Guest lecture to Master of Information Security and Digital Forensics students at Auckland University of Technology (AUT) on the development of the MEGAchat Cloud application.
1. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Building a (Really) Secure Cloud Product
Guest Lecture for
Master of Information Security and Digital Forensics
Guy Kloss
gk@mega.co.nz
Lead Software Developer
Mega Limited
30 March 2015
Guy Kloss | Building a (Really) Secure Cloud Product 1/36
2. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Outline
1 The Product: MEGAchat
2 What is Security?
3 Infrastructure
4 Trust/Authentication
5 Protocols
6 Client/Server Implementation
Guy Kloss | Building a (Really) Secure Cloud Product 2/36
3. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Outline
1 The Product: MEGAchat
2 What is Security?
3 Infrastructure
4 Trust/Authentication
5 Protocols
6 Client/Server Implementation
Guy Kloss | Building a (Really) Secure Cloud Product 3/36
4. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
The Product: MEGAchat
A Cloud-based internet chat system
Voice, Video and Text chat capable
Offers multiple device capability for each participant
(transparent synchronisation, consistent view of chat)
To work in browser as well as native/mobile app
Guy Kloss | Building a (Really) Secure Cloud Product 4/36
5. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
The Product: MEGAchat
Why “Really” Secure?
Everybody says they’re secure . . .
“Security Theatre” . . .
We’re doing it (we say) . . .
. . . and like to be confirmed or disproven in it.
→ Bug bounty!
(for chat so far one paid out)
Guy Kloss | Building a (Really) Secure Cloud Product 5/36
6. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Security Theatre
Guy Kloss | Building a (Really) Secure Cloud Product 6/36
7. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Security Theatre
http://geekandpoke.typepad.com/geekandpoke/2009/12/security-theatre.html
Guy Kloss | Building a (Really) Secure Cloud Product 7/36
8. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Early Adopters
Guy Kloss | Building a (Really) Secure Cloud Product 8/36
9. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Outline
1 The Product: MEGAchat
2 What is Security?
3 Infrastructure
4 Trust/Authentication
5 Protocols
6 Client/Server Implementation
Guy Kloss | Building a (Really) Secure Cloud Product 9/36
10. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
For the Chat System
Desired properties:
Confidentiality
Identity authenticity
Message authenticity
Forward secrecy
Session freshness
Plausible deniability
Room participants consistency
Chat transcript consistency
Reducie foot print of “leaking” meta-data
Guy Kloss | Building a (Really) Secure Cloud Product 10/36
11. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Meta-Data?
c by Michael J. Swart
http://michaeljswart.com/2011/06/meta-aggregate/
Guy Kloss | Building a (Really) Secure Cloud Product 11/36
12. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Meta-Data?
Guy Kloss | Building a (Really) Secure Cloud Product 12/36
13. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Sparseness of Meta-Data
Don’t store what you don’t need
Then nobody can come and ask you to “comply”
If you must, do it so you can’t be compromised
(e. g. passwords, salted and hashed,
so not even you know them in plain)
→ Proper mechanisms for authentication
and password management/storage
On Mega
Most meta-data only known to customer (encrypted)
Company only knows what’s needed to manage
the platform and interactions
Guy Kloss | Building a (Really) Secure Cloud Product 13/36
14. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Crypto?
It’s really difficult to get this right!
Avoid writing it, if you can!
Use off-the-shelf frameworks/helpers/packages
→ If you’re writing AES in your code,
you’re probably doing it wrong
If you can’t help it and have to build it yourself
Make the conceptual system not suck!
Make the implementation not suck!
Guy Kloss | Building a (Really) Secure Cloud Product 14/36
15. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Crypto?
The maths is good, it’s the implementation that sucks:
“No matter how strong the crypto was,
he attackers walked around it,”
– “Crypto Won’t Save You Either”, Peter Gutmann, 2014
http://regmedia.co.uk/2014/05/16/0955_peter_gutmann.pdf
Guy Kloss | Building a (Really) Secure Cloud Product 15/36
16. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Outline
1 The Product: MEGAchat
2 What is Security?
3 Infrastructure
4 Trust/Authentication
5 Protocols
6 Client/Server Implementation
Guy Kloss | Building a (Really) Secure Cloud Product 16/36
17. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Choice of System Components
Robust base OS
→ Security, maintenance, reliability
Many features are not necessarily important
Evaluate/select server (software) carefully
For required features
Go get rid of not required features
→ Security, maintenance, reliability
Is Cloud scalability a relevant factor?
→ Distribution, clustering, replication, . . .
Guy Kloss | Building a (Really) Secure Cloud Product 17/36
18. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Choice of System Components
(continued)
Prefer open source solutions
Auditable
Many eyes
Mostly more secure
If well maintained, usually very quick fixes
(e. g. on security)
Guy Kloss | Building a (Really) Secure Cloud Product 18/36
19. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Secure System Setup
Shut down unneeded services
Configure systems securely
Turn off what’s not needed
Don’t log everything (production in debug mode?)
