Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Swift Alps security workshop

vixentael
November 11, 2016
Programming
4
1.5k

The Swift Alps security workshop

You may find complicated to understand what's going on these slides. But it's workshop :)

The idea was to share some knowledges about making more secure apps. We talked about:

- why SSL is not enough
- strategies to implement SSL pinning
- how to understand basic risks and threats of common mobile client-server infrastructure
- protection methods against those threats
- what is symmetric encryption; why we need it. where to store data and key.
- what is transfer encryption; when we need it.

Please download slides as PDF (button on the right) to be able to tap on the links.

Links to example repo:
https://github.com/TheSwiftAlps/theswiftalpsdemo

See more info:
https://speakerdeck.com/vixentael/
https://medium.com/@vixentael/
https://realm.io/news/tryswift-anastasiia-voitova-building-user-centric-security-model-ios-applications-swift/

vixentael

November 11, 2016
Tweet

More Decks by vixentael

See All by vixentael
Using YubiKey and FIDO U2F for secure authentication
vixentael
0
1.8k
Data is a new security boundary
vixentael
0
6.2k
Cryptographic protection of ML models
vixentael
0
2.9k
e2ee != security != privacy
vixentael
0
2.2k
Maintaining cryptographic library for 12 languages
vixentael
1
4k
10 lines of encryption, 1500 lines of key management
vixentael
2
1.7k
Security, privacy and cryptography at WWDC19
vixentael
1
730
Data encryption: CyberKids edition
vixentael
0
650
"Defense in depth": trench warfare principles for building secure distributed applications
vixentael
3
920

Other Decks in Programming

See All in Programming
Outline View in SwiftUI
1024jp
1
330
What’s New in Compose Multiplatform - A Live Tour (droidcon London 2024)
zsmb
1
480
flutterkaigi_2024.pdf
kyoheig3
0
150
Hotwire or React? ~アフタートーク・本編に含めなかった話~ / Hotwire or React? after talk
harunatsujita
1
120
Jakarta EE meets AI
ivargrimstad
0
690
3rd party scriptでもReactを使いたい! Preact + Reactのハイブリッド開発
righttouch
PRO
1
610
3 Effective Rules for Using Signals in Angular
manfredsteyer
PRO
1
100
EMになってからチームの成果を最大化するために取り組んだこと/ Maximize team performance as EM
nashiusagi
0
100
[Do iOS '24] Ship your app on a Friday...and enjoy your weekend!
polpielladev
0
110
Functional Event Sourcing using Sekiban
tomohisa
0
100
Tauriでネイティブアプリを作りたい
tsucchinoko
0
370
Webの技術スタックで マルチプラットフォームアプリ開発を可能にするElixirDesktopの紹介
thehaigo
2
1k

Featured

See All Featured
Optimising Largest Contentful Paint
csswizardry
33
2.9k
Site-Speed That Sticks
csswizardry
0
28
How to Think Like a Performance Engineer
csswizardry
20
1.1k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
28
8.2k
[RailsConf 2023] Rails as a piece of cake
palkan
52
4.9k
YesSQL, Process and Tooling at Scale
rocio
169
14k
No one is an island. Learnings from fostering a developers community.
thoeni
19
3k
Fashionably flexible responsive web design (full day workshop)
malarkey
405
65k
The World Runs on Bad Software
bkeepers
PRO
65
11k
What's new in Ruby 2.0
geeforr
343
31k
4 Signs Your Business is Dying
shpigford
180
21k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
126
18k

Transcript

  1. Security. And Swift #swiftalps @vixentael and Alps

  2. @vixentael Lead Developer at stanfy.com Core Contributor at themis/ cossacklabs.com

    Who I am
  3. None
  4. None

  5. hacking NSA watching cat movies making own crypto practicing MitM

    writing (yet-another) secure messenger What we gonna do? eating chocolate holy-waring

  6. #swiftalps @vixentael 1. Talking about security from kitten perspective 2.

