B.Noviansyah - National Public Key Infrastructure: Friend or Foe?

What does this presentation all about

• Don’tshoutatmewith“cutthecrap,showmethehack!”

• Moreacademicapproachratherthanpracticalhack

• Build up the situational awareness when NationalPublic Key Infrastructure(“PKI”)fully implemented

• Encouraging netizen to understand what NationalPKIis,without necessarily pushing the hard words,such asPKCS#8vsPKCS#12or PKCS#10CSRinDERvsPEM.

• Openended question:“Friend of Foe”

IDSECCONF 2016 CFP 2 24--25 SEP 2016

/usr/bin/finger@tintinnyaLogin: @tintinnya Name: B. Noviansyah

Directory: /Freelancers/@tintinnya Shell: /bin/bash

On since 1998—2002 (ITB) on Bachelor of Informatics

On since 2002—2012 (Many Employers) on Java EE Programmer

On since 2012—2014 (CMU Heinz) on MSISPM + Cyber Forensics and Incident Handler Track

On since 2014—now (Some Bosses) on Many activities, included AFDI

No Mail.

No Plan, just an Independent IT Researcher on night shift, an employee on morning shift.


PositioningofNationalPKI• DigitalSignatureinLawoftheRepublicofIndonesiaNo.11of2008concerningElectronicInformationandTransactions• Article1

• Point9:“ElectronicCertificate”meansacertificateinelectronicnaturethatbearsanElectronicSignature andidentity,demonstratingastatusofalegalsubjectofpartiestoanElectronicTransactionissuedbyCertificationServiceProviders.

• Point10:“ElectronicCertificationServiceProvider”meansalegalentity thatactsasareliableparty,issuesandauditsElectronicCertificates.

• Point12:“ElectronicSignature”meansasignaturethatcontainsElectronicInformationthatisattachedto,associatedorlinkedwithotherElectronicInformationthatisusedformeansofverificationandauthentication.

• Point13:“Signatory/Signer”meansalegalsubjectassociatedorlinkedwithanElectronicSignature.

https://www.bu.edu/bucflp/files/2012/01/Law-No.-11-Concerning-Electronic-Information-and-Transactions.pdf


PositioningofNationalPKI• DigitalSignatureinLawoftheRepublicofIndonesiaNo.11of2008concerningElectronicInformationandTransactions• Article11 Paragraph(1):

ElectronicSignaturesshallhavelawfullegalforceandlegaleffecttotheextentsatisfyingthefollowingrequirements:

a. ElectronicSignature-creationdatashallbeassociatedonlywiththeSignatories/Signers;

b. ElectronicSignature-creationdataatthetimetheelectronicsigningprocessshallbeonlyinthepoweroftheSignatories/Signers;

c. AnyalterationinElectronicSignaturesthatoccurafterthesigningtimeisknowable;

d. AnyalterationinElectronicInformationassociatedwiththeElectronicSignaturesafterthesigningtimeisknowable;

e. TherearecertainmethodsadoptedtoidentifytheidentityoftheSignatories/Signers;and

f. TherearecertainmethodstodemonstratethattheSignatories/SignershavegivenconsenttotheassociatedElectronicInformation;



PositioningofNationalPKI

• DigitalSignatureinLawoftheRepublicofIndonesiaNo.11of2008concerningElectronicInformationandTransactions• ElucidationofArticle11Paragraph(1):

ThisLawgrantsrecognitiondefinitelythatdespitecodes,ElectronicSignatureshaveanequalpositiontomanualsignaturesingeneral,withlegalforceandlegaleffect.

TherequirementsasintendedbythisArticleshallbetherequirementsthatminimallyanyElectronicSignaturemustsatisfy.Thisprovisiongivesaswideopportunitiesaspossibletoanyonetodevelopmethods,techniques,orprocessforcreatingElectronicSignatures.



PositioningofNationalPKI• DigitalSignatureisendorsedtostrengthenthepositioningofdigitalobjectsinlegalaspect• DigitalSignaturecouldbegeneratedusingPGP/GPGsystem,butIndonesiaGovernment(c.q.Kemkominfo)andRepublicofKorea(viaKoreaInternationalCooperationAgency,KOICA)introducedNationalRootCA basedonEJBCAasPKIPlatform.

• Lingeringquestion:• WhychoosePKIinsteadofPGP?

• Doesithaveunintendedconsequences?

• Doesitprotectourprivacy?

• Howdoestheoperationalsite,includingsigningrequest?


