Infra-estruturas e dispositivos para a protecção integral segura de dados na Nuvem. Manuel Eduardo Correia CRACS/INESC TEC DCC/FCUP

Transcription

1 Infra-estruturas e dispositivos para a protecção integral segura de dados na Nuvem Manuel Eduardo Correia CRACS/INESC TEC DCC/FCUP

2 Virtualization Risks How secure is my data in a virtualized world? APP APP APP APP VMs are easy to copy (and steal). OS OS OS OS Hypervisor Compute Layer Storage VMs are easy to move. VMs introduce a new class of privileged users and administrators server, storage, backup, and application all operating independently. Snapshots Snapshots VMs have multiple instances, snapshots and backups of data. Backup And what about your Disaster Recovery site?

3 Security Blueprints for a Virtual Datacenter 1 Storage Protected Clients Protection Client is installed on your VMs. 2 Security Manager Security Manager is a virtual machine that runs at a distinct administrative domain Protected Disks Virtualization Hosts 3 Encryption Keys Virtual Machines Hardware-based high-assurance enterprise key management at the data owner administrative domain.

4 Complete VM Encryption Encryption of entire VM Encryption of system/os partition Encryption of data partition Encryption of associated snapshots and backups Entire VM is encrypted Secured Volumes Secured VMs 5

5 Own and Control Your Data Pre-launch user authorization to access a VM Separation of duties between storage, VI and security administrators Hardware-based FIPS level 3 certified Enterprise Key Manager Pre-Launch Authentication Secured VMs On-Premise EKM

6 What about services and applications? When you move applications to the cloud you must also migrate user management, authentication and access control. User management in the cloud requires the deployment of more sophisticated Identity management solutions. Identity management as a service Authentication, and role managemet mainly based on identity attributes.

7 Good Security is Hard Always a compromise between: Easy of Use (convenience for the user) Effectiveness Cost It must be preceded by a comprehensive Analysis of Risk. Otherwise security could end up being more costly then what needs to be protected.

8 Massively Deployable Security is Even Harder What can you do when you have an installed base of thousands/millions? Security mechanisms must be extremely: Cheap to deploy Easy to use Configurable by the user There is one such popular mechanism. The LOGIN/PASSWORD

9 Problems with Passwords Selection Good secure passwords are hard to find Memorization It is easy to forget infrequently used passwords It is hard to remember secure passwords Reuse To many different passwords to memorize People reuse the same password all over

10 Problems with Passwords Sharing When working in groups it is common for people to share passwords Non repudiation is easy to circumvent with password sharing When people do not assess the real value of their digital assets they share passwords. Malware (Virus, Trojans) Password Sniffing, Phishing Attacks, etc...

11 Problems with Passwords Online Banking is one prime example of management of highly valuable assets on the Internet. Online Banks are very convenient for the costumer and save of lot money to the Banks. Phishing attacks became widespread and are quite effective at stealing user credentiasl. Banking dedicated Malware provides high returns to the attacker Risk Analisys tell us that Login/Password is not appropriate to protect these assets.

12 Classical Factor Two Authentication tokens The classic solution has been to employ factor two (difficult to clone) authentication devices

13 Classical Factor Two Authentication tokens

14 Classical Factor Two Authentication tokens

15 Smart Cards Modern Smart cards are credit card-sized devices that contain an fully operational small embedded computer (CPU + RAM + ROM) and a simple interface for accessing its programmed functionalities. It has a small set of contacts on the front. When the card is inserted into a card reader, those contacts provide power and data interfaces to the electronics on the card.

16 Smart Cards Smart cards are something you have that is tamper proof and almost impossible to copy. Memory on the card can be used to store a private key and digital certificate (Portability+Security) The onboard processor can be used for: Generating a public key pair. (In such a way that the private key never leaves the card and thus as only one existing copy). (In What scenarios is this is crucial?) encryption and decryption tasks completely done inside the card itself. verifying authorized access to functionalities that require the use of a private key.

