Post on 15-Jul-2015
transcript
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Building a (Really) Secure Cloud ProductGuest Lecture for
Master of Information Security and Digital Forensics
Guy Kloss
gk@mega.co.nzLead Software Developer
Mega Limited
30 March 2015
Guy Kloss | Building a (Really) Secure Cloud Product 1/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Outline
1 The Product: MEGAchat
2 What is Security?
3 Infrastructure
4 Trust/Authentication
5 Protocols
6 Client/Server Implementation
Guy Kloss | Building a (Really) Secure Cloud Product 2/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Outline
1 The Product: MEGAchat
2 What is Security?
3 Infrastructure
4 Trust/Authentication
5 Protocols
6 Client/Server Implementation
Guy Kloss | Building a (Really) Secure Cloud Product 3/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
The Product: MEGAchat
A Cloud-based internet chat systemVoice, Video and Text chat capableOffers multiple device capability for each participant(transparent synchronisation, consistent view of chat)To work in browser as well as native/mobile app
Guy Kloss | Building a (Really) Secure Cloud Product 4/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
The Product: MEGAchatWhy “Really” Secure?
Everybody says they’re secure . . .“Security Theatre” . . .We’re doing it (we say) . . .. . . and like to be confirmed or disproven in it.
→ Bug bounty!(for chat so far one paid out)
Guy Kloss | Building a (Really) Secure Cloud Product 5/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Security Theatre
Guy Kloss | Building a (Really) Secure Cloud Product 6/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Security Theatre
http://geekandpoke.typepad.com/geekandpoke/2009/12/security-theatre.html
Guy Kloss | Building a (Really) Secure Cloud Product 7/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Early Adopters
Guy Kloss | Building a (Really) Secure Cloud Product 8/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Outline
1 The Product: MEGAchat
2 What is Security?
3 Infrastructure
4 Trust/Authentication
5 Protocols
6 Client/Server Implementation
Guy Kloss | Building a (Really) Secure Cloud Product 9/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
For the Chat System
Desired properties:ConfidentialityIdentity authenticityMessage authenticityForward secrecySession freshnessPlausible deniabilityRoom participants consistencyChat transcript consistencyReducie foot print of “leaking” meta-data
Guy Kloss | Building a (Really) Secure Cloud Product 10/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Meta-Data?
c© by Michael J. Swarthttp://michaeljswart.com/2011/06/meta-aggregate/
Guy Kloss | Building a (Really) Secure Cloud Product 11/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Meta-Data?
Guy Kloss | Building a (Really) Secure Cloud Product 12/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Sparseness of Meta-Data
Don’t store what you don’t needThen nobody can come and ask you to “comply”If you must, do it so you can’t be compromised(e. g. passwords, salted and hashed,so not even you know them in plain)
→ Proper mechanisms for authenticationand password management/storageOn Mega
Most meta-data only known to customer (encrypted)Company only knows what’s needed to managethe platform and interactions
Guy Kloss | Building a (Really) Secure Cloud Product 13/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Crypto?
It’s really difficult to get this right!Avoid writing it, if you can!Use off-the-shelf frameworks/helpers/packages
→ If you’re writing AES in your code,you’re probably doing it wrong
If you can’t help it and have to build it yourselfMake the conceptual system not suck!Make the implementation not suck!
Guy Kloss | Building a (Really) Secure Cloud Product 14/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Crypto?
The maths is good, it’s the implementation that sucks:“No matter how strong the crypto was,he attackers walked around it,”
– “Crypto Won’t Save You Either”, Peter Gutmann, 2014http://regmedia.co.uk/2014/05/16/0955_peter_gutmann.pdf
Guy Kloss | Building a (Really) Secure Cloud Product 15/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Outline
1 The Product: MEGAchat
2 What is Security?
3 Infrastructure
4 Trust/Authentication
5 Protocols
6 Client/Server Implementation
Guy Kloss | Building a (Really) Secure Cloud Product 16/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Choice of System Components
Robust base OS→ Security, maintenance, reliability
Many features are not necessarily importantEvaluate/select server (software) carefully
For required featuresGo get rid of not required features
→ Security, maintenance, reliability
Is Cloud scalability a relevant factor?→ Distribution, clustering, replication, . . .
Guy Kloss | Building a (Really) Secure Cloud Product 17/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Choice of System Components(continued)
Prefer open source solutionsAuditableMany eyesMostly more secureIf well maintained, usually very quick fixes(e. g. on security)
Guy Kloss | Building a (Really) Secure Cloud Product 18/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Secure System Setup
Shut down unneeded servicesConfigure systems securely
Turn off what’s not neededDon’t log everything (production in debug mode?)Get the SSL/TLS configuration right!
https://mozilla.github.io/server-side-tls/
ssl-config-generator/
Need bad examples?https://httpswatch.nz/https://httpswatch.com/
Use additional protection schemsCSP – Content Security PolicyHSTS – HTTP Strict Transport SecurityCORS – Cross Origin Resource Sharing
Guy Kloss | Building a (Really) Secure Cloud Product 19/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Secure System SetupSSL Labs Server Test
SSL Labs is your friendhttps://www.ssllabs.com
Guy Kloss | Building a (Really) Secure Cloud Product 20/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Secure System Setup
Keep system upgraded (esp. security fixes quickly),short reaction timesBest one service per (virtual) host(don’t slam them onto one host)Use logfiles with logrotation on a system level wisely
Allows for forensic analysis laterWithout it, you’ve shut yourself outfrom most root cause analysis
Stay on top of security thingsThis can be hard work!
