Secure implementation

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--i534ufehsAOnJHcAhAIfET96wHT63n2fE
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hi,

with Steve having published the "user interface & operation" page I
think that one of the next steps would be to actually aim for an first
implementation of the whole thing. I for myself am planning to implement
it - just for the fun of it.

Admittedly I'm not really experienced when it comes to implementing
crypto, but I've been around long enough to know that it is not easy to
do it right and that it takes only one little mistake to make it
completely useless.

All platforms that are going to be supported are based upon real
operating systems (i.e. preemptive multitasking, swapping and fancy
things like that). Obviously this has implications to the security of
the whole architecture.

For starters I'm thinking about the key management. Making use of
EnScrypt is fine and dandy, but at some point the appropriate keys are
lying around unencrypted in memory as well as in the corresponding
buffers, caches and registers and we as programmers do not necessarily
have complete control over this - even at the machine code level.

Keeping the intervals the key is lying around unencrypted as short as
possible is probably a good idea, but nevertheless the operating system
can basically intervene whenever it wants to leaving us behind with a
lot of problems. What if the operating system decides to swap out some
regions of memory containing the key material? This might actually be
not that far fetched since scrypt takes up considerable chunks of
memory. Furthermore anything running in the "kernel" mode can - in
theory - get access to the keying material in these instances, which is
a concern once your system is infected with some sort of rootkit.

I guess that I'm not telling you anything new here and these are
problems any project has when it is dealing with crypto. I'm currently
reading "Applied cryptography", but unfortunately it is not really
specific when it comes down to key management. It basically just raises
awareness to the issues mentioned above. My next step would be to take a
closer look at the source code of some established open source projects
(OpenSSL, GPG, etc.), but as long as I'm not sure what I should look
for, it is quite hard to find it ;).

I'm not even sure whether each of these problems has a clean solution
and can be addressed by an application developer, but we definitely
should do what we can in this area. After all our keys are *really*
critical. Once an attacker has the MK all bets are off.

So, basically what I'm asking for are some references to papers,
articles and/or source code segments, which are dealing with crypto in
the real world in environments, which are not completely in control by
us - unlike hardware tokens, smartcards and such things. Maybe there is
even some sort of summary of things that are absolutely critical? I'm
also happy about any input from you guys and would like to have a vivid
discussion about that, because I do think that this is quite universal
and affects any potential implementer.

Best regards,
Karol Babioch


--i534ufehsAOnJHcAhAIfET96wHT63n2fE
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJTBnB+AAoJEHSaZc1HnzIVB0UP/jMFCuELsPViZWO98ojgCu96
dP3k74ktJbrgl6Edx/bbgIugbkuaEnb+poHmPnRyiKnRL5xkNPYo5xgrz9SemJqh
i8jvUB9ltGfQ/t5i9FPpYA5bkY1V03h0EZb13X+OQitpgaDFrBXThgT5UpBUtgJy
jgQvOZsaEFV9ngA+3rJP2jHNK0rWRxd9Mu6Ex6CbU0jQo82PhZezXQ3/19CaJxkE
YZZmw1g56zHyVV/VsfnKQx2JfsOQKZXEaehZQVDG4gX0FBmvd7MwAubnEEWadtAi
F/7mLf55fjjebkPSLBhapgR6o54tCxk9kijj4T+ohMGJaPthvT1OtBrR3pkpHDvz
NNQiUIV8GY4/bJ/byVeAKHg9ZEhWZh0CXHpC50GpGrhy+qrGwrcqv9RRFGqB1Evh
/tMs6Amrwt67ZZXLkzLK2dUgG3wELaAW7yQOcGuBRs+mkFBlFOFHGkTmO64qCJrY
mIOo9VoRcrpcum5wS2r177Q8qM7pT0GowE19ticRQCHicjK+SvWZo+g8bexummXp
sSNocqVnuXZiRzR3TYbgCXH+ilLpdTmEwia61FupTVFWu4sjLC/vG/u5Uf7VAY9l
a5sVlS1s5dWro1Oo2MxSf8wQJcEeNXpQagWyWt70dwntqZ49lMfxHJdYJcjCq0BU
tpBng21pC8p4TunzQCUf
=cpc5
-----END PGP SIGNATURE-----

--i534ufehsAOnJHcAhAIfET96wHT63n2fE--
0
Karol
2/20/2014 9:15:42 PM
grc.sqrl 459 articles. 0 followers. Follow

3 Replies
381 Views

Similar Articles

[PageSpeed] 11

[for the unabridged version, see Karol Babioch's post above]

> Hi,
> 
> with Steve having published the "user interface & operation"
> page I think that one of the next steps would be to actually
> aim for an first implementation of the whole thing. I for myself
> am planning to implement it - just for the fun of it.

