PB173 - Tématický vývoj aplikací v C/C++
(podzim 2014)
Domain specific development in C/C++
Skupina: Aplikovaná kryptografie a bezpečné programování
https://is.muni.cz/auth/predmety/uplny_vypis.pl?fakulta=1433;obdobi=618
4;predmet=788705
Petr Švenda svenda@fi.muni.cz
Konzultace: A406, Pondělí 15-15:50
Something about me...
2 | PB173 - Group: Applied cryptography
+
⇒
Genetic programming
Secrecy amplification protocols for WSN Random distinguisher for crypto fncs
Distributed computing
3 | PB173 - Group: Applied cryptography
Power analysis
Security programming
4 | PB173 - Group: Applied cryptography
Something about me...
5 | PB173 - Group: Applied cryptography
http://astrolight.cz
ORGANIZAČNÍ INFORMACE
6 | PB173 - Group: Applied cryptography
Co je cílem předmětu
• Získat zkušenosti s implementací většího programu
• Používat vývojové nástroje
• Naučit se dobré programátorské postupy
– programování obecně
– ale speciálně v oblasti bezpečnostních aplikací
• Získat praktické postřehy z implementací
kryptografických aplikací
– co nakonec ve firmě vyžadují
7 | PB173 - Group: Applied cryptography
Co není cílem předmětu
• Detailní ovládnutí konkrétní technologie
– zabrousíme do různých oblastí
• Pokročilé zvládnutí celého vývojového procesu
– to jednoduše nestihneme
• Vysvětlovat základy kryptografie nebo srovnávat
všechny možné varianty řešení problému
– hlavně se budeme snažit prakticky programovat
8 | PB173 - Group: Applied cryptography
Organizační
• Formality výuky
– každotýdenní dvojhodinovka
– evidovaná účast, 2 neúčasti bez omluvení OK
• Způsob výuky
– max. cca 30 min./týdně úvod do problematiky
– zbytek programování přímo na hodině
– z mé strany průběžná konzultace nad vznikajícími problémy
– default Windows (ale můžete pracovat i na jiné platformě)
• Samostatná práce
– v týmech, průběžná tvorba většího projektu
– dodělávání práce z hodiny
– pravidelné bodované předvádění stavu projektu (každé cvičení)
9 | PB173 - Group: Applied cryptography
Organizační (2)
• Používané nástroje
– IDE, verzovací nástroje, Doxygen, debugger, analýza a kontrola
kódu
– konkrétní není striktně dané – použijte svoje oblíbené
– default Visual Studio
• Hodnocení
– účast
– průběžná práce (10 bodů týdně)
– prezentace celého projektu (30 bodů)
– možné bonusy
– max. 150 bodů, zisk alespoň 100 bodů na kolokvium
10 | PB173 - Group: Applied cryptography
Rozdělení do týmů
• 2-3 osoby
• Společná práce, ale každý prezentuje svůj přínos
– Iniciální prezentace domácího úkolu na dalším cvičení
– zapracování připomínek, prezentace a hodnocení na
dalším cvičení
• Využití sdíleného repozitáře (GitHub) + CI (Travis)
• Rozdělení provedeme až po 14 dnech
– ustálení zapsaných studentů
11 | PB173 - Group: Applied cryptography
Celkový přehled
• Základní podklady v ISu (interaktivní materiály)
– PB173→Interaktivní osnovy → Aplikovaná kryptografie a
bezpečné programování (vyučujicí Petr Švenda)
• Může se ale částečně měnit
– uvidíme dle reálné obtížnosti, rychlosti postupu a zájmu
• Můžete otevřít vlastní řešený problém!
12 | PB173 - Group: Applied cryptography
Twitter
• Twitter
– https://twitter.com/rngsec
– zveřejnění přípravy a slidů, občasné info
– hash tag #pb173_2014
– (opravdu důležité věci budou rozesílány hromadně na
IS mail)
• Scribd
– slidy zveřejňovány v IS materiálech i na Scribd.com
– navíc možnost vkládání poznámek, připomínek,
nejasností...
13 | PB173 - Group: Applied cryptography
How good YOU are in English?
Apology all my mistakes, please.
