The Swift Alps security workshop

Transcript

1. Security. And Swift #swiftalps @vixentael and Alps

2. @vixentael Lead Developer at stanfy.com Core Contributor at themis/ cossacklabs.com

   Who I am
3. None
4. None

5. hacking NSA watching cat movies making own crypto practicing MitM

   writing (yet-another) secure messenger What we gonna do? eating chocolate holy-waring

6. #swiftalps @vixentael 1. Talking about security from kitten perspective 2.

   Risk analysis of typical app + analyze your app 3. Storage encryption + coding 4. Transfer encryption + coding Chapters

7. T2 T3 passive MitM active MitM T1/T4 data loss/ tampering

   T5 verbal key leak T6 phishing / social engineering T7 rubber-hose cryptanalysis T8 satellite imaging of sensitive input T9 EM emissions T10 sandbox escaping T11 misconfiguration T12 random generator abuse T13 random generator abuse T14 EM emissions and physical side channel T15 physical access T16 malicious dependency T17 misconfigured access T18 unattended backups T19 storing keys with data T20 weak cipher random generator abuse T21

8. #swiftalps @vixentael https://cossacklabs.com/choose-your-ios-crypto.html

9. None

10. #swiftalps @vixentael Quiz rules 1.Answer questions 2.Get points for each

    correct answer 3.Top winners get a !

11. See you at my table!

12. AppSecurity for kittens Chapter 1

13. #swiftalps @vixentael I’m using HTTPS, I’m safe!

14. #swiftalps @vixentael Is HTTPS enough?

15. #swiftalps @vixentael

16. #swiftalps @vixentael

17. #swiftalps @vixentael SSL/TLS in short hello client asks certificate server

    sends cert encrypted data key negotiation client verifies cert - domain, - expiration date, - asks CA if cert is valid and not revoked

18. #swiftalps @vixentael Where can it break? https://www.cossacklabs.com/avoid-ssl-for-your-next-app.html https://www.cossacklabs.com/whats-wrong-with-web-crypto.html

19. #swiftalps @vixentael hello client asks certificate server sends cert encrypted

    data key negotiation client verifies cert - domain, - expiration date, - asks CA if cert is valid and not revoked SSL/TLS in short

20. #swiftalps @vixentael SSL pinning hello client asks certificate server sends

    cert encrypted data key negotiation SSL pinning

21. https://github.com/Alamofire/Alamofire #swiftalps @vixentael let serverTrustPolicies:[String : ServerTrustPolicy] = [ “mydomain.com":

    pinCertificates( certificates: ServerTrustPolicy.certificatesInBundle(), validateCertificateChain: true, validateHost: true ), “myexpireddomain.com": disableEvaluation ]

22. #swiftalps @vixentael https://github.com/johnlui/Pitaya let certData = NSData(contentsOfFile: NSBundle.mainBundle().pathForResource(“mydomaincom", ofType: "cer")!)!


    ... ... .addSSLPinning(LocalCertData: certData) { () -> Void in
 print("Under Man-in-the-middle attack!")
 }

23. #swiftalps @vixentael What else can be pinned?

24. #swiftalps @vixentael SSL pinning in depth https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning https://www.owasp.org/index.php/Pinning_Cheat_Sheet

25. #swiftalps @vixentael Even pinning is not enough. Why?

26. #swiftalps @vixentael SSL kill switch https://github.com/nabla-c0d3/ssl-kill-switch2

27. #swiftalps @vixentael WoSign story https://security.googleblog.com/2016/10/ distrusting-wosign-and-startcom.html https://support.apple.com/en-us/HT204132

28. #swiftalps @vixentael WoSign story https://security.googleblog.com/2016/10/ distrusting-wosign-and-startcom.html https://support.apple.com/en-us/HT204132

29. #swiftalps @vixentael Who can summarize?

