Introductionto ApacheMilagro(incubating)schd.ws/hosted_files/lcccjapan2016/51/LinuxConfJapan2016-V1.01.pdf · To Secure the Future of the Web and IoT ... ProxyPassReverse /openam

Introduction to Apache Milagro (incubating)

Linux Con Japan 2016

Go Yamamoto NTT Innovation Institute, Inc.

Milagro: A Distributed Cryptosystem

To Secure the Future of the Web and IoT

Updating PKI for the Age of DevOps

What is Milagro?An OSS project hosted by the Apache Software Foundation (incubating).

Working for a new framework of cryptographic protections on Web/IoT applications by updating PKI for the Age of DevOps.

• Distributed infrastructure as the source of trust,

• Clients that respects the existing businesses.

We would like to accelerate activities in DevOps by making “DevOps Native” security.

milagro.incubator.apache.org

The Future of the Web is Not Secured


The Current State of the Art

Millions of Websites

Millions of Servers connects with billions of Users.

All the connections are protected almost by a single method, SSL + password authentication.


The Current State of the ArtSSL + password is widely accepted because

A) Credential recovery process is available on each local Web system.

B) Users are tolerant and patient.

C) We are not yet so serious about the client authentication of the Web.

D) It works without special security operations for each local Web system.


In the Near FutureBillions of devices are joining the Web for optimization of local business systems. What happens then?





B) and C) are going to change.

Tolerance and patience mean room for optimization.

We will be more serious about our off-line assets.


Our ProblemWe need a practical security infrastructure that satisfies both A) and D) when B) and C) are denied.






Client Certificates are not operated for you

You will need to manage

• Securing private key on each devices,

• Updating Certificates before expirations,

• Revoking Certificates when your device is accidentally lost.

Will you stop your factory if some accidents occur in the process?


Our IdeaProblem: We need a practical security infrastructure that satisfies both A) and D).





Start customizable security infrastructure for local Web/IoTsystems that hosts“Local” PKIs.


Top Level ArchitectureRenew PKI by decomposing Certificate Authority (CA) into Registration Authority (RA) and Trusted Authority (TA).

System

CA

System

RA TA


Top Level Architecture

RA controls legitimate public key pairs in the System. RA is custom designed for each System.

System

RA TA

TA entrusts public key pairs using master secret key concealed inside. TA is managed professionally.


Design Principle

The owner develops RA that satisfies constraints from existing business with the System. Milagro provides a framework for RA.

System

RA TA

Local DevOps loops


Design Principle

TA is operated professionally in a distributed manner.

System

RA Global TA

LocalDevOps loops

Single Point of

Compromise


Design Principle

TA is operated professionally in a distributed manner.

System

RAD-TA

LocalDevOps loops

D-TA

D-TA


Design PrincipleThe RA and the System are operated locally depending on a D-TA network.

System

RAD-TA

LocalDevOps loops

D-TA

D-TA

Global services

A Distributed D-TA network is operated by professionals.

Milagro will Deliver• Suite of cryptographic algorithms for local systems of Web/IoT,

• Middleware/library code that implements the algorithms,

• Server code for distributed key management infrastructure that implements source of trust for each local system of Web/IoT,

• Sample applications. Software Multi-Factor Authentication for Web applications, TLS libraries for IoT, and so on.


Why we do Milagro?

Because we need it!


Example: User Authentication

Apply the design principle to Web Applications that require user authentication.

System

IaaS/PaaS

Application

Application

Application

Device

Device

Users


Constrains from the Existing System

System

IaaS/PaaS

Application

Application

Application

Device

Device

Users

I can’t remember passwords.

I left the devices in my office. I would like to continue working on the other one with me.

Insecure connection


Design Principle

Develop RA that respects constrains for our existing user authentication.

System

RA

LocalDevOps loops

D-TA network


Design of RA for Milagro-MFA

Develop RA that delivers a credential for each e-mail address.

System

Device

DeviceUsers

RA

Credential for each e-mail address

PIN

Sends e-mails to verify the ownership

Authenticate by e-mail address

D-TA network

Credits


Authentication that Respects Constraints

• At least 12 characters from upper-case and lower-case letters, and ...

• You must change it every 2 month.

• You must choose independently random passwords for all accounts.

• 4 digit number is OK for PIN. Resiliencyagainst brute force attacks.

• You do not need to change secrets. Zero-knowledge proof without credentialdatabase, hence no breach.

