1 / 36

Securing Wireless Channels in the Mobile Space

Securing Wireless Channels in the Mobile Space. (Or the Case for Certificate and Public Key Pinning). What is OWASP?. The Open Web Application Security Project Not just web anymore Mission Driven World wide, n onprofit, unbiased organization Community Driven 30,000 Mail List Participants

oleg
Download Presentation

Securing Wireless Channels in the Mobile Space

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Securing Wireless Channelsin the Mobile Space (Or the Case for Certificateand Public Key Pinning)

  2. What is OWASP? • The Open Web Application Security Project • Not just web anymore • Mission Driven • World wide, nonprofit, unbiased organization • Community Driven • 30,000 Mail List Participants • 200 Active Chapters in 70 countries • 1600+ Members, 56 Corporate Supporters • 69 Academic Supporters

  3. Around the World 200 Chapters, ~1600 Members, 30000+ Builders, Breakers and Defenders

  4. About Me • Jeffrey Walton • Roles include • Mobile Security Architect • Senior Consultant • Security Engineer • Secure Coding Evangelist • Live and die by SDLCs

  5. Agenda and Topics • Background • Data • Architectures • Expectations • VPN/SSL/TLS Issues • Past Problems • Current Issues • Shared Secret • SRP • Pinning • Certificate • Public Key • Futures • Pinning (IETF) • Sovereign Keys • Convergence • Wrap Up • Questions

  6. It’s All About the Data • Data is the only thing that matters • Who owns it • Who controls it • Who accesses it • Share data with appropriate parties • Must determine identity of parties • Can’t determine identity? • Don’t share data

  7. Data Attributes • Data States • Data at Rest • Server/Desktop/Device • Remote and Local • Data on Display • View/Read/Write/Edit • Local • Data in Transit • Secure Channel • Local ↔ Remote • Data Sensitivity • Low • Public Information • Contact Information • Medium • Social Security Number • Bank Account • Single Sign On? • High • Pending Litigation, M&A • FERPA, HIPPA, GLBA, etc

  8. Expectations • Expectations? • End-to-end security • Applications • Padlocks tell me its secure • Green Bars tell me its secure • Marketing tells me its secure • How can {VPN|SSL|TLS} not be secure? • When did that happen?

  9. Training (Conditioning?) • Padlock looks secure • Green bar looks secure • $1,500,000 is a lot of money • It looks secure • It must be secure

  10. Two Architectures • Two architectures in play • Employee ↔ Organization • VPN • Individual ↔ Service Provider • SSL/TLS • Security Boundaries • Sometimes Trust Zones • How many are traversed?

  11. Architecture (Classic, VPN)

  12. Architecture (Mobile, SSL/TLS)

  13. Comes down to… • Infrastructure • Domain Name System (DNS) • Public Key Infrastructure (PKI{X}) • Certificate Authorities (CAs) • Employee ↔ Organization • Organization  • Individual ↔ Service Provider • Individual, Provider 

  14. What’s Gone Wrong (1)? • Governments Want/Require Interception • Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL, cryptome.org/ssl-mitm.pdf • http://www.dailymail.co.uk/indiahome/indianews/article-2126277/No-secrets-Blackberry-Security-services-intercept-data-government-gets-way-messenger-service.html • Governments Engage in Interception • http://www.thetechherald.com/articles/Tunisian-government-harvesting-usernames-and-passwords/12429/ • Vendors Provide Interception Taps • http://www.cisco.com/web/about/security/intelligence/LI-3GPP.html • Governments Use Interception Taps • https://www.eff.org/nsa-spying • Mobile Interception is Patented • Lawful interception for targets in a proxy mobile internet protocol network, http://www.google.com/patents/EP2332309A1

  15. What’s Gone Wrong (2)? • Handset manufactures add trusted roots • http://gaurangkp.wordpress.com/tag/nokias-man-in-the-middle-attack/ • Carriers can add trusted roots • No reference yet, but http://www.theregister.co.uk/2011/12/15/carrier_iq_privacy_latest/ • CAs can become compromised • http://isc.sans.edu/diary.html?storyid=11500 • Researchers can create Rogue CAs • http://www.win.tue.nl/hashclash/rogue-ca/ • DNS can become compromised • http://forums.theregister.co.uk/forum/2/2011/09/05/dns_hijack_service_updated/ • Physical plant can become compromised • http://www.pcworld.com/article/119851/paris_hilton_victim_of_tmobiles_web_flaws.html • Its easy to set up an AP or Base Station (Chris Paget's IMSI Catcher) • http://www.wired.com/threatlevel/2010/07/intercepting-cell-phone-calls/

