+ All Categories
Home > Technology > Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

Date post: 23-Jan-2015
Category:
Upload: nicholas-sullivan
View: 430 times
Download: 1 times
Share this document with a friend
Description:
In this session we will look in depth into what happens when we throw away the assumption that server hardware is trusted. We discuss advanced techniques for protecting software on untrusted clients and how to apply them to servers running on untrusted hardware. This includes anti-reverse engineering methods, secure key management and how to design a system for renewal.
37
SESSION ID: Nicholas Sullivan Systems Engineer CloudFlare @grittygrease Running Secure Server Software on Insecure Hardware without a Parachute STU-M06B
Transcript
Page 1: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

SESSION ID:

Nicholas SullivanSystems Engineer

CloudFlare@grittygrease

Running Secure Server Software on Insecure Hardware without a Parachute

STU-M06B

Page 2: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

#RSAC

What this talk is about

! The web is changing — consolidation at the edge ! Fundamental assumptions about server security are wrong ! How do we design server software with the worst case in mind?

! Distinguish between long and short term secrets ! Devise approaches for protecting each

!2

Page 3: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

Let’s Talk About Web Infrastructure

Page 4: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

#RSAC

!4

Page 5: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

#RSAC

Global Website Traffic

!5

Page 6: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

#RSAC

Global Website Traffic with CDN

!6

Page 7: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

#RSAC

Current Map

!7

Page 8: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

#RSAC

Future Map

!8

Page 9: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

#RSAC

Future Map

!9

Page 10: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

Edge Computing Threat Model

Page 11: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

#RSAC

Traditional server threat model

! Assume server is secure ! Add layers of protection to keep attackers out

! Network layer protection ! Operating System Level: principle of least privilege ! Protection against maliciously installed code ! More advanced barriers

!11

Page 12: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

#RSAC

Globally distributed servers

! Less jurisdictional control = less physical security ! Physical access trumps static defense layers

!! Traditional defenses helpful, but not ideal

! Cannot rely on security of keys ! Single break-in results in immediate compromise

!12

Page 13: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

A More Effective Approach

Page 14: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

#RSAC

Approach system security the ‘DRM way’

! Assume attacker has bypassed all static defenses ! Goal is to refresh secrets before they are compromised ! Split system into long-term secrets and short-term secrets ! Focus on renewability of secrets

!14

Page 15: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

#RSAC

Secrets must be split into two tiers

! Long-term Secrets ! Useful for attacker for long period of time ! Do not store at the edge

!! Short-term Secrets

! Expire after a short period of time ! Cannot be re-used

!15

Page 16: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

#RSAC

Example: Traditional TLS termination

! TLS handshake with nginx and Apache ! SSL keys on disk ! Read from disk, use in memory

!! Cryptographic elements at risk if server is compromised

! Private key ! Session key

!16

Page 17: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

#RSAC

TLS revisited for untrusted hardware

! Long term secrets ! Private key

!! Short term secrets

! Session key ! Session IDs and Session ticket keys ! Credentials to access private keys

!17

Page 18: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

How to Protect Short-term Secrets

Page 19: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

#RSAC

Short-term secrets — threat model

! Must live on machines in unsafe locations ! Memory ! Control Flow

! By the time a secret is broken, it should be expired ! Don’t keep secrets in a useable state ! Impose computational cost to retrieve the original secret ! Expire secrets quickly

!

!19

Page 20: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

#RSAC

Techniques from DRM are applicable

! White-box cryptography ! Code obfuscation

!20

Page 21: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

#RSAC

Standard Cryptography Threat Model

!21

Alice Bob

Eve

Page 22: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

#RSAC

White-box Cryptography Threat Model

!22

Alice Bob

Eve

Page 23: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

#RSAC

White-box Cryptography Threat Model

!23

Aleve Bob

Page 24: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

#RSAC

White-box cryptography

! Hide the cryptographic key from everyone ! Protect against key extraction in the strongest threat model

!! Takes time to extract key — lots of math ! Choose difficulty based on secret lifetime

!24

Page 25: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

#RSAC

White-box cryptography implementations

!25

! Commercial products ! Irdeto, Arxan, SafeNet, etc.

! Open source ! OpenWhiteBox

Page 26: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

#RSAC

Code obfuscation

!26

Page 27: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

#RSAC

Code obfuscation

! Making reverse engineering difficult ! Compile-time control-flow modification ! Data transformation in memory ! Anti-debugging

!27

Page 28: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

#RSAC

Before

!28

Page 29: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

#RSAC

After

!29

Page 30: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

#RSAC

Code obfuscation implementations

! Commercial products ! Arxan, Irdeto, etc.

! Open source ! Obfuscator-LLVM

!30

Page 31: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

Long-term Secrets

Page 32: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

#RSAC

Keyless SSL

! SSL without keys? Surely you’re joking. ! SSL without keys at the edge. That’s better.

!32

Page 33: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

#RSAC

How Keyless SSL Works

! Split the TLS state machine geographically ! Perform private key operation at site owner’s facility (in HSM, etc) ! Perform rest of handshake at edge ! Communicate with signing server over mutually authenticated TLS

!33

Page 34: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

#RSAC

Keyless SSL Diagram

!34

Page 35: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

#RSAC

!35

Page 36: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

Conclusion

Page 37: Running Secure Server Software on Insecure Hardware without a Parachute - RSA 2014

#RSAC

Conclusion

! Untrusted hardware requires a new approach ! Split secrets into long-term and short-term ! Design for rapid renewal — replace secrets faster than they can be broken ! Leverage short-term secrets to access long-term secrets

!37


Recommended