PKIandCryptography

• PKIismechanismtoprovideConfidentialityandIntegrity(inC-I-Atriangle)usingpublickeycryptographyorknownasAsymmetric-keyCryptography

• Asymmetric-keyCryptographyensuresthatthemessagewasencryptedusingpublickey(thatisachievedtheconfidentiality)andonlythepersonwhohastheprivatekeycoulddecryptthemessage(hence,theintegrityalsomaintained).

• Symmetric-keyCryptographyonlyguaranteesthemessagewasencrypted,butunabletoverifytheintegrityofthemessagesinceanyonewhoknowsthekeywouldbeabletodecryptthemessage,alterthemessage,andencryptthemessageagain.


Symmetric-keyCryptography• WhatwillhappenifCknowsqA?

A B

qAPlainTextqA

CipherText

PlainText

ReplyText

CipherText

ReplyText qA qA

qAB qAB qA


N=3• Key space ={qAB,qAC,qBC}

N=5• Keyspace ={qAB,qAC,qAD,qAE,qBC,qBD,qBE,qCD,qCE,qDE}

Symmetric-keyCryptography

A

B CqBC

A

B

C

D E

qAC

qDE


Symmetric-keyCryptography

• Problemsinoperational• Keyrevocationprocessiscumbersomewhenonekeyiscompromised

• Sizeofkeyspace inthesystemincreasesingeometryprogression

• Key Secrecy should be conducted by both parties.Ifeither party fails to keep it secret,both partiesshould never use the old key

( )21-´

=nnK


Asymmetric-keyCryptography

A B

pAPlainTextqA

CipherText

PlainText

ReplyText

CipherText

ReplyText pB qB


24--25 SEP 2016IDSECCONF 2016 CFP

Asymmetric-keyCryptographywithDigitalSignature

A B

pAPlainText

qACipherText

PlainText

ReplyText

CipherText

ReplyText

pB qB

qBSignature

Hash

SignaturepB

Hashmatch?Hashing

hashing

qA Signature Signature

Hash

pA

Hash

Hash

Hashing

Hash

match?Hashing

13

IDSECCONF 2016 CFP 24--25 SEP 2016

Asymmetric-keyCryptography

• Encrypt datawith Asymmetric-key?

• Areyou nuts?!?

AlgorithmSign

Operation/sSign[2]

Operation/sRSA512 17,319.9 18,723.5RSA1024 5,856.4 7,196.9RSA2048 905.3 1,612.9RSA4096 126.4 154.0

AlgorithmVerify

Operation/sVerify[2]

Operation/s2RSA512 183,807.3 235,756.6RSA1024 77,728.0 107,917.2RSA2048 29,373.6 35,649.9RSA4096 8,307.4 9,973.9

Algorithm Inputinbytes operations/s operations[2]/sAES-128-CBC 16-bytes 7,299,678.7 8,318,077.0AES-128-CBC 64-bytes 2,024,042.7 2,330,365.0AES-128-CBC 256-bytes 503,996.0 597,138.3AES-128-CBC 1024-bytes 129,954.0 149,161.7AES-128-CBC 8192-bytes 15,797.0 18,749.3

Tested with OpenSSL 1.0.2gopenssl speedMacBookPro10,1RetinaDisplay15"Mid2012

[email protected]

SSD512GBSM512ESATAIII6Gbps

Tested with OpenSSL 1.0.2gopenssl speedHPzBook 15G2IntelCorei74810MQ@2.80GHz4coresMemory16GBDDR31600MHzHDDHGSTHTS721010A9E6301TBSATAIII6Gbps7200rpm32MBBuffer

14


Asymmetric-keyCryptographywithDigitalSignaturewithSymmetricKey

A B

PlainText

CipherText

ReplyText

CipherText

ReplyText

pB

qB

qBSignature

Hash

SignaturepB

Hashmatch?Hashing

hashing

qA Signature Signature

Hash

pA

Hash

Hash

Hashing

Hash

match?Hashing

pA

qA

PlainText

15

Decentralized

• PGPsystem allows users to distribute their key totheir correspondents,e.g.Distribute viaemail,orwebpage

• It could be also published on PGPKey Serversuchaspgp.mit.edu

• MITKeyserver does notguarantee the realownerof public key,it is the user obligation to trust theownership of public key

Centralized

• PKIcreates chain of trust,starts from Root CA

• Onceuser trusts the Root CA,all public keyssigned by Root CAwill be automaticallytrusted by user

• Public Key should only be published byTrusted CA

Asymmetric-KeyKeyManagement


A

B C

D

E

CertificattionAuthorityA

B C

D

E

CA

CA

CA CA

CA

Asymmetric-KeyKeyManagement


Decentralized Centralized


Asymmetric-KeySigningRequest• Inorderto be trusted by system inPKI,user’s Public Key should be signed by Certification Authority (CA)thatis under Trusted Root CAissuance process

• Afterpublic key signed by CA,it can be used by other party,either for encryption purpose or for digitalsignature verification.While the private key is never published and should only be inparty A possession.

