Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Swift Alps security workshop

vixentael
November 11, 2016

The Swift Alps security workshop

You may find complicated to understand what's going on these slides. But it's workshop :)

The idea was to share some knowledges about making more secure apps. We talked about:

- why SSL is not enough
- strategies to implement SSL pinning
- how to understand basic risks and threats of common mobile client-server infrastructure
- protection methods against those threats
- what is symmetric encryption; why we need it. where to store data and key.
- what is transfer encryption; when we need it.

Please download slides as PDF (button on the right) to be able to tap on the links.

Links to example repo:
https://github.com/TheSwiftAlps/theswiftalpsdemo

See more info:
https://speakerdeck.com/vixentael/
https://medium.com/@vixentael/
https://realm.io/news/tryswift-anastasiia-voitova-building-user-centric-security-model-ios-applications-swift/

vixentael

November 11, 2016
Tweet

More Decks by vixentael

Other Decks in Programming

Transcript

  1. hacking NSA watching cat movies making own crypto practicing MitM

    writing (yet-another) secure messenger What we gonna do? eating chocolate holy-waring
  2. #swiftalps @vixentael 1. Talking about security from kitten perspective 2.

    Risk analysis of typical app + analyze your app 3. Storage encryption + coding 4. Transfer encryption + coding Chapters
  3. T2 T3 passive MitM active MitM T1/T4 data loss/ tampering

    T5 verbal key leak T6 phishing / social engineering T7 rubber-hose cryptanalysis T8 satellite imaging of sensitive input T9 EM emissions T10 sandbox escaping T11 misconfiguration T12 random generator abuse T13 random generator abuse T14 EM emissions and physical side channel T15 physical access T16 malicious dependency T17 misconfigured access T18 unattended backups T19 storing keys with data T20 weak cipher random generator abuse T21
  4. #swiftalps @vixentael SSL/TLS in short hello client asks certificate server

    sends cert encrypted data key negotiation client verifies cert - domain, - expiration date, - asks CA if cert is valid and not revoked
  5. #swiftalps @vixentael hello client asks certificate server sends cert encrypted

    data key negotiation client verifies cert - domain, - expiration date, - asks CA if cert is valid and not revoked SSL/TLS in short
  6. https://github.com/Alamofire/Alamofire #swiftalps @vixentael let serverTrustPolicies:[String : ServerTrustPolicy] = [ “mydomain.com":

    pinCertificates( certificates: ServerTrustPolicy.certificatesInBundle(), validateCertificateChain: true, validateHost: true ), “myexpireddomain.com": disableEvaluation ]
  7. #swiftalps @vixentael https://github.com/johnlui/Pitaya let certData = NSData(contentsOfFile: NSBundle.mainBundle().pathForResource(“mydomaincom", ofType: "cer")!)!


    ... ... .addSSLPinning(LocalCertData: certData) { () -> Void in
 print("Under Man-in-the-middle attack!")
 }
  8. #swiftalps @vixentael 1. Using HTTPS is must-have, but not enough

    2. Using SSL pinning is must-have, but not enough
  9. #swiftalps @vixentael 1. Using HTTPS is must-have, but not enough

    2. Using SSL pinning is must-have, but not enough Why? Because data is plain text
  10. Most users trust sensitive data to our app regardless of

    how well you protect it #swiftalps @vixentael
  11. Nothing is absolutely secure #swiftalps @vixentael 3rd party libs ecosystem

    itself known & unknown vulnerabilities backdoors bugs
  12. But we can put efforts into protecting system against certain

    threat model and attacker #swiftalps @vixentael Nothing is absolutely secure
  13. Risks Data is used/sold by someone Data is tampered and

    you’re operating on adversary’s plan Identity/auth is used elsewhere data leakage data tampering identity theft #swiftalps @vixentael
  14. - Encryption w/ secret or PKC - Limit access -

    Signed encryption - Protected transport with trust and integrity - Authenticated encryption - Action authentication Risk prevention #swiftalps @vixentael data leakage data tampering identity theft
  15. More complicated.. T2 T3 passive MitM active MitM T1/T4 data

    loss/ tampering T5 verbal key leak T6 phishing / social engineering T7 rubber-hose cryptanalysis T8 satellite imaging of sensitive input T9 EM emissions T10 sandbox escaping T11 misconfiguration T12 random generator abuse T13 random generator abuse T14 EM emissions and physical side channel T15 physical access T16 malicious dependency T17 misconfigured access T18 unattended backups T19 storing keys with data T20 weak cipher random generator abuse T21 #swiftalps @vixentael
  16. Back to threats we can handle T2 T3 passive MitM

    active MitM T1/T4 data loss/ tampering #swiftalps @vixentael
  17. attacker steals stored data or tampers it Threats: T1/T4 Secret