17 Smart Cards Smart cards can also be used to implement a challengeresponse system. the set of algorithms used to manipulate the challenge phrase are encoded in the card. the card can be inserted into a low-cost special-purpose device that allows the user to enter the challenge phrase and displays the result of the manipulation.

18 Smart Cards The most widespread use of smart cards for identity is in the cell phone industry (SIM Simple Identification Module). the SIM manages the user's identity, including her network information, phone number, and, in most cases, address and contact information. The SIM is just a smart card that allows the electrical contacts and processor to be punched out of the larger card and inserted into a small receptacle in the phone.

19 Smart Cards Cartão do Cidadão (CC) National ID Social Security National Health System Tax Payer s National elector card Travel document

20 Smart Cards Cartão do Cidadão (CC)

21 Smart Cards Cartão do Cidadão (CC)

22 Smart Cards Cartão do Cidadão (CC) It has two Certificates (1024bit RSA) emitted by the Government PKI ( Authentication certificate Digital signature certificate (It must be activated) Acts as a PKCS#11 crypto device. It can be used for Identification/Authentication and Electronic Signature. It can act as a one time pad for challenge-response scenarios where there is no need for computers (ex) Performing Critical Services by telephone) Fingerprint Biometric authentication (application available to authorities only)

23 Smart Cards Cartão do Cidadão (CC) Multi platform software and card readers Promotes secure online self-service interaction with critical societal infrastrucures (Banks, Government, Hospitals, Tribunals, etc...) 5 years expiration date Health use: Only identification data is stored Electronic prescription (pointers, not data)

24 Cédula Profissional da Ordem dos Médicos It has two Certificates (2048bit RSA) Authentication certificate Professionally qualidied Digital signature certificate Acts as a PKCS#11 crypto device. It comes with Myfare for NFC applications. Currently being deployed for authentication and electronic signature of electronic prescriptions.

25 Cartão UP It has two Certificates (2048bit RSA) Authentication certificate Digital signature certificate Acts as a PKCS#11 crypto device. It comes with Myfare for NFC applications. Currently being deployed for physicall access control ( campus wide integrated car parking, door locks and assiduity time management) and in a pilot for electronic signature of students grades.

26 Classical Factor Two Authentication tokens Users need to carry with them additional physical tokens and/or readers. Generally requires specific drivers and middleware software installed on users workstations. Are proprietary in Nature and incompatible with each other. Single purpose (Generally you cannot use Institution A token to authenticate yourself into Institution B).

27 More Flexible Factor Two Authentication tokens Yubikeys: Low cost one time password (OTP) generator token (40 chars). Connects to USB port. Acts like a keyboard, no driver required. Press button with your finger to generate a new OTP. Very easy to integrate with legacy login/password authentication schemes. Token validation service on the cloud. Widely deployed by well know Internet companies (Paypal, Google, LastPass, ) Direct support currently being integrated into Google chrome for a more seamless authentication with HTML5 sites.

28 More Flexible Factor Two Authentication tokens Yubikeys: Current Version has two slots. Each can store 128bits. These can be used in several modes: Yubikey OTP OAUTH-HOTP (RFC 4226) Static 128 bit password Challenge Response Newer models are NFC enabled. Yubikey NEO Yubikey software is mostly open Source. For the server side Yubico also supply a low cost HSM to securely protect shared secrets.

29 Ubiquitous Authentication tokens? Classical Authentication tokens are very expensive do deploy on a large scale. Are difficult to use by the targeted regular users. There is however other popular device that can be used as token and: Nowadays it is as common as House Keys: The Mobile Phone

30 Using your Mobile Phone as an Authentication token Everyone has a mobile phone. Every phone has SMS capabilities. The cell phone authentication infrastructure is reasonably secure. We can use a SMS message as a side channel to share a temporary secret that only the possessor of a mobile phone can see. The Online banking industry was one of the first to use SMS messaging as a means to authenticate critical operations. Nowadays it is almost impossible use online banking services without a registered phone.

