Patterns: authentication

March 5th, 2016

The server generally authenticates to the client by its SSL certificate. One very popular way of doing this is to have the client trust a well known authority, a certificate authority (CA) and then verify that the name of the server’s certificate matches expectations, and that the server’s certificate is signed by the CA and not yet expired. This is an excellent method if previously unknown clients do drive-by connections to the server, but has no real value if all the clients are pre-approved for a particular service on a group of particular servers. In that case, it’s just as easy, much cheaper, and arguably more secure, to provide all the clients with the server’s public certificate ahead of time, during installation, and let them verify the server certificate against that public key. 

But how do we authenticate a client to the server? Well, we provide the server with the client’s public key during installation and then verify that we have the right client on the line during connections.

We could let the client authenticate against the server using the built-in mechanisms in HTTPS, but the disadvantages of that are numerous, not least of which is getting it to work, and maintaining it over any number of operating system updates. “Fun” is not the name of that game. Another major disadvantage is that the protection and authentication that comes from the HTTPS session are ephemeral; they don’t leave a permanent record. If you want to verify after the fact that a particular connection was encrypted and verified using HTTPS, all you have to go on are textual logs that say so. You can’t really prove it.

What I’m describing now is under the precondition that you’ve set up a key pair for the server, and a key pair for the client, before time and that both parties have the other party’s public key. (Exactly how to get that done securely is the subject of a later post.)

Step 1

The client creates a block consisting of:

  • A sequence number, which is one greater than the last sequence number the client has ever used.
  • Current date and time
  • Client identifier
  • A digital signature on the above three elements together, using the client’s private key

The client sends this block to the server.

Step 2

The server (front-end) then uses the client identifier to retrieve the client’s public key, verifies the signature, and checks that the sequence number has never been used before. The server also checks that the date and time is not too far in the past or the future. 

If everything checks out fine, the server records the session in the database and updates the high-water mark (last used sequence number from this client).

Step 3

The server creates a block consisting of:

  • The client’s sequence number
  • Current date and time
  • Client identifier
  • Server identifier
  • A digital signature on those elements together, using the server’s private key
This block is then sent to the client, allowing the client to verify the signature, and save the record to its own local database. Since the block contains the client’s sequence number, which needs to match, it cannot be a playback.

Benefits

Doing it this way creates a verifiable record in the database about the authentication. The signature is saved and can be verified again at any time. This allows secure non-repudiation.

Creating the authentication as a signed block also means that the client does not necessarily need to communicate directly with the server. If a client needs to deliver documents to another system, which in turns forwards them, it can also deliver the authentication block the same way. The forwarding system does not need to hold any secrets for the actual client to be able to do that. This allows us any number of intermediate message storages, even dynamically changing paths, with maintained authentication characteristics.

I should also note that doing the authentication this way decouples the mechanism from the medium. If you replace HTTPS connections by FTP, or even by media such as tape or floppy disks (remember those?), this system still works. You can’t say the same of certificate verification using HTTPS.

Patterns: sacrificial front-end

March 1st, 2016

Over the years, I’ve borrowed and invented a number of design patterns for projects of all kinds. Most, if not all, were doubtlessly already invented and used, but mostly I didn’t know that then. Most of my uses of these patterns are at least 15 years ago, often 20, but I’m seeing more and more of them appear in modern frameworks and methodologies. So this is my way of saying, “I told you so”, which is vaguely satisfying. To me.

Forgive the names; I have a hard time coming up with suitable labels for them.

Blackboard architecture

The Blackboard architecture is well-known. Or should be, except it seems I always need to explain it when it comes up. It has a lot of great aspects and results in effective and extremely decoupled designs. I’ll most certainly come back to it several times.

A blackboard is a shared data source. Some processes write messages there, while other processes read them. The different processes never need to talk to each other directly or even know of each other’s existence.

From this flows a number of advantages, a few of which are:

  • Different cooperating services can be based on entirely different languages and platforms.
  • The interaction is usually one way (compare to Facebook’s Flux and React), greatly simplifying interactions.
  • If done right, the data structures are immutable, elimination contention problems.Receiving messages

Hop, skip, and jump

Let’s get to my first blackboard-based pattern, namely how to protect a front-end machine from compromise. In this design, the front-end machine is an Internet facing computer receiving medical documents from a number of clients around the net. The documents arrive individually encrypted using the server’s public key. The front-end machine is assumed to be hacked sooner or later and we don’t want such a hack to lead to the ability of the hacker to get at decrypted documents or other secrets.

So, what we do is we let the front-end machine take each received and encrypted message and store it in an SQL database located in its own network segment. The message ends up in a table that only holds encrypted messages, nothing else.

