The Sibyl: NoConName 2013

365 views
215 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
365
On SlideShare
0
From Embeds
0
Number of Embeds
49
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

The Sibyl: NoConName 2013

  1. 1. Client-side password Encryption Pedro Fortuny & Carlos Amieva (& Rafael Casado “in absentia”)
  2. 2. Client-side password Encryption No worries, James, let the sysadmin deal with the problem.
  3. 3. Client-side password Encryption Honestly:
  4. 4. Client-side password Encryption Honestly: Can you trust your sysadmin?
  5. 5. Client-side password Encryption Honestly: Can you trust your sysadmin? I mean
  6. 6. Client-side password Encryption Honestly: Can you trust your sysadmin?
  7. 7. Client-side password Encryption Honestly: Can you trust your sysadmin? really?
  8. 8. Client-side password Encryption I said really
  9. 9. Client-side password Encryption We need
  10. 10. Client-side password Encryption We need Ways to minimize data exposure to the sysadmin
  11. 11. Client-side password Encryption We need Ways to minimize data exposure to the sysadmin One step
  12. 12. Client-side password Encryption We need Ways to minimize data exposure to the sysadmin One step Protecting passwords from local access / MITM
  13. 13. Client-side password Encryption The Sibyl v2.0
  14. 14. Client-side password Encryption State of affairs 2013 - blind trust Client Server
  15. 15. Client-side password Encryption State of affairs 2013 - blind trust TLS/SS L Client , this i s SAFE , oooo hh! Server
  16. 16. Client-side password Encryption State of affairs 2013 - blind trust TLS/SS L Client , this i s SAFE , oooo hh! I se u r yp sc I’m t, Server no ol fo
  17. 17. Client-side password Encryption State of affairs 2013 - blind trust TLS/SS L Client , this i s SAFE , oooo hh! I se u r yp sc I’m t, no ol fo Server zorg:~# a=`pidof mysql` zorg:~# strace -p $a -e crypt -f
  18. 18. Client-side password Encryption State of affairs 2013 - blind trust TLS/SS L Client , this i s SAFE , oooo hh! I se u r yp sc I’m t, no ol fo Server zorg:~# a=`pidof mysql` zorg:~# strace -p $a -e crypt -f [pregnant silence]
  19. 19. Client-side password Encryption State of affairs 2013 - blind trust TLS/SS L Client , this i s SAFE , oooo hh! I se u r yp sc I’m t, no ol fo Server zorg:~# a=`pidof mysql` zorg:~# strace -p $a -e crypt -f [pregnant silence] [pid 9] crypt(“patata”,“$7$21212104040SaLt.$”)
  20. 20. Client-side password Encryption ? Do you really think hackers do NOT use strace
  21. 21. Client-side password Encryption BUT Your sysadmin is good (tm) [assumming you have not been rooted]
  22. 22. Client-side password Encryption BUT Your sysadmin is good (tm) [assumming you have not been rooted] Trust in me...
  23. 23. Client-side password Encryption Can do better
  24. 24. Client-side password Encryption TLS/SS L Client - but “ trust in me. ..” Server
  25. 25. Client-side password Encryption TLS/SS L Client - but “ trust in me. ..” Store “RSA(scrypt(pwd))” on the server Server
  26. 26. Client-side password Encryption TLS/SS L Client - but “ trust in me. ..” Store “RSA(scrypt(pwd))” on the server Server RSA channel Sibyl Use a hardware module to authenticate
  27. 27. Client-side password Encryption TLS/SS L Client [Pub key] - but “ trust in me. ..” Server Sibyl
  28. 28. Client-side password Encryption TLS/SS L Client [Pub key] - but “ trust in me. ..” Server Sibyl [Priv, Pub] RSA pair
  29. 29. Client-side password Encryption TLS/SS L Client [Pub key] - but “ trust in me. ..” only stores PUB0(hash) Server Sibyl [Priv, Pub] RSA pair
  30. 30. Client-side password Encryption TLS/SS L Client [Pub key] hash=scrypt(pwd) is run on the client side - but “ trust in me. ..” only stores PUB0(hash) Server Sibyl [Priv, Pub] RSA pair
  31. 31. Client-side password Encryption TLS/SS L Client [Pub key] hash=scrypt(pwd) is run on the client side - but “ trust in me. ..” only stores PUB0(hash) Server msg=PUBi(hash) Sibyl [Priv, Pub] RSA pair
  32. 32. Client-side password Encryption TLS/SS L Client [Pub key] hash=scrypt(pwd) is run on the client side msg=PUBi(hash) - but “ trust in me. ..” only stores PUB0(hash) Server Priv(PUB0(hash)) == Login? Priv(PUBi(hash)) Sibyl [Priv, Pub] RSA pair
  33. 33. Client-side password Encryption TLS/SS L - but “ trust Client [Pub key] hash=scrypt(pwd) is run on the client side msg=PUBi(hash) in me. ..” only stores PUB0(hash) Server Priv(PUB0(hash)) == Login? Priv(PUBi(hash)) Only the Sibly can answer this Sibyl [Priv, Pub] RSA pair
  34. 34. Client-side password Encryption There is no encryption performed on the server
  35. 35. Client-side password Encryption The Sibyl can be completely dumb [not yet implemented] no access to the priv. key
  36. 36. Client-side password Encryption The sysadmin has no way to MITM or whatever Trustless pwd management
  37. 37. Client-side password Encryption Isn’t it better to trust people, Charlie Brown?
  38. 38. Client-side password Encryption Isn’t it better to trust people, Charlie Brown? No, Lucy, no...
  39. 39. Client-side password Encryption Details [...] skip if necessary
  40. 40. Client-side password Encryption client server sibyl
  41. 41. Client-side password Encryption client V1=RSAi(pwd) server sibyl
  42. 42. Client-side password Encryption client V1=RSAi(pwd) [login,V1] server sibyl
  43. 43. Client-side password Encryption client V1=RSAi(pwd) [login,V1] server V2=RSA0(pass) (stored) sibyl
  44. 44. Client-side password Encryption client V1=RSAi(pwd) [login,V1] server V2=RSA0(pass) (stored) [V1,V2] sibyl
  45. 45. Client-side password Encryption client V1=RSAi(pwd) [login,V1] server V2=RSA0(pass) (stored) sibyl [V1,V2] decrypt(v1) ==? decrypt(v2)
  46. 46. Client-side password Encryption client V1=RSAi(pwd) [login,V1] server V2=RSA0(pass) (stored) sibyl [V1,V2] yes/no decrypt(v1) ==? decrypt(v2)
  47. 47. Client-side password Encryption client V1=RSAi(pwd) [login,V1] server V2=RSA0(pass) (stored) sibyl [V1,V2] yes/no grant/deny decrypt(v1) ==? decrypt(v2)
  48. 48. Client-side password Encryption client V1=RSAi(pwd) [login,V1] server V2=RSA0(pass) (stored) sibyl [V1,V2] yes/no grant/deny much gorier (already done) decrypt(v1) ==? decrypt(v2)
  49. 49. Client-side password Encryption Thank you ?? And don’t forget to have a nice meal

×