Cloudflare, profile picture
Uploaded byCloudflare
12,792 views

Running Secure Server Software on Insecure Hardware Without Parachute

Nicholas Sullivan discusses the security challenges of running server software on globally distributed edge servers with insecure physical access. He argues for a new approach that distinguishes between long-term and short-term secrets, with the goal of refreshing secrets before attackers can compromise them. Short-term secrets use techniques from digital rights management like white-box cryptography and code obfuscation to impose computational costs on extracting secrets from memory. Long-term secrets are not stored on edge servers and are accessed through short-term secrets.

Embed presentation

Downloaded 57 times
Nicholas Sullivan Systems Engineer
 CloudFlare
 @grittygrease Running Secure Server Software on Insecure Hardware without a Parachute
What this talk is about u The web is changing — consolidation at the edge u Fundamental assumptions about server security are wrong u How do we design server software with the worst case in mind? u Distinguish between long and short term secrets u Devise approaches for protecting each 2
Let’s Talk About Web Infrastructure
4
Global Website Traffic 5
Global Website Traffic with CDN 6
Current Map 7
Future Map 8
Future Map 9
Edge Computing Threat Model
Traditional server threat model u Assume server is secure u Add layers of protection to keep attackers out u Network layer protection u Operating System Level: principle of least privilege u Protection against maliciously installed code u More advanced barriers 11
Globally distributed servers u Less jurisdictional control = less physical security u Physical access trumps static defense layers ! u Traditional defenses helpful, but not ideal u Cannot rely on security of keys u Single break-in results in immediate compromise 12
A More Effective Approach
Approach system security the ‘DRM way’ u Assume attacker has bypassed all static defenses u Goal is to refresh secrets before they are compromised u Split system into long-term secrets and short-term secrets u Focus on renewability of secrets 14
Secrets must be split into two tiers u Long-term Secrets u Useful for attacker for long period of time u Do not store at the edge ! u Short-term Secrets u Expire after a short period of time u Cannot be re-used 15
Example: Traditional TLS termination u TLS handshake with nginx and Apache u SSL keys on disk u Read from disk, use in memory ! u Cryptographic elements at risk if server is compromised u Private key u Session key 16
TLS revisited for untrusted hardware u Long term secrets u Private key ! u Short term secrets u Session key u Session IDs and Session ticket keys u Credentials to access private keys 17
How to Protect 
 Short-term Secrets
Short-term secrets — threat model u Must live on machines in unsafe locations u Memory u Control Flow u By the time a secret is broken, it should be expired u Don’t keep secrets in a useable state u Impose computational cost to retrieve the original secret u Expire secrets quickly ! 19
Techniques from DRM are applicable u White-box cryptography u Code obfuscation 20
Standard Cryptography Threat Model 21 Alice Bob Eve
White-box Cryptography Threat Model 22 Alice Bob Eve
White-box Cryptography Threat Model 23 Aleve Bob
White-box cryptography u Hide the cryptographic key from everyone u Protect against key extraction in the strongest threat model ! u Takes time to extract key — lots of math u Choose difficulty based on secret lifetime 24
White-box cryptography implementations 25 u Commercial products u Irdeto, Arxan, SafeNet, etc. u Open source u OpenWhiteBox
Code obfuscation 26
Code obfuscation u Making reverse engineering difficult u Compile-time control-flow modification u Data transformation in memory u Anti-debugging 27
Before 28
After 29
Code obfuscation implementations u Commercial products u Arxan, Irdeto, etc. u Open source u Obfuscator-LLVM 30
Long-term Secrets
Keyless SSL u SSL without keys? Surely you’re joking. u SSL without keys at the edge. That’s better. 32
How Keyless SSL Works u Split the TLS state machine geographically u Perform private key operation at site owner’s facility (in HSM, etc) u Perform rest of handshake at edge u Communicate with signing server over mutually authenticated TLS 33
Keyless SSL Diagram 34
35
Conclusion
Conclusion u Untrusted hardware requires a new approach u Split secrets into long-term and short-term u Design for rapid renewal — replace secrets faster than they can be broken u Leverage short-term secrets to access long-term secrets 37

More Related Content

PDF
Sullivan randomness-infiltrate 2014
byCloudflare
 
PDF
Sullivan heartbleed-defcon22 2014
byCloudflare
 
PPTX
Botconf ppt
byCloudflare
 
PDF
Sullivan handshake proxying-ieee-sp_2014
byCloudflare
 
PDF
Sullivan white boxcrypto-baythreat-2013
byCloudflare
 
PDF
Sullivan red october-oscon-2014
byCloudflare
 
PPTX
Running a Robust DNS Infrastructure with CloudFlare Virtual DNS
byCloudflare
 
PDF
Virus Bulletin 2012
byCloudflare
 
Sullivan randomness-infiltrate 2014
byCloudflare
 
Sullivan heartbleed-defcon22 2014
byCloudflare
 
Botconf ppt
byCloudflare
 
Sullivan handshake proxying-ieee-sp_2014
byCloudflare
 
Sullivan white boxcrypto-baythreat-2013
byCloudflare
 
Sullivan red october-oscon-2014
byCloudflare
 
Running a Robust DNS Infrastructure with CloudFlare Virtual DNS
byCloudflare
 
Virus Bulletin 2012
byCloudflare
 

What's hot

PDF
Security with VA Smalltalk
byESUG
 
PPTX
MRA AMA Part 7: The Circuit Breaker Pattern
byNGINX, Inc.
 
PDF
SSL for SaaS Providers
byCloudflare
 
PPTX
Secure Your Apps with NGINX Plus and the ModSecurity WAF
byNGINX, Inc.
 
PPTX
The 3 Models in the NGINX Microservices Reference Architecture
byNGINX, Inc.
 
PPTX
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare
byCloudflare
 
PPTX
Laverna vs etherpad
byantitree
 
PDF
MRA AMA Part 8: Secure Inter-Service Communication
byNGINX, Inc.
 
PDF
Heartache and Heartbleed - 31c3
byNick Sullivan
 
PPTX
Owasp crypto tools and projects
byOwaspCzech
 
PDF
An analysis of TLS handshake proxying
byNick Sullivan
 
PDF
Overview of SSL: choose the option that's right for you
byCloudflare
 
PPTX
Reinventing anon email
byantitree
 
PDF
Bringing Elliptic Curve Cryptography into the Mainstream
byNick Sullivan
 
PDF
Monitoring Highly Dynamic and Distributed Systems with NGINX Amplify
byNGINX, Inc.
 
PDF
MRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo App
byNGINX, Inc.
 
PDF
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
byNGINX, Inc.
 
PPTX
Improve App Performance & Reliability with NGINX Amplify
byNGINX, Inc.
 
PDF
What's New in Go Crypto - Gotham Go
byNick Sullivan
 
PDF
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23
byNick Sullivan
 
Security with VA Smalltalk
byESUG
 
MRA AMA Part 7: The Circuit Breaker Pattern
byNGINX, Inc.
 
SSL for SaaS Providers
byCloudflare
 
Secure Your Apps with NGINX Plus and the ModSecurity WAF
byNGINX, Inc.
 
The 3 Models in the NGINX Microservices Reference Architecture
byNGINX, Inc.
 
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare
byCloudflare
 
Laverna vs etherpad
byantitree
 
MRA AMA Part 8: Secure Inter-Service Communication
byNGINX, Inc.
 
Heartache and Heartbleed - 31c3
byNick Sullivan
 
Owasp crypto tools and projects
byOwaspCzech
 
An analysis of TLS handshake proxying
byNick Sullivan
 
Overview of SSL: choose the option that's right for you
byCloudflare
 
Reinventing anon email
byantitree
 
Bringing Elliptic Curve Cryptography into the Mainstream
byNick Sullivan
 
Monitoring Highly Dynamic and Distributed Systems with NGINX Amplify
byNGINX, Inc.
 
MRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo App
byNGINX, Inc.
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
byNGINX, Inc.
 
Improve App Performance & Reliability with NGINX Amplify
byNGINX, Inc.
 
What's New in Go Crypto - Gotham Go
byNick Sullivan
 
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23
byNick Sullivan
 

Viewers also liked

PPTX
Database Scalability - The Shard Conflict
byScaleBase
 
PDF
High Performance Systems in Go - GopherCon 2014
byDerek Collison
 
PDF
Corporate Open Source Anti-patterns
bybcantrill
 
PDF
Detecting Corporate Fraud: Tips from a Crook and a Sleuth by Roddy Boyd and S...
byReynolds Center for Business Journalism
 
ODP
Assholes are killing your project
byDonnie Berkholz
 
PPTX
The Hard Truths of Entrepreneurship
byRand Fishkin
 
Database Scalability - The Shard Conflict
byScaleBase
 
High Performance Systems in Go - GopherCon 2014
byDerek Collison
 
Corporate Open Source Anti-patterns
bybcantrill
 
Detecting Corporate Fraud: Tips from a Crook and a Sleuth by Roddy Boyd and S...
byReynolds Center for Business Journalism
 
Assholes are killing your project
byDonnie Berkholz
 
The Hard Truths of Entrepreneurship
byRand Fishkin
 

Similar to Running Secure Server Software on Insecure Hardware Without Parachute

PPT
software-security-intro in information security.ppt
byismaeelsahib032
 
PPTX
Enhancing Web Security: Key Concepts & Strategies.pptx
byParham Abolghasemi
 
PDF
FreeBSD and Hardening Web Server
byMuhammad Moinur Rahman
 
PPTX
Chapter 2 Overview of Commercial Issues.pptx
bymc0225225
 
PDF
Network Security_Module_2.pdf
byDr. Shivashankar
 
PDF
Security Theatre - Confoo
byxsist10
 
PDF
Network Security_Module_2_Dr Shivashankar
byDr. Shivashankar
 
PPT
software-security.ppt
byPRALHAD MAGADUM
 
PPT
Essentials Of Security
byxsy
 
PPTX
OWASP_Training.pptx
byPradip Bhattarai
 
PDF
Running Secure Server Software on Insecure Hardware without a Parachute - RSA...
byNick Sullivan
 
PDF
Owasp top 10 2013
byEdouard de Lansalut
 
PDF
Threat_Modelling.pdf
byMarlboroAbyad
 
PDF
Securing the channel - Tarkay Jamaan
byOWASP-Qatar Chapter
 
PDF
Cloud computing Security
byCloud Genius
 
PPTX
00. introduction to app sec v3
byEoin Keary
 
PPT
Cloud Computing & Security
byAwais Mansoor Chohan
 
PDF
Security at Scale - Lessons from Six Months at Yahoo
byAlex Stamos
 
PPT
Dmk bo2 k8_ccc
byDan Kaminsky
 
PDF
Null bhopal Sep 2016: What it Takes to Secure a Web Application
byAnant Shrivastava
 
software-security-intro in information security.ppt
byismaeelsahib032
 
Enhancing Web Security: Key Concepts & Strategies.pptx
byParham Abolghasemi
 
FreeBSD and Hardening Web Server
byMuhammad Moinur Rahman
 
Chapter 2 Overview of Commercial Issues.pptx
bymc0225225
 
Network Security_Module_2.pdf
byDr. Shivashankar
 
Security Theatre - Confoo
byxsist10
 
Network Security_Module_2_Dr Shivashankar
byDr. Shivashankar
 
software-security.ppt
byPRALHAD MAGADUM
 
Essentials Of Security
byxsy
 
OWASP_Training.pptx
byPradip Bhattarai
 
Running Secure Server Software on Insecure Hardware without a Parachute - RSA...
byNick Sullivan
 