Another machine on that protected network segment picks up the encrypted messages from the database, decrypts them, and stores the decrypted messages in another table.

Frontend1

The “front-end” machine is exposed to the internet, so let’s assume it is completely compromised. In that case, the hacker has access to all the secrets that are kept on that machine and has root. This would allow the hacker to do anything on that machine that any of my programs are allowed to do. 

The first role of the front-end machine is to authenticate clients that connect. We can safely assume that the hacker won’t need to authenticate anymore. 

The second role of the front-end machine is to receive messages from the client. These messages are then sent on to the database through a firewall that only allows port 1433 to connect to the database. The login to the database for the front-end machine is kept on the front-end machine so the hacker can use that authentication. However, the only thing this user is permitted is access to a number of stored procedures tailored specifically to the needs of the front-end. Among these stored procedures, there are procedures to deliver messages to the database, but not much more. There is most definitely no right granted for direct table access. In other words, the hacker can deliver messages to the incoming message table, but nothing else.

Behind the firewall there is another machine that has no connection to anything except the database. That machine has access to a small number of stored procedures tailored for its use, among which are procedures to pick up new incoming messages and deliver decrypted messages back to the database.

These crypto servers first verify that the message it picks up from the database carries a valid digital signature from a registered user system, and only then does it decrypt the message with its private key. If the hacker on the front-end had delivered fake messages, these would be detected during signature verification and discarded.

With this design, the hacker on the front-end has just a very narrow channel through which to jump from the front-end to the database, namely through the port 1433 and the SQL server software itself. But let’s assume he succeeds, somehow. If we’re really paranoid, we’d split the database into two instances on different machines, completely isolated from each other and only bridged by the crypto servers as in the next image.

Frontend2

To get at the plain text content of the messages, the hacker in this case, if coming from the internet at least, needs to:

  1. compromise the front-end
  2. crawl through 1433 and compromise the database (or compromise the firewall, then the database server)
  3. via a tailored message, compromise the crypto routines on the crypto server
  4. get at the secure database

The crypto server does not have any communication to the internet whatsoever, so even if it ever got compromised, it could only be controlled through messages passing through the database, and would need to exfiltrate that same way. Not impossible, but hardly easy, either. The hacker would probably choose some other way to get at the secure database.

So, what about outgoing?

The outgoing messages follow the exact opposite path. Do I really have to draw you a picture?

Privacy shield…

March 1st, 2016

Completely worthless. Same pig, different name. We can’t trust the EU.

5 things you need to know about the EU-US Privacy Shield agreement | Macworld

What social networks can become

December 18th, 2015

Really scary shit straight outta China. What actually stops our common social networks from becoming that same thing?

Ideology

November 18th, 2015

One of the primary targets of Islamist terrorism is the vast majority of moderate Muslims. Sometimes physically, but always psychologically. And they want the rest of us to do their dirty work for them. A prime goal of these acts is to engineer a schism between Muslims and Western cultures. To create alienation, and to make Muslims a target of fear and anger. The resulting exclusion, xenophobia, suspicion, and implicit or explicit segregation is a tool of radicalisation.

Exactly.

Do yourself a service and read the whole thing.

iPod Pro: it really is something else

November 16th, 2015

I’ve had the iPad Pro and the Logitech Create keyboard now for a couple of days and it’s really very, very different from what iPads used to be. I’m coming from the first iPad Retina, so it’s been a couple of generations in between. 

I’ve never before succeeded in writing anything more that emails with a short “yes” or “no”, or maybe a sentence, from any iPad or iPhone. It simply never was worth the pain. Now, I’m writing this very blog post on the iPad Pro. Using the Logitech keyboard, of course (there are limits; I’m still not prepared to attempt using an on-screen keyboard).

I’m using 1Password for all my logins, and it used to be that any login would be an “oh, no, not again” moment, since it would require switching to 1Password, logging in to it slowly and painstakingly, painfully copying the password, memorising the user name, switching back to the original app, manually entering the user name, painfully (usually takes two or three tries) getting the password “paste” option, then pasting the password, then finally logging in. Now I can slide in the screen from the right, select 1Password there, open it with my thumbprint (YES!), select the username, copy it using cmd-C (!), switch back to Safari (or whatever app I’m in) with cmd-tab, select the password field (if it isn’t still selected) and hit cmd-V. Just like on a desktop or laptop. Most of the keyboard shortcuts we use on a laptop work, like cmd-tab, cmd-X/C/V, cmd-space for search. You’ve got cursor keys on the Logitech keyboard. They’ve also implemented cmd-arrow to go to the beginning and end of lines, and top and bottom of the document. Free at last!

