Skip to content

Security Concept

Jump to bottom
Jun Gan edited this page May 27, 2018 · 1 revision

Security Threat Model: STRIDE

  1. Spoofing (role/permission control) : Spoofing is attempting to gain access to a system by using a false identity. This can be accomplished using stolen user credentials or a false IP address. After the attacker successfully gains access as a legitimate user or host, elevation of privileges or abuse using authorization ca* n begin
  2. Tampering 篡改 (encrypt, sign): unauthorized modification of data, for example as it flows over a network between two comput.
  3. Repudiation: (logging/auditting)the ability of users (legitimate or otherwise) to deny that they performed specific actions or transactions. Without adequate auditing, repudiation attacks are difficult to prove. Information disclosure (encrypt)
  4. Denial of service: caused by bombarding a server with requests to consume all available system resources or by passing it malformed input data that can crash an application process.
  5. Elevation of privilege

**OpenSSL: ** cryptography toolkit implementing the Secure Sockets Layer ( SSL v2/v3) and Transport Layer Security ( TLS v1) network protocols and related cryptography standards required by them.
 There is also a openssl Linux command that can be used to generate passphrase bash scripts: local random_symmetric_key_passphrase=$# (openssl rand -base64 32 2>/dev/null)

gpg Linux command: (encrypt)

  • random_symmetric_key_passphrase=$(openssl rand -base64 32 2>/dev/null)
  • (send to server) encrypted_symmetric_key_passphrase=$(echo -n "$random_symmetric_key_passphrase" | gpg --always-trust --homedir $tpm_gpg_keyrings_dir --recipient "com.amazon.csos.tpm.registration.encryption_key" -a --openpgp --encrypt) 1460 local encrypted_symmetric_key_passphrase=$(echo -n "$random_symmetric_key_passphrase" | gpg --always-trust --homedir $tpm_gpg_keyrings_dir --recipient "com.amazon.csos.tpm.registration.encryption_key" -a --openpgp --encrypt)

  • Encrypt the pubEK using a symmetric key generated from a random passphrase. 
encrypted_pub_ek=$(gpg --always-trust --homedir $tpm_gpg_keyrings_dir --symmetric --cipher-algo AES256 -a --openpgp --passphrase "$random_symmetric_key_passphrase")

              // Symmetric keys are generated using a passphrase. We encrypted the passphrase that was used to encrypt
          // the Pub EK using a public key stored on the client. Here we decrypt the passphrase.

Concatenate all variable and gpg to sign detach-sig 
openssl generate random symmetric key passphrase -> gpg tool to encrypt this random symmetric key passphrase

============================================ https://spin.atomicobject.com/2016/05/30/openid-oauth-saml/ https://www.gluu.org/resources/documents/articles/oauth-vs-saml-vs-openid-connect/
https://spin.atomicobject.com/2016/05/30/openid-oauth-saml/ OpenID Connect: open standard and decentralized authentication protocol. The latest version of OpenID is OpenID Connect, which combines OpenID authentication and OAuth2 authorization

id_token: associated to Open ID authentication, not for OAuth2. SAML has corresponding Assertion. Id_token in Open ID has (Include nonce, hash of access token

OpenID: (RP, OP. RP extends OAuth2 client). It has id_token.suitable for SSO for consumer apps. Risk: Identity providers have a log of OpenID logins, making a compromised account a bigger privacy breach

OAuth2: https://www.youtube.com/watch?v=996OiexHze0 Authorization Framework. There is no id_token in OAuth2. suitable for API Authorization Risk: OAuth 2.0 does not support signature, encryption, channel binding, or client verification. Instead, it relies completely on TLS for confidentiality.

SAML: (IDP, SP) suitable for SSO, not apply to mobile Risk: XML Signature Wrapping to impersonate any user
 Nonce java.lang.Object/com.nimbusds.oauth2.sdk.id.Identifier A nonce, which is sent by the client and enables the integrity of the response to be validated. This is a random, unique string value to associate a user-session with an ID Token and to mitigate replay attacks.Example generation of a nonce with eight random mixed-case alphanumeric characters: Nonce nonce = new Nonce(8); https://static.javadoc.io/com.nimbusds/oauth2-oidc-sdk/5.0/com/nimbusds/openid/connect/sdk/Nonce.html

OpenID and SAML Difference Front channel: browser (SAML send XML request/response via browser. POST Binding to send the response) Back-channel: (OpenID)communication directly between the application and IDP/OP. i.e. RP -> OP. ==================================================
 OpenPGP: OpenPGP is email encryption standard. . Defined by the OpenPGP Group. It originally derived from the PGP software which is used for message/password encryption/signing/decryption PGPUtil: org.bouncycastle.openpgp to decrypt symmetric/asymmetric keys
 Linux tool: gpg — encryption and signing tool https://www.tutorialspoint.com/unix_commands/gpg.htm