    Risk analysis of typical app + analyze your app 3. Storage encryption + coding 4. Transfer encryption + coding Chapters

  7. T2 T3 passive MitM active MitM T1/T4 data loss/ tampering

    T5 verbal key leak T6 phishing / social engineering T7 rubber-hose cryptanalysis T8 satellite imaging of sensitive input T9 EM emissions T10 sandbox escaping T11 misconfiguration T12 random generator abuse T13 random generator abuse T14 EM emissions and physical side channel T15 physical access T16 malicious dependency T17 misconfigured access T18 unattended backups T19 storing keys with data T20 weak cipher random generator abuse T21

  8. #swiftalps @vixentael https://cossacklabs.com/choose-your-ios-crypto.html

  9. None

  10. #swiftalps @vixentael Quiz rules 1.Answer questions 2.Get points for each

    correct answer 3.Top winners get a !

  11. See you at my table!

  12. AppSecurity for kittens Chapter 1

  13. #swiftalps @vixentael I’m using HTTPS, I’m safe!

  14. #swiftalps @vixentael Is HTTPS enough?

  15. #swiftalps @vixentael

  16. #swiftalps @vixentael

  17. #swiftalps @vixentael SSL/TLS in short hello client asks certificate server

    sends cert encrypted data key negotiation client verifies cert - domain, - expiration date, - asks CA if cert is valid and not revoked

  18. #swiftalps @vixentael Where can it break? https://www.cossacklabs.com/avoid-ssl-for-your-next-app.html https://www.cossacklabs.com/whats-wrong-with-web-crypto.html

  19. #swiftalps @vixentael hello client asks certificate server sends cert encrypted

    data key negotiation client verifies cert - domain, - expiration date, - asks CA if cert is valid and not revoked SSL/TLS in short

  20. #swiftalps @vixentael SSL pinning hello client asks certificate server sends

    cert encrypted data key negotiation SSL pinning

  21. https://github.com/Alamofire/Alamofire #swiftalps @vixentael let serverTrustPolicies:[String : ServerTrustPolicy] = [ “mydomain.com":

    pinCertificates( certificates: ServerTrustPolicy.certificatesInBundle(), validateCertificateChain: true, validateHost: true ), “myexpireddomain.com": disableEvaluation ]

  22. #swiftalps @vixentael https://github.com/johnlui/Pitaya let certData = NSData(contentsOfFile: NSBundle.mainBundle().pathForResource(“mydomaincom", ofType: "cer")!)!


    ... ... .addSSLPinning(LocalCertData: certData) { () -> Void in
 print("Under Man-in-the-middle attack!")
 }

  23. #swiftalps @vixentael What else can be pinned?

  24. #swiftalps @vixentael SSL pinning in depth https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning https://www.owasp.org/index.php/Pinning_Cheat_Sheet

  25. #swiftalps @vixentael Even pinning is not enough. Why?

  26. #swiftalps @vixentael SSL kill switch https://github.com/nabla-c0d3/ssl-kill-switch2

  27. #swiftalps @vixentael WoSign story https://security.googleblog.com/2016/10/ distrusting-wosign-and-startcom.html https://support.apple.com/en-us/HT204132

  28. #swiftalps @vixentael WoSign story https://security.googleblog.com/2016/10/ distrusting-wosign-and-startcom.html https://support.apple.com/en-us/HT204132

  29. #swiftalps @vixentael Who can summarize?