Just a note that the page is public, but the UI definition is 
still a long way from complete.  But it has my full attention.

-- 
________________________________________________________________
Steve.               Working on moving the SQRL project forward.
0
Steve
2/21/2014 6:06:30 PM
op 20-02-14 22:15, Karol Babioch schreef:
> Hi,
> 
> with Steve having published the "user interface & operation" page I
> think that one of the next steps would be to actually aim for an first
> implementation of the whole thing. I for myself am planning to implement
> it - just for the fun of it.

Please do, I hope you'll Open Source it.

> 
> Admittedly I'm not really experienced when it comes to implementing
> crypto, but I've been around long enough to know that it is not easy to
> do it right and that it takes only one little mistake to make it
> completely useless.
> 

Yes, but the design makes this hard to do, most implementations fail in
the design stage, you only have to worry about proper implementation.

> [.preemtive multitasking and lingering key worries .]
> 

If you have to worry about something probing the memory for the
unencrypted key you forgot to worry about a fully compromised
environment. This is about the same as the Evil SQRL app problem.
Implementing the design to the letter and having multiple different
implementations will make it harder for a rootkit to extract the
unencrypted key. Also again the design is quite clear on tidying up the
memory.

> 
> [.About taking a queue from other OSS security.]
It will be a great learning experience, as far as I can tell it takes
your concerns in consideration in the manual, not specifically in the
code beyond clearing the memory of the key's after use as is in the
design of SQRL.

> 
> I'm not even sure whether each of these problems has a clean solution
> and can be addressed by an application developer, but we definitely
> should do what we can in this area. After all our keys are *really*
> critical. Once an attacker has the MK all bets are off.

That is why the external storage of a masterkey is such a good idea. A
rootkit can wreck havoc, but it has a small window of opportunity to do
it in a really lasting way. In almost all cases the user can fix the
problem when they find out.

> 
> So, basically what I'm asking for are some references to papers,
> articles and/or source code segments, which are dealing with crypto in
> the real world in environments, which are not completely in control by
> us - unlike hardware tokens, smartcards and such things. Maybe there is
> even some sort of summary of things that are absolutely critical? [..]

I hope someone has some pointers to this, please post them.
Most implementations trust some third ´party´ to do the hiding, You can
not get the key from a smart card, the IPhone and most other hardware
solutions, you can only challenge the hardware to give proof of
knowledge, same goes for certificates.
With SQRL a hardware solution can be created, and I bet there are
already people working on an API for that :), but let's first get it
working in software. The PKI of SQRL is incredibly small and managed by
the user. Your main worry (and Steve's currently) is to make this as
clear as possible in the UI.

With security in general it is always the question : Am I paranoia enough ?
Currently the consensus seems to be to not worry about a root-kit too
much, Clean-up the memory as soon as you are done (check exceptions),
allocate memory for the key in non-swappable space (mlock ?) only, make
the interaction with the key as tight as possible to reduce the time it
is ´live´ etc.
You are still dependant on the way the OS handles your requests; e.g.
according to the truecrypt people Microsoft Windows does not inform
applications about an impeding hibernation. So, a well timed request
might just save the unencrypted info to disk, and there is no way to
program your way around it.

Ivar
0
Ivar
2/23/2014 11:21:06 AM
[for the unabridged version, see Ivar Snaaijer's post above]

> > Admittedly I'm not really experienced when it comes to
> > implementing crypto, but I've been around long enough to
> > know that it is not easy to do it right and that it takes
> > only one little mistake to make it completely useless.

> Yes, but the design makes this hard to do, most implementations
> fail in the design stage, you only have to worry about proper
> implementation.

I think that's correct in this case.

There ARE mistakes that could be made, such as poor collection 
of entropy... but my intention is to have a set of implementor's 
notes covering all aspects of those specifics.

You'll want to do things like overwrite sensitive decrypted keys 
BEFORE releasing their memory back to the system, store keys in 
memory-locked RAM that cannot be swapped out to non-volatile 
storage, and such.

But SQRL's crypto is really very straightforward since we're 
standing on the shoulders of very smart giants who have done 
most of the heavy lifting for us.


> If you have to worry about something probing the memory for the
> unencrypted key you forgot to worry about a fully compromised
> environment. This is about the same as the Evil SQRL app problem.
> Implementing the design to the letter and having multiple different
> implementations will make it harder for a rootkit to extract the
> unencrypted key. Also again the design is quite clear on tidying up the
> memory.

Right.


> > [.About taking a queue from other OSS security.]
> It will be a great learning experience, as far as I can tell it takes
> your concerns in consideration in the manual, not specifically in the
> code beyond clearing the memory of the key's after use as is in the
> design of SQRL.

