Upload
kenneth-cecil-ellis
View
223
Download
0
Tags:
Embed Size (px)
Citation preview
Auth for Encrypted Services with Server Side APT
Steve “Sc00bz” Thomas
Who is This Talk For?
Where are the Keys?
• “Brain wallet”• “Key file”• “Key service”
Pre-Authentication
• Run the PW-KDF once
• Generate two keys– Authentication key– Encryption key
• Caveat– PBKDF2
Crypho (Fixed)
• Send 6 digit 2FA
• Receive password encrypted private key
ProtonMail
• Two passwords– Authentication sent to the server as is– Decrypt PGP key
• Most users will use the same password
Mega
• KDF is “Do stupid shit with AES 65536 times”• Auth key is encrypt email 16384 times with
password key
Nigori (Google Sync)
Crypton
PAKE
• Password Authenticated Key Exchange– Diffie-Hellman– Eve and Mallory proof
Client-Server
ClientauthKey || pwKey = PW-KDF(...)sKey = PAKE(authKey)
encMK = decrypt(sKey, packet)MK = decrypt(pwKey, encMK)
Server
sKey = PAKE(serverData)packet = encrypt(sKey, encMK)
authKey Used for authenticationpwKey Decrypts the encrypted master keysKey Session encryption keyencMK The encrypted master keyMK The master key
Server-HSM
Server
encData = DB.find(user)
HSM
encMK, serverData = decrypt(hsmKey, encData)
sKey = PAKE(serverData)
packet = encrypt(sKey, encMK)
hsmKey Encryption key stored on the HSMsKey Session encryption keyencMK The encrypted master key
Server-HSM
Server
encData = DB.find(user)
Encrypt packets with sKey2
HSM
encMK, serverData = decrypt(hsmKey, encData)
sKey = PAKE(serverData)
packet = encrypt(sKey, encMK)
sKey2 = KDF(sKey)
hsmKey Encryption key stored on the HSMsKey Session encryption keysKey2 Server-client session keyencMK The encrypted master key
Change Password
fall2014
winter14
spring15
summer15
New User
I Can Has 2FA?
I Can Has 2FA
• Time based• Challenge response• No counters
U2F
• Tracking• Poor multi token
support• 10 second window• User presents
U2F
• BUT it’s the best we got
TeensyGap
TeensyGap-ed Raspberry Pi
Questions?
• Twitter: @Sc00bzT• GitHub: Sc00bz• Site: tobtu.com