SlideShare une entreprise Scribd logo

Sullivan red october-oscon-2014

Cloudflare
Cloudflare

This talk is about the creation of a new security tool, Red October. Red October can be used to enforce the two-person rule for access to critical data, helping keep company data protected from insider threats. The security industry tends to be less open about the details of how their software works than other parts of the software industry. This project was created to tackle the practical challenges of traditional security compliance, but inspired by an open source mentality. By taking a vague set of regulatory requirements we devised a user-friendly tool that solves a broader problem that is an issue for many small organizations. This talk will teach people about cryptography and division of responsibility in key management, a very important consideration when moving a business to the cloud. It will also help show where to draw the line between using existing cryptographic and security mechanisms, and building your own.

Internet
1  sur  51
Télécharger pour lire hors ligne
Red October Implementing the Two-man Rule for Keeping Secrets July 23, 2014 ! Nick Sullivan @grittygrease github.com/cloudflare/redoctober
Red October • A deployment story • Secrets and threats • Two-person rule as a service • Software design • Future directions 2
Deployment Story Sneakernets and evidence bags 3
Sneakernet Deployment 4
Sneakernet Deployment • Trusted engineer as build engineer • Secret kept on build machine • Check out tag • Compile • Burn to writable CD/DVD - Gold Master • Deploy via sneakernet 5
Sneakernet Deployment - Pros • High amount of physical security • Deniability • Exercise? 6
Sneakernet Deployment - Cons • Inconvenient and slow • “Trusted” engineers can leave • Some secrets too sensitive to be revoked 7
Secrets Can they be kept? 8
Secret Types • Credentials • Cryptographic keys 9
Threats to secrets 10
Threats to secrets • Insider threat — don’t trust access control ! • Insecure build machine • Insecure production environment • Binary disclosure 11
Suggestions from compliance • PCI DSS requirement 3.5.2 • Encrypt them with a key-encrypting key that is at least as strong as the data-encrypting key and stored in a separate location • Store them within a secure cryptographic device • Store them in two pieces 12
Improving the secret management • Encrypt with PGP • Check into SCM ! • Problem: single admin can walk off with secrets 13
Multi-person build 14 • Two person rule • Also called m of n
Improving the secret management • Double-encrypt • Two engineers need to PGP decrypt secret ! ! • Hard to use in practice: no remote PGP decrypt • PGP/GnuPG not the right tool for the job 15
Double-encrypt as a service aka Red October 16
WARNING 1. Don’t roll your own crypto 2. Or your own key management software ! • But if you do, open source it and ask for help 17
What the service needs to do • Encrypt secrets • Only decrypt secrets if the right people approve it • Fit into an automated workflow 18
What the service does not need to do • Store encrypted data 19
Red October 20
Cryptography 21 • No new crypto • AES, RSA, scrypt • Elliptic curve cryptography (ECC)
It’s about layers 22
23
24
Passwords are fundamental 25 • In login: hashed+salted passwords are compared • In Red October: hashed+salted passwords are the key ! • Server can’t decrypt secrets without password
Usage 26 • Run Red October • pick a port • use a TLS certificate + key • JSON API or Web interface • Create admin account • Create user accounts
Usage 27 • Encrypt data to a set of users • only needs public key • Users delegate their key for time or number of usages • Admins can decrypt if enough users are delegated
Web interface 28
Web interface demo 29
Why is this in Go? And how does the code work? 30
Why Go? 31 • easy and fun to write • JSON serialization a snap • simple to set up TLS 1.2 server • simple to make servers multi-threaded • crypto baked in • simplified deployment
Golang features used 32 • Structs are serialized and deserialized to JSON automatically • Caps means public, missing means native zero • json.Marshal type delegate struct {! ! Name string! ! Password string! ! ! Time string! Uses int! admin bool! } {“Name":"Bob",! “Password":"Rob",! “Time":"2h",! "Uses":1}
Golang features used 33 • Built in TLS support (tls.NewListener) config := tls.Config{! Certificates: []tls.Certificate{cert},! Rand: rand.Reader,! PreferServerCipherSuites: true,! SessionTicketsDisabled: true,! }! ! ! lstnr := tls.NewListener(conn, &config)
Golang features used 34 • goroutines and channels for multi-processor support runtime.GOMAXPROCS(runtime.NumCPU())! ! process := make(chan userRequest)! go func() {! for {! req := <-process! if f, ok := functions[req.rt]; ok {! r, err := f(req.in)! if err == nil {! req.resp <- r! } else {! log.Printf("Error handling %s: %sn", req.rt, err)! }
Golang features used 35 • go crypto • Support for RSA, AES, ECC, HMAC in standard library // encrypt! aesSession, err := aes.NewCipher(aesKey)! if err != nil {! return! }! out = make([]byte, 16)! aesSession.Encrypt(out, in)
Golang features used 36 • Deployment • no dependencies! • single binary
Code Structure 37 • cryptor: encryption and decryption of data • keycache: storage of live encryption/decryption keys • passvault: management of disk vault • core: API interface • redoctober: https server
Who uses it? 38 • TheGoodData (https://thegooddata.org:81) • U.S. Navy • More people and projects (let me know!)
Drawbacks i.e. what to fix 39
Design Drawbacks 40 • No password recovery (the password is the key)
Current Implementation Drawbacks 41 • 2 of m only • No two-factor auth, or key-based authentication (like ssh) • Awkward workflow • No delegation granularity • No secure hardware support
Red October 2 42
2 of m only 43 • Adding support for Shamir’s scheme
Key-based authentication 44 • Add support for PGP-based replacement of passwords • Sign a challenge instead of providing a password
Awkward workflow 45 • Delegation has to happen before build — bad workflow ! • New push-based system • Decryption request triggers push notification to file owners • Delegation request in a mobile app or email • Details visible to delegators
Granularity of delegation 46 • All-or-nothing right now, good for one secret per server • Only admins can encrypt/decrypt ! • Delegators can choose which users can decrypt which files
Secure hardware device 47 • Build into HSM • Keys backed by TPM
Solving the insider threat 48
Conclusions 49 • Does this solve the insider threat? ! • Red October server does not get secrets without passwords • Admin of build machine gets temporary access — automate secret deletion? • Who created the secret in the first place? • What about build artifacts or binary disassembly?
Open Questions 50 • How to securely create secrets • Secure multi-party computation? • How to adapt Red October to other types of services • API keys • SSL private keys
Red October Implementing the Two-man Rule for Keeping Secrets July 23, 2014 ! Nick Sullivan @grittygrease github.com/cloudflare/redoctober