• You may use the same PIN for allaccounts. Machine generates random OTPfrom the two factors, with your identityburned in.

cTP4dh+(bV{-

7694P=9vrXWV*2[e

WV*2[cTP4dh\

AND

{NGH7TcTj4C6X";%b@Gj

G39J2aEx=.QL8B:v{x*#

uf6([YX{T,wzu]ryb2:`

Password Human part (PIN) Machine part


Demo: MFA on WordPress

Override the standard password login by Milagro-MFA without modifying the code.


DevOps-Friendly Modular Design

MPIN.js overrides the standard password login form.


How it worksMPIN.js communicates with MPIN server to submit full massage of signed token. MPIN.js submits tokenized message (typically hash value) in the password form.

MPIN.js

PrivateKey – PIN(Machine part)

PIN(Human part)

Application Server

hash of token LDAP ServerLDAP Proxy

Timestamp

D-TA network

MPIN Server

resolve full message to verify, orget verify result

RA


Milagro-MFA Cryptographic Protocol

Gets Server Current Time : 𝑆𝐶𝑇

Alice – identity Server

𝐴 = 𝐻'( 𝐼𝐷+𝑇 = 𝐻, 𝑇- 𝐼𝐷+𝐷 = 𝐴 + 𝑇𝑈 = 𝑥𝐷𝑊 = 𝑥𝐴𝑦 = 𝐻3 𝐼𝐷+ 𝑈 𝑊 𝑛𝑜𝑛𝑐𝑒 𝐶𝐶𝑇𝑉 = −(𝑥 + 𝑦)( 𝑠 − 𝛼 𝐴 + 𝛼𝐴 + 𝑠𝑇)

𝐼𝐷+,𝑈, 𝑊,𝑉, 𝑛𝑜𝑛𝑐𝑒, 𝐶𝐶𝑇 →

𝐼𝐷+Generate random 𝑥, 𝑛𝑜𝑛𝑐𝑒 < 𝑞Gets Client Current Time : 𝐶𝐶𝑇 If Server find 𝑛𝑜𝑛𝑐𝑒 in Database

or 𝑆𝐶𝑇 − 𝐶𝐶𝑇 > 5 min., reject the connection

Else Add 𝑛𝑜𝑛𝑐𝑒 to Database𝑦 = 𝐻3 𝐼𝐷+ 𝑈 𝑊 𝑛𝑜𝑛𝑐𝑒 𝐶𝐶𝑇𝐷 = 𝐻'( 𝐼𝐷+ + 𝐻, 𝑇- 𝐼𝐷+𝑔 = 𝑒 𝑉, 𝑄 ∗ 𝑒 𝑈 + 𝑦𝐷, 𝑠𝑄

If 𝑔 ≠ 1, reject the connection

Notationsq is a prime order,𝜶 is a Pin code, s is a master secret key.𝑯𝑰𝑫 and 𝑯𝑻 are map-to-point hash function, and 𝑯𝒚 is a cryptographic hash function.


Security from Modern Cryptology

MPIN.js does not consume private key.

• Users are authenticated by an non-interactive zero-knowledge proof protocol.

• The transcripts does not contain any computable information on PrivateKey.

MPIN.js protects PIN from off-line brute-force attacks.

• Information from Machine part does not help for attackers to guess Human part.

• MPIN.js uses elliptic curve pairing-based cryptography. The Machine Part is computationally indistinguishable with random numbers from attacker’s view.


Milagro-MFA delivers to your Web site

• Agile UX from on-line security as shown by the Off-line PIN authentication,

• DevOps friendly migration from non-destructive installation. You can add MFA without modifying existing password authentications and with keeping the old login pages.


Browser

Demo: MFA with mod_auth_form

Protect tomcat containers by password authentication with mod_auth_form and mod_session from Apache httpd. We can override password authentication by Milagro-MFA.

Apache HTTP server

OpenAM

LDAP server

FreshDesk

mod_proxymod_auth_formmod_session

SAML redirect

login.html



Protect tomcat containers by password authentication with mod_auth_form and mod_session from Apache httpd. We can override password authentication by Milagro-MFA.

<!DOCTYPE html><html><head>

<link href="https://public.milagro.io/public/css/mpin.min.css" rel="stylesheet"><script src="https://public.milagro.io/public/js/mpin.js"></script>

</head><body><form method="POST" action="" id="login-form">Username: <input type="text" name="httpd_username" value="" id="username"/>Password: <input type="password" name="httpd_password" value="" id="password" /><input type="submit" name="login" value="Login" /></form></body></html>

login.html



Transparent inline authentication by some hacks. Milagro-MFA works fine without blocking SAML redirection chain from OpenAM.

