Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Avoiding damage, shame and regrets data protection for mobile client-server architectures

Prepared by Anastasiia, iOS Engineer at Stanfy for speaking at do {iOS} Amsterdam 2015.

We will talk a bit about avoiding snake oil, getting rid of cognitive biases when planning application security, and how to avoid becoming cryptography professor when you only need to protect your app.

  • Be the first to comment

Avoiding damage, shame and regrets data protection for mobile client-server architectures

  1. 1. Avoiding damage,shame and regrets data protection for mobile client-server architectures #doios @vixentael
  2. 2. is intuitive, evolution trained us for it Real-world security
  3. 3. Meet Dodo birds! Alice Bob data protection for client-server apps #doios @vixentael
  4. 4. They are chatting together Alice Bob data protection for client-server apps #doios @vixentael tweet hello
  5. 5. Here comes Eve.. data protection for client-server apps #doios @vixentael ..the eavesdropping Fennec Fox
  6. 6. Eve eavesdrops danger data protection for client-server apps #doios @vixentael tweet ack ear radars: ON 😈
  7. 7. Birds fly away,Eve doesn’t hear them data protection for client-server apps #doios @vixentael secure place hear nothing 😭
  8. 8. Risk (threat): Eve hears your secrets Mitigation: physically move away from Eve Real-world security
  9. 9. evolution did not prepare you for that! Cyber-world security
  10. 10. Apple Secure Coding Guide Every program is a potential target. Your customers’ property and your reputation are at stake. https://developer.apple.com/library/mac/documentation/ Security/Conceptual/SecureCodingGuide/ Introduction.html data protection for client-server apps #doios @vixentael
  11. 11. What we protect? User’s data! data protection for client-server apps #doios @vixentael in storage in motion in memory
  12. 12. Data in motion
  13. 13. There are hackers.. and threats these hackers exploit.. to create damage data protection for client-server apps #doios @vixentael Problem: Layer 1
  14. 14. Meet Alice-the-App and Bob-the-Server Alice-the-App Bob-the-Server data protection for client-server apps #doios @vixentael
  15. 15. Client and Server are communicating data protection for client-server apps #doios @vixentael passw: 123456 HTTP 1.1 Alice-the-App Bob-the-Server
  16. 16. Eve-the-Hacker data protection for client-server apps #doios @vixentael
  17. 17. Here Eve-the-Hacker comes! passw: 123456 HTTP 1.1 data protection for client-server apps #doios @vixentael
  18. 18. Here Eve-the-Hacker comes! passw: 123456 HTTP 1.1 data protection for client-server apps #doios @vixentael {“passw”:“123456”}
  19. 19. Let’s go deeper.. To avoid threats we need secure programming data protection for client-server apps #doios @vixentael Problem: Layer 2
  20. 20. Alice decides to implement security data protection for client-server apps #doios @vixentael puts on paper hat!
  21. 21. Bob decides to implement security builds the fence! data protection for client-server apps #doios @vixentael
  22. 22. ..and they decide to use HTTPS! data protection for client-server apps #doios @vixentael ****** : ****** HTTPS out of the box
  23. 23. But it’s not really secure.. ****** : ****** HTTPS out ofthe box data protection for client-server apps #doios @vixentael {“passw”:“123456”}
  24. 24. Intercept traffic using proxy data protection for client-server apps #doios @vixentael * SSL experimenting with Android Top100 apps http://bit.ly/1NqpheM * Intercepting the App Store's Traffic on iOS http://bit.ly/1H3xMrs
  25. 25. What helps Eve to eavesdrop? ๏ not encrypting user data data protection for client-server apps #doios @vixentael ๏ plain HTTP ๏ self-signed certificates ๏ HTTPS with old cipher-suites ๏ using vulnerable libraries and bad examples from StackOverflow ๏ SSL without SSL certificate pinning
  26. 26. data protection for client-server apps #doios @vixentael Problem: Layer 3 As the result, Programming is rarely secure