31 Using your mobile smart Phone/Apps as an Authentication token However: SMS messaging has a cost. It can be substantially expensive if you are abroad. It could not work if messaging takes too much time (60 seconds delay). It is cumbersome to use. Nowadays the mobile phone can do much more then just texting. We can do so much more!

32 Using your Phone as a secure Authentication token Smart phones run APPs Recent Android phones come with their own Secure Element (SE) Built-in. Google Nexus Google Wallet; Myfare emulation. Near Field Communication (NFC) and card emulation capacity is becoming common place in the more recent Android Devices It is now possible to emulate smart cards at the application level. Combine this with the (SE) and we open a whole new set of potential applications. Physically access (Myfare Locks); Innovative mobile payment systems; Transportation cards; Loyalty cards; etc All cards in our wallets could all be securely integrated into our NFC enabled smartphone equipped with a SE element.

33 Using your smart Phone/Apps as an Authentication token Google had a serious problem with authentication. Solely based on login/password Highly vulnerable to MITM attacks for credentials harvesting as attested by the chinese incident of 2010 You can now secure your google account with an APP (Google Authenticator) implementation of one-time passcode generators for several mobile platforms. Support the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 Time-based One-time Password (TOTP) algorithm

34 Using your smart Phone/Apps as an Authentication token With the Google Authenticator you can declare a certain browser at a certain computer to be trustable. All the others will require the proof of possession of your mobile device for the login to succeed.

35 Using your smart Phone/Apps as an Authentication token The security of of this scheme is based on wall clock time synchronization and an initial shared secret between Google and your phone. There is a secure and practical way to share this secret and at the same time configure the Google authenticator App. Mobile Tagging QR codes.

36 Mobile Tagging constitutes a very convenient mechanism to convey information into a mobile device Completely standardized as ISO/IEC 18004:2006 Plenty of space for secret sharing and configuration purposes. Numeric only Max. 7,089 characters Alphanumeric Max. 4,296 characters Binary (8 bits) Max. 2,953 bytes A QR code is displayed on the screen and is then conveyed to the mobile phone through the mobile phone camera.

37 Mobile Tagging is a convenient mechanism to share secrets with a mobile device Google Authenticator and QR codes. A very versatile match.

38 Google Authenticator OTP The google Authenticator, once configured, does not need communication channels to provide the correct answer to the server challenge. Only correct wall time clock needed. It solves the previously identified problems with SMS based schemes. Currently deployed at many high profile sites: Gmail, Google Apps, DropBox, LastPass, etc The YubiTOTP Android Widget is able to generate an OATH Timebased One Time Passcodes (TOTP) from a secret stored in a YubiKey NEO (NFC enabled). What else can we do with this to improve security? Mobile smart phones have Internet connectivity.

39 Quick user Login/Authentication using an Internet Connected Mobile Phone

40 Quick user Login/Authentication using an Internet Connected Mobile Phone With QR-codes the login process is quicker and more convenient than typing a username and password. Since the shared secret (the password) does not have to be memorized, or even typed in by a human, it can be long and complex. A virus-installed keylogger or shoulder-surfer cannot capture the password. The user can securely use an untrusted computer (such as one in an Internet cafe or hotel) without revealing their password. A phishing web site cannot capture the user password by tricking them into typing it in. The phone sends the shared secret, and will only send it to the web site in its database. By using different logins the user's account on one web site cannot be associated with the user's account on another web site.

41 More practical and secure Authentication There are now cheap and practical ways of doing secure multi-factor authentication on the Internet: Practical OTP tokens. Ex) YubiKeys Easy Side Channel enrollment and login QR-Code authentication with mobile devices. Take advantage of the SE that is currently being incorporated into mobile devices. 42

42 Questions?