Security with VA Smalltalk

Similar documents
Cryptographic Concepts

FIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

There are numerous Python packages for cryptography. The most widespread is maybe pycrypto, which is however unmaintained since 2015, and has

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

FIPS Security Policy UGS Teamcenter Cryptographic Module

Core Security Services and Bootstrapping in the Cherubim Security System

Oracle Solaris Kernel Cryptographic Framework Software Version 1.0 and 1.1

Cipher Suite Configuration Mode Commands

Summary on Crypto Primitives and Protocols

Encryption. INST 346, Section 0201 April 3, 2018

CSE 127: Computer Security Cryptography. Kirill Levchenko

Apache Commons Crypto: Another wheel of Apache Commons. Dapeng Sun/ Xianda Ke

NIST Cryptographic Toolkit

APNIC elearning: Cryptography Basics

Chapter 18: wolfcrypt API Reference

ECE 646 Fall 2015 Term Project. Overview, comparison of open crypto libraries for application development. By Ravi Kota

MTAT Applied Cryptography

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Findings for

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

CIS 4360 Secure Computer Systems Symmetric Cryptography

Oracle Solaris Userland Cryptographic Framework Software Version 1.0 and 1.1

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

RSA BSAFE Crypto-C Micro Edition Security Policy

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Security. Communication security. System Security

CSC 774 Network Security

Midgame Attacks. (and their consequences) Donghoon Chang 1 and Moti Yung 2. IIIT-Delhi, India. Google Inc. & Columbia U., USA

CSC/ECE 774 Advanced Network Security

Ref:

6 Cryptographic Operations API

ECE 646 Lecture 8. Modes of operation of block ciphers

Understanding how to prevent. Sensitive Data Exposure. Dr Simon Greatrix

n-bit Output Feedback

Computer Security: Principles and Practice

Samsung FIPS BC for Mobile Phone and Tablet FIPS Security Policy

Cryptography MIS

CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK

WAP Security. Helsinki University of Technology S Security of Communication Protocols

Advanced Crypto. Author: Prof Bill Buchanan

Authenticated Encryption in TLS

Password-based OpenSSL Encryption

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems

The Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0. Xirrus, Inc.

Information Security CS 526

PASSWORDS & ENCRYPTION

Lecture 1 Applied Cryptography (Part 1)

State of TLS usage current and future. Dave Thompson

Analysis, demands, and properties of pseudorandom number generators

Application of Cryptography in.net Framework

Symantec Corporation

1.264 Lecture 28. Cryptography: Asymmetric keys

IOS Common Cryptographic Module (IC2M)

Crypto Background & Concepts SGX Software Attestation

Coming of Age: A Longitudinal Study of TLS Deployment

ECE 646 Fall 2009 Final Exam December 15, Multiple-choice test

RSA BSAFE Crypto-J JSAFE and JCE Software Module Security Policy Level 2 Roles, Services and Authentication

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

Dyadic Enterprise. Unbound Key Control For Azure Marketplace. The Secure-As-Hardware Software With a Mathematical Proof

Juniper Networks Pulse Cryptographic Module. FIPS Level 1 Security Policy Version: 1.0 Last Updated: July 19, 2013

PROTECTING CONVERSATIONS

Winter 2011 Josh Benaloh Brian LaMacchia

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

Cryptographic Systems

Storage encryption... what about data integrity?

ECE 646 Lecture 7. Modes of Operation of Block Ciphers. Modes of Operation. Required Reading:

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

Cryptography and Network Security

(2½ hours) Total Marks: 75

Overview. SSL Cryptography Overview CHAPTER 1

Cipher Suite Practices and Pitfalls:

Transport Level Security

Crypto for Hackers. Eijah. v1.00 August 7 th, 2015

Dyadic Security Enterprise Key Management

Stream Ciphers and Block Ciphers

Understand the TLS handshake Understand client/server authentication in TLS. Understand session resumption Understand the limitations of TLS

CRYPTOGRAPHY. Jakub Laszczyk. June 7th,

FIPS Cryptographic Module Security Policy Entrust Authority Security Toolkit for the Java Platform

Route1 FIPS Cryptographic Module

CSE484 Final Study Guide

Computer Security. 10. Exam 2 Review. Paul Krzyzanowski. Rutgers University. Spring 2017

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

Randomness Extractors. Secure Communication in Practice. Lecture 17

Encryption I. An Introduction

UNCLASSIFIED INFORMATION TECHNOLOGY SECURITY GUIDANCE

Encrypted Phone Configuration File Setup

KALASALINGAM UNIVERSITY

Imprivata FIPS Cryptographic Module Non-Proprietary Security Policy Version: 2.9 Date: August 10, 2016

Cryptography and Network Security Chapter 12. Message Authentication. Message Security Requirements. Public Key Message Encryption

Advanced Crypto. 2. Public key, private key and key exchange. Author: Prof Bill Buchanan

Hewlett-Packard Development Company, L.P. NonStop Volume Level Encryption (NSVLE) Product No: T0867 SW Version: 2.0

Chapter 8. Network Security. Need for Security. An Introduction to Cryptography. Transposition Ciphers One-Time Pads

Cryptography. Recall from last lecture. [Symmetric] Encryption. How Cryptography Helps. One-time pad. Idea: Computational security

DataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.

Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank

Transcription:

24 th ESUG Conference Prague, Czech Republic August 23, 2016 Security with VA Smalltalk Seth Berman Vice President of Engineering Instantiations, Inc.

Agenda Security Overview Architectural Goals OpenSSL 1.1 Compatibility Cryptography Library SSL/TLS Library

Security Overview Understanding the Value Secure communications is hard Even Cryptographers get it wrong Protocol Breakage: SSL, PPTP Implementation Breakage: Heartbleed Correct Protocol/Implementations can still be vulnerable Side channel attacks

Security Overview Understanding the Value Demand for Secure Communications Is only going one way UP! Our customers are receiving increasing pressure to provide higher security applications The demands extend beyond just SSL/TLS connections

Security Overview Looking Back Before VA Smalltalk 8.6.2 Dated bindings to the OpenSSL SSL/TLS library No Cryptographic primitives exposed Minimal help with native memory management Minimal Test Cases

Security Overview Currently VA Smalltalk 8.6.2 Official Support for 1.0.x Native Memory Management Introduction of the Cryptographic Library Enhanced SSL/TLS APIs Test Cases (with official test vectors) for all exposed Cryptographic Algorithms Story-driven code examples describing common Cryptographic Algorithm usage

Security Overview Coming Soon VA Smalltalk 8.6.3 Added Support for OpenSSL 1.1.0 Continued support for OpenSSL 1.0.x Many new Cryptographic algorithms available Authenticated Encryption Key Derivation Secure Memory Module Helps protect In-Memory keys on long-running servers

Architectural Goals Compatibility New Crypto layer will slide underneath SSL/TLS support SSL/TLS API compatibility must be maintained SSL/TLS and Crypto libraries must handle all OpenSSL versions we support Currently: OpenSSL 1.0.0, 1.0.1, 1.0.2 Next Release: Adding OpenSSL 1.1.0 Differences between various OpenSSL versions should be transparent to the user (except algorithm availability) Separation of Concerns Performance Safety

Architectural Goals Compatibility Separation of Concerns API Objects Users should only interact with these Dispatching Engine Performs threaded calls Error Detection and Notification Native Memory Management Various mechanisms to make working with native memory safer and prevent certain classes of errors. Performance Safety

Architectural Goals Compatibility Separation of Concerns Performance Calls to OpenSSL are made on native threads Asynchronous callouts which block only the calling ST process Our thread-locking implementation plugs into OpenSSL to manage concurrency issues This allows for the usage of multiple cores for higher throughput Safety

Architectural Goals Compatibility Separation of Concerns Performance Safety Uses a Native Memory Manager Uses a Smalltalk GC Notifier to help make sure the object s native memory was freed Various OpenSSL APIs may answer Static memory (this should never be freed) Reference counted memory (OpenSSL s memory manager) Unmanaged memory that the user must free The Native Memory Manager keeps track of memory ownership and reference counts

OpenSSL 1.1 Overview Major revamp of the OpenSSL codebase Post-Heartbleed: It s getting the attention it deserves now More resources applied, both internal and external FIPS 140-2 Accreditation is now sponsored At this time: OpenSSL 1.1.0 Beta7 With the good comes the bad API breakage

OpenSSL 1.1 Hiding the API Breakage Version-adapting memory layout All bindings to structures reconfigure their layout to meet the OpenSSL version layout specification OpenSSL 1.1 uses opaque structures So we configure to those too and provide the various OpenSSL getter/setter APIs

OpenSSL 1.1 Hiding the API Breakage Version fallback logic General OpenSSL 1.1 APIs we added implement fallback code for lower version levels This was done by implementing the OpenSSL logic in Smalltalk We don t do this for algorithms as this could lead to side-channel attacks Our implementation may be correct. But perhaps observable cpu or caching behavior leaks information Or semantics of basic primitive operations were not considered i.e. trialkey = storedkey (not constant-time equality)

