier ID Verifier ID
Account
Client Cert CSR
SLIDE 186
Application ACS A
- 2. Create
Verifier
ACS B
- 1. Request
AC Server verifier-create Tokens <tokens> <”ac-server”, ”verifier-create”> <tokens, verif. uuid, [acnts], [auths]> <verif. uuid>
T i m e
<tokens> <”ac-server”, ”perm-create”>
- 3. Request
AC Server perm-create Tokens
- 4. Create
Permissions <tokens, verifs, “col.”, col.uuid> <status> <tokens> <“ac-server”, ”col-create”>
- 5. Request
AC Server col-create Tokens
SS A SS B SS C
SLIDE 187
Application ACS A ACS B T i m e SS A SS B SS C
<col. uuid> <tokens, col. uuid>
- 6. Create
Collection <tokens> <“col”, ”store-sec”, col. uuid>
- 7. Request
Collection store-sec Tokens <sec. uuid> <tokens, col. uuid, sec. uuid, secret shards>
- 8. Store Secret
in Collection
SLIDE 188
Relative Performance
SLIDE 189
Relative Time
SLIDE 190
Future Work
SLIDE 191
Auditing -> Automation
SLIDE 192
Auditing -> Automation Performance
SLIDE 193