Right.


> That is why the external storage of a masterkey is such a good idea. A
> rootkit can wreck havoc, but it has a small window of opportunity to do
> it in a really lasting way. In almost all cases the user can fix the
> problem when they find out.

Yep.


> [...] but let's first get it working in software. The PKI of SQRL
> is incredibly small and managed by the user.

Yes.

> Your main worry (and Steve's currently) is to make this as
> clear as possible in the UI.

Right.


> With security in general it is always the question : Am I paranoia enough ?
> Currently the consensus seems to be to not worry about a root-kit too
> much, Clean-up the memory as soon as you are done (check exceptions),
> allocate memory for the key in non-swappable space (mlock ?) only, make
> the interaction with the key as tight as possible to reduce the time it
> is ´live´ etc.

All correct.

-- 
________________________________________________________________
Steve.               Working on moving the SQRL project forward.
0
Steve
2/23/2014 6:15:08 PM
Reply:

Similar Artilces:

Implementing security in user table as implemented in sysobjects
Hi All, When we execute below query it gives error saying "SELECT permission denied on column audflags " Query: select * from sysobjects Error: Server Message: Number 10332, Severity 14 SELECT permission denied on column audflags of object sysobjects, database cis_db, owner dbo How can I implement this kind of security on other user tables as well? Regards, Nishant By this, I meant the column level security. Thanks. Regards, Nishant "Nishant Rupani" <nishant.rupani@gmail.com> wrote in message news:b39ac4c8-2aed-4ce5-84cc-3538f709f782@g1...

security too secure
Name: joe Product: Firefox Summary: security too secure Comments: The security thing won't let me in this sight no matter how I accept, confirm, get certificate, etc. https://www.vtext.com/customer_site/jsp/messaging_lo.jsp Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

Security implementation?
I’m trying to figure out if I can use the roles model for security to implement my security for my web app. I have various level of access like global, company…. And have multiple clients. I will have users that will have different levels of access to both the app and data based on the client, see grid below.   User A   Client A Client B Client C Client D Global X       Company X X   X Client X   X   Manager X   X X     User B   ...

when is secure, secure?
Lo everyone, I wrote a custom authentication handler for PureFTPD, using a combination of authentication methods, for about 4 different types of users. So far, from testing it, it does look to work properly, and does it's job pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and use warnings, and the code returns no errors or warnings when run. I am right to presume that this basically only really tells me the my syntax and structure of the application is right? What's a good way to see whether it is actually SECURE... There is a couple of lines of...

How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I have learned how to protect my PC from the inside out. But what about security risks to my info 'before' it gets to my computer? Like my mail box on the server. Could someone hack into that and thumb through my mail? If so, how would I ever know? (The short story) We have a rogue employee at my work who one day decided to run the web site, she got in tight with the ISP, got tools to set and delete passwords on a protected directory on the server. Who knows if she has telnet access to other things, li...

superreview requested: [Bug 239969] implement a full security manager for xpcshell : [Attachment 145671] security manager (draft)
timeless@myrealbox.com (working) <timeless@bemail.org> has asked Mike Shaver <shaver@mozilla.org> for superreview: Bug 239969: implement a full security manager for xpcshell http://bugzilla.mozilla.org/show_bug.cgi?id=239969 Attachment 145671: security manager (draft) http://bugzilla.mozilla.org/attachment.cgi?id=145671&action=edit ...

superreview cancelled: [Bug 239969] implement a full security manager for xpcshell : [Attachment 145671] security manager (draft)
Mike Shaver <shaver@mozilla.org> has cancelled timeless@myrealbox.com (working) <timeless@bemail.org>'s request for superreview: Bug 239969: implement a full security manager for xpcshell https://bugzilla.mozilla.org/show_bug.cgi?id=239969 Attachment 145671: security manager (draft) https://bugzilla.mozilla.org/attachment.cgi?id=145671&action=edit ------- Additional Comments from Mike Shaver <shaver@mozilla.org> Yeah, do we need a secman at all if we just give the sysprin to those scripts? I'd be surprised if we did, but maybe there are some cases whe...