14 | PB173 - Group: Applied cryptography
Organization
• Seminars + assignments + project
• Assignments
– Assigned regularly (nearly) every week
– Initial assigments individual work
– Most of assignments team work
– expected workload: 4+ hours/week/participant
– Network lab available to students
• Project: secure videoconferencing architecture
I
PV20
4 -
Intro
duct
15
Attendance
• Seminars
– Attendance obligatory
– Absences must be excused at the department of study affairs
– 2 absences are ok
• Assignments and projects
– Partially done at seminar
– Completed during students free time (e.g. at the dormitory)
– Access to network lab and CRoCS lab is possible
– Cooperation between team members necessary
I
PV20
4 -
Intro
duct
16
Course resources
• Slides (PDF) available in IS
– IS = Information System of the Masaryk University
• PB173→Interactive syllabi→ Aplikovaná
kryptografie a bezpečné programování
(vyučujicí Petr Švenda)
• Assignments (what to do) available in IS
– Submissions done also via IS
• Additional tutorials/papers/materials from time to
time will also be provided in IS
– To better understand the issues discussed
• Recommended literatures
I
PV20
4 -
Intro
duct
17
Plagiarism
• Projects
– Must be worked out by a team of 3 students
– Every team member must show his/her contribution
• Plagiarism, cut&paste, etc. is not tolerated
– Plagiarism is use of somebody else words/programs or ideas
without proper citation
– IS helps to recognize plagiarism
– If plagiarism is detected student is assigned -5 points
– In more serious cases the Disciplinary committee of the faculty
will decide
I
PV20
4 -
Intro
duct
18
Short questionnaire
• Do you know difference between symmetric and
asymmetric cryptography?
• Do you known difference between block and stream
cipher?
• Do you know DES and AES algorithm?
• Do you know ECB and CBC encryption mode?
• Do you know principle of hash functions?
• Do you know MD5 and SHA-1 algorithm?
• Do you known concept of digital signature?
19 | PB173 - Group: Applied cryptography
"Theme" project
• Secure videoconferencing architecture
| PB173 - Group: Applied cryptography20
| PB173 - Group: Applied cryptography
"Theme" project
• Certification authority
– validates and issue user certificates
• Videoconferencing server
– register and faciliate connection between users
• Client
– provides operations related to end user usage
• Main focus on solving parts of the architecture
21
| PB173 - Group: Applied cryptography
"Theme" project – some details
• Users obtains certificate of identity from
Certification authority
• Users register with Videoconferencing server
• Videoconferencing server provides list of connected
users, help to establish video connection and
charge fee based on call length
• Client maintains user identity, related keys and
provides high speed encryption of audio/video
stream
22
Cryptographic libraries
23 | PB173 - Group: Applied cryptography
Do not implement your own algorithms
• Time consuming (someone probably already did
that before)
• Functional problems
• Low performance
• Security problems due to bugs
• Security problems due to missing defense against
implementation attacks
24 | PB173 - Group: Applied cryptography
Use well-known implementations
• Use well-known libraries
– OpenSSL, PolarSSL, GnuPG, BouncyCastle (Java)
• Or implementation of algorithms from wellestablished
authors
– Brian Gladman, Eric A. Young …
25 | PB173 - Group: Applied cryptography
Complexity matters
• Complexity of library implementation should match
your needs
– usually, you need only one or two algorithms
• Multiprocessor or CPU-independent implementation
can be overkill
– and just increase risk of error
• Do you really need library with object-oriented
design?
26 | PB173 - Group: Applied cryptography
Complexity matters (2)
• Large libraries are not always the most suitable
ones
• OpenSSL is complex and interconnected
– e.g., AES is extractable much easier from PolarSSL then
from OpenSSL
27 | PB173 - Group: Applied cryptography
Code authenticity
• Source code signature
– Do you really have original source codes?
– MD5/SHA1 hash (where to get “correct” hash value?)
– GPG/PGP
• Generate your own GPG/PGP signature keys
– use them for inter-team communication
– sign your code releases
28 | PB173 - Group: Applied cryptography
Resilience against bugs
• Do not design algorithms/protocols by yourself
• Try to find existing standards
– NIST, RSA PKCS, RFC, ISO/ANSI
• Try not to deviate from standards
– compatibility and compliance
– no need for (time consuming) specification of detailed your
scheme
– small change can have big security impacts
29 | PB173 - Group: Applied cryptography
Libraries used often - OpenSSL
• Pros:
– Very rich library
• lots of algorithms, protocols, paddings
• not “just” SSL
– well tested functionally & security over time!
– significant amount of existing examples on web
• Cons:
– API is complex and sometimes harder to understand
– (started as Eric Young’s personal attempt to learn BigInts ☺)
– relatively low-level functions (can be pros!)
– code is significantly interconnected
• not suitable for extraction of single algorithm
– poor official documentation
30 | PB173 - Group: Applied cryptography
OpenSSL - problems
• Heart bleed
• Apple goto bug
31 | PB173 - Group: Applied cryptography
network_receive(in_packet, &in_packet_len); // TLV packet
in = in_packet + 3;
out_packet = malloc(1 + 2 + length);
out = out_packet + 3;
memcpy(out, in, length);
network_transmit(out_packet);
| PB173 - Group: Applied cryptography
Payload [length B]length [2B]Type [1B]
unsigned char* in
Payload (length B)length [2B]Type [1B]
unsigned char* out
Payload [length B]
Webová služba: opakovač paketů
32
network_receive(in_packet, &in_packet_len); // TLV packet
in = in_packet + 3;
out_packet = malloc(1 + 2 + length);
out = out_packet + 3;
memcpy(out, in, length);
network_transmit(out_packet);
| PB173 - Group: Applied cryptography
Payload [1B]Type [1B]
unsigned char* in
Payload (65535B)0xFFFF [2B]Type [1B]
unsigned char* out
Problém?
