Secure, Automated Decryption

Nathaniel McCallum
Booting...

Disk Password: █
Booting...

Disk Password: █
Booting...

Disk Password: █
Booting...

Disk Password: █
Booting...

Disk Password: █
Booting...

Disk Password: █
Booting...

Disk Password: █
Booting...

Disk Password: █
Booting...

Disk Password: █
Booting...

Disk Password: █
Booting...

Disk Password: █
Booting...

Disk Password: █
Booting...

Disk Password: █
Booting...

Disk Password: █

Question

Can we automate this?

Shh... I'm Secret!

Encryption Key

Shh... I'm Secret!

Key Encryption Key

Encryption Key

Shh... I'm Secret!

Key Encryption Key

Encryption Key

Shh... I'm Secret!

"correct battery horse staple"

Key Encryption Key

Encryption Key

Shh... I'm Secret!

"correct battery horse staple"

Standard Password Model

Key Encryption Key

Encryption Key

Shh... I'm Secret!

"d41d8cd9...ecf8427e"

Key Encryption Key

Encryption Key

Shh... I'm Secret!

"d41d8cd9...ecf8427e"

Escrow

Standard Escrow Model?

Key Encryption Key

Encryption Key

Shh... I'm Secret!

"d41d8cd9...ecf8427e"

Escrow

TLS / GSSAPI

Standard Escrow Model?

Key Encryption Key

Encryption Key

Shh... I'm Secret!

"d41d8cd9...ecf8427e"

Escrow

TLS / GSSAPI

Standard Escrow Model?

Key Encryption Key

Encryption Key

Shh... I'm Secret!

"d41d8cd9...ecf8427e"

Escrow

TLS / GSSAPI

Standard Escrow Model?

Key Encryption Key

Encryption Key

Shh... I'm Secret!

"d41d8cd9...ecf8427e"

Escrow

TLS / GSSAPI

Standard Escrow Model?

KDC/CA

Key Encryption Key

Encryption Key

Shh... I'm Secret!

"d41d8cd9...ecf8427e"

Escrow

TLS / GSSAPI

Standard Escrow Model

KDC/CA

Backups

Key Encryption Key

Encryption Key

Shh... I'm Secret!

"d41d8cd9...ecf8427e"

Escrow

TLS / GSSAPI

Standard Escrow Model

KDC/CA

Backups

HEARTBLEED

Lessons Learned

  • Complexity increases attack surface
  • Difficult to deploy
  • Speed matters

Question

Can asymmetric crypto help?

Key Encryption Key

Encryption Key

Shh... I'm Secret!

Deo

TLS

Public Key Encryption

Deo Model

Key Encryption Key

Encryption Key

Shh... I'm Secret!

Deo

TLS

Public Key Encryption

Deo Model

Key Encryption Key

Encryption Key

Shh... I'm Secret!

Deo

TLS

Public Key Encryption

Deo Model

Backups

CA

Lessons Learned

  • Asymmetric crypto makes the server stateless
  • Asymmetric crypto allows offline provisioning
  • Sending keys over the wire is a risk
  • X.509 takes a lot of effort

R.I.P.

Deo

"We hardly knew ye!"

Questions

Can we avoid TLS?

Can we hide the key from the server?

KEK

Wrap Key

Server Key (Asym.)

Provisioning Time

Wrap

Key

KEK

Wrap Key

Server Key (Asym.)

Recovery Time (Client)

Wrap

Key

Eph.

Key

Ephemeral Key

Server Key (Asym.)

KEK

Wrap Key

Server Key (Asym.)

Recovery Time (Server)

Server

Key

Ephemeral Key

Server Key (Asym.)

KEK

Wrap Key

Recovery Time (Server)

Eph.

Key

KEK

Wrap Key

Recovery Time (Server)

Ephemeral Key

KEK

Wrap Key

Recovery Time (Client)

Ephemeral Key

Wrap

Key

Eph.

Key

Features

  • Server never sees KEK
  • Avoids X.509
  • Avoids TLS
  • Stateless
  • Fast

Questions

Must the key go on the wire?

Can clients be anonymous?

Elgamal Encryption

McCallum-Relyea Exchange

Key Encryption Key

Encryption Key

Shh... I'm Secret!

Tang

MR Exchange

Anonymous Mode

Key Encryption Key

Encryption Key

Shh... I'm Secret!

Tang

MR Exchange

Anonymous Mode

Backups

Key Encryption Key

Encryption Key

Shh... I'm Secret!

Tang

MR Exchange

Anonymous Mode

TPM?

Tang

  • https://github.com/latchset/tang
  • Server-side daemon
  • Simple: HTTP + JOSE
  • Fast (>100k req/sec)
  • Extremely small
  • Minimal dependencies

Question

To what other things can we bind our data?
(brainstorming)

Third-Party Anchors

  • Trusted platform module
  • Bluetooth LE beacon
  • Print/scan a QR code
  • Facial recognition
  • Fingerprint scan
  • Mobile phone
  • Smartcard
  • RFID

Josh Bressers

"Security is not a binary; it is a sliding scale of risk management."

Question

How do we make unlock policy non-binary?

Shamir Secret Sharing

threshold = ?

Shamir Secret Sharing

threshold = ?

threshold = ?

Simple Laptop

unlock?

Admin Password

User Password

threshold = 1

Automated Laptop

unlock?

Admin Password

User Password

threshold = 1

Tang

High Security System

unlock?

User Password

User Password

threshold = 2

User Password

Complex Laptop Policy

unlock?

QR Code

thresh. = 1

SSS

TPM

thresh. = 2

SSS

thresh. = 2

Password

Fingerprint

Tang

Bluetooth

Let business policy

drive crypto policy;

not vice versa.

Clevis

  • https://github.com/latchset/clevis/
  • Client-side, pluggable key management:
    • HTTP (Escrow; supports Custodia)
    • Tang
    • SSS
  • Minimal dependencies
  • Early boot integration (in progress)
  • GNOME integration (in progress)

Dependency: José

  • https://github.com/latchset/jose
  • JSON Object Signing and Encryption
  • C Library
  • Command Line Utility
  • Bottom Line: User Friendly Crypto
$ echo hi | jose enc -i- -k rsa.pub.jwk -o msg.jwe
$ jose dec -i msg.jwe -k rsa.jwk
hi
$ jose dec -i msg.jwe -k oct.jwk
Decryption failed!

Dependency: LUKSMeta

  • https://github.com/latchset/luksmeta
  • Store metadata in LUKSv1 header gap
  • C library
  • Command Line Utility
$ echo hi | luksmeta save -d /dev/sdc1 -s 2 -u EC998562-B60D-47F0-A579-DCA8C12F5BF6
$ luksmeta load -d /dev/sdc1 -s 2 -u EC998562-B60D-47F0-A579-DCA8C12F5BF6
hi
$ luksmeta load -d /dev/sdc1 -s 2 -u 12618962-A1E5-48F1-B327-D7C60E20FC02
Slot contains different UUID

Questions?

Flock

By Nathaniel McCallum

Flock

  • 1,091
Loading comments...

More from Nathaniel McCallum