Case Studies I

Chair: Larry Wagoner

• Firewalling: Passwords, Financial Transactions and Human Privileges from CPU Resident Malware, Jim McAlear (Canadian Department of National Defence)

  This case study covers developments around a cyber-security solution that solves the password problem at PC and server hosts - in that it fully denies CPU-resident-malware access to passwords and their enclosing transactions. The same solution also protects against malware eavesdropping and tampering of key financial transactions - including credit card purchases, internet banking and online stock trading. Finally, the solution enables a further game-changing cyber-security capability: it allows a network service to unequivocally discern whether an arbitrary transaction request coming from a PC emanates from malware on the CPU or a human at the keyboard. All these benefits arise from a novel but simple approach that sees such critical transactions firewalled away from PC and server CPUs (where conventional malware runs). This case study will cover the fundamentals of the firewalling solutions as well as project activities underway to bring this solution to fruition within industry - including the development of a new IETF protocol standard in partnership with a leading Canadian university.

• Smart Card support Embedded Within OpenSSL to Secure Virtual Machines, Hassane Aissaoui-Mehrez (Télécom ParisTech)

  Smartcards are becoming increasingly popular as a means for personal identification and authentication in many secure application areas such as e-Banking and e-Commerce. Millions of users have a smart card in their pocket without even knowing it. The SecFuNet project proposes solutions for integrating secure microcontrollers in order to develop a security framework for Cloud Computing and virtual environment. This framework introduces, among its many services: authentication and authorization functions for Cloud Computing and virtual environments, based on smart cards, OpenID and user-centric attribute control policies. The objective is to implement an open standard framework, based on the authentication servers and smart cards. The proposed SecFuNet framework provides TLS secure channels for establishing trust relationships among Users, Virtual Machines (VMs), Hypervisor (XEN) and Remote Grid of Secure Elements (RG0SE). The authentication is done directly between smart cards (owned by users or associated to VM) and SecFuNet Identity Management (IdM).

  This solution concerns a highly secure authentication with secure microcontrollers allowing users' strong mutual authentication with SecFuNet Services and provides some libraries to the developers. It defines and describes the features and the modules added to OpenSSL in order to supply easily the Application Protocol Data Unit (APDU) - described by the ISO 7816 standard - transferred to smart cards.

  We describe how to integrate a Hardware Security Module (HSM) - EAP-TLS Smart Card - within the OpenSSL tool kit using libraries of Smart Card API on the one hand and the new "s_scard and s_hypervisor" command lines to test connection and establish tls session with Xen server developed in SecFuNet Project on the other hand. The "s_scard" program may be used for evaluation EAP-TLS Smart Card purposes, for any use. The "s_hypervisor" command associates a smart card to authenticated VM.

  EAP-TLS Smart Card is designed to perform sensitive cryptographic tasks and to securely manage cryptographic keys and data. The security-relevant actions can be executed and security relevant information can be stored. It can be used as a universal, independent security component for heterogeneous computer systems. The first part concerns the definition of the primitive functions and libraries added to OpenSSL. The second part describable the implementation of s_scard and s_hypervisor command lines to use with EAP-TLS Smart Card I order to perform a strong mutual authentication.

  The strong authentication based on smart card has become a critical factor of good system design (i.e. Cloud Computing); it expands as the primary medium for secure communication.

  Our contribution consists of adding a software development kit "SDK-SC-API" within OpenSSL in order to make development of smart cards easier and to give to developers the possibility of enabling a test with smart cards. Although the experimental results of the first platform develop for SecFuNet demonstrates that the scalability performances are not yet compatible with today network constraints, we are confident that in the second part of the SecFuNet project we will be able to achieve a platform whose authentication time will be reasonable enough to be massively deployed. Furthermore, the security and the advantages it provides shall be a great addition to OpenSSL Toolkits in general as well as a key asset to securing Cloud Computing infrastructures.

  We have concluded that the benefits of implementing SDK-SC-API into OpenSSL have many advanced features, such as support for secure PIN entry. The following list is an overview of the more important advantages:

  • The client or VM private key is secretly stored and used by the smartcard. The client or VM certificate is autonomously checked by the tls server.

  • Reduces development time by eliminating the need to create your own SDK wrapper.

  • Makes your applications independent of the underlaying smart card devices. The application can be used with PC/SC API and our SDK-SC-API without any change of OpenSSL.

  • OpenSSL is an open source and continuously maintained product that is extended to cope with future needs.

  • EAP-TLS Smart Card and (U)SIM can be written on top of SDK-SC-API and can be supported via custom modules.

  It has to be noted that the solution can be also much appreciated in a privacy environment, the client is strongly authenticated but this solution protects the privacy of the client.

   

• Red October: Implementing the two-man rule for keeping secrets, Nick Sullivan (CloudFlare)

  Red October is an open source encryption server with a twist -- it can encrypt secrets, requiring more than one person to decrypt them. This talk will describe what goes into building an open source security product and using it in the real world. From motivation, design decisions, pitfalls of using a young programming language like Go, through deployment and opening the work up to the community. Red October can be used to enforce the two-person rule for access to critical data, helping keep company data protected from insider threats.