Guy Kloss | Building a (Really) Secure Cloud Product 21/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
(Automatic) Monitoring
Load (CPU, network I/O, memory, . . . )Availability & functionalityCheck for “odd behaviour”
Guy Kloss | Building a (Really) Secure Cloud Product 22/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Outline
1 The Product: MEGAchat
2 What is Security?
3 Infrastructure
4 Trust/Authentication
5 Protocols
6 Client/Server Implementation
Guy Kloss | Building a (Really) Secure Cloud Product 23/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
System/Infrastructure Level
Always use HTTPS/SSL/TLS as a minimumToo bad the whole CA system and SSL is a bit brokenAnd some of the ciphers/cipher suites “advertised”for use are also brokenOn the client side, always verify the full certificate chain
Many tools/implementations are lazy by default(in Java, Python, C/C++, . . . )
Prefer to use certificate pinningE. g. a mobile app for a known serviceRecent Superfish scandal with Lenovo and others
Guy Kloss | Building a (Really) Secure Cloud Product 24/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Application Layer
User to serverCommonly username/passwordAlternative:Certificates, other authentication mechanismsToo many concepts for secure authentication,beyond the scope of this talk
User to userDifficult if one can’t trust the platform/server
On MegaVerification of user’s public (signing) keyvia fingerprint comparison (out of band)Authenticating further crypto keysvia signature by authenticated key pair
Guy Kloss | Building a (Really) Secure Cloud Product 25/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Avoid Security Warnings
“MRI Shows Our Brain Shuts DownWhen We See Security Warnings on Computers”http://ema-tech.blogspot.co.nz/2015/03/mri-shows-our-brain-shuts-down-when-we.html
Guy Kloss | Building a (Really) Secure Cloud Product 26/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Trust from the “Community”
Open source it!Really!Make the money with your service, not the code.
Why & What?For peer review/auditsAt least the core of the security-related stuffReally important for crypto!Wouldn’t it be more secure if it was proprietary/closed?
Guy Kloss | Building a (Really) Secure Cloud Product 27/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Outline
1 The Product: MEGAchat
2 What is Security?
3 Infrastructure
4 Trust/Authentication
5 Protocols
6 Client/Server Implementation
Guy Kloss | Building a (Really) Secure Cloud Product 28/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
The “Big Problem” (TM)
Use secured protocolsNothing available to solve our problemWe had to “roll our own” . . .
Guy Kloss | Building a (Really) Secure Cloud Product 29/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Key Design Features of Chat Protocol
Group chat capable(multiple “devices” of identities)Outsiders can’t eavesdrop (decrypt)New members only participate after “join”Excluded members cannot decrypt any more
Guy Kloss | Building a (Really) Secure Cloud Product 30/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Anticipate what could go wrong!
Guy Kloss | Building a (Really) Secure Cloud Product 31/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Desired Security Properties
Confidentiality→ Needs to be encrypted
Forward secrecy→ Using (group) Diffie-Hellman with ephemeral key pairs
Identity authenticity→ Sign some confirmation with identity key
Message authenticity→ Sign messages with member’s session signing key
Session freshness→ Use of nonces (to avoid replay attacks)
Guy Kloss | Building a (Really) Secure Cloud Product 32/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Desired Security Properties
Plausible deniability→ Ephemeral signing keys for every individual session
(private key published at the end)
Room participants consistency→ Key agreement requires participation of every member
Chat transcript consistency→ Agreed and cryptographically enforced partial ordering
Reducing the foot print of “leaking” meta-data→ Exponential message size padding
Guy Kloss | Building a (Really) Secure Cloud Product 33/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Outline
1 The Product: MEGAchat
2 What is Security?
3 Infrastructure
4 Trust/Authentication
5 Protocols
6 Client/Server Implementation
Guy Kloss | Building a (Really) Secure Cloud Product 34/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Do it right! Follow best practices . . .
Follow OWASP, that’s much more comprehensivethan this talk on this subjectOpen Web Application Security Projecthttp://owasp.org
Guy Kloss | Building a (Really) Secure Cloud Product 35/36
The Product: MEGAchat What is Security? Infrastructure Trust/Authentication Protocols Client/Server Implementation
Questions?
Be Safe!Guy Klossgk@mega.co.nz
Guy Kloss | Building a (Really) Secure Cloud Product 36/36