ProxyPass /openam ajp://127.0.0.1:8009/openamProxyPassReverse /openam ajp://127.0.0.1:8009/openam<LocationMatch "^/openam/">

AuthType formAuthName testrealmAuthFormProvider ldapAuthLDAPUrl "ldap://localhost:3389/dc=security,dc=ntt?uid,mail"Require valid-userSession OnSessionCookieName session path=/;domain=.ellipticauth.com;httponly;secure; SessionCryptoPassphrase secretphrasethatprotectspasswordincookieErrorDocument 401 /login.htmlAuthFormLoginSuccessLocation "/protected/redirect.html”RequestHeader set X-REMOTE %{REMOTE_USER}s

</LocationMatch>

Inline login request without forgetting the context.

Recover GET request after POST request from the form is consumed by mod_auth_form.

See RFC7231 Sec.6.


Crypto Library(AMCL)

MFA JS Library

MFAJS Client

MFA Server

MFA Mobile SDK iOS

MFA Mobile SDK

Android

MFA Mobile SDK Core

MFA Mobile SDK Windows

Toolkit for Multi-Factor Authentication


What happens when

We have another 25 Billion devices on the Internet?


Landscape of security will changeq Limited number of static

Servers.

q Clients are operated by human.

q Connections between Clients and Servers.

q Security operations are defined as best practices.

q System design that prevents problems.

q Practically innumerable number of dynamic Servers.

q Clients are automated, and human interacts for exceptions.

q Many nodes are connected mutually and recursively.

q Security operations are defined as acts of problem solving.

q System design for which problems are solved locally.


Our IdeaDivide and Conquer

Provide universally useful resources that help security engineering on each local system.

Connect to Protect

Prepare infrastructure that propagates trust over the network of the local systems.


The IoT network will have a structureThe System of Systems (SoS)

• Smart connected products will form a Product System

• The System of Product Systems will induce forming new Product Systems on the boundary area of the businesses by the System of Product Systems.

• Competition in industry justifies the recursive process.

Porter and Heppelmann, “How Smart, Connected Products Are Transforming Competition”, HBR November 2014.


How the SoS protects your SystemRA propagates Trust from System to System.

SystemSystem System

System of Systems


How the SoS protects your SystemRA propagates Trust from System to System.

System

RA

System System

Trust

System of Systems

D-TA network


Example: Device Authentication

Automatic device authentication by propagating Trust from Manufacture's System.

Device

Device

Device

Device manufacturer’s System User’s System

Device maintenance application

RA

Trust by Serial ID

Userapplication

Authenticate by Function ID

Proof of Serial ID

Credit for Function ID

D-TA network

ID Mapping


We propose to change

q Centralized certificate authority with prefixed rules.

q Single points of compromise are acceptable because they will be operated perfectly.

q Global security management is enforced and prioritized to each business process.

q Someone owns the security as a product.

q Distributed network of trust with customizable authority.

q Single points of compromise are considered to be vulnerabilities.

q Each business process owns locally defined security management.

q Security is a performance from acts of culture by the open network of engineers.


The Milagro Manifesto1. WE CAN ESTABLISH A NEW TRUST INFRASTRUCTURE ON THE INTERNET BY WORKING

TOGETHER.

2. WE BELIEVE IN THE POWER OF IDENTITY. EACH AND EVERY OBJECT, SERVICE, PERSONA, AND HUMAN DESERVES A SOLID AND PROTECTED IDENTITY.

3. WE THINK GLOBALLY, BUT ACT LOCALLY IN EVERYTHING THAT WE DO.

4. WE TRUST DISTRIBUTED – NOT CENTRALIZED – AUTHORITY.

5. WE BUILD AND PARTICIPATE IN THE OPEN SOURCE COMMUNITIES.

6. WE EMBRACE THE DIVERSITY OF USERS AND THEIR APPLICATIONS.

7. WE PUT THE USER EXPERIENCE FIRST.

8. WE LEVERAGE THE LATEST RESULTS FROM RESEARCH ON CRYPTOGRAPHY.

http://www.ntti3.com/blog/milagro-manifesto-shaping-future-trust/


Let’s start the change 1) Try Milagro-MFA by importing MPIN.js from our public server.

2) Deploy your own Milagro-MFA from our code repository.

3) Play with the code.

4) Join Milagro community.

Thank You

Documents

Introduction*to* Apache*Milagro*(incubating)schd.ws/hosted_files/lcccjapan2016/51/LinuxConfJapan2016-V1.01.pdf · To Secure the Future of the Web and IoT ... ProxyPassReverse /openam

Introductionto ApacheMilagro(incubating)schd.ws/hosted_files/lcccjapan2016/51/LinuxConfJapan2016-V1.01.pdf · To Secure the Future of the Web and IoT ... ProxyPassReverse /openam