  27. 27. data protection for client-server apps #doios @vixentael Software is buggy http://blog.mindedsecurity.com/2015/03/ssl-mitm-attack-in-afnetworking-251- do.html AFNetworking SSL verification bug (v2.5.1-2.5.2) https://eprint.iacr.org/2013/049.pdf Out-of-the-box SSL is frequent subject to attacks http://www.dwheeler.com/essays/apple-goto-fail.html Apple “goto fail” vulnerability http://noxxi.de/howto/ssl-debugging.html
  28. 28. ๏ Copying bad code from StackOverflow ๏ Debugging by tearing security suites apart ๏ Avoiding “complicated” security documentation data protection for client-server apps #doios @vixentael Software is buggy.Why?
  29. 29. - is easy to f*ck up - is inconvenient to implement Cyber-world security
  30. 30. - use good practice and brain - use good tools - minimize re-inventing the wheel What shall we do?
  31. 31. data protection for client-server apps #doios @vixentael Realize threat vectors Bad cryptography No access control Authentication bypass Credential reuse Session hijacking Denial of Service Data leakage …
  32. 32. Anyone can invent a security system that he himself cannot break — Schneier's Law https://www.schneier.com/blog/archives/ 2011/04/schneiers_law.html data protection for client-server apps #doios @vixentael Implementing security tools yourself is a threat
  33. 33. Do not re-implement existing things data protection for client-server apps #doios @vixentael
  34. 34. Use great tools scientific background trust big guys good track record data protection for client-server apps #doios @vixentael libsodium/NaCL OTRKit RNCryptor MIHCrypto Themis https://github.com/mochtu/libsodium-ios https://github.com/ChatSecure/OTRKit https://github.com/RNCryptor/RNCryptor https://github.com/hohl/MIHCrypto https://github.com/cossacklabs/themis
  35. 35. Apple open sourced crypto data protection for client-server apps #doios @vixentael
  36. 36. Armoring your SSL
  37. 37. Do your SSL/TLS right ๏use long keys ๏disable backward compatibility ๏use strong ciphers (EC vs RSA) ๏pin SSL certificate ๏use cheat sheet https://www.cossacklabs.com/avoid-ssl-for-your- next-app.html SSL has a lot of problems To survive you need to: data protection for client-server apps #doios @vixentael https://www.owasp.org/index.php/ Transport_Layer_Protection_Cheat_Sheet
  38. 38. Do you pin SSL certificate? data protection for client-server apps #doios @vixentael
  39. 39. SSL/TLS in short data protection for client-server apps #doios @vixentael hello client asks certificate server sends cert encrypted data client verifies cert - domain, - expiration date, - asks CA if cert is valid and not revoked key negotiation
  40. 40. Where can it break? data protection for client-server apps #doios @vixentael hello client asks certificate server sends cert encrypted data client verifies cert - domain, - expiration date, - asks CA if cert is valid and not revoked key negotiation
  41. 41. SSL pinning data protection for client-server apps #doios @vixentael hello client asks certificate server sends cert encrypted data client verifies cert - compares cert against pinned cert key negotiation
  42. 42. SSL pinning on iOS https://possiblemobile.com/2013/03/ssl-pinning-for-increased-app-security/ https://www.paypal-engineering.com/2015/10/14/key-pinning-in-mobile- applications/ -­‐ (void)connection:(NSURLConnection  *)connection   willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge  *)challenge  {        SecTrustRef  serverTrust  =  challenge.protectionSpace.serverTrust;        id<NSURLAuthenticationChallengeSender>  sender  =  challenge.sender;        SecCertificateRef  certificate  =  SecTrustGetCertificateAtIndex(serverTrust,  0);        NSData  *  remoteCertificateData  =   CFBridgingRelease(SecCertificateCopyData(certificate));              NSString  *  cerPath  =  [[NSBundle  mainBundle]  pathForResource:@"MyLocalCertificate"   ofType:@"cer"];        NSData  *  localCertData  =  [NSData  dataWithContentsOfFile:cerPath];        if  ([remoteCertificateData  isEqualToData:localCertData])  {                NSURLCredential  *  credential  =  [NSURLCredential  credentialForTrust:serverTrust];                [sender  useCredential:credential  forAuthenticationChallenge:challenge];        }  else  {                [sender  cancelAuthenticationChallenge:challenge];        }   } data protection for client-server apps #doios @vixentael