    Key Crypto Protection Symmetric crypto for storing data. If user has no secret, he can’t read or change data. #swiftalps @vixentael
  18. Threats: T2 attacker captures network traffic (passive MitM) Public Key

    Cryptography, ephemeral keys Protection Asymmetric crypto for sending data. Ephemeral keys to avoid decrypting accumulated traffic if keys are leaked/cracked. #swiftalps @vixentael
  19. Threats: T3 attacker redirects traffic and pretends to be remote

    party (active MitM) Public Key Cryptography, certificate pinning Protection Asymmetric crypto for sending data. Check server certificate to make sure it matches with pinned one. #swiftalps @vixentael
  20. Protection methods T2 T3 passive MitM active MitM T1/T4 data

    loss/ tampering Secret Key Crypto PKC + ephem. keys PKC + cert. pinning #swiftalps @vixentael
  21. #swiftalps @vixentael 1. There’s no absolute security 2. Analyze your

    system from risks and threats perspective 3. Put efforts against certain threats
  22. #swiftalps @vixentael * NSFileProtectionNone * NSFileProtectionComplete Cannot be accessed while

    device is locked or booting. * NSFileProtectionCompleteUnlessOpen Opens only when device is unlocked; can be accessed whenever. * NSFileProtectionCompleteUntilFirstUserAuthentication Opens only after device is booted; can be accessed whenever. File protection
  23. #swiftalps @vixentael File protection pros & cons 1. “Out of

    the box” 2. System-dependent 3. Jailbreak :( 4. Doesn’t depend on user actions inside your app
  24. #swiftalps @vixentael File protection pros & cons 1. “Out of

    the box” 2. System-dependent 3. Jailbreak :( 4. Doesn’t depend on user actions inside your app -> encrypt stored data!
  25. #swiftalps @vixentael Secure Cell is container for symmetric encryption Storage

    encryption exercise download demo project https://github.com/TheSwiftAlps/theswiftalpsdemo
  26. #swiftalps @vixentael Secure Cell Cell wrap context encrypted message Cell

    unwrap plaintext message encrypted message plaintext message
  27. #swiftalps @vixentael Secure Cell - integrity protection (calculates ~hmac to

    ensure that message was not changed) - context-dependent (both key and context are important) - tampering protection vs any AES wrapper -> more security guaranties out of the box https://github.com/cossacklabs/themis/wiki/Swift-Howto
  28. #swiftalps @vixentael Run CellDemo Encrypt-decrypt several messages Can you decrypt

    messages using other context? Storage encryption exercise CellDemo().runDemo()
  29. #swiftalps @vixentael 1. Store plain text 2. Store encrypted (decrypt

    before using) 3. Do not store at all (user input) 4. Calculate key 5. Combine (decrypted piece + user input) Key storage technique
  30. #swiftalps @vixentael 1. Imagine any String key 2. Encrypt it

    3. Save encrypted version 4. Decrypt before using Store encrypted key
  31. #swiftalps @vixentael Improve sample by adding key storage techniques Encryption

    exercise 1. Store plain text 2. Store encrypted (decrypt before using) 3. Do not store at all (user input) 4. Calculate key 5. Combine (decrypted piece + user input)
  32. Combining things: secure app v.1 SSL storage encryption storage encryption

    data leakage MiTM weak SSL #swiftalps @vixentael
  33. Combining things: secure app v.2 end-to-end encryption storage encryption storage

    encryption weak auth blind trust ephemeral keys protected transport #swiftalps @vixentael
  34. Combining things: secure app v.3 end-to-end encryption storage encryption storage

    encryption ephemeral keys protected transport MFA ZKP #swiftalps @vixentael
  35. #swiftalps @vixentael Create iOS app and server system to exchange

    the messages Transfer exercise 1. secure end-to-end communication 2. perfect forward secrecy 3. strong mutual peer authentication
  36. #swiftalps @vixentael Establish session between two peers, within which data

    can be securely exchanged with higher security guarantees. Secure session make sure that demo project is downloaded https://github.com/TheSwiftAlps/theswiftalpsdemo
  37. #swiftalps @vixentael Transfer exercise 1. Open server, grab serverId, url

    and public key 2. Send a message to the server 3. See it on the dashboard Improve sample by adding key storage techniques http://alps.cossacklabs.com/
  38. #swiftalps @vixentael 1. It’s easy to encrypt the transport layer

    2. Don’t rely only on SSL 3. Make everything possible to protect your app
  39. The last slide Need help? Talk to me :) @vixentael

    Lead Developer at stanfy.com Core Contributor at themis/ cossacklabs.com