… Heap memory …
Payload [1B] Heap memory (klíče, hesla…)
0x0001 [2B]0xFFFF [2B]
Problém!
in_packet_len != length + 3
33
O jak závažnou chybu se jedná?
• http://news.netcraft.com/archives/2014/04/08/half-a-million-widely-
trusted-websites-vulnerable-to-heartbleed-bug.html
| PB173 - Group: Applied cryptography
17% SSL web serverů (OpenSSL 1.0.1)
Twitter, GitHub, Yahoo, Tumblr, Steam, DropBox, DuckDuckGo…
https://seznam.cz, https://fi.muni.cz …
34
Ponaučení
• Vždy VELMI rigidně kontrolujte vstupní argumenty
• Nebezpečný není jen zápis za konec pole, ale i čtení
• Nedůvěřujte informacím od klienta
– Ani když jste vy sami jeho tvůrci (změna na síťové vrstvě)
• Pro síťové aplikace preferujte jiné jazyky než C
– Např. automatická kontrola mezí polí (Java, C#)
– Nenahrazuje kontrolu argumentů!
• Open-source sám o sobě nezajišťuje kód bez chyb
– "given enough eyeballs, all bugs are shallow" L. Torvalds
• (Nedělejte commity ve spěchu před oslavou)
| PB173 - Group: Applied cryptography35
| PB173 - Group: Applied cryptography36
Reference
• Všeobecné informace
– http://heartbleed.com/
• Testování zranitelnosti konkrétní stránky
– https://filippo.io/Heartbleed/
• Analýza problému na úrovni zdrojáku
– http://nakedsecurity.sophos.com/2014/04/08/anatomy-of-a-
data-leak-bug-openssl-heartbleed
– http://blog.existentialize.com/diagnosis-of-the-openssl-
heartbleed-bug.html
| PB173 - Group: Applied cryptography37
O jak závažnou chybu se jedná? ☺
• XKDC (https://xkcd.com/1353/)
| PB173 - Group: Applied cryptography38
Libraries used often - PolarSSL
• Pros:
– API is simple and clear
– easy to extract single algorithm
• Cons:
– fewer supported algorithms and standards
– dual licensing, but not BSD-like license
39 | PB173 - Group: Applied cryptography
How to use library
• Extract code and compile alone
– some work with extraction
– small, clean and self-containing result
• Compile against whole library
– usually easy to do
– but dependence on possibly unused code
• Link statically against dynamic library
– dll must be always present to run program
40 | PB173 - Group: Applied cryptography
How to use library (2)
• Link dynamically against dynamic library
– try to open dll file and obtain function handle
• Link against service provider functions
– Cryptography Service Providers in particular
– API for listing of available service providers
(CryptEnumProviders)
– standardized functions provided by providers
http://msdn.microsoft.com/en-
us/library/aa380252%28v=VS.85%29.aspx#service_provid
er_functions
41 | PB173 - Group: Applied cryptography
Security implications of dynamic libraries
• Library can be forged and exchanged
• Library-in-the-middle attack easy
– data flow logging
– input/output manipulation
• Library outputs can be less checked then user
inputs
– feeling that library is my “internal” stuff and should play by
„my“ rules
• Library function call can be behind logical access
controls
42 | PB173 - Group: Applied cryptography
Practical assignment
43 | PB173 - Group: Applied cryptography
Practical assignment
• Download OpenSSL and PolarSSL library
– and check signature (gpg --verify)
• Write small project (PolarSSL based)
– read, encrypt and hash supplied file, write into out file
– read, verify hash and decrypt file
– use AES-128 in CBC mode and SHA2-512
– use PKCS#7 padding method for encryption (RFC 3852)
• Start with New Project+PolarSSL+AES
44 | PB173 - Group: Applied cryptography
Questions
Submissions, deadlines
• Upload application source codes as single zip file into IS
Homework vault (Crypto - 1. homework (AES+SHA2))
• DEADLINE: 22.9. 23:59 (first part)
– application capable to read, encrypt, decrypt, hash
– Text file containing description how you did PGP signature verification
(whole process including import of public keys etc.)
– selected solutions will be discussed during next lecture (23.9.)
– 0-5 points assigned
• DEADLINE 29.9. 23:59 (second part)
– finalization of codes based on the discussions during lecture
– addition of unit tests
– 0-5 points assigned
45 | PB173 - Group: Applied cryptography