  30. #swiftalps @vixentael 1. Using HTTPS is must-have, but not enough

    2. Using SSL pinning is must-have, but not enough

  31. #swiftalps @vixentael 1. Using HTTPS is must-have, but not enough

    2. Using SSL pinning is must-have, but not enough Why? Because data is plain text

  32. Risk analysis Chapter 2

  33. Most users trust sensitive data to our app regardless of

    how well you protect it #swiftalps @vixentael

  34. #swiftalps @vixentael Name system that has absolute security model

  35. Nothing is absolutely secure #swiftalps @vixentael 3rd party libs ecosystem

    itself known & unknown vulnerabilities backdoors bugs

  36. But we can put efforts into protecting system against certain

    threat model and attacker #swiftalps @vixentael Nothing is absolutely secure

  37. Risk Model & Threat Model create demands for security #swiftalps

    @vixentael

  38. Risks Data is used/sold by someone Data is tampered and

    you’re operating on adversary’s plan Identity/auth is used elsewhere data leakage data tampering identity theft #swiftalps @vixentael

  39. - Encryption w/ secret or PKC - Limit access -

    Signed encryption - Protected transport with trust and integrity - Authenticated encryption - Action authentication Risk prevention #swiftalps @vixentael data leakage data tampering identity theft

  40. Trust model is whose secrets you trust in a security

    system #swiftalps @vixentael

  41. #swiftalps @vixentael Whom should we trust? (building our app)

  42. #swiftalps @vixentael Whom should we trust? (building our app)

  43. Whom should we trust? #swiftalps @vixentael The user only!

  44. Typical app architecture user app network server storage #swiftalps @vixentael

  45. More complicated.. T2 T3 passive MitM active MitM T1/T4 data

    loss/ tampering T5 verbal key leak T6 phishing / social engineering T7 rubber-hose cryptanalysis T8 satellite imaging of sensitive input T9 EM emissions T10 sandbox escaping T11 misconfiguration T12 random generator abuse T13 random generator abuse T14 EM emissions and physical side channel T15 physical access T16 malicious dependency T17 misconfigured access T18 unattended backups T19 storing keys with data T20 weak cipher random generator abuse T21 #swiftalps @vixentael

  46. Back to threats we can handle T2 T3 passive MitM

    active MitM T1/T4 data loss/ tampering #swiftalps @vixentael

  47. attacker steals stored data or tampers it Threats: T1/T4 Secret

    Key Crypto Protection Symmetric crypto for storing data. If user has no secret, he can’t read or change data. #swiftalps @vixentael

  48. Threats: T2 attacker captures network traffic (passive MitM) Public Key

    Cryptography, ephemeral keys Protection Asymmetric crypto for sending data. Ephemeral keys to avoid decrypting accumulated traffic if keys are leaked/cracked. #swiftalps @vixentael

  49. Threats: T3 attacker redirects traffic and pretends to be remote

    party (active MitM) Public Key Cryptography, certificate pinning Protection Asymmetric crypto for sending data. Check server certificate to make sure it matches with pinned one. #swiftalps @vixentael

  50. Protection methods T2 T3 passive MitM active MitM T1/T4 data

    loss/ tampering Secret Key Crypto PKC + ephem. keys PKC + cert. pinning #swiftalps @vixentael

  51. #swiftalps @vixentael Who can summarize?

  52. #swiftalps @vixentael 1. There’s no absolute security 2. Analyze your

    system from risks and threats perspective 3. Put efforts against certain threats

  53. #swiftalps @vixentael Analyze your app exercise

  54. Symmetric encryption Chapter 3

  55. #swiftalps @vixentael Where to store the data?

  56. #swiftalps @vixentael Where to store the data? UserDefaults sqllite Realm

    plist mydata.txt

  57. #swiftalps @vixentael

  58. #swiftalps @vixentael File protection

  59. #swiftalps @vixentael * NSFileProtectionNone * NSFileProtectionComplete Cannot be accessed while

    device is locked or booting. * NSFileProtectionCompleteUnlessOpen Opens only when device is unlocked; can be accessed whenever. * NSFileProtectionCompleteUntilFirstUserAuthentication Opens only after device is booted; can be accessed whenever. File protection

  60. #swiftalps @vixentael File protection pros & cons 1. “Out of

    the box” 2. System-dependent 3. Jailbreak :( 4. Doesn’t depend on user actions inside your app

  61. #swiftalps @vixentael File protection pros & cons 1. “Out of

    the box” 2. System-dependent 3. Jailbreak :( 4. Doesn’t depend on user actions inside your app -> encrypt stored data!