30. #swiftalps @vixentael 1. Using HTTPS is must-have, but not enough

    2. Using SSL pinning is must-have, but not enough

31. #swiftalps @vixentael 1. Using HTTPS is must-have, but not enough

    2. Using SSL pinning is must-have, but not enough Why? Because data is plain text

32. Risk analysis Chapter 2

33. Most users trust sensitive data to our app regardless of

    how well you protect it #swiftalps @vixentael

34. #swiftalps @vixentael Name system that has absolute security model

35. Nothing is absolutely secure #swiftalps @vixentael 3rd party libs ecosystem

    itself known & unknown vulnerabilities backdoors bugs

36. But we can put efforts into protecting system against certain

    threat model and attacker #swiftalps @vixentael Nothing is absolutely secure

37. Risk Model & Threat Model create demands for security #swiftalps

    @vixentael

38. Risks Data is used/sold by someone Data is tampered and

    you’re operating on adversary’s plan Identity/auth is used elsewhere data leakage data tampering identity theft #swiftalps @vixentael

39. - Encryption w/ secret or PKC - Limit access -

    Signed encryption - Protected transport with trust and integrity - Authenticated encryption - Action authentication Risk prevention #swiftalps @vixentael data leakage data tampering identity theft

40. Trust model is whose secrets you trust in a security

    system #swiftalps @vixentael

41. #swiftalps @vixentael Whom should we trust? (building our app)

42. #swiftalps @vixentael Whom should we trust? (building our app)

43. Whom should we trust? #swiftalps @vixentael The user only!

44. Typical app architecture user app network server storage #swiftalps @vixentael

45. More complicated.. T2 T3 passive MitM active MitM T1/T4 data

    loss/ tampering T5 verbal key leak T6 phishing / social engineering T7 rubber-hose cryptanalysis T8 satellite imaging of sensitive input T9 EM emissions T10 sandbox escaping T11 misconfiguration T12 random generator abuse T13 random generator abuse T14 EM emissions and physical side channel T15 physical access T16 malicious dependency T17 misconfigured access T18 unattended backups T19 storing keys with data T20 weak cipher random generator abuse T21 #swiftalps @vixentael

46. Back to threats we can handle T2 T3 passive MitM

    active MitM T1/T4 data loss/ tampering #swiftalps @vixentael

47. attacker steals stored data or tampers it Threats: T1/T4 Secret

    Key Crypto Protection Symmetric crypto for storing data. If user has no secret, he can’t read or change data. #swiftalps @vixentael

48. Threats: T2 attacker captures network traffic (passive MitM) Public Key

    Cryptography, ephemeral keys Protection Asymmetric crypto for sending data. Ephemeral keys to avoid decrypting accumulated traffic if keys are leaked/cracked. #swiftalps @vixentael

49. Threats: T3 attacker redirects traffic and pretends to be remote

    party (active MitM) Public Key Cryptography, certificate pinning Protection Asymmetric crypto for sending data. Check server certificate to make sure it matches with pinned one. #swiftalps @vixentael

50. Protection methods T2 T3 passive MitM active MitM T1/T4 data

    loss/ tampering Secret Key Crypto PKC + ephem. keys PKC + cert. pinning #swiftalps @vixentael

51. #swiftalps @vixentael Who can summarize?

52. #swiftalps @vixentael 1. There’s no absolute security 2. Analyze your

    system from risks and threats perspective 3. Put efforts against certain threats

53. #swiftalps @vixentael Analyze your app exercise

54. Symmetric encryption Chapter 3

55. #swiftalps @vixentael Where to store the data?

56. #swiftalps @vixentael Where to store the data? UserDefaults sqllite Realm

    plist mydata.txt

57. #swiftalps @vixentael

58. #swiftalps @vixentael File protection

59. #swiftalps @vixentael * NSFileProtectionNone * NSFileProtectionComplete Cannot be accessed while

    device is locked or booting. * NSFileProtectionCompleteUnlessOpen Opens only when device is unlocked; can be accessed whenever. * NSFileProtectionCompleteUntilFirstUserAuthentication Opens only after device is booted; can be accessed whenever. File protection

60. #swiftalps @vixentael File protection pros & cons 1. “Out of

    the box” 2. System-dependent 3. Jailbreak :( 4. Doesn’t depend on user actions inside your app

61. #swiftalps @vixentael File protection pros & cons 1. “Out of

    the box” 2. System-dependent 3. Jailbreak :( 4. Doesn’t depend on user actions inside your app -> encrypt stored data!

