KDFAES & Self-Encrypting Drives

Slides:



Advertisements
Similar presentations
Password Cracking Lesson 10. Why crack passwords?
Advertisements

NSRC Workshop Some fundamental security concerns... Confidentiality - could someone else read my data? Integrity - has my data been changed? Authentication.
Cryptography & Security Presented April 16, 2010 By Dave Stycos, Zocalo Data Systems.
Cryptography Basic (cont)
Chapter 5 Cryptography Protecting principals communication in systems.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Chapter 12 Cryptography (slides edited by Erin Chambers)
Fmdszqujpo! Encryption!. Encryption  Group Activity 1:  Take the message you were given, and create your own encryption.  You can encrypt it anyway.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
Crypto Bro Rigby. History
CHAPTER 6 Cryptography. An Overview It is origin from the Greek word kruptos which means hidden. The objective is to hide information so that only the.
TE/CS 536 Network Security Spring 2005 – Lecture 8 Security of symmetric algorithms.
Security fundamentals Topic 4 Encryption. Agenda Using encryption Cryptography Symmetric encryption Hash functions Public key encryption Applying cryptography.
PZAPR Parallel Zip Archive Password Recovery CSCI High Perf Sci Computing Univ. of Colorado Spring 2011 Neelam Agrawal Rodney Beede Yogesh Virkar.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
DES: Data Encryption Standard
CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
Computer Security By Rubel Biswas. Introduction History Terms & Definitions Symmetric and Asymmetric Attacks on Cryptosystems Outline.
The purpose of a CPU is to process data Custom written software is created for a user to meet exact purpose Off the shelf software is developed by a software.
Encryption with Keys and Passwords
iTWIN The Limitless - Pen drive
chownIoT Secure Handling of Smart Home IoT Devices Ownership Change
Security Using Armstrong Numbers and Authentication using Colors
Vocabulary Big Data - “Big data is a broad term for datasets so large or complex that traditional data processing applications are inadequate.” Moore’s.
Cracking Encrypted Systems
Symmetric Cryptography
Wireless Protocols WEP, WPA & WPA2.
IT443 – Network Security Administration Instructor: Bo Sheng
TinySec: Security for TinyOS
USAGE OF CRYPTOGRAPHY IN NETWORK SECURITY
Secure Software Confidentiality Integrity Data Security Authentication
Wireless Network Security
Controlling Computer-Based Information Systems, Part II
Principles of Encryption
Security and Encryption
Password Cracking Lesson 10.
Hardware Cryptographic Coprocessor
HEY DOUG HOW ARE YOU? NKE JUAM NUC GXK EUA. HEY DOUG HOW ARE YOU? NKE JUAM NUC GXK EUA.
ICS103 Programming in C Lecture 1: Overview of Computers & Programming
Outline Desirable characteristics of ciphers Uses of cryptography
Understanding the OSI Reference Model
Tutorial on Creating Certificates SSH Kerberos
Outline Desirable characteristics of ciphers Uses of cryptography
Digital Signatures Last Updated: Oct 14, 2017.
Security.
Crypto 101 & Password Cracking
Cryptographic Hash Functions Part I
Cryptography Basics and Symmetric Cryptography
Mumtaz Ali Rajput +92 – INFORMATION SECURITY – WEEK 5 Mumtaz Ali Rajput +92 – 301-
The Most Secure Cloud Storage Provider
Security through Encryption
PART VII Security.
Introduction to Symmetric-key and Public-key Cryptography
Protect Your Hardware from Hacking and Theft
– Chapter 3 – Device Security (B)
Block Ciphers and the Data Encryption Standard (DES)
Kiran Subramanyam Password Cracking 1.
Hiding Information, Encryption, and Bypasses
Engineering Secure Software
Security.
Security.
DISSERTATION ON CRYPTOGRAPHY.
Exercise: Hashing, Password security, And File Integrity
Erica Burch Jesse Forrest
Unit 32 Every class minute counts! 2 assignments 3 tasks/assignment
Cryptography Lecture 17.
Presentation transcript:

KDFAES & Self-Encrypting Drives Topics on Mainframe Encryption KDFAES & Self-Encrypting Drives Delivering the best in z services, skills, security and software.