Recommandé

Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014
Cloudflare
 
Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014
Cloudflare
 
Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014
Cloudflare
 
Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013
Cloudflare
 
Running Secure Server Software on Insecure Hardware Without Parachute
Running Secure Server Software on Insecure Hardware Without ParachuteRunning Secure Server Software on Insecure Hardware Without Parachute
Running Secure Server Software on Insecure Hardware Without Parachute
Cloudflare
 
Botconf ppt
Botconf pptBotconf ppt
Botconf ppt
Cloudflare
 
Virus Bulletin 2012
Virus Bulletin 2012Virus Bulletin 2012
Virus Bulletin 2012
Cloudflare
 
Overview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for youOverview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for you
Cloudflare
 

Recommandé

Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014
Cloudflare
 
Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014
Cloudflare
 
Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014
Cloudflare
 
Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013
Cloudflare
 
Running Secure Server Software on Insecure Hardware Without Parachute
Running Secure Server Software on Insecure Hardware Without ParachuteRunning Secure Server Software on Insecure Hardware Without Parachute
Running Secure Server Software on Insecure Hardware Without Parachute
Cloudflare
 
Botconf ppt
Botconf pptBotconf ppt
Botconf ppt
Cloudflare
 
Virus Bulletin 2012
Virus Bulletin 2012Virus Bulletin 2012
Virus Bulletin 2012
Cloudflare
 
Overview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for youOverview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for you
Cloudflare
 
MRA AMA Part 8: Secure Inter-Service Communication
MRA AMA Part 8: Secure Inter-Service CommunicationMRA AMA Part 8: Secure Inter-Service Communication
MRA AMA Part 8: Secure Inter-Service Communication
NGINX, Inc.
 
MRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker PatternMRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker Pattern
NGINX, Inc.
 