DNNMasters Module Level Security Provider was released today. Free source for developers that want to implement additional module actions security!
Module source is free, upon request, for developers that want to implement this functionality in their modules. Introduction DotNetNuke provides rich set of API for security. The Core Team had done its work and had implemented full set of Microsoft Membership provider. This is the base for security provider, which can be applied at tab and module level. What does it mean for end user? Basically, user running latest version of DotNetNuke is able to restrict access to selected pages and/or modules on them. Restriction means, that page is or not visible or editable for u...

superreview granted: [Bug 263182] Page Info (Security tab) doesn't explain mixed secure/insecure : [Attachment 193865] Patch implementing provided text
neil@parkwaycc.co.uk <neil.parkwaycc.co.uk@myrealbox.com> has granted neil@parkwaycc.co.uk <neil.parkwaycc.co.uk@myrealbox.com>'s request for superreview: Bug 263182: Page Info (Security tab) doesn't explain mixed secure/insecure https://bugzilla.mozilla.org/show_bug.cgi?id=263182 Attachment 193865: Patch implementing provided text https://bugzilla.mozilla.org/attachment.cgi?id=193865&action=edit ------- Additional Comments from neil@parkwaycc.co.uk <neil.parkwaycc.co.uk@myrealbox.com> > pageInfo_StrongEncryption=Connection Encrypted: High-grade En...

Implementing security in applicaations
Hi all. I have used the security features that come in the PFC and I'm not very happy with them. Does anybody know of a different library, commercial or not, to implement security in PB apps? TIA -- Diego Marrero Vega T.I. 922825052 - 667515517 www.vegati.com PowerCerv used to have a framework called PowerTool that had a good security module. Much easier to administer than PFC. They stopped marketing it in the PB5/6 time frame because of PFC. I'm sure it would require a lot of work to integrate with PFC as it was based on their framework. PowerCerv later split...

implementing password security
Hi, I want to implement password security for my bugzilla, so that i can detect for weak password and whether a password has been changed at regular interval for a user. Please let me know, how can i implement this. Regards, Shambhu. -- If linux doesn't have a solution, then u have a wrong problem. Shambhu Kumar Sharma Arada Systems 91-98864 91913 ...

Implementing a Secure Network!!!
http://www.net-security.org/text/articles/securenetwork.shtml -- Regard: Joh@nnes� 1216771 Ont.Inc. "Nothing is more damaging to a new truth than an old error" ...

Secure Network Implementation
I'm not sure, but this is the only place I can think of where this question might fit. I have a network 6.5 environtment. What I'm doing in our organization is I'm turning off any switch ports that are not currently use. But sometimes, I forget to do this. Now, is there a way that I can limit the IP configuration on the workstations that are not authenticated in eDirectory? Say like someone brought in a laptop and plugged it on my network. I want them to be able to get an IP address and Subnetmask, but not the Gateway information and only allow them to get the ...

implement pfc security
Hi pals!! I know this issue has been talked before, but I still can't implement security.. PLs, can smb explain me step by step how to make for example a menu item visible or invisible for a user. thanks for your help mariano On 4 Mar 2005 06:54:49 -0800, "Mariano" <markab@ubbi.com> wrote: >Hi pals!! > >I know this issue has been talked before, but I still can't implement >security.. >PLs, can smb explain me step by step how to make for example a menu item >visible or invisible for a user. >thanks for your help >mariano &...

Web resources about - Secure implementation - grc.sqrl

Ministry of Statistics and Programme Implementation - Wikipedia, the free encyclopedia
The Ministry of Statistics and Programme Implementation came into existence as an Independent Ministry on 15.10.1999 after the merger of the ...

Facebook Re-Examining Its Privacy Changes; Delays Their Implementation
... of the changes to its data use policy and statement of rights and responsibilities , announced last week, Facebook said it will delay the implementation ...

Will Virgin America President/CEO David Cush lose his job over the Sabre implementation disaster?
com/vx/... According to their website, Virgin initial planned to complete the migration in a single weekend and thinned out their flight schedule ...

5.15.13 Patent Reform Implementation and New Challenges for Small Businesses - YouTube
On Wednesday, May 15, 2013, at 1:00 P.M., the Committee on Small Business held a hearing titled, "Patent Reform Implementation and New Challenges ...

Project Manager - Salesforce Implementation
Information Technology strategy insight for senior IT management - resources to understand and leverage information technology.

Project Manager - Salesforce Implementation
Computerworld Australia is the leading source of technology news, analysis and tools for IT decision makers, managers and professionals.

A fair VCE: its design and implementation
The VCAA manages the system in which VCE students' work is assessed and the key focus is ensuring the process and system is fair.

IOC demands Russia explain implementation of its anti-gay law
Olympic president Jacques Rogge has called on Russia to explain how it will implement its controversial anti-gay propaganda law and detail its ...

Iran seeks nuclear deal implementation, but enrichment issues block progress
Nearly seven weeks after signing a landmark nuclear deal, Iran and six world powers hope to reach an agreement this week on its implementation. ...

Budget Implementation Bill To Be Studied By 9 Committees
The Canadian government is backing down slightly on its mammoth budget implementation bill and has agreed to send it to 10 different committees ...

Resources last updated: 12/20/2015 7:58:49 PM