Agenda Password Hashing & Encryption Self-Encrypting Drives “Trust us” Masking DES Cracking KDFAES Self-Encrypting Drives “Trust us” Facts Concerns

About RSM Pentesting & Security assessments for mainframe (IBM System Z) Globally recognized by IBM and others as experts in the field Develop niche mainframe software – makes it easier to administer securely Serve mainly large global financial, retail, and government organizations.

About Me 2 decades in Financial Services Managed global datacenter operations Led mainframe data / storage / recovery teams Started security in network, linux Like forensics, reversing, bits, bytes & assembler Speaker at DEF CON, Derbycon, SHARE, others Drives cars, motorcycles, boats, and airplanes

Part 1 PASSWORD storage

In the beginning was enc ryption oding Masking program ICHDEX01 – default for many years Even after DES came along Encodes password Shifting, AND’ing and XOR’ing No Salt Encoded representation stored in RACF database Trivial to reverse engineer and crack

Implementation of masking encoding / masking algorithm

Masking in action binary representation

Enter Lucifer Late 1970’s DES was the de facto NIST encryption standard for block ciphers Based on an IBM submitted algorithm code name Lucifer IBM adopted it as authentication mechanism in 1984 “High level of security [b/c] it is one-way” From IBM website Hashes not stored, encrypted UID is good practice, acts like a ‘salt’

DES is broken DES – Very quickly criticized as weak because small (56 bit) key size Compared to AES it is between 272 and 2200 times smaller key Actual cracking of the cipher (1997 – 1999) 72 quadrillion keys (2 ^ 56) RSA DES Challenge – 39 days EFF Deep Crack – $250k – 55 hours Collaboration – 22 hours

The industry leaves RACF behind Bitslice DES showed up in 1997 (sped up the algorithm, good for stream modes of block ciphers, bad for hashing, good for cracking!!) Some quick terms – cracking, brute force, exhaustive search Speedy hashes equal LESS security How to slow them down Iterations of hashes existed in the 1980s Key derivation functions arrived 1990s Rijndael accepted as Advanced Encryption Std. in 2001

Cracking & Keyspace Evolution Advances in password cracking force OEMs to increase keyspace RACF original keyspace 39 candidates, max 8 2005 RACF has mixed case 2007 9-100 length passphrase John the Ripper 1.0 came out in 1996, DES about 3k/s RACF algorithm added in 2013 RACFSnow N. Pentland - an optimized RACF cracker

Slower harder algorithm evolution Many GPU and Memory hard cracking functions have been available since DES became obsolete bcrypt released in 1999, de facto standard for BSD based ‘nix PBKDF2 – From RSA was released in 2000, with a recommendation of iteration count at 1000 (now upwards of 100,000) Colin Percival released scrypt in 2009 – so called sequential memory hard algorithm, designed to thwart ASICs used to brute force passwords

The GPU cracker – all bets are off 2007 introduced the influx of GPU based cracking Elcomsoft, OclHashcat, JtR (2011+) This made a bad situation worse How bad? Real Bad

A modern day test The challenger 6 GPUs 2 power supplies 2.7 Ghz Celeron CPU Total cost $3,000 Cracks RACF DES at Guesses as to H/S?? 11.9 Billion Hashes / Sec

What does 11BH/s mean to you? Your 8 char password is: Max time to brute force: Mixed + special (75) Mixed case (65) 10 new special (49) Original (39) Does not include password rules / lists 1 week 1 day 13 hours 7 hours 14 minutes 37 minutes Actual time to crack 50-75% of users would be far less

KDFAES – The new hope Late 2014 – APAR OA43999 Key Derivation Function (KDF) used to encrypt the user ID, much like original DES Backwards compatible Passwords converted with no user input Passphrases must be changed manually Built to be more future-proof (i.e. tunable) Memory factor (PMEM) Repetition factor (PREP) IBM have not released specifics publicly

KDFAES - Features Auto conversion for passwords (PWCONVERT) Password DES hash is input to KDFAES Speeds – slow, slower, slowest Defaults yield tremendously lowers hashes/second attempts How does that happen? Linear (serial) processing – subsequent steps depend on outcomes of intermediates Iteration counts starts in the hundreds of thousands Manipulating (relatively) high quantities of memory for each login, from 100s of KBs to many MBs.