Owasp top 10 2013
byEdouard de Lansalut
 
Threat_Modelling.pdf
byMarlboroAbyad
 
Securing the channel - Tarkay Jamaan
byOWASP-Qatar Chapter
 
Cloud computing Security
byCloud Genius
 
00. introduction to app sec v3
byEoin Keary
 
Cloud Computing & Security
byAwais Mansoor Chohan
 
Security at Scale - Lessons from Six Months at Yahoo
byAlex Stamos
 
Dmk bo2 k8_ccc
byDan Kaminsky
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
byAnant Shrivastava
 

More from Cloudflare

PPTX
Accelerate your digital transformation
byCloudflare
 
PPTX
Zero trust for everybody: 3 ways to get there fast
byCloudflare
 
PPTX
Scaling service provider business with DDoS-mitigation-as-a-service
byCloudflare
 
PPTX
Recent DDoS attack trends, and how you should respond
byCloudflare
 
PPTX
Close your security gaps and get 100% of your traffic protected with Cloudflare
byCloudflare
 
PDF
Succeeding with Secure Access Service Edge (SASE)
byCloudflare
 
PPTX
Application layer attack trends through the lens of Cloudflare data
byCloudflare
 
PPTX
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
byCloudflare
 
PPTX
Strengthening security posture for modern-age SaaS providers
byCloudflare
 
PDF
Stopping DDoS Attacks in North America
byCloudflare
 
PPTX
HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...
byCloudflare
 
PPTX
Kentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks
byCloudflare
 
PPTX
Why you should replace your d do s hardware appliance
byCloudflare
 
PPTX
Cyber security fundamentals (simplified chinese)
byCloudflare
 
PPTX
Why Zero Trust Architecture Will Become the New Normal in 2021
byCloudflare
 
PPTX
Cybersecurity 2020 threat landscape and its implications (AMER)
byCloudflare
 
PPTX
Don't Let Bots Ruin Your Holiday Business - Snackable Webinar
byCloudflare
 
PPTX
Bring speed and security to the intranet with cloudflare for teams
byCloudflare
 
PPTX
It’s 9AM... Do you know what’s happening on your network?
byCloudflare
 
PPTX
Network Transformation: What it is, and how it’s helping companies stay secur...
byCloudflare
 
Accelerate your digital transformation
byCloudflare
 
Zero trust for everybody: 3 ways to get there fast
byCloudflare
 
Scaling service provider business with DDoS-mitigation-as-a-service
byCloudflare
 
Recent DDoS attack trends, and how you should respond
byCloudflare
 
Close your security gaps and get 100% of your traffic protected with Cloudflare
byCloudflare
 
Succeeding with Secure Access Service Edge (SASE)
byCloudflare
 
Application layer attack trends through the lens of Cloudflare data
byCloudflare
 
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
byCloudflare
 
Strengthening security posture for modern-age SaaS providers
byCloudflare
 
Stopping DDoS Attacks in North America
byCloudflare
 
HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...
byCloudflare
 
Kentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks
byCloudflare
 
Why you should replace your d do s hardware appliance
byCloudflare
 
Cyber security fundamentals (simplified chinese)
byCloudflare
 
Why Zero Trust Architecture Will Become the New Normal in 2021
byCloudflare
 
Cybersecurity 2020 threat landscape and its implications (AMER)
byCloudflare
 
Don't Let Bots Ruin Your Holiday Business - Snackable Webinar
byCloudflare
 
Bring speed and security to the intranet with cloudflare for teams
byCloudflare
 
It’s 9AM... Do you know what’s happening on your network?
byCloudflare
 
Network Transformation: What it is, and how it’s helping companies stay secur...
byCloudflare
 

Recently uploaded

PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
PDF
December Patch Tuesday
byIvanti
 
PDF
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PPTX
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PPTX
Kanban India 2025 | Daksh Gupta | Modeling the Models, Generative AI & Kanban
byLeanKanbanIndia
 
PDF
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
PPTX
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
PDF
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
PPTX
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
December Patch Tuesday
byIvanti
 