Cryptographic Library Overview Secure Memory Streaming API Message Digests Message Authentication Code (MAC) Symmetric Ciphers Public/Private Key Key Derivation Secure Random Number Generator X509 ASN1

Cryptographic Library Secure Memory Mechanisms to secure in-memory storage Intended for long running servers Lots of sensitive data in memory This sensitive data is long-lived More aggressive thread-model Our Secure Objects also override common APIs to expose as little as possible in case it gets logged

Cryptographic Library Secure Memory on Linux/Unix Strategy Attempt to prevent paging sensitive data to disk Should not show up in a core-dump Special heap should be page-guarded to protect against buffer overrun/underrun Uses OpenSSL 1.1 Secure Arenas Implements the strategy above

Cryptographic Library Secure Memory on Windows Strategy Limit the time window that sensitive data could be observed in decrypted form Assume paging to disk or being core-dumped is unavoidable Should not require a special section of the heap

Cryptographic Library Secure Memory on Windows Uses In-Memory Encryption (Microsoft CryptoAPI) Encryption Key is per-user and generated on boot Encryption Key is stored in nonpaged kernel memory By default, only the VAST Smalltalk process can decrypt OpenSSL Dispatcher has been enhanced to Decrypt incoming arguments intended for OpenSSL functions Immediately call the OpenSSL function After the call, re-encrypt the required incoming arguments

Cryptographic Library Streaming API Powerful set of High-Performance OpenSSL Streams Two types Source/Sink Socket, File, Memory Filters Digest, Cipher, Base64, Buffer Chain them together to create cryptographic pipelines Example chain to Perform buffered writes of base64-encoded encrypted data to a file Compute the sha512 hash of the plaint-text bufferbio sha512bio aes256bio base64bio filebio

Cryptographic Library Message Digests Secure one-way hash functions Algorithms MD5, RIPEMD160 SHA1, SHA2 Family (224, 256, 384, 512) Whirpool Blake2 (OpenSSL 1.1) Example: OSSslDigest sha512 printabledigest: Hello World. 958D09788F3C907B1C89A945F478D58C

Cryptographic Library Message Authentication Code (MAC) Keyed hash function Provides both data integrity and authenticity Algorithms HMAC CMAC (OpenSSL 1.1) Example: OSSslDigest sha1 hmacprintabledigest: 'Hello Smalltalk key: 'secretkey. 4510149C9D6216D4460571E16B290312

Cryptographic Library Symmetric Ciphers Encryption for confidentiality Shared secret key Block Ciphers AES, Blowfish, Camellia, Cast5, DES, Triple-DES Unauthenticated Modes: CBC, CFB, CTR, OFB, XTS Authenticated Modes: GCM, CCM, OCB Stream Ciphers Unauthenticated: ChaCha20 Authenticated: ChaCha20-Poly1305

Cryptographic Library Symmetric Ciphers Encrypt Example "Encrypt cipher := OSSslCipher aes_256_ocb. cdata := cipher cipherdatafor: 'Hello Smalltalk'. ciphertext := cipher encrypt: cdata key: key iv: iv. authtag := cdata tagdata. "Decrypt cdata := cipher cipherdatafor: ciphertext. cdata tagdata: authtag. plaintext := cipher decrypt: cdata key: key iv: iv

Cryptographic Library Public/Private Key Algorithms using Key Pairs (public and private) Use Cases Key Exchange (i.e. agree on a shared key) Non-Interactive Encryption i.e. Encrypted Email Digital Signatures Algorithms RSA DSA Diffie-Hellman

Cryptographic Library Key Derivation Derives one or more keys from an initial key material Algorithms HKDF PBKDF2 Scrypt (OpenSSL 1.1)

Cryptographic Library Key Derivation Password Hashing Example Derive crypto key from a password scrypt := OSSslKDF scrypt keylength: 16. phash := scrypt derive: password. Algorithm Params to store with the hash psalt := scrypt salt. pcost := scrypt cost. pblksz := scrypt blocksize. ppara := scrypt parallelization. pmaxmem := scrypt maxmemory.

Cryptographic Library Key Derivation Password Hashing Example Verify supplied password with stored hash scrypt := OSSslKDF scrypt keylength: 16 salt: psalt cost: pcost parallelization: ppara blocksize: bblksz maxmemory: bmaxmem. (scrypt verify: password with: phash) iftrue: [^ Password is correct ].

SSL/TLS Library VA Smalltalk s existing SSL/TLS support is now built on the new crypto library. Inherits the safer memory management features More options exposed for SSL/TLS connections Gained TLSv1.2 support More options for X509 certs OpenSSL 1.1 compatible

Thank you for your attention Questions?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback