Upload
idsecconf
View
279
Download
0
Embed Size (px)
Citation preview
What does this presentation all about
• Don’tshoutatmewith“cutthecrap,showmethehack!”
• Moreacademicapproachratherthanpracticalhack
• Build up the situational awareness when NationalPublic Key Infrastructure(“PKI”)fully implemented
• Encouraging netizen to understand what NationalPKIis,without necessarily pushing the hard words,such asPKCS#8vsPKCS#12or PKCS#10CSRinDERvsPEM.
• Openended question:“Friend of Foe”
IDSECCONF 2016 CFP 2 24--25 SEP 2016
/usr/bin/finger@tintinnyaLogin: @tintinnya Name: B. Noviansyah
Directory: /Freelancers/@tintinnya Shell: /bin/bash
On since 1998—2002 (ITB) on Bachelor of Informatics
On since 2002—2012 (Many Employers) on Java EE Programmer
On since 2012—2014 (CMU Heinz) on MSISPM + Cyber Forensics and Incident Handler Track
On since 2014—now (Some Bosses) on Many activities, included AFDI
No Mail.
No Plan, just an Independent IT Researcher on night shift, an employee on morning shift.
IDSECCONF 2016 CFP 3 24--25 SEP 2016
PositioningofNationalPKI• DigitalSignatureinLawoftheRepublicofIndonesiaNo.11of2008concerningElectronicInformationandTransactions• Article1
• Point9:“ElectronicCertificate”meansacertificateinelectronicnaturethatbearsanElectronicSignature andidentity,demonstratingastatusofalegalsubjectofpartiestoanElectronicTransactionissuedbyCertificationServiceProviders.
• Point10:“ElectronicCertificationServiceProvider”meansalegalentity thatactsasareliableparty,issuesandauditsElectronicCertificates.
• Point12:“ElectronicSignature”meansasignaturethatcontainsElectronicInformationthatisattachedto,associatedorlinkedwithotherElectronicInformationthatisusedformeansofverificationandauthentication.
• Point13:“Signatory/Signer”meansalegalsubjectassociatedorlinkedwithanElectronicSignature.
https://www.bu.edu/bucflp/files/2012/01/Law-No.-11-Concerning-Electronic-Information-and-Transactions.pdf
IDSECCONF 2016 CFP 4 24--25 SEP 2016
PositioningofNationalPKI• DigitalSignatureinLawoftheRepublicofIndonesiaNo.11of2008concerningElectronicInformationandTransactions• Article11 Paragraph(1):
ElectronicSignaturesshallhavelawfullegalforceandlegaleffecttotheextentsatisfyingthefollowingrequirements:
a. ElectronicSignature-creationdatashallbeassociatedonlywiththeSignatories/Signers;
b. ElectronicSignature-creationdataatthetimetheelectronicsigningprocessshallbeonlyinthepoweroftheSignatories/Signers;
c. AnyalterationinElectronicSignaturesthatoccurafterthesigningtimeisknowable;
d. AnyalterationinElectronicInformationassociatedwiththeElectronicSignaturesafterthesigningtimeisknowable;
e. TherearecertainmethodsadoptedtoidentifytheidentityoftheSignatories/Signers;and
f. TherearecertainmethodstodemonstratethattheSignatories/SignershavegivenconsenttotheassociatedElectronicInformation;
https://www.bu.edu/bucflp/files/2012/01/Law-No.-11-Concerning-Electronic-Information-and-Transactions.pdf
IDSECCONF 2016 CFP 5 24--25 SEP 2016
PositioningofNationalPKI
• DigitalSignatureinLawoftheRepublicofIndonesiaNo.11of2008concerningElectronicInformationandTransactions• ElucidationofArticle11Paragraph(1):
ThisLawgrantsrecognitiondefinitelythatdespitecodes,ElectronicSignatureshaveanequalpositiontomanualsignaturesingeneral,withlegalforceandlegaleffect.
TherequirementsasintendedbythisArticleshallbetherequirementsthatminimallyanyElectronicSignaturemustsatisfy.Thisprovisiongivesaswideopportunitiesaspossibletoanyonetodevelopmethods,techniques,orprocessforcreatingElectronicSignatures.
https://www.bu.edu/bucflp/files/2012/01/Law-No.-11-Concerning-Electronic-Information-and-Transactions.pdf
IDSECCONF 2016 CFP 6 24--25 SEP 2016
PositioningofNationalPKI• DigitalSignatureisendorsedtostrengthenthepositioningofdigitalobjectsinlegalaspect• DigitalSignaturecouldbegeneratedusingPGP/GPGsystem,butIndonesiaGovernment(c.q.Kemkominfo)andRepublicofKorea(viaKoreaInternationalCooperationAgency,KOICA)introducedNationalRootCA basedonEJBCAasPKIPlatform.
• Lingeringquestion:• WhychoosePKIinsteadofPGP?
• Doesithaveunintendedconsequences?
• Doesitprotectourprivacy?
• Howdoestheoperationalsite,includingsigningrequest?
IDSECCONF 2016 CFP 7 24--25 SEP 2016
PKIandCryptography
• PKIismechanismtoprovideConfidentialityandIntegrity(inC-I-Atriangle)usingpublickeycryptographyorknownasAsymmetric-keyCryptography
• Asymmetric-keyCryptographyensuresthatthemessagewasencryptedusingpublickey(thatisachievedtheconfidentiality)andonlythepersonwhohastheprivatekeycoulddecryptthemessage(hence,theintegrityalsomaintained).
• Symmetric-keyCryptographyonlyguaranteesthemessagewasencrypted,butunabletoverifytheintegrityofthemessagesinceanyonewhoknowsthekeywouldbeabletodecryptthemessage,alterthemessage,andencryptthemessageagain.
IDSECCONF 2016 CFP 8 24--25 SEP 2016
Symmetric-keyCryptography• WhatwillhappenifCknowsqA?
A B
qAPlainTextqA
CipherText
PlainText
ReplyText
CipherText
ReplyText qA qA
qAB qAB qA
IDSECCONF 2016 CFP 9 24--25 SEP 2016
N=3• Key space ={qAB,qAC,qBC}
N=5• Keyspace ={qAB,qAC,qAD,qAE,qBC,qBD,qBE,qCD,qCE,qDE}
Symmetric-keyCryptography
A
B CqBC
A
B
C
D E
qAC
qDE
IDSECCONF 2016 CFP 10 24--25 SEP 2016
Symmetric-keyCryptography
• Problemsinoperational• Keyrevocationprocessiscumbersomewhenonekeyiscompromised
• Sizeofkeyspace inthesystemincreasesingeometryprogression
• Key Secrecy should be conducted by both parties.Ifeither party fails to keep it secret,both partiesshould never use the old key
( )21-´
=nnK
IDSECCONF 2016 CFP 11 24--25 SEP 2016
Asymmetric-keyCryptography
A B
pAPlainTextqA
CipherText
PlainText
ReplyText
CipherText
ReplyText pB qB
IDSECCONF 2016 CFP 12 24--25 SEP 2016
24--25 SEP 2016IDSECCONF 2016 CFP
Asymmetric-keyCryptographywithDigitalSignature
A B
pAPlainText
qACipherText
PlainText
ReplyText
CipherText
ReplyText
pB qB
qBSignature
Hash
SignaturepB
Hashmatch?Hashing
hashing
qA Signature Signature
Hash
pA
Hash
Hash
Hashing
Hash
match?Hashing
13
IDSECCONF 2016 CFP 24--25 SEP 2016
Asymmetric-keyCryptography
• Encrypt datawith Asymmetric-key?
• Areyou nuts?!?
AlgorithmSign
Operation/sSign[2]
Operation/sRSA512 17,319.9 18,723.5RSA1024 5,856.4 7,196.9RSA2048 905.3 1,612.9RSA4096 126.4 154.0
AlgorithmVerify
Operation/sVerify[2]
Operation/s2RSA512 183,807.3 235,756.6RSA1024 77,728.0 107,917.2RSA2048 29,373.6 35,649.9RSA4096 8,307.4 9,973.9
Algorithm Inputinbytes operations/s operations[2]/sAES-128-CBC 16-bytes 7,299,678.7 8,318,077.0AES-128-CBC 64-bytes 2,024,042.7 2,330,365.0AES-128-CBC 256-bytes 503,996.0 597,138.3AES-128-CBC 1024-bytes 129,954.0 149,161.7AES-128-CBC 8192-bytes 15,797.0 18,749.3
Tested with OpenSSL 1.0.2gopenssl speedMacBookPro10,1RetinaDisplay15"Mid2012
SSD512GBSM512ESATAIII6Gbps
Tested with OpenSSL 1.0.2gopenssl speedHPzBook 15G2IntelCorei74810MQ@2.80GHz4coresMemory16GBDDR31600MHzHDDHGSTHTS721010A9E6301TBSATAIII6Gbps7200rpm32MBBuffer
14
IDSECCONF 2016 CFP 24--25 SEP 2016
Asymmetric-keyCryptographywithDigitalSignaturewithSymmetricKey
A B
PlainText
CipherText
ReplyText
CipherText
ReplyText
pB
qB
qBSignature
Hash
SignaturepB
Hashmatch?Hashing
hashing
qA Signature Signature
Hash
pA
Hash
Hash
Hashing
Hash
match?Hashing
pA
qA
PlainText
15
Decentralized
• PGPsystem allows users to distribute their key totheir correspondents,e.g.Distribute viaemail,orwebpage
• It could be also published on PGPKey Serversuchaspgp.mit.edu
• MITKeyserver does notguarantee the realownerof public key,it is the user obligation to trust theownership of public key
Centralized
• PKIcreates chain of trust,starts from Root CA
• Onceuser trusts the Root CA,all public keyssigned by Root CAwill be automaticallytrusted by user
• Public Key should only be published byTrusted CA
Asymmetric-KeyKeyManagement
IDSECCONF 2016 CFP 16 24--25 SEP 2016
A
B C
D
E
CertificattionAuthorityA
B C
D
E
CA
CA
CA CA
CA
Asymmetric-KeyKeyManagement
IDSECCONF 2016 CFP 17 24--25 SEP 2016
Decentralized Centralized
IDSECCONF 2016 CFP 24--25 SEP 2016
Asymmetric-KeySigningRequest• Inorderto be trusted by system inPKI,user’s Public Key should be signed by Certification Authority (CA)thatis under Trusted Root CAissuance process
• Afterpublic key signed by CA,it can be used by other party,either for encryption purpose or for digitalsignature verification.While the private key is never published and should only be inparty A possession.
18
AqAPKCS#10CSR in
PEM/DER
pACertificationAuthority
CERinX.509formatinASN.1Structure
pA
CA
CA
pCA
TargetAcquired!
• Article1
• Point9:“ElectronicCertificate”meansacertificateinelectronicnaturethatbearsanElectronicSignature andidentity,demonstratingastatusofalegalsubjectofpartiestoanElectronicTransactionissuedbyCertificationServiceProviders.
• Point10:“ElectronicCertificationServiceProvider”meansalegalentity thatactsasareliableparty,issuesandauditsElectronicCertificates.
• Point12:“ElectronicSignature”meansasignaturethatcontainsElectronicInformationthatisattachedto,associatedorlinkedwithotherElectronicInformationthatisusedformeansofverificationandauthentication.
• Point13:“Signatory/Signer”meansalegalsubjectassociatedorlinkedwithanElectronicSignature.
24--25 SEP 2016IDSECCONF 2016 CFP 19
NationalPKI
NationalPKIforDigitalSignatureonly?
• Anotherpurposes:• SSLcertificateforofficialwebsite,
• SecureEmail,InternetBanking,
• e-Taxation,e-Custom
• e-Commerce,CyberTrading,e-Banking
• IoT,FIDO
24--25 SEP 2016IDSECCONF 2016 CFP 20Source:Riki Arif Gunawan,“DigitalSignatureRoadmap,”presentedatthe4th PublicKeyInfrastructureAwarenessandEJBCA/TOOLKITSeminar,Jakarta,Indonesia,Feb.29,2016.
GainourTrust!
• UpdateallTrustedCAlistinOSes• MicrosoftTrustedRootCertificate,https://technet.microsoft.com/en-us/library/cc751157.aspx
• AppleRootCertificateProgram,https://www.apple.com/certificateauthority/ca_program.html
• GoogleChromiumProjectswithRootCertificatePolicy,https://www.chromium.org/Home/chromium-security/root-ca-policy
• MozillaFirefoxCertificateStorewithMozillaCACertificatePolicy.https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/
• GetauditedbasedonCharteredProfessionalAccountantsofCanada(previously:AICPA/CICA)WebTrustProgramforCertificationAuthoritieshttp://www.webtrust.org/item64428.aspx
24--25 SEP 2016IDSECCONF 2016 CFP 21
AlternateuseofNationalPKI• CodeSigning• ApplicationSigning
• LibrarySigning
• NotMobileAppSigning,it’stheirmoneyJ
• SSL/TLSCertificate• HTTPS
• FTPS
• VPNoverSSL/TLS
24--25 SEP 2016IDSECCONF 2016 CFP 22
FriendorFoe:CodeSigning(1)
• Preventunauthorizedmodificationofcriticalapplications• ApplicationSigning
• Thiscertificateisintendedtoprotectapplicationsbeingtamperedinapplicationdistributionprocess.TheseapplicationscouldbeapplicationforNationalID(KTP)registrationprocessinMunicipalOffice(KantorWalikota)orDistrictOffice(KantorKelurahan)
• Driver/LibrarySigning
• Thiscertificateisintendedtoprotectapplicationsbeingtamperedinapplicationwhileinoperationalroutines.CaseofBangladeshHeist,SWIFTAllianceAccesshasbeentamperedinlibrary/driverlevel.