18

AqAPKCS#10CSR in

PEM/DER

pACertificationAuthority

CERinX.509formatinASN.1Structure

pA

CA

CA

pCA

TargetAcquired!

• Article1

• Point9:“ElectronicCertificate”meansacertificateinelectronicnaturethatbearsanElectronicSignature andidentity,demonstratingastatusofalegalsubjectofpartiestoanElectronicTransactionissuedbyCertificationServiceProviders.

• Point10:“ElectronicCertificationServiceProvider”meansalegalentity thatactsasareliableparty,issuesandauditsElectronicCertificates.

• Point12:“ElectronicSignature”meansasignaturethatcontainsElectronicInformationthatisattachedto,associatedorlinkedwithotherElectronicInformationthatisusedformeansofverificationandauthentication.

• Point13:“Signatory/Signer”meansalegalsubjectassociatedorlinkedwithanElectronicSignature.

24--25 SEP 2016IDSECCONF 2016 CFP 19

NationalPKI

NationalPKIforDigitalSignatureonly?

• Anotherpurposes:• SSLcertificateforofficialwebsite,

• SecureEmail,InternetBanking,

• e-Taxation,e-Custom

• e-Commerce,CyberTrading,e-Banking

• IoT,FIDO

24--25 SEP 2016IDSECCONF 2016 CFP 20Source:Riki Arif Gunawan,“DigitalSignatureRoadmap,”presentedatthe4th PublicKeyInfrastructureAwarenessandEJBCA/TOOLKITSeminar,Jakarta,Indonesia,Feb.29,2016.

GainourTrust!

• UpdateallTrustedCAlistinOSes• MicrosoftTrustedRootCertificate,https://technet.microsoft.com/en-us/library/cc751157.aspx

• AppleRootCertificateProgram,https://www.apple.com/certificateauthority/ca_program.html

• GoogleChromiumProjectswithRootCertificatePolicy,https://www.chromium.org/Home/chromium-security/root-ca-policy

• MozillaFirefoxCertificateStorewithMozillaCACertificatePolicy.https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/

• GetauditedbasedonCharteredProfessionalAccountantsofCanada(previously:AICPA/CICA)WebTrustProgramforCertificationAuthoritieshttp://www.webtrust.org/item64428.aspx


AlternateuseofNationalPKI• CodeSigning• ApplicationSigning

• LibrarySigning

• NotMobileAppSigning,it’stheirmoneyJ

• SSL/TLSCertificate• HTTPS

• FTPS

• VPNoverSSL/TLS


FriendorFoe:CodeSigning(1)

• Preventunauthorizedmodificationofcriticalapplications• ApplicationSigning

• Thiscertificateisintendedtoprotectapplicationsbeingtamperedinapplicationdistributionprocess.TheseapplicationscouldbeapplicationforNationalID(KTP)registrationprocessinMunicipalOffice(KantorWalikota)orDistrictOffice(KantorKelurahan)

• Driver/LibrarySigning

• Thiscertificateisintendedtoprotectapplicationsbeingtamperedinapplicationwhileinoperationalroutines.CaseofBangladeshHeist,SWIFTAllianceAccesshasbeentamperedinlibrary/driverlevel.










FriendorFoe:SSL/TLSCertificate

• AlignmentwithPANDI’scampaign:“Proudusing.IDdomain”• All.IDdomainsvalidated,hencethevisitorsareprotectedfromvisitingfraudulentwebsite

• NationalSovereignty,nodollarwillbesentouttonon-IndonesiaCompanyoverseas

• AnotherextralayercouldbeaddedwithDomainValidation(DV)


FriendorFoe:SSL/TLSInterceptor(1)• HTTPSinspectionbyinterceptingSSL/TLSlayer• DPI,DLP,IDS/IPS,ContentFiltering(!)