My productivity on the iPad has gone up tenfold, from almost zero to near desktop level. It’s for all practical purposes as productive as a laptop, but with the added ability to be comfortably used for reading, and drawing/annotations with a pen (which I haven’t gotten yet).

I’m missing only a few apps on the iPad, most notably Apple Remote Desktop. I’m not seeing all that much justification, except for this, for keeping a Macbook Air. Especially since the Air’s screen is atrociously bad compared to the iPad Pro’s screen.

So, no, this isn’t just another iPad, this is a game changer. 

Getting Bootcamp running

November 13th, 2015

This was an interesting experience. I wanted to get Windows running in Bootcamp on my new iMac 5k (late 2014 model). This machine has 32 GB RAM, and a 1TB SSD drive running OSX 10.11 (El Capitan). First, I tried following all the instructions to install Win 7 (I had a full Home Premium edition, not OEM, that I didn’t use anymore). I never got all the way, and the reason (after a lot of Googling with DuckDuckGo (!)) seems to be that Win7 doesn’t support USB 3 out of the box. So as soon as Win 7 starts booting it loses contact with the keyboard and mouse since the iMac has only USB 3 ports. And you can’t install updated USB 3 drivers in Windows 7 until it has booted. Maybe there’s a way, but seriously, I got enough after half a day and gave up.

Skip ahead a day or two, and after receiving a brand new Windows 10 Home, full edition, and I found out the following. Maybe someone will have less of a traumatic journey knowing this.

 

Boot Camp AssistantScreenSnapz001

When you use Bootcamp, you have two main strategies. One is to “Create a Windows 7 or later version install disk”, and the other is not to do that. Creating the install disk never works. It somehow corrupts the target disk, irrespective if it’s a USB 3 stick or a USB 2 external spinning disk. It always quits with “not enough space on disk” and some really weird sizes, with negative number of gigabytes used. If you look in console, you’ll see it always thinks the destination is just 4 GB large. Hopeless. That cost me untold hours, testing several USB sticks and several different external drives. 

The other strategy is to uncheck the first choice and leave the other two selected. Then the following steps work:

  1. Go to Disk utility and convert your Windows media (in my case a USB stick from Microsoft) into an ISO DVD Master file on your desktop.
  2. Insert a USB stick (USB 3 works) in one USB port on the iMac. Some people recommend the first USB port, closest to the middle of the computer. I don’t know if that makes a difference, but do it anyway.
  3. Start Bootcamp, select choices 2 and 3.
  4. Select the ISO file you created and let Bootcamp download software to the USB stick you inserted.
  5. As the iMac restarts into Windows, it may stay spinning the little juggler balls forever. If so, unplug your keyboard and mouse, and it proceeds. Plug them back in. If your mouse is connected to the keyboard, you have to unplug that, and plug in the keyboard without a mouse first.
  6. Once the first setup page appears, your keyboard may be dead. Unplug it, wait 5-10 seconds (!), then plug it in and it may work. If you have a wired mouse connected to the keyboard, you may have to unplug the mouse, plug in the keyboard, then plug in the mouse to get things going. That’s what happened to me, and I’m using a Microsoft Comfort mouse (4500).
  7. Now you get to the “Enter the product key” page. Enter the product key. Be only moderately surprised when it says the key cannot be verified. If that happens, then:
    1. Boot back into OSX and remove the Bootcamp partition again. Start over with the installation. (Yeah, I know…)
    2. Take care that you are not connected to the internet; disconnect any network cable before getting into Windows.
    3. Rinse, repeat. I had to do this four times before the code was accepted. (You know that old “Einstein quote” about true insanity being repeating the same thing over and over again, expecting a different result? Well, it’s wrong. With Windows, insane methods sometimes work.)
  8. If you get past the product key registration, you’re almost there.
  9. Windows starts up, but it won’t recognise your second screen and sound will not work. The keyboard and mouse will remain flaky at boot. No WiFi adapter will be found, but fixed ethernet works.
  10. Now you need to actually install the Apple Bootcamp drivers (they forgot to tell you about that, didn’t they?). You should still have that USB key plugged in where Bootcamp put the install files and drivers. Open that drive in Windows, go to the folder “Bootcamp” and run the Setup.exe you find there (don’t run the setup.exe in the root). After that has finished, you’ll be asked to reboot.
  11. Now, back in Windows, you’ve got sound and multiple screens (if you have those). Works with my external HP30i, anyway (mini display port to dual DVI active adapter). WiFi adapter shows up, too.