62. #swiftalps @vixentael Encrypt / decrypt storage data Storage encryption exercise

63. #swiftalps @vixentael https://cossacklabs.com/choose-your-ios-crypto.html

64. #swiftalps @vixentael Secure Cell is container for symmetric encryption Storage

    encryption exercise download demo project https://github.com/TheSwiftAlps/theswiftalpsdemo

65. #swiftalps @vixentael Secure Cell Cell wrap context encrypted message Cell

    unwrap plaintext message encrypted message plaintext message

66. #swiftalps @vixentael Secure Cell - integrity protection (calculates ~hmac to

    ensure that message was not changed) - context-dependent (both key and context are important) - tampering protection vs any AES wrapper -> more security guaranties out of the box https://github.com/cossacklabs/themis/wiki/Swift-Howto

67. #swiftalps @vixentael Run CellDemo Encrypt-decrypt several messages Can you decrypt

    messages using other context? Storage encryption exercise CellDemo().runDemo()

68. #swiftalps @vixentael What was wrong in this demo code?

69. #swiftalps @vixentael -> plain text keys What was wrong in

    this demo code?

70. #swiftalps @vixentael Where to store the key? UserDefaults sqllite keychain

    plist mysecretkey.txt

71. #swiftalps @vixentael 1. Store plain text 2. Store encrypted (decrypt

    before using) 3. Do not store at all (user input) 4. Calculate key 5. Combine (decrypted piece + user input) Key storage technique

72. #swiftalps @vixentael 1. Imagine any String key 2. Encrypt it

    3. Save encrypted version 4. Decrypt before using Store encrypted key

73. #swiftalps @vixentael let key: String = myString.reverse() Calculate key

74. #swiftalps @vixentael KDF https://github.com/krzyzanowskim/CryptoSwift

75. #swiftalps @vixentael Improve sample by adding key storage techniques Encryption

    exercise 1. Store plain text 2. Store encrypted (decrypt before using) 3. Do not store at all (user input) 4. Calculate key 5. Combine (decrypted piece + user input)

76. Asymmetric encryption Chapter 4

77. Combining things: secure app v.1 SSL storage encryption storage encryption

    data leakage MiTM weak SSL #swiftalps @vixentael

78. Combining things: secure app v.2 end-to-end encryption storage encryption storage

    encryption weak auth blind trust ephemeral keys protected transport #swiftalps @vixentael

79. Combining things: secure app v.3 end-to-end encryption storage encryption storage

    encryption ephemeral keys protected transport MFA ZKP #swiftalps @vixentael

80. #swiftalps @vixentael Create iOS app and server system to exchange

    the messages Transfer exercise 1. secure end-to-end communication 2. perfect forward secrecy 3. strong mutual peer authentication

81. #swiftalps @vixentael https://cossacklabs.com/choose-your-ios-crypto.html

82. #swiftalps @vixentael Establish session between two peers, within which data

    can be securely exchanged with higher security guarantees. Secure session make sure that demo project is downloaded https://github.com/TheSwiftAlps/theswiftalpsdemo

83. #swiftalps @vixentael Transfer exercise 1. Open server, grab serverId, url

    and public key 2. Send a message to the server 3. See it on the dashboard Improve sample by adding key storage techniques http://alps.cossacklabs.com/

84. #swiftalps @vixentael What was wrong in this demo code?

85. #swiftalps @vixentael What was wrong in this demo code? ->

    plain text keys -> ATS

86. #swiftalps @vixentael 1. It’s easy to encrypt the transport layer

    2. Don’t rely only on SSL 3. Make everything possible to protect your app

87. The last slide Need help? Talk to me :) @vixentael

    Lead Developer at stanfy.com Core Contributor at themis/ cossacklabs.com