Running Secure Server Software on Insecure Hardware Without Parachute
-
Upload
cloudflare -
Category
Technology
-
view
8.075 -
download
1
description
Transcript of Running Secure Server Software on Insecure Hardware Without Parachute
![Page 1: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/1.jpg)
Nicholas Sullivan Systems Engineer
CloudFlare@grittygrease
Running Secure Server Software on Insecure Hardware without a Parachute
![Page 2: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/2.jpg)
What this talk is aboutu The web is changing — consolidation at the edge u Fundamental assumptions about server security are wrong u How do we design server software with the worst case in mind?
u Distinguish between long and short term secrets u Devise approaches for protecting each
2
![Page 3: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/3.jpg)
Let’s Talk About Web Infrastructure
![Page 4: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/4.jpg)
4
![Page 5: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/5.jpg)
Global Website Traffic
5
![Page 6: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/6.jpg)
Global Website Traffic with CDN
6
![Page 7: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/7.jpg)
Current Map
7
![Page 8: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/8.jpg)
Future Map
8
![Page 9: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/9.jpg)
Future Map
9
![Page 10: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/10.jpg)
Edge Computing Threat Model
![Page 11: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/11.jpg)
Traditional server threat modelu Assume server is secure u Add layers of protection to keep attackers out
u Network layer protection u Operating System Level: principle of least privilege u Protection against maliciously installed code u More advanced barriers
11
![Page 12: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/12.jpg)
Globally distributed serversu Less jurisdictional control = less physical security u Physical access trumps static defense layers !
u Traditional defenses helpful, but not ideal u Cannot rely on security of keys u Single break-in results in immediate compromise
12
![Page 13: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/13.jpg)
A More Effective Approach
![Page 14: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/14.jpg)
Approach system security the ‘DRM way’u Assume attacker has bypassed all static defenses u Goal is to refresh secrets before they are compromised u Split system into long-term secrets and short-term secrets u Focus on renewability of secrets
14
![Page 15: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/15.jpg)
Secrets must be split into two tiersu Long-term Secrets
u Useful for attacker for long period of time u Do not store at the edge !
u Short-term Secrets u Expire after a short period of time u Cannot be re-used
15
![Page 16: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/16.jpg)
Example: Traditional TLS terminationu TLS handshake with nginx and Apache
u SSL keys on disk u Read from disk, use in memory !
u Cryptographic elements at risk if server is compromised u Private key u Session key
16
![Page 17: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/17.jpg)
TLS revisited for untrusted hardwareu Long term secrets
u Private key
!u Short term secrets
u Session key u Session IDs and Session ticket keys u Credentials to access private keys
17
![Page 18: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/18.jpg)
How to Protect Short-term Secrets
![Page 19: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/19.jpg)
Short-term secrets — threat modelu Must live on machines in unsafe locations
u Memory u Control Flow
u By the time a secret is broken, it should be expired u Don’t keep secrets in a useable state u Impose computational cost to retrieve the original secret u Expire secrets quickly
!
19
![Page 20: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/20.jpg)
Techniques from DRM are applicableu White-box cryptography u Code obfuscation
20
![Page 21: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/21.jpg)
Standard Cryptography Threat Model
21
Alice Bob
Eve
![Page 22: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/22.jpg)
White-box Cryptography Threat Model
22
Alice Bob
Eve
![Page 23: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/23.jpg)
White-box Cryptography Threat Model
23
Aleve Bob
![Page 24: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/24.jpg)
White-box cryptographyu Hide the cryptographic key from everyone u Protect against key extraction in the strongest threat model !
u Takes time to extract key — lots of math u Choose difficulty based on secret lifetime
24
![Page 25: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/25.jpg)
White-box cryptography implementations
25
u Commercial products u Irdeto, Arxan, SafeNet, etc.
u Open source u OpenWhiteBox
![Page 26: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/26.jpg)
Code obfuscation
26
![Page 27: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/27.jpg)
Code obfuscationu Making reverse engineering difficult
u Compile-time control-flow modification u Data transformation in memory u Anti-debugging
27
![Page 28: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/28.jpg)
Before
28
![Page 29: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/29.jpg)
After
29
![Page 30: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/30.jpg)
Code obfuscation implementationsu Commercial products
u Arxan, Irdeto, etc. u Open source
u Obfuscator-LLVM
30
![Page 31: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/31.jpg)
Long-term Secrets
![Page 32: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/32.jpg)
Keyless SSLu SSL without keys? Surely you’re joking. u SSL without keys at the edge. That’s better.
32
![Page 33: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/33.jpg)
How Keyless SSL Worksu Split the TLS state machine geographically
u Perform private key operation at site owner’s facility (in HSM, etc) u Perform rest of handshake at edge u Communicate with signing server over mutually authenticated TLS
33
![Page 34: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/34.jpg)
Keyless SSL Diagram
34
![Page 35: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/35.jpg)
35
![Page 36: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/36.jpg)
Conclusion
![Page 37: Running Secure Server Software on Insecure Hardware Without Parachute](https://reader034.fdocuments.in/reader034/viewer/2022051513/547db8fe5806b5ef5e8b45bd/html5/thumbnails/37.jpg)
Conclusionu Untrusted hardware requires a new approach
u Split secrets into long-term and short-term u Design for rapid renewal — replace secrets faster than they can be
broken u Leverage short-term secrets to access long-term secrets
37