So, that’s what you have to do.

Then, if you’re like me, you then discover you created a partition for Windows that isn’t large enough. And, if you’re like me, you’re not going to start over again, so then do:

  1. Boot back into OSX. Open disk utility and shrink your OSX partition to make space for expanding the Win 10 partition. How much is up to you.
  2. Boot back into Win 10. Download the Minitool Partition Wizard Free Edition and use it to “extend” the Windows 10 partition. When I did that, there was a little 150 MB FAT partition I had to delete between the Win 10 and the unallocated space, but that was really easy. This utility worked like a charm.

I almost forgot: after my first installation run with Win7, the machine refused to boot into anything, only coming up with “No valid operating system found” (or something to that effect). A typical Microsoft DOS boot fail message. I couldn’t reboot into OSX, since the keyboard didn’t work. Spent almost an hour on the line with Apple support, trying everything, growing desperate. Finally, we unplugged the keyboard entirely, restarted without any peripherals whatsoever, and got into a kind of partial and sick Win7, rebooted, and finally could make the alt-boot work to select OSX boot again. Honestly, I thought the machine was lost there for a while. Moral of this story: don’t fuck around with Win7 on OSX 10.11 Bootcamp. It’s not worth the fear and aggravation. I didn’t try Win7 again after that. It’s kind of a miracle I tried Win 10, really.

Finally, a sensible paper leaked

September 21st, 2015

White House officials have backed away from seeking a legislative fix to deal with the rise of encryption on communication devices, and they are even weighing whether to publicly reject a law requiring firms to be able to unlock their customers’ smartphones and apps under court order.

The whole paper, written on a typewriter and then scanned, can be found here. It’s really disturbing when you read a leaked secret paper from the NSC that actually makes sense and that you can agree with. What’s the world coming to?

Adpocalypse, or not

September 19th, 2015

Everybody’s on about the end of the web due to more and more people using adblockers. In one camp are the ones (me included) who are sick and tired of ads and tracking, and on the other side the ones accusing me and my kind of stealing content.

What ad providers try to do is to serve us as many ads as possible, hoping we’re interested in any one of them. At the same time, the whole tracking deal is to find out which ads we could be more interested in. That latter almost seems like it’s in our interest. Or would be if it worked better and didn’t involve the general creepiness of advertisers trying to read our minds and share it with others. 

But I think there is a solution. 

Imagine if you had a settings sheet in the browser or in an extension, where you as a user could declare what kind of thing interests you in general. The browser presents this selection to sites you go to, allowing them to present you with targeted advertising without a lot of second guessing. I, as a user, would be less frustrated, and wouldn’t want or need adblocking. The advertiser would have a much higher conversion rate. And the site owner could make such a preference header a requirement to visit the site. In exchange, there’s no need for tracking to try to guess my preferences; I already told you myself.

The beginning of the end of the DNS

September 7th, 2015

Or how the insanely stupid anti-piracy lobby will screw us all

Many of us saw this coming a long while back. Letting the **AA-holes misuse the DNS system for their censoring inevitably leads to the rise of a parallel DNS system. Yes, we already have the darknet for (other) illegal purposes, but this brings the darknet principle into the mainstream in a big way. 

“The censorship is easy to bypass, by simply changing your name server, so we decided to practice what we preach and offer such a service to all those affected by the problem,”

And…

“The Pirate Party’s DNS has added benefits though, as it supports additional Top Level Domains including .geek or .pirate, and the Namecoin based .bit.”

It’s easy to see that this unregulated DNS system will quickly overlay existing domains with alternatives, either accidentally or intentionally. Phishing and DNS MITM attacks will be of an entirely new caliber. The actual “bankofamerica.com” will lead to a phisher. 
 
(My prediction for what happens then: with https becoming enforced, the **AA-holes will take control of who can have a cert, leading to the pirates providing new CA roots for users, leading to even the bankofamerica.com phisher having extended certs… hey ho, there we go.)
 
Any safeguards built into DNS clients will be switched off by the users wanting to get the “uncensored” internet. 
 
Can you imagine how hard it will be to convince users to responsibly switch between the public DNS and their respective alternate DNS systems depending on what they’re doing? If there even was any OSs that supported such domain-dependent switching to begin with.
 
Even if Microsoft, Apple, and Google would want to implement a dual (triple?) DNS client in their systems, the **AA-holes will certainly fight even that, since it would “enable piracy”.
 
No, I don’t blame the Norwegian Pirate Party for setting this up. I blame the anti-piracy lobby, and the politicians that take their money, for creating the “need” for these destructive designs. Can’t anyone stop them?