  62. #swiftalps @vixentael Encrypt / decrypt storage data Storage encryption exercise

  63. #swiftalps @vixentael https://cossacklabs.com/choose-your-ios-crypto.html

  64. #swiftalps @vixentael Secure Cell is container for symmetric encryption Storage

    encryption exercise download demo project https://github.com/TheSwiftAlps/theswiftalpsdemo

  65. #swiftalps @vixentael Secure Cell Cell wrap context encrypted message Cell

    unwrap plaintext message encrypted message plaintext message

  66. #swiftalps @vixentael Secure Cell - integrity protection (calculates ~hmac to

    ensure that message was not changed) - context-dependent (both key and context are important) - tampering protection vs any AES wrapper -> more security guaranties out of the box https://github.com/cossacklabs/themis/wiki/Swift-Howto

  67. #swiftalps @vixentael Run CellDemo Encrypt-decrypt several messages Can you decrypt

    messages using other context? Storage encryption exercise CellDemo().runDemo()

  68. #swiftalps @vixentael What was wrong in this demo code?

  69. #swiftalps @vixentael -> plain text keys What was wrong in

    this demo code?

  70. #swiftalps @vixentael Where to store the key? UserDefaults sqllite keychain

    plist mysecretkey.txt

  71. #swiftalps @vixentael 1. Store plain text 2. Store encrypted (decrypt

    before using) 3. Do not store at all (user input) 4. Calculate key 5. Combine (decrypted piece + user input) Key storage technique

  72. #swiftalps @vixentael 1. Imagine any String key 2. Encrypt it

    3. Save encrypted version 4. Decrypt before using Store encrypted key

  73. #swiftalps @vixentael let key: String = myString.reverse() Calculate key

  74. #swiftalps @vixentael KDF https://github.com/krzyzanowskim/CryptoSwift

  75. #swiftalps @vixentael Improve sample by adding key storage techniques Encryption

    exercise 1. Store plain text 2. Store encrypted (decrypt before using) 3. Do not store at all (user input) 4. Calculate key 5. Combine (decrypted piece + user input)

  76. Asymmetric encryption Chapter 4

  77. Combining things: secure app v.1 SSL storage encryption storage encryption

    data leakage MiTM weak SSL #swiftalps @vixentael

  78. Combining things: secure app v.2 end-to-end encryption storage encryption storage

    encryption weak auth blind trust ephemeral keys protected transport #swiftalps @vixentael

  79. Combining things: secure app v.3 end-to-end encryption storage encryption storage

    encryption ephemeral keys protected transport MFA ZKP #swiftalps @vixentael

  80. #swiftalps @vixentael Create iOS app and server system to exchange

    the messages Transfer exercise 1. secure end-to-end communication 2. perfect forward secrecy 3. strong mutual peer authentication

  81. #swiftalps @vixentael https://cossacklabs.com/choose-your-ios-crypto.html

  82. #swiftalps @vixentael Establish session between two peers, within which data

    can be securely exchanged with higher security guarantees. Secure session make sure that demo project is downloaded https://github.com/TheSwiftAlps/theswiftalpsdemo

  83. #swiftalps @vixentael Transfer exercise 1. Open server, grab serverId, url

    and public key 2. Send a message to the server 3. See it on the dashboard Improve sample by adding key storage techniques http://alps.cossacklabs.com/

  84. #swiftalps @vixentael What was wrong in this demo code?

  85. #swiftalps @vixentael What was wrong in this demo code? ->

    plain text keys -> ATS

  86. #swiftalps @vixentael 1. It’s easy to encrypt the transport layer

    2. Don’t rely only on SSL 3. Make everything possible to protect your app

  87. The last slide Need help? Talk to me :) @vixentael

    Lead Developer at stanfy.com Core Contributor at themis/ cossacklabs.com