Monitoring Highly Dynamic and Distributed Systems with NGINX Amplify
Monitoring Highly Dynamic and Distributed Systems with NGINX AmplifyMonitoring Highly Dynamic and Distributed Systems with NGINX Amplify
Monitoring Highly Dynamic and Distributed Systems with NGINX Amplify
NGINX, Inc.
 
Secure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAFSecure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAF
NGINX, Inc.
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open SourceTLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
NGINX, Inc.
 
An analysis of TLS handshake proxying
An analysis of TLS handshake proxyingAn analysis of TLS handshake proxying
An analysis of TLS handshake proxying
Nick Sullivan
 
The 3 Models in the NGINX Microservices Reference Architecture
The 3 Models in the NGINX Microservices Reference ArchitectureThe 3 Models in the NGINX Microservices Reference Architecture
The 3 Models in the NGINX Microservices Reference Architecture
NGINX, Inc.
 
Improve App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX AmplifyImprove App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX Amplify
NGINX, Inc.
 
NGINX Plus R18: What's new
NGINX Plus R18: What's newNGINX Plus R18: What's new
NGINX Plus R18: What's new
NGINX, Inc.
 
Running a Robust DNS Infrastructure with CloudFlare Virtual DNS
Running a Robust DNS Infrastructure with CloudFlare Virtual DNSRunning a Robust DNS Infrastructure with CloudFlare Virtual DNS
Running a Robust DNS Infrastructure with CloudFlare Virtual DNS
Cloudflare
 
APIs: Intelligent Routing, Security, & Management
APIs: Intelligent Routing, Security, & ManagementAPIs: Intelligent Routing, Security, & Management
APIs: Intelligent Routing, Security, & Management
NGINX, Inc.
 
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlareSurviving A DDoS Attack: Securing CDN Traffic at CloudFlare
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare
Cloudflare
 
Attacking VPN's
Attacking VPN'sAttacking VPN's
Attacking VPN's
n|u - The Open Security Community
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEATLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
NGINX, Inc.
 
What's new in NGINX Plus R19
What's new in NGINX Plus R19What's new in NGINX Plus R19
What's new in NGINX Plus R19
NGINX, Inc.
 
Linux routing and firewall for beginners
Linux routing and firewall for beginnersLinux routing and firewall for beginners
Linux routing and firewall for beginners
n|u - The Open Security Community
 
Scale your application to new heights with NGINX and AWS
Scale your application to new heights with NGINX and AWSScale your application to new heights with NGINX and AWS
Scale your application to new heights with NGINX and AWS
NGINX, Inc.
 
SSL for SaaS Providers
SSL for SaaS ProvidersSSL for SaaS Providers
SSL for SaaS Providers
Cloudflare
 
Bringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the MainstreamBringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the Mainstream
Nick Sullivan
 
NGINX, Istio, and the Move to Microservices and Service Mesh
NGINX, Istio, and the Move to Microservices and Service MeshNGINX, Istio, and the Move to Microservices and Service Mesh
NGINX, Istio, and the Move to Microservices and Service Mesh
NGINX, Inc.
 
Go Containers
Go ContainersGo Containers
Go Containers
Cloudflare
 
Secure 2013 Poland
Secure 2013 PolandSecure 2013 Poland
Secure 2013 Poland
Cloudflare
 

Contenu connexe

Tendances

MRA AMA Part 8: Secure Inter-Service Communication
MRA AMA Part 8: Secure Inter-Service CommunicationMRA AMA Part 8: Secure Inter-Service Communication
MRA AMA Part 8: Secure Inter-Service Communication
NGINX, Inc.
 
MRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker PatternMRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker Pattern
NGINX, Inc.
 
Monitoring Highly Dynamic and Distributed Systems with NGINX Amplify
Monitoring Highly Dynamic and Distributed Systems with NGINX AmplifyMonitoring Highly Dynamic and Distributed Systems with NGINX Amplify
Monitoring Highly Dynamic and Distributed Systems with NGINX Amplify
NGINX, Inc.
 
Secure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAFSecure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAF
NGINX, Inc.
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open SourceTLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
NGINX, Inc.
 
The 3 Models in the NGINX Microservices Reference Architecture
The 3 Models in the NGINX Microservices Reference ArchitectureThe 3 Models in the NGINX Microservices Reference Architecture
The 3 Models in the NGINX Microservices Reference Architecture
NGINX, Inc.
 