• ImplementsTransparentWebProxyinNetworkAccessPoint(NAP)

• EnforcesallwebbrowserstouseNationalRootCAbyapplyingHTTPStrictTransportSecurity(HSTS)

• GenericencryptedtrafficviaSSL/TLS,noinformationcouldbeseenunlesstheinformationbelow:• (i)sourceIP,(ii)sourceport,(iii)destinationIP,(iv)destinationport,and(v)protocol

• UsingSSL/TLSInterceptor,moreinformationarevisible:• (i)hostname,(ii)URI,(iii)POST/GETdata

• WillnotbeworkingifallclientsorwebappsusingCertificatePinning

• Thinkof“MITM”inNationalScale,notjustinsimulatednetwork,ormediumenterprisenetwork• Burpsuite innationalInternet,ifyouareon“proxy”level• DissectingSSL/TLSusingwireshark withNationalPrivateKey,fornetworkforensicsinvestigation



FriendorFoe:SSL/TLSInterceptor(2)



















FriendorFoe:NoProtectionofPrivatekey?(1)

• Greatpowercomeswiththegreatresponsibility.Areyouresponsibleenoughtohandleit?

• Choosingofprivatekey• AlgorithmandKeylength:RSA4096?Whataboutcryptographicpowerofembeddedsystem?Yubico YubiKey USB

perhaps?• RSA1024?SRSLY?Haven’tyouplayanyCTFthatcrackRSA1024?

• StorageSecurityofprivatekey• Filesystemonly?Yeah,right!LayitondriveC:\TEMP\ sothateveryonecanaccessit.• PFXorP12formatpasswordprotected?Pronetobebruteforce,withnolimitationoftrial.

• Don’tendedinDocumentarymovielikeZeroDays:“OlympicGames”Stuxnet withRealtek DigitalSignature

• ThinkaboutthingslikeHardwareSecurityModule(HSM)


FriendorFoe:NoProtectionofPrivatekey?(2)• HSM• Personalandlowcomputingpower:USB

• PrivateKeyisstoredinspecificpartitionofstorage,equippedwithlowcryptographicprocessorbutlimitedinUSBBusSpeed.

• Requirespasswordtoaccessthepartition

• DirectlysupportedwithCryptographyAPIusingPKCS#11orusingspecificdriverforolderOSes

• Limitsbruteforce.Lockedafter10timesconsecutivetrialwithwrongpassword

• Dedicatedprocessortooffloadingcryptographiccalculation:PCI-eCard

• SimilarwithUSB,buthighbandwidthfromCardtoCPU

• Morepowerfull (andofcoursemoreBenjamins):Network-basedHSM



• HSM• Morepowerful(andofcoursemoreBenjamins):Network-basedHSM

• MultipleLayersofAccessList

• RequiresHSMactivationusingspecificUSBtokenandPINactivationbeforeHSMcanbeaccessedvianetwork

• RequiresCertificateexchangebetweenserverandHSMtosetupNetworkTrustedLink(NTL)Service,hencethecommunicationchannelisencryptedwithasymmetric-keycryptography

• Hasmultiplepartitions.Hence,requiresPINorpasswordtoaccessintendedpartitions

• Hasmultiplekeyobjectsinsinglepartitions.Hence,requiresspecificpasswordtoaccessdifferentkeyobjects

• CouldoffloadthecryptographicprocessingtoHSM’sprocessorusingprovidedAPIfrommanufacturers,henceloweringdowntheCPUloadinServerside.








SafeNet HSMNetworkBased,



Questionsthatremainunanswered• CAHierarchy• RootCAismaintainedbyKemkominfo,whileSubCA ismaintainedbyrespectiveMinistry

• But,HowdeepthelevelofCA?Toodeepwillslowingdowntheprocess.Tooshallowwilljeopardizingallchainoftrust,whenSubCA orevenRootCA’s privatekeyiscompromised

• CArequiresDirectoryServicestoattachuserinformationincertificate.• Whatwillthedirectoryservicesbe?LDAP,MicrosoftADDS,OracleInternetDirectory,ApacheDirectoryServer,SunJavaSystemDirectoryServer?• Replicateorquerytohttp://dukcapil.kemendagri.go.id/ceknik

• Whatwilltheprivatekeybeforend-user/citizen?• Media?Don’ttellmethee-KTPcard.


What Next?

• Strengthen the Implementation and the operational site,do notended up with case likeDigiNortar

• New PKIwith FastIDentification Online(FIDO)and EnhancedPrivacyID(EPID)

• Blockchain inPKItoenhancethechainoftrust


“

”NationalPublicKeyInfrastructure:

FriendorFoe?

Hand-in-handtomakeitfriendly…


Technology

B.Noviansyah - National Public Key Infrastructure: Friend or Foe?