ICMC16: FIPS Inside

Carolyn French, Manager, Cryptographic Module Validation Program, Communications Security Establishment

Canada doesn't have the same legal requirements to use FIPS 140-2 validated cryptography, but it's handled by risk management and is strongly desired. They put verbiage in their contracts around this, and also require that the modules are run in FIPS mode.

If you are not using a FIPS 140-2 validated module, we consider it plaintext.  So, if cryptography is required, then you need to use an approved algorithm, in an approved manner with sufficient strength.

Vendors can choose to validate the entire box or just the cryptography itself.  The smaller the boundary, the longer you can go between revalidating.

A vendor may incorporate a validated module from another vendor (eg a software library) into their product. CMVP recommends that you get a letter from them confirming exactly what you're getting. Writing crypto is hard - so reuse makes a lot of sense.

When you are considering leveraging someone else's validated  module, look at what is actually "insdie". For example, what module is generating the keys?

You can rely on procurement lists like the DoD UC APL.

ICMC16: CAVP—Inside the World of Cryptographic Algorithm Validation Testing

Sharon Keller, Computer Scientist, NIST, CAVP.

CAVP used to be within the CMVP, because there were only 3 validate algorithms. They split in 2003, and now CAVP is a per-requisite to doing a CMVP validation with NIST.  NIST's Cryptographic Technology Group determine which algorithms should be included, and how they should be implemented in order to be secure.  CAVP then writes test suites to validate that an implementation meets these requirements.

It's beetter to test something instead of nothing at all. In 2011, introduced component testing when components of an algorithm isn't contained in a single boundary.  It is testing a component of a standard, not a mathematical function.

For example, ECDSA signature generation function has two steps - hash message and sign hash. For the PIV card, hashing of message done off the card and signature of the hash is done on the card.  So, created ECDSA signature generation component that takes a hash-length input and signs it

CAVP now tests SHA3!

Need to make sure everything works correctly, and if it deviates even a little bit, then the test needs to fail.  The Monte Carlo test goes though about 4 million iterations, designed to exercise the entire implementation. Their tests include positive testing - given known inputs, get the right output. Additionally do some negative testing to make sure the implementation recognizes invalid and valid values. For example, change the format of the data before submitting and make sure it fails.
 

ICMC16: Keynote: Modern Crypto Systems and Practical Attacks

Najwa Aaraj, Vice President, Special Projects, DarkMatter

In the past, attacks came from a single user. Today, we have complex and coordinated attacks that target heads of state and world leaders. This can enable terrorism as well.

We need to worry about encryption, key management, and keeping data secure in all manners of transport.On one system, you can't just worry about the communication layer, but also the operating system and how you manage all of this.

First and foremost, we need secure protocols.  We may need non-repudiation, anonymity, etc - need to link it all together.  We need to make sure it's all there.

Of course, if the kernel and hardware have security issues, you'll be in big trouble. Need to worry about data at rest, real time integrity monitor, hardened cryptographic library, key management and hardened OS and kernel.

Encryption should be intractable by theoretical cryptanalysis, but it also needs to be implemented correctly. 

Common side-channel attacks: power analysis, EM analysis and timing.  For example, when you are generating keys power usage will look the same with every key. Most common targets are smart cards, smart phones and FPGA microcontrollers. 

Counter measures are most often implemented at the algorithm level. For example, masking/blinding of randomness, constant time implementations and pre-computations and leak reduction techniques. 

We additionally need protocol level countermeasures to reduce the amount of leakage to less than the minimum required for key recovery using SPA/DPA/EM-based leakage and to reduce interim states that could lead to leakage.

In the hardware level, you can choose NAND gates that don't leak information about power consumption.

You need to consider all of these factors, and additionally make sure you write your software securely as well!

ICMC16: Plenary Keynote Sessions

Welcome and Introduction Ryan Hill, Community Outreach Manager, atsec information security

Changed the time of year for the conference, and location (had to make it International, after all) - and have the largest attendance to date!  Even though it's only 6 months after the last conference.  Seems the new time of year is working out.

Cryptographic Module User Forum (CMUF) Overview, Matt Keller, Vice President, Corsec 

CMUF was founded during the first ICMC, with the goal of getting government and industry to meet and discuss issues.  An open dialogue benefits all.  It's an open group.  Working on improving security policies, to make them more useful for actual users.  A new working group is spinning up to look at power on self tests. Goal is to get a lot of people, each putting in a small bit of time. Join now, and you may win a free registration to next year's ICMC!

Conference Keynote: Building our Collective Cryptographic Community, 
Joe Waddington, Director General, Cyber Protection, Government of Canada

How many cryptographic instances are in this room?  Given there are 270 people here, and each person has a phone (which includes several different cryptographic instances), credit cards, ID cards, car keys.... there are thousands. In one room. And everyone expects these to just work. Nobody gives much thought to whether or not they are effective, we are just trusting that these transactions will be secure.