What about changing that MF/RF? Per IBM - Not supported yet, but will function In other words ... don’t do this PREP range 50-1000 PMEM range 8-16 Update RACF database using BLKUPD Defaults are 0x0 (but use min values) Profile update when you change a password Viewable after changing in the RACF database Also viewable in the RACF CVT

New Database Format – Let’s peek PWDX_ Const. Mem Factor Rep Count

Theme and variations – Parms & Phrases 0x4000=Phrase 0x8000=Pass Updated Parms

DES v. KDFAES – execution time Algorithm – (MF,RF) Test system run time DES – Original KDFAES – (8,50) *Default KDFAES – (9,64) KDFAES – (11,50) KDFAES – (10,1000) KDFAES – (16,50) KDFAES – (16,1000) 337 Nanoseconds (10-9) 46 Milliseconds (10-3) 0.12 Seconds 0.34 Seconds 3.14 Seconds 10.60 Seconds 3.75 Minutes 

Self-encrypting drives “trust us” Part 2 Self-encrypting drives “trust us”

Self-encrypting drives Who can tell me what a (henceforth referred to as SED) Self-Encrypting drive is? Drive which all bits written flow through symmetric encryption algorithm located in drive firmware Who can tell me what one of the use cases are for its existence? Theft / Loss of a drive Resale / repurpose of a drive Who can tell me what SEDs do not protect against? Unauthorized access while unlocked / powered up

SED Facts DEK – Data Encrypting Key. Set initially at factory DEK can be regenerated Key encrypting key (a.k.a AK – Access Key) – set by user Encryption is “active” all the time, viable when AK set Symmetric DEK is non-exportable Algorithm implementation non-exportable Cipher text (the encrypted data) is irretrievable

SED Facts cont’d Reading / Writing drive is transparent once unlocked (or if key not set) Locked drives, when read, produce read errors or possibly zeroes, if they are readable at all Cryptographic sanitization “wiping” of the drive involves changing the DEK Meets the gov’t FIPS 140-2 requirement for cryptographic devices Opal V2 published by the Trusted Computing Group dictates the current accepted specification

Opal Specification V2 Protect the confidentiality of stored user data against unauthorized access once it leaves the owner's control (involving a power cycle and subsequent deauthentication) The rest is about authentication mechanisms, feature sets, and specifications about how the storage device should conform to policy controls Basically it is a thick communications protocol for drives which have these features

Great! I don’t have to worry about the developer having the key. But: Opal FAQ Great! I don’t have to worry about the developer having the key. But: What about the algorithm? What about the implementation? Don’t need to trust the key – you can change it!

Why worry about the algorithm? Many precedents for flawed algorithms and backdoors Juniper – Backdoor discovered from 2008 Fortinet – 2013 / 2014 had hard coded passwords in ssh Multiple SOHO routers NETGEAR, D-link, Belkin (Just to name a few) RNG integrity 2008 Debian Linux – Only 32,768 possible randoms Dual EC DRBG Data integrity

Parting thoughts Cryptography is very hard to do correctly What risk are you trying to mitigate? Do you need to worry about false sense of security? Is hiding the implementation and key an acceptable way for your organization to implement cryptographic solutions? Would you accept an untestable solution elsewhere? Firewall, IDS / IPS What about firmware updates, 1x vs 10,000x ?

Better solutions Move your crypto up the stack to the application level Keys derived from those with need to know only For in-place data-at-rest crypto use: In line cryptographic cards, with configurable algorithm and keys Operating system level whole disk encryption Possibly 3rd party products Only use peer reviewed, and open or verifiable implementations

Questions

Links http://www-03.ibm.com/systems/z/os/zos/features/racf/racfhist.html http://www.openwall.com/lists/john-users/2015/09/10/4 http://www.trustedcomputinggroup.org/resources/commonly_asked_questions_and_answers_on_selfencrypting_drives http://www.openwall.com/presentations/Passwords12-The-Future-Of-Hashing/

Contact Chad Rikansrud, RSM Partners chadr@rsmpartners.com mobile: 1 (612) 424-2333 www.rsmpartners.com