24--25 SEP 2016IDSECCONF 2016 CFP 23
FriendorFoe:CodeSigning(2)
24--25 SEP 2016IDSECCONF 2016 CFP 24
FriendorFoe:CodeSigning(3)
24--25 SEP 2016IDSECCONF 2016 CFP 25
FriendorFoe:CodeSigning(4)
24--25 SEP 2016IDSECCONF 2016 CFP 26
FriendorFoe:CodeSigning(5)
24--25 SEP 2016IDSECCONF 2016 CFP 27
FriendorFoe:SSL/TLSCertificate
• AlignmentwithPANDI’scampaign:“Proudusing.IDdomain”• All.IDdomainsvalidated,hencethevisitorsareprotectedfromvisitingfraudulentwebsite
• NationalSovereignty,nodollarwillbesentouttonon-IndonesiaCompanyoverseas
• AnotherextralayercouldbeaddedwithDomainValidation(DV)
24--25 SEP 2016IDSECCONF 2016 CFP 28
FriendorFoe:SSL/TLSInterceptor(1)• HTTPSinspectionbyinterceptingSSL/TLSlayer• DPI,DLP,IDS/IPS,ContentFiltering(!)
• ImplementsTransparentWebProxyinNetworkAccessPoint(NAP)
• EnforcesallwebbrowserstouseNationalRootCAbyapplyingHTTPStrictTransportSecurity(HSTS)
• GenericencryptedtrafficviaSSL/TLS,noinformationcouldbeseenunlesstheinformationbelow:• (i)sourceIP,(ii)sourceport,(iii)destinationIP,(iv)destinationport,and(v)protocol
• UsingSSL/TLSInterceptor,moreinformationarevisible:• (i)hostname,(ii)URI,(iii)POST/GETdata
• WillnotbeworkingifallclientsorwebappsusingCertificatePinning
• Thinkof“MITM”inNationalScale,notjustinsimulatednetwork,ormediumenterprisenetwork• Burpsuite innationalInternet,ifyouareon“proxy”level• DissectingSSL/TLSusingwireshark withNationalPrivateKey,fornetworkforensicsinvestigation
24--25 SEP 2016IDSECCONF 2016 CFP 29
24--25 SEP 2016IDSECCONF 2016 CFP 30
FriendorFoe:SSL/TLSInterceptor(2)
24--25 SEP 2016IDSECCONF 2016 CFP 31
FriendorFoe:SSL/TLSInterceptor(3)
24--25 SEP 2016IDSECCONF 2016 CFP 32
FriendorFoe:SSL/TLSInterceptor(4)
24--25 SEP 2016IDSECCONF 2016 CFP 33
FriendorFoe:SSL/TLSInterceptor(5)
24--25 SEP 2016IDSECCONF 2016 CFP 34
FriendorFoe:SSL/TLSInterceptor(6)
24--25 SEP 2016IDSECCONF 2016 CFP 35
FriendorFoe:SSL/TLSInterceptor(7)
24--25 SEP 2016IDSECCONF 2016 CFP 36
FriendorFoe:SSL/TLSInterceptor(8)
24--25 SEP 2016IDSECCONF 2016 CFP 37
FriendorFoe:SSL/TLSInterceptor(9)
24--25 SEP 2016IDSECCONF 2016 CFP 38
FriendorFoe:SSL/TLSInterceptor(10)
24--25 SEP 2016IDSECCONF 2016 CFP 39
FriendorFoe:SSL/TLSInterceptor(11)
FriendorFoe:NoProtectionofPrivatekey?(1)
• Greatpowercomeswiththegreatresponsibility.Areyouresponsibleenoughtohandleit?
• Choosingofprivatekey• AlgorithmandKeylength:RSA4096?Whataboutcryptographicpowerofembeddedsystem?Yubico YubiKey USB
perhaps?• RSA1024?SRSLY?Haven’tyouplayanyCTFthatcrackRSA1024?
• StorageSecurityofprivatekey• Filesystemonly?Yeah,right!LayitondriveC:\TEMP\ sothateveryonecanaccessit.• PFXorP12formatpasswordprotected?Pronetobebruteforce,withnolimitationoftrial.
• Don’tendedinDocumentarymovielikeZeroDays:“OlympicGames”Stuxnet withRealtek DigitalSignature
• ThinkaboutthingslikeHardwareSecurityModule(HSM)
24--25 SEP 2016IDSECCONF 2016 CFP 40
FriendorFoe:NoProtectionofPrivatekey?(2)• HSM• Personalandlowcomputingpower:USB
• PrivateKeyisstoredinspecificpartitionofstorage,equippedwithlowcryptographicprocessorbutlimitedinUSBBusSpeed.
• Requirespasswordtoaccessthepartition
• DirectlysupportedwithCryptographyAPIusingPKCS#11orusingspecificdriverforolderOSes
• Limitsbruteforce.Lockedafter10timesconsecutivetrialwithwrongpassword
• Dedicatedprocessortooffloadingcryptographiccalculation:PCI-eCard
• SimilarwithUSB,buthighbandwidthfromCardtoCPU
• Morepowerfull (andofcoursemoreBenjamins):Network-basedHSM
24--25 SEP 2016IDSECCONF 2016 CFP 41
FriendorFoe:NoProtectionofPrivatekey?(3)
• HSM• Morepowerful(andofcoursemoreBenjamins):Network-basedHSM
• MultipleLayersofAccessList
• RequiresHSMactivationusingspecificUSBtokenandPINactivationbeforeHSMcanbeaccessedvianetwork
• RequiresCertificateexchangebetweenserverandHSMtosetupNetworkTrustedLink(NTL)Service,hencethecommunicationchannelisencryptedwithasymmetric-keycryptography
• Hasmultiplepartitions.Hence,requiresPINorpasswordtoaccessintendedpartitions
• Hasmultiplekeyobjectsinsinglepartitions.Hence,requiresspecificpasswordtoaccessdifferentkeyobjects
• CouldoffloadthecryptographicprocessingtoHSM’sprocessorusingprovidedAPIfrommanufacturers,henceloweringdowntheCPUloadinServerside.
24--25 SEP 2016IDSECCONF 2016 CFP 42
24--25 SEP 2016IDSECCONF 2016 CFP 43
FriendorFoe:NoProtectionofPrivatekey?(3)
24--25 SEP 2016IDSECCONF 2016 CFP 44
FriendorFoe:NoProtectionofPrivatekey?(4)
24--25 SEP 2016IDSECCONF 2016 CFP 45
FriendorFoe:NoProtectionofPrivatekey?(5)
SafeNet HSMNetworkBased,
24--25 SEP 2016IDSECCONF 2016 CFP 46
FriendorFoe:NoProtectionofPrivatekey?(6)
Questionsthatremainunanswered• CAHierarchy• RootCAismaintainedbyKemkominfo,whileSubCA ismaintainedbyrespectiveMinistry
• But,HowdeepthelevelofCA?Toodeepwillslowingdowntheprocess.Tooshallowwilljeopardizingallchainoftrust,whenSubCA orevenRootCA’s privatekeyiscompromised
• CArequiresDirectoryServicestoattachuserinformationincertificate.• Whatwillthedirectoryservicesbe?LDAP,MicrosoftADDS,OracleInternetDirectory,ApacheDirectoryServer,SunJavaSystemDirectoryServer?• Replicateorquerytohttp://dukcapil.kemendagri.go.id/ceknik
• Whatwilltheprivatekeybeforend-user/citizen?• Media?Don’ttellmethee-KTPcard.
24--25 SEP 2016IDSECCONF 2016 CFP 47
What Next?
• Strengthen the Implementation and the operational site,do notended up with case likeDigiNortar
• New PKIwith FastIDentification Online(FIDO)and EnhancedPrivacyID(EPID)
• Blockchain inPKItoenhancethechainoftrust
IDSECCONF 2016 CFP 48 24--25 SEP 2016
“
”NationalPublicKeyInfrastructure:
FriendorFoe?
Hand-in-handtomakeitfriendly…
24--25 SEP 2016IDSECCONF 2016 CFP 49