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
The year in review - MarvelClient in 2025
bypanagenda
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
Kanban India 2025 | Daksh Gupta | Modeling the Models, Generative AI & Kanban
byLeanKanbanIndia
 
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 

Running Secure Server Software on Insecure Hardware Without Parachute

  • 1.
    Nicholas Sullivan Systems Engineer
 CloudFlare
 @grittygrease RunningSecure Server Software on Insecure Hardware without a Parachute
  • 2.
    What this talkis about u The web is changing — consolidation at the edge u Fundamental assumptions about server security are wrong u How do we design server software with the worst case in mind? u Distinguish between long and short term secrets u Devise approaches for protecting each 2
  • 3.
    Let’s Talk AboutWeb Infrastructure
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
    Traditional server threatmodel u Assume server is secure u Add layers of protection to keep attackers out u Network layer protection u Operating System Level: principle of least privilege u Protection against maliciously installed code u More advanced barriers 11
  • 12.
    Globally distributed servers uLess jurisdictional control = less physical security u Physical access trumps static defense layers ! u Traditional defenses helpful, but not ideal u Cannot rely on security of keys u Single break-in results in immediate compromise 12
  • 13.
  • 14.
    Approach system securitythe ‘DRM way’ u Assume attacker has bypassed all static defenses u Goal is to refresh secrets before they are compromised u Split system into long-term secrets and short-term secrets u Focus on renewability of secrets 14
  • 15.
    Secrets must besplit into two tiers u Long-term Secrets u Useful for attacker for long period of time u Do not store at the edge ! u Short-term Secrets u Expire after a short period of time u Cannot be re-used 15
  • 16.
    Example: Traditional TLStermination u TLS handshake with nginx and Apache u SSL keys on disk u Read from disk, use in memory ! u Cryptographic elements at risk if server is compromised u Private key u Session key 16
  • 17.
    TLS revisited foruntrusted hardware u Long term secrets u Private key ! u Short term secrets u Session key u Session IDs and Session ticket keys u Credentials to access private keys 17
  • 18.
    How to Protect
 Short-term Secrets
  • 19.
    Short-term secrets —threat model u Must live on machines in unsafe locations u Memory u Control Flow u By the time a secret is broken, it should be expired u Don’t keep secrets in a useable state u Impose computational cost to retrieve the original secret u Expire secrets quickly ! 19
  • 20.
    Techniques from DRMare applicable u White-box cryptography u Code obfuscation 20
  • 21.
    Standard Cryptography ThreatModel 21 Alice Bob Eve
  • 22.
    White-box Cryptography ThreatModel 22 Alice Bob Eve
  • 23.
  • 24.
    White-box cryptography u Hidethe cryptographic key from everyone u Protect against key extraction in the strongest threat model ! u Takes time to extract key — lots of math u Choose difficulty based on secret lifetime 24
  • 25.
    White-box cryptography implementations 25 uCommercial products u Irdeto, Arxan, SafeNet, etc. u Open source u OpenWhiteBox
  • 26.
  • 27.
    Code obfuscation u Makingreverse engineering difficult u Compile-time control-flow modification u Data transformation in memory u Anti-debugging 27
  • 28.
  • 29.
  • 30.
    Code obfuscation implementations uCommercial products u Arxan, Irdeto, etc. u Open source u Obfuscator-LLVM 30
  • 31.
  • 32.
    Keyless SSL u SSLwithout keys? Surely you’re joking. u SSL without keys at the edge. That’s better. 32
  • 33.
    How Keyless SSLWorks u Split the TLS state machine geographically u Perform private key operation at site owner’s facility (in HSM, etc) u Perform rest of handshake at edge u Communicate with signing server over mutually authenticated TLS 33
  • 34.
  • 35.
  • 36.
  • 37.
    Conclusion u Untrusted hardwarerequires a new approach u Split secrets into long-term and short-term u Design for rapid renewal — replace secrets faster than they can be broken u Leverage short-term secrets to access long-term secrets 37