Improve App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX AmplifyImprove App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX Amplify
NGINX, Inc.
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEATLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
NGINX, Inc.
 
Bringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the MainstreamBringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the Mainstream
Nick Sullivan
 
NGINX, Istio, and the Move to Microservices and Service Mesh
NGINX, Istio, and the Move to Microservices and Service MeshNGINX, Istio, and the Move to Microservices and Service Mesh
NGINX, Istio, and the Move to Microservices and Service Mesh
NGINX, Inc.
 

Tendances (20)

MRA AMA Part 8: Secure Inter-Service Communication
MRA AMA Part 8: Secure Inter-Service CommunicationMRA AMA Part 8: Secure Inter-Service Communication
MRA AMA Part 8: Secure Inter-Service Communication
 
MRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker PatternMRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker Pattern
 
Monitoring Highly Dynamic and Distributed Systems with NGINX Amplify
Monitoring Highly Dynamic and Distributed Systems with NGINX AmplifyMonitoring Highly Dynamic and Distributed Systems with NGINX Amplify
Monitoring Highly Dynamic and Distributed Systems with NGINX Amplify
 
Secure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAFSecure Your Apps with NGINX Plus and the ModSecurity WAF
Secure Your Apps with NGINX Plus and the ModSecurity WAF
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open SourceTLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
 
An analysis of TLS handshake proxying
An analysis of TLS handshake proxyingAn analysis of TLS handshake proxying
An analysis of TLS handshake proxying
 
The 3 Models in the NGINX Microservices Reference Architecture
The 3 Models in the NGINX Microservices Reference ArchitectureThe 3 Models in the NGINX Microservices Reference Architecture
The 3 Models in the NGINX Microservices Reference Architecture
 
Improve App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX AmplifyImprove App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX Amplify
 
NGINX Plus R18: What's new
NGINX Plus R18: What's newNGINX Plus R18: What's new
NGINX Plus R18: What's new
 
Running a Robust DNS Infrastructure with CloudFlare Virtual DNS
Running a Robust DNS Infrastructure with CloudFlare Virtual DNSRunning a Robust DNS Infrastructure with CloudFlare Virtual DNS
Running a Robust DNS Infrastructure with CloudFlare Virtual DNS
 
APIs: Intelligent Routing, Security, & Management
APIs: Intelligent Routing, Security, & ManagementAPIs: Intelligent Routing, Security, & Management
APIs: Intelligent Routing, Security, & Management
 
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlareSurviving A DDoS Attack: Securing CDN Traffic at CloudFlare
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare
 
Attacking VPN's
Attacking VPN'sAttacking VPN's
Attacking VPN's
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEATLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
 
What's new in NGINX Plus R19
What's new in NGINX Plus R19What's new in NGINX Plus R19
What's new in NGINX Plus R19
 
Linux routing and firewall for beginners
Linux routing and firewall for beginnersLinux routing and firewall for beginners
Linux routing and firewall for beginners
 
Scale your application to new heights with NGINX and AWS
Scale your application to new heights with NGINX and AWSScale your application to new heights with NGINX and AWS
Scale your application to new heights with NGINX and AWS
 
SSL for SaaS Providers
SSL for SaaS ProvidersSSL for SaaS Providers
SSL for SaaS Providers
 
Bringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the MainstreamBringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the Mainstream
 
NGINX, Istio, and the Move to Microservices and Service Mesh
NGINX, Istio, and the Move to Microservices and Service MeshNGINX, Istio, and the Move to Microservices and Service Mesh
NGINX, Istio, and the Move to Microservices and Service Mesh
 

En vedette

Secure 2013 Poland
Secure 2013 PolandSecure 2013 Poland
Secure 2013 Poland
Cloudflare
 
CloudFlare - The Heartbleed Bug - Webinar
CloudFlare - The Heartbleed Bug - WebinarCloudFlare - The Heartbleed Bug - Webinar
CloudFlare - The Heartbleed Bug - Webinar
Cloudflare
 
Managing Traffic Spikes This Holiday Season
Managing Traffic Spikes This Holiday Season Managing Traffic Spikes This Holiday Season
Managing Traffic Spikes This Holiday Season
Cloudflare
 
WordPress London Meetup January 2012
WordPress London Meetup January 2012WordPress London Meetup January 2012
WordPress London Meetup January 2012
Cloudflare
 
How to Meet FFIEC Regulations and Protect Your Bank from Cyber Attacks
How to Meet FFIEC Regulations and Protect Your Bank from Cyber AttacksHow to Meet FFIEC Regulations and Protect Your Bank from Cyber Attacks
How to Meet FFIEC Regulations and Protect Your Bank from Cyber Attacks
Cloudflare
 
Go Profiling - John Graham-Cumming
Go Profiling - John Graham-Cumming Go Profiling - John Graham-Cumming
Go Profiling - John Graham-Cumming
Cloudflare
 
Hardening Microservices Security: Building a Layered Defense Strategy
Hardening Microservices Security: Building a Layered Defense StrategyHardening Microservices Security: Building a Layered Defense Strategy
Hardening Microservices Security: Building a Layered Defense Strategy
Cloudflare
 

En vedette (15)

Go Containers
Go ContainersGo Containers
Go Containers
 
Secure 2013 Poland
Secure 2013 PolandSecure 2013 Poland
Secure 2013 Poland
 
CloudFlare - The Heartbleed Bug - Webinar
CloudFlare - The Heartbleed Bug - WebinarCloudFlare - The Heartbleed Bug - Webinar
CloudFlare - The Heartbleed Bug - Webinar
 
SortaSQL
SortaSQLSortaSQL
SortaSQL
 
Managing Traffic Spikes This Holiday Season
Managing Traffic Spikes This Holiday Season Managing Traffic Spikes This Holiday Season
Managing Traffic Spikes This Holiday Season
 
WordPress London Meetup January 2012
WordPress London Meetup January 2012WordPress London Meetup January 2012
WordPress London Meetup January 2012
 
How to Meet FFIEC Regulations and Protect Your Bank from Cyber Attacks
How to Meet FFIEC Regulations and Protect Your Bank from Cyber AttacksHow to Meet FFIEC Regulations and Protect Your Bank from Cyber Attacks
How to Meet FFIEC Regulations and Protect Your Bank from Cyber Attacks
 
A Channel Compendium
A Channel CompendiumA Channel Compendium
A Channel Compendium
 
Go Profiling - John Graham-Cumming
Go Profiling - John Graham-Cumming Go Profiling - John Graham-Cumming
Go Profiling - John Graham-Cumming
 
Hardening Microservices Security: Building a Layered Defense Strategy
Hardening Microservices Security: Building a Layered Defense StrategyHardening Microservices Security: Building a Layered Defense Strategy
Hardening Microservices Security: Building a Layered Defense Strategy
 
Latest Trends in Web Application Security
Latest Trends in Web Application SecurityLatest Trends in Web Application Security
Latest Trends in Web Application Security
 
F5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini Summit
F5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini SummitF5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini Summit
F5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini Summit
 
Taking the Fear out of WAF
Taking the Fear out of WAFTaking the Fear out of WAF
Taking the Fear out of WAF
 
Dualacy chap 1 fresh fw 1
Dualacy chap 1 fresh fw 1Dualacy chap 1 fresh fw 1
Dualacy chap 1 fresh fw 1
 
CMC Teacher Education SIG Presentation; Kurek
CMC Teacher Education SIG Presentation; KurekCMC Teacher Education SIG Presentation; Kurek
CMC Teacher Education SIG Presentation; Kurek
 

Similaire à Sullivan red october-oscon-2014

BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
Joff Thyer
 
Mitigate potential compliance risks
Mitigate potential compliance risksMitigate potential compliance risks
Mitigate potential compliance risks
Jürgen Brüder
 
Socially Acceptable Methods to Walk in the Front Door
Socially Acceptable Methods to Walk in the Front DoorSocially Acceptable Methods to Walk in the Front Door
Socially Acceptable Methods to Walk in the Front Door
Mike Felch
 
Fun With SHA2 Certificates
Fun With SHA2 CertificatesFun With SHA2 Certificates
Fun With SHA2 Certificates
Gabriella Davis
 
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
Puppet
 
Kubernetes and container security
Kubernetes and container securityKubernetes and container security
Kubernetes and container security
Volodymyr Shynkar
 
Offensive Python for Pentesting
Offensive Python for PentestingOffensive Python for Pentesting
Offensive Python for Pentesting
Mike Felch
 

Similaire à Sullivan red october-oscon-2014 (20)

BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
 
Global Software Development powered by Perforce
Global Software Development powered by PerforceGlobal Software Development powered by Perforce
Global Software Development powered by Perforce
 
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
 
Security research over Windows #defcon china
Security research over Windows #defcon chinaSecurity research over Windows #defcon china
Security research over Windows #defcon china
 
Discovering Vulnerabilities For Fun and Profit
Discovering Vulnerabilities For Fun and ProfitDiscovering Vulnerabilities For Fun and Profit
Discovering Vulnerabilities For Fun and Profit
 
Intro to sysdig in 15 minutes
Intro to sysdig in 15 minutesIntro to sysdig in 15 minutes
Intro to sysdig in 15 minutes
 
Mitigate potential compliance risks
Mitigate potential compliance risksMitigate potential compliance risks
Mitigate potential compliance risks
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure code
 
Managing your secrets in a cloud environment
Managing your secrets in a cloud environmentManaging your secrets in a cloud environment
Managing your secrets in a cloud environment
 
Socially Acceptable Methods to Walk in the Front Door
Socially Acceptable Methods to Walk in the Front DoorSocially Acceptable Methods to Walk in the Front Door
Socially Acceptable Methods to Walk in the Front Door
 
Malware cryptomining uploadv3
Malware cryptomining uploadv3Malware cryptomining uploadv3
Malware cryptomining uploadv3
 
Fun With SHA2 Certificates
Fun With SHA2 CertificatesFun With SHA2 Certificates
Fun With SHA2 Certificates
 
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
 
Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)
 
Kubernetes and container security
Kubernetes and container securityKubernetes and container security
Kubernetes and container security
 
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami LaihoCSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
 
Crypto Miners in the Cloud
Crypto Miners in the CloudCrypto Miners in the Cloud
Crypto Miners in the Cloud
 
DevOpsCon 2015 - DevOps in Mobile Games
DevOpsCon 2015 - DevOps in Mobile GamesDevOpsCon 2015 - DevOps in Mobile Games
DevOpsCon 2015 - DevOps in Mobile Games
 
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014
 
Offensive Python for Pentesting
Offensive Python for PentestingOffensive Python for Pentesting
Offensive Python for Pentesting
 

Plus de Cloudflare

Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)
Cloudflare
 
Close your security gaps and get 100% of your traffic protected with Cloudflare
Close your security gaps and get 100% of your traffic protected with CloudflareClose your security gaps and get 100% of your traffic protected with Cloudflare
Close your security gaps and get 100% of your traffic protected with Cloudflare
Cloudflare
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
Cloudflare
 
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
Cloudflare
 
Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)
Cloudflare
 
Strengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providersStrengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providers
Cloudflare
 
It’s 9AM... Do you know what’s happening on your network?
It’s 9AM... Do you know what’s happening on your network?It’s 9AM... Do you know what’s happening on your network?
It’s 9AM... Do you know what’s happening on your network?
Cloudflare
 
Bring speed and security to the intranet with cloudflare for teams
Bring speed and security to the intranet with cloudflare for teamsBring speed and security to the intranet with cloudflare for teams
Bring speed and security to the intranet with cloudflare for teams
Cloudflare
 
Accelerate your digital transformation
Accelerate your digital transformationAccelerate your digital transformation
Accelerate your digital transformation
Cloudflare
 

Plus de Cloudflare (20)

Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)
 
Close your security gaps and get 100% of your traffic protected with Cloudflare
Close your security gaps and get 100% of your traffic protected with CloudflareClose your security gaps and get 100% of your traffic protected with Cloudflare
Close your security gaps and get 100% of your traffic protected with Cloudflare
 
Why you should replace your d do s hardware appliance
Why you should replace your d do s hardware applianceWhy you should replace your d do s hardware appliance
Why you should replace your d do s hardware appliance
 
Don't Let Bots Ruin Your Holiday Business - Snackable Webinar
Don't Let Bots Ruin Your Holiday Business - Snackable WebinarDon't Let Bots Ruin Your Holiday Business - Snackable Webinar
Don't Let Bots Ruin Your Holiday Business - Snackable Webinar
 
Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021
 
HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...
HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...
HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
 
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
 
Network Transformation: What it is, and how it’s helping companies stay secur...
Network Transformation: What it is, and how it’s helping companies stay secur...Network Transformation: What it is, and how it’s helping companies stay secur...
Network Transformation: What it is, and how it’s helping companies stay secur...
 
Scaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-serviceScaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-service
 
Application layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare dataApplication layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare data
 
Recent DDoS attack trends, and how you should respond
Recent DDoS attack trends, and how you should respondRecent DDoS attack trends, and how you should respond
Recent DDoS attack trends, and how you should respond
 
Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)
 
Strengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providersStrengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providers
 
Kentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks
Kentik and Cloudflare Partner to Mitigate Advanced DDoS AttacksKentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks
Kentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks
 
Stopping DDoS Attacks in North America
Stopping DDoS Attacks in North AmericaStopping DDoS Attacks in North America
Stopping DDoS Attacks in North America
 
It’s 9AM... Do you know what’s happening on your network?
It’s 9AM... Do you know what’s happening on your network?It’s 9AM... Do you know what’s happening on your network?
It’s 9AM... Do you know what’s happening on your network?
 
Cyber security fundamentals (simplified chinese)
Cyber security fundamentals (simplified chinese)Cyber security fundamentals (simplified chinese)
Cyber security fundamentals (simplified chinese)
 
Bring speed and security to the intranet with cloudflare for teams
Bring speed and security to the intranet with cloudflare for teamsBring speed and security to the intranet with cloudflare for teams
Bring speed and security to the intranet with cloudflare for teams
 
Accelerate your digital transformation
Accelerate your digital transformationAccelerate your digital transformation
Accelerate your digital transformation
 

Dernier

Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Monica Sydney
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
ayvbos
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Monica Sydney
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
ydyuyu
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Monica Sydney
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
ydyuyu
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
ayvbos
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
Asmae Rabhi
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
JOHNBEBONYAP1
 

Dernier (20)

Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 

Sullivan red october-oscon-2014

  • 1. Red October Implementing the Two-man Rule for Keeping Secrets July 23, 2014 ! Nick Sullivan @grittygrease github.com/cloudflare/redoctober
  • 2. Red October • A deployment story • Secrets and threats • Two-person rule as a service • Software design • Future directions 2
  • 3. Deployment Story Sneakernets and evidence bags 3
  • 5. Sneakernet Deployment • Trusted engineer as build engineer • Secret kept on build machine • Check out tag • Compile • Burn to writable CD/DVD - Gold Master • Deploy via sneakernet 5
  • 6. Sneakernet Deployment - Pros • High amount of physical security • Deniability • Exercise? 6
  • 7. Sneakernet Deployment - Cons • Inconvenient and slow • “Trusted” engineers can leave • Some secrets too sensitive to be revoked 7
  • 8. Secrets Can they be kept? 8
  • 9. Secret Types • Credentials • Cryptographic keys 9
  • 11. Threats to secrets • Insider threat — don’t trust access control ! • Insecure build machine • Insecure production environment • Binary disclosure 11
  • 12. Suggestions from compliance • PCI DSS requirement 3.5.2 • Encrypt them with a key-encrypting key that is at least as strong as the data-encrypting key and stored in a separate location • Store them within a secure cryptographic device • Store them in two pieces 12
  • 13. Improving the secret management • Encrypt with PGP • Check into SCM ! • Problem: single admin can walk off with secrets 13
  • 14. Multi-person build 14 • Two person rule • Also called m of n
  • 15. Improving the secret management • Double-encrypt • Two engineers need to PGP decrypt secret ! ! • Hard to use in practice: no remote PGP decrypt • PGP/GnuPG not the right tool for the job 15
  • 16. Double-encrypt as a service aka Red October 16
  • 17. WARNING 1. Don’t roll your own crypto 2. Or your own key management software ! • But if you do, open source it and ask for help 17
  • 18. What the service needs to do • Encrypt secrets • Only decrypt secrets if the right people approve it • Fit into an automated workflow 18
  • 19. What the service does not need to do • Store encrypted data 19
  • 21. Cryptography 21 • No new crypto • AES, RSA, scrypt • Elliptic curve cryptography (ECC)
  • 23. 23
  • 24. 24
  • 25. Passwords are fundamental 25 • In login: hashed+salted passwords are compared • In Red October: hashed+salted passwords are the key ! • Server can’t decrypt secrets without password
  • 26. Usage 26 • Run Red October • pick a port • use a TLS certificate + key • JSON API or Web interface • Create admin account • Create user accounts
  • 27. Usage 27 • Encrypt data to a set of users • only needs public key • Users delegate their key for time or number of usages • Admins can decrypt if enough users are delegated
  • 30. Why is this in Go? And how does the code work? 30
  • 31. Why Go? 31 • easy and fun to write • JSON serialization a snap • simple to set up TLS 1.2 server • simple to make servers multi-threaded • crypto baked in • simplified deployment
  • 32. Golang features used 32 • Structs are serialized and deserialized to JSON automatically • Caps means public, missing means native zero • json.Marshal type delegate struct {! ! Name string! ! Password string! ! ! Time string! Uses int! admin bool! } {“Name":"Bob",! “Password":"Rob",! “Time":"2h",! "Uses":1}
  • 33. Golang features used 33 • Built in TLS support (tls.NewListener) config := tls.Config{! Certificates: []tls.Certificate{cert},! Rand: rand.Reader,! PreferServerCipherSuites: true,! SessionTicketsDisabled: true,! }! ! ! lstnr := tls.NewListener(conn, &config)
  • 34. Golang features used 34 • goroutines and channels for multi-processor support runtime.GOMAXPROCS(runtime.NumCPU())! ! process := make(chan userRequest)! go func() {! for {! req := <-process! if f, ok := functions[req.rt]; ok {! r, err := f(req.in)! if err == nil {! req.resp <- r! } else {! log.Printf("Error handling %s: %sn", req.rt, err)! }
  • 35. Golang features used 35 • go crypto • Support for RSA, AES, ECC, HMAC in standard library // encrypt! aesSession, err := aes.NewCipher(aesKey)! if err != nil {! return! }! out = make([]byte, 16)! aesSession.Encrypt(out, in)
  • 36. Golang features used 36 • Deployment • no dependencies! • single binary
  • 37. Code Structure 37 • cryptor: encryption and decryption of data • keycache: storage of live encryption/decryption keys • passvault: management of disk vault • core: API interface • redoctober: https server
  • 38. Who uses it? 38 • TheGoodData (https://thegooddata.org:81) • U.S. Navy • More people and projects (let me know!)
  • 39. Drawbacks i.e. what to fix 39
  • 40. Design Drawbacks 40 • No password recovery (the password is the key)
  • 41. Current Implementation Drawbacks 41 • 2 of m only • No two-factor auth, or key-based authentication (like ssh) • Awkward workflow • No delegation granularity • No secure hardware support
  • 43. 2 of m only 43 • Adding support for Shamir’s scheme
  • 44. Key-based authentication 44 • Add support for PGP-based replacement of passwords • Sign a challenge instead of providing a password
  • 45. Awkward workflow 45 • Delegation has to happen before build — bad workflow ! • New push-based system • Decryption request triggers push notification to file owners • Delegation request in a mobile app or email • Details visible to delegators
  • 46. Granularity of delegation 46 • All-or-nothing right now, good for one secret per server • Only admins can encrypt/decrypt ! • Delegators can choose which users can decrypt which files
  • 47. Secure hardware device 47 • Build into HSM • Keys backed by TPM
  • 48. Solving the insider threat 48
  • 49. Conclusions 49 • Does this solve the insider threat? ! • Red October server does not get secrets without passwords • Admin of build machine gets temporary access — automate secret deletion? • Who created the secret in the first place? • What about build artifacts or binary disassembly?
  • 50. Open Questions 50 • How to securely create secrets • Secure multi-party computation? • How to adapt Red October to other types of services • API keys • SSL private keys
  • 51. Red October Implementing the Two-man Rule for Keeping Secrets July 23, 2014 ! Nick Sullivan @grittygrease github.com/cloudflare/redoctober