Signing & Encryption key difference https://stackoverflow.com/questions/454048/what-is-the-difference-between-encrypting-and-signing-in-asymmetric-encryption http://blogs.mdaemon.com/index.php/2016/07/26/encrypting-vs-signing-with-openpgp-whats-the-difference/ public/private key: https://www.comodo.com/resources/small-business/digital-certificates2.php

Symmetric (sender and recipient share one secret key)and Asymmetric Encryption (public and private key):
Popular asymmetric key encryption algorithm includes EIGamal, RSA, DSA, Elliptic curve techniques, PKCS. Many protocols like SSH, OpenPGP, S/MIME, and SSL/TLS rely on asymmetric cryptography for encryption and digital signature functions. https://support.microsoft.com/en-ca/help/246071/description-of-symmetric-and-asymmetric-encryption https://www.ssl2buy.com/wiki/symmetric-vs-asymmetric-encryption-what-are-differences
 HTTPS: HTTP over SSL https://www.instantssl.com/ssl-certificate-products/https.html https://searchsoftwarequality.techtarget.com/definition/HTTPS HTTPS pages typically use one of two secure protocols to encrypt communications - SSL (Secure Sockets Layer) or TLS (Transport Layer Security). Both the TLS and SSL protocols use an ‘asymmetric' Public Key Infrastructure (PKI) system. In the case of a website, the private key remains securely on the web server. Conversely, the public key is intended to be distributed to anybody and everybody that needs to be able to decrypt information that was encrypted with the private key.

certificates: https://www.globalsign.com/en/ssl-information-center/what-is-an-ssl-certificate/  A certificate is a signed data structure that binds a public key to a person, computer, or organization. Certificates are issued by certification authorities (CAs).  SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser. An organization needs to install the SSL Certificate onto its web server to initiate a secure session with browsers. Once a secure connection is established, all web traffic between the web server and the web browser will be secure.
SSL Certificate use public key. A public key is known to your server and available in the public domain SSL Certificate include: domain name, server name, hostname, organizational identity (company name) and location X509 certificates : Many of the certificates that people refer to as Secure Sockets Layer (SSL) certificates are in fact X.509 certificates. (X.500 Directory Services Standard.) An X.509 certificate is a digital certificate that uses the widely accepted international X.509 public key infrastructure (PKI) standard to verify that a public key belongs to the user, computer or service identity contained within the certificate https://searchsecurity.techtarget.com/definition/X509-certificate https://msdn.microsoft.com/en-us/library/windows/desktop/bb540819(v=vs.85).aspx https://security.stackexchange.com/questions/36932/what-is-the-difference-between-ssl-and-x-509-certificates https://support.venafi.com/hc/en-us/articles/215914997-Introduction-to-SSL-TLS-X-509-Certificates-and-Keys

Hash-MAC (message authentication code): (MD5 or SHA-1, are just hash functions)
CSOS use symmetric key: https://odin.amazon.com/#view/materialSet/com.amazon.csos.tpm.registration.china.hmac_key HMAC is a MAC which is based on a hash function.The basic idea is to concatenate the key and the message, and hash them together. 
HMAC does not encrypt the message. Instead, the message (encrypted or not) must be sent alongside the HMAC hash. Parties with the secret key (private key) will hash the message again themselves, and if it is authentic, the received and computed hashes will match. https://security.stackexchange.com/questions/20129/how-and-when-do-i-use-hmac/20301

TPM registration: 
https://cr.amazon.com/r/7557051/diff/#index_header
https://code.amazon.com/packages/GenesisService/blobs/mainline/--/src/com/amazon/csos/genesis/api/DeviceController.java
local random_symmetric_key_passphrase=$(openssl rand -base64 32 2>/dev/null)

client side use gpg tool to encrypt sign, server side use PGPUtil: org.bouncycastle.openpgp

TPM https://trustedcomputinggroup.org/resource/trusted-platform-module-tpm-summary/

TOTP > HOTP (HMAC-BASED ONE-TIME PASSWORD ALGORITHM) https://blogs.forgerock.org/petermajor/2014/02/one-time-passwords-hotp-and-totp/ The main difference between HOTP and TOTP is that the HOTP passwords can be valid for an unknown amount of time, while the TOTP passwords keep on changing and are only valid for a short window in time. The TOTP passwords are short-lived, they only apply for a given amount of human time. HOTP passwords (event driven)are potentially longer lived, they apply for an unknown amount of human time. HOTP: whenever a new OTP is generated, the moving factor will be incremented, hence the subsequently generated passwords should be different each time. The reference to "enhanced security" is referencing (at least) two areas: The value of a compromised key, and ability to attack one.

Clone this wiki locally