  16. What’s Gone Wrong (3)? • Can't trust some CAs – they will sell you out and issue subordinate CAs for money • http://www.net-security.org/secworld.php?id=12369 • http://www.zdnet.com/trustwave-sold-root-certificate-for-surveillance-3040095011/ • Can't trust some browsers – they will sell you out and elide their responsibility • https://bugzilla.mozilla.org/show_bug.cgi?id=724929 • Can't trust some browsers – they include questionable certificates out of the box • https://bugzilla.mozilla.org/show_bug.cgi?id=542689 • Can't override some browser's CA list • http://my.opera.com/community/forums/topic.dml?id=1580452 • Can't override OS's CA list • http://support.google.com/android/bin/answer.py?hl=en&answer=1649774 • CRL/OCSP does not work as expected/intended • http://blog.spiderlabs.com/2011/04/certificate-revocation-behavior-in-modern-browsers.html • https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion

  17. What’s Gone Wrong (4)? • User will break it too (not just bad guys) • http://www.esecurityplanet.com/mobile-security/hacker-bypasses-apples-ios-in-app-purchases.html • http://www.h-online.com/security/news/item/Apps-for-Windows-8-easily-hacked-1767839.html • Interception proxies add additional risk • http://blog.cryptographyengineering.com/2012/03/how-do-interception-proxies-fail.html • HTTPS is broken • http://www.thoughtcrime.org/software/sslstrip/ • PKI is broken • www.cs.auckland.ac.nz/~pgut001/pubs/pkitutorial.pdf • The Internet is Broken :) • http://blog.cryptographyengineering.com/2012/02/how-to-fix-internet.html

  18. Decisions, Decisions…

  19. Remediation • Stop Conferring Trust! • Cut-out the middle men • Harden the Channel! • Leverage the pre-existing relationship • Verify the Host • Password Authenticated Key Exchange • Shared secret • Public Key Cryptography • Public/Private key pair

  20. Secure Remote Password • Secure Remote Password (SRP) • Thomas Wu, RFC 5054 • User knows the password • Client hashes before use • Server knows the verifier • Similar to Unix passwd file • Diffie-Hellman based • Discrete logs (hard problem) • gab → g{(salt + password)|verifier} + nonces

  21. Public Key Cryptography • All we need is a signing key for identity… • RSA, DSA, ECDSA • … and an ephemeral exchange • DHE, ECDHE, MQV, HMQV, FHMQV, etc • SSH got it right • StrictHostKeyChecking option @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed.

  22. General Idea • Whitelist expected Certificates or Public keys • There’s a pre-existing relationship • Side step the “key distribution” problem • Certificate or Public Key Pinning • Libraries offer ‘OnConnect’ callback • In the callback, inspect certificate or public key • Good case • Server is identified by expected cert or key

  23. Bad Cases • Bad case • Adversary is using a different public key • Not expected, so fail • Adversary is advertising expected public key • Can’t decrypt communications • Really Bad Case • Adversary is using expected public key • Can decrypt communications – pwn’d

  24. Certificate or Public Key? • X509 Certificate • Binds public key to entity • Version 3 information • Certificate may be rotated • Public Key • Must be static, cannot change • May violate some key rotation policies • Does not depend on certificate

  25. Sample Code • Refer to Handout • Available on OWASP Website • Sample Code • Windows/.Net • Android/Java • iOS/Objective C • OpenSSL/C

  26. Futures • Public Key Pinning Extension for HTTP • draft-ietf-websec-key-pinning-04 • http://www.ietf.org/id/draft-ietf-websec-key-pinning-04.txt • Sovereign Keys Project • http://www.eff.org/sovereign-keys • DNSSEC to distribute certificates and keys • Convergence • http://convergence.io • Redundant view of sites and certificates/keys

  27. Wrap Up • Data is all that matters • Identify parties, then share data • SRP and Pinning • Does not confer trust • Don’t care about answers from DNS or CAs • Leverages pre-existing relationship • Sovereign Keys and Convergence • Does confer trust • Still getting answers from others • Useful if no pre-existing relationship

  28. Wrap Up • Questions? • Hopefully useful Answers • Jeffrey Walton • jeffrey.waltοn@softwareintegrity.cοm

More Related