  43. 43. SSL pinning more easy :) let  certData  =  NSData(contentsOfFile:   NSBundle.mainBundle().pathForResource("lvwenhancom",  ofType:  "cer")!)!
 ...  ...   .addSSLPinning(LocalCertData:  certData)  {  ()  -­‐>  Void  in
        print("Under  Man-­‐in-­‐the-­‐middle  attack!")
 } data protection for client-server apps #doios @vixentael Swift lib for HTTPS and SSL pinning https://github.com/johnlui/Pitaya https://github.com/iSECPartners/ssl-conservatory
  44. 44. Nah. SSL is not enough :( So,we’re done?
  45. 45. Implementing Forward Secrecy
  46. 46. Forward Secrecy: Threat Eve records encrypted traffic New crypto vulnerability allows to exact keys Eve physically extracts keys from one of the birds Eve decrypts all encrypted traffic data protection for client-server apps #doios @vixentael
  47. 47. Forward Secrecy: Mitigation Forward Secrecy ephemeral keys + key rotation scheme data protection for client-server apps #doios @vixentael https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf SSL/TLS has forward secrecy but it’s weak: =
  48. 48. Using ephemeral key data protection for client-server apps #doios @vixentael key negotiation (RSA or EC) create symmetric temp key use temp key to encrypt messages during session close session open session
  49. 49. Implementing ephemeral keys 1. establish session 2. encrypt message with SecureSession before sending 3. decrypt message after receive 4. encrypt history with SecureCell data protection for client-server apps #doios @vixentael https://github.com/cossacklabs/themis Themis has built-in forward secrecy inside SecureSession object
  50. 50. Implementing ephemeral keys data protection for client-server apps #doios @vixentael https://github.com/cossacklabs/mobile-websocket-example
  51. 51. Data in storage
  52. 52. What we need to do 1. Choose good storage library with efficient crypto 2. Embed it on read/write 3. Store keys safely data protection for client-server apps #doios @vixentael
  53. 53. RNCryptor example Themis SecureCell example data protection for client-server apps #doios @vixentael Storage libraries
  54. 54. data protection for client-server apps #doios @vixentael Storing the keys SSKeychain example Valet example https://github.com/square/Valet https://github.com/soffes/sskeychain
  55. 55. compute key and use KDF to derive data protection for client-server apps #doios @vixentael Storing the keys: Computable obfuscation https://www.mikeash.com/pyblog/friday-qa-2012-08-10-a-tour-of- commoncrypto.html key = KDF(sqrt(42)*len(user_id)/parity(user_id))
  56. 56. Ending notes
  57. 57. Practical app security step by step 1.Use HTTPS with good TLS settings 2.Enable SSL pinning 3.Encrypt user data in motion with ephemeral keys 4.Encrypt stored data and protect the key data protection for client-server apps #doios @vixentael
  58. 58. Alice is more secure now data protection for client-server apps #doios @vixentael SSL pinning encrypted storage data ephemeral keys
  59. 59. Bob is more secure now data protection for client-server apps #doios @vixentael encrypted storage data ephemeral keys
  60. 60. Chatting is more secure 5720b3c2 fe674f54 73e10ad4 ... HTTPS SSL pinning ephemeral keys data protection for client-server apps #doios @vixentael
  61. 61. Security is full of adventures and discoveries. And fun. andshinymetalbirds!
  62. 62. The last slide @vixentael iOS developer at stanfy.com [creating awesome mobile and IoT apps] data protection for client-server apps #doios @vixentael take care!
  63. 63. More to read ★ The Mobile Application Hacker's Handbook https://books.google.com.ua/books?id=UgVhBgAAQBAJ ★ Designing Secure User Interfaces https://developer.apple.com/library/ios/documentation/Security/ Conceptual/SecureCodingGuide/Articles/AppInterfaces.html#//apple_ref/ doc/uid/TP40002862-SW1 ★ CryptoCat iOS app security audit https://nabla-c0d3.github.io/documents/iSEC_Cryptocat_iOS.pdf ★ Storing secret keys http://www.splinter.com.au/2014/09/16/storing-secret-keys/
  64. 64. More to watch ★ All talks of Moxie Marlinspike https://www.youtube.com/watch?v=ibF36Yyeehw https://www.youtube.com/watch?v=8N4sb-SEpcg https://www.youtube.com/watch?v=tOMiAeRwpPA

×