Get the SSL/TLS configuration right!
https://mozilla.github.io/server-side-tls/
ssl-config-generator/
Need bad examples?
https://httpswatch.nz/
https://httpswatch.com/
Use additional protection schems
CSP – Content Security Policy
HSTS – HTTP Strict Transport Security
CORS – Cross Origin Resource Sharing
Guy Kloss | Building a (Really) Secure Cloud Product 19/36
20. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Secure System Setup
SSL Labs Server Test
SSL Labs is your friend
https://www.ssllabs.com
Guy Kloss | Building a (Really) Secure Cloud Product 20/36
21. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Secure System Setup
Keep system upgraded (esp. security fixes quickly),
short reaction times
Best one service per (virtual) host
(don’t slam them onto one host)
Use logfiles with logrotation on a system level wisely
Allows for forensic analysis later
Without it, you’ve shut yourself out
from most root cause analysis
Stay on top of security things
This can be hard work!
Guy Kloss | Building a (Really) Secure Cloud Product 21/36
22. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
(Automatic) Monitoring
Load (CPU, network I/O, memory, . . . )
Availability & functionality
Check for “odd behaviour”
Guy Kloss | Building a (Really) Secure Cloud Product 22/36
23. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Outline
1 The Product: MEGAchat
2 What is Security?
3 Infrastructure
4 Trust/Authentication
5 Protocols
6 Client/Server Implementation
Guy Kloss | Building a (Really) Secure Cloud Product 23/36
24. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
System/Infrastructure Level
Always use HTTPS/SSL/TLS as a minimum
Too bad the whole CA system and SSL is a bit broken
And some of the ciphers/cipher suites “advertised”
for use are also broken
On the client side, always verify the full certificate chain
Many tools/implementations are lazy by default
(in Java, Python, C/C++, . . . )
Prefer to use certificate pinning
E. g. a mobile app for a known service
Recent Superfish scandal with Lenovo and others
Guy Kloss | Building a (Really) Secure Cloud Product 24/36
25. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Application Layer
User to server
Commonly username/password
Alternative:
Certificates, other authentication mechanisms
Too many concepts for secure authentication,
beyond the scope of this talk
User to user
Difficult if one can’t trust the platform/server
On Mega
Verification of user’s public (signing) key
via fingerprint comparison (out of band)
Authenticating further crypto keys
via signature by authenticated key pair
Guy Kloss | Building a (Really) Secure Cloud Product 25/36
26. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Avoid Security Warnings
“MRI Shows Our Brain Shuts Down
When We See Security Warnings on Computers”
http://ema-tech.blogspot.co.nz/2015/03/mri-shows-our-brain-shuts-down-when-we.html
Guy Kloss | Building a (Really) Secure Cloud Product 26/36
27. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Trust from the “Community”
Open source it!
Really!
Make the money with your service, not the code.
Why & What?
For peer review/audits
At least the core of the security-related stuff
Really important for crypto!
Wouldn’t it be more secure if it was proprietary/closed?
Guy Kloss | Building a (Really) Secure Cloud Product 27/36
28. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Outline
1 The Product: MEGAchat
2 What is Security?
3 Infrastructure
4 Trust/Authentication
5 Protocols
6 Client/Server Implementation
Guy Kloss | Building a (Really) Secure Cloud Product 28/36
29. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
The “Big Problem” (TM)
Use secured protocols
Nothing available to solve our problem
We had to “roll our own” . . .
Guy Kloss | Building a (Really) Secure Cloud Product 29/36
30. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Key Design Features of Chat Protocol
Group chat capable
(multiple “devices” of identities)
Outsiders can’t eavesdrop (decrypt)
New members only participate after “join”
Excluded members cannot decrypt any more
Guy Kloss | Building a (Really) Secure Cloud Product 30/36
31. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Anticipate what could go wrong!
Guy Kloss | Building a (Really) Secure Cloud Product 31/36
32. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Desired Security Properties
Confidentiality
→ Needs to be encrypted
Forward secrecy
→ Using (group) Diffie-Hellman with ephemeral key pairs
Identity authenticity
→ Sign some confirmation with identity key
Message authenticity
→ Sign messages with member’s session signing key
Session freshness
→ Use of nonces (to avoid replay attacks)
Guy Kloss | Building a (Really) Secure Cloud Product 32/36
33. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Desired Security Properties
Plausible deniability
→ Ephemeral signing keys for every individual session
(private key published at the end)
Room participants consistency
→ Key agreement requires participation of every member
Chat transcript consistency
→ Agreed and cryptographically enforced partial ordering
Reducing the foot print of “leaking” meta-data
→ Exponential message size padding
Guy Kloss | Building a (Really) Secure Cloud Product 33/36
34. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Outline
1 The Product: MEGAchat
2 What is Security?
3 Infrastructure
4 Trust/Authentication
5 Protocols
6 Client/Server Implementation
Guy Kloss | Building a (Really) Secure Cloud Product 34/36
35. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Do it right! Follow best practices . . .
Follow OWASP, that’s much more comprehensive
than this talk on this subject
Open Web Application Security Project
http://owasp.org
Guy Kloss | Building a (Really) Secure Cloud Product 35/36
36. The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Questions?
Be Safe!
Guy Kloss
gk@mega.co.nz
Guy Kloss | Building a (Really) Secure Cloud Product 36/36