Think about how many social media accounts in this room - think about the petabytes of information that a company like Facebook is processing every day. We all trust that they will do this in a secure manner.

Now, with IoT, we are putting cameras in our refrigerators.  We don't want other people to be able to look into our refrigerator, so that has to be encrypted as well.

When Waddington joined the Canadian government, he was not surprised to see there were 100 different departments, but was surprised that there were 100 different CIOs, and dozens of HR databases.  This is a big problem and Canada is working on resolving this and consolidating.

Cryptography is hard and takes time to get right - time well spent.  The standards are the 'simple' part here. Complex implementations and software are making this harder to get right. Often with this cloud software development, folks are thinking about supporting their application for ... months. But, we need to protect data for years (30-40 or more!).

Need to partner with government, industry and academia to make sure we are doing the right things. No single organization has the answer.


Conference Keynote: Assuring the Faithfulness of Crypto Modules, David McGrew, Cisco Fellow, Cisco Systems

A faithful module does what is expected and nothing more.  An unfaithful one might have a side channel where it could leak information.

We start out with standards. Those become open source implementations (seems like a prerequisite to get traction for a standard), vendor implementations, etc.  The encryption could become unfaithful at several stages - in the design or implementation phase.  Open Source seems to be a big target, with so many contributors [VAF NOTE: though most seem to have a relatively small core development group].  Companies are at risk as well, need to worry about people being bribed, malicious.

Need to worry about just plain ol' mistakes as well (heartbleed and goto fail;).

You even have to worry about code injection attacks, like changing hard-coded values in a binary.

All sorts of areas to attack: key generation, encryption, etc.

How do we detect this? Black box testing and implementation review.   Can they catch everything? No, but at least a step in the right direction.

Reference: Mass-surveillance without the State: Strongly Undetectable Algorithm-Substitution Attacks. Why bother attacking the cipher itself, if you can undermine the randomness or change the cipher? Much easier. 

We have to worry about protocol side channels as well, like randomized padding, timing channels and variability in options, formatting, and headers.

Still, what can we do? 

Better oversite of our standards, better vetting and formal tracking of reviews for open source [VAF NOTE: quite frankly, industry should do this, too, if they aren't already!].  We need to do security reviews and track them, and additionally independent validation.  Even better - run time validations!

Fortunately, work is being discussed in this area.  See the CMVP working groups that have recently formed.
 

ICMC16: Interested in FIPS? Register now!

I'm giving two talks this year, one on random number generation and the other on backdoors, and how they are relevant to FIPS 140 validations, at the International Cryptographic Module Conference in May 2016.  The conference this year will be up in Ottawa, Canada, which is pretty exciting for me, as I've never been there!

If you work for a validation lab or consulting firm, you're probably already registered - but this conference is particularly important for developers who are trying to pass a validation now or sometime in the future.  I know the conference organizers would love to see more real world users of FIPS 140-2 validated software and hardware as well, so if that's you - come check it out this year!

And the conference goes well beyond simply discussing FIPS 140-2/ISO 19790 - I've seen talks on new algorithms, hardware security,  general cryptography and entropy, and various attacks.

As an added bonus for you, you can register at 20% off using my speaker code: SPDI. Register soon, while early bird rates are still in effect, for added savings.

hope to see you there!

Valerie

Book Review: Florentine Deception

The Florentine Deception by Carey Nachenberg
My rating: 5 of 5 stars

Amazing technical thriller that was technically realistic! Hard to impress a computer security nerd like myself, but he did it! Written by a computer security expert, all the technical stuff seemed accurate without being dry. With the recent news out of Juniper, you realize that this book is not so far away from reality at all. The author wrote what he knew, and kept me on the edge of my seat. Excellent!

View all my reviews

2015 Wrap Up

Inspired by Cate Huston and @femengineer - instead of focusing on what I didn't finish in 2015 that I had wanted to, I'm going to do a wrap up of what I did accomplish. This is by no means complete, but this is a great time of year for introspection.

For work:

• Increased my team's size and the scope of the work we're doing, though the work still seems to add up faster than I can grow the team.
• People on my team have taken over leading areas, so I can do other things. This is good - they are smarter than I am, and they will make sure the right thing happens at the right time.
• Dusted off my C coding skills and learned the new processes for: using virtual test boxes in our internal cloud, building the gate with the new "lullaby" process, and all the new rules for testing, code review, etc.  I integrated two changesets - one was minor - a few lines.  The other was over 5000 lines  - mostly removal. 
• I've learned: 
• My team will 100% criticize my code, it doesn't matter that I'm their manager.  And they were right, despite the fear and anger from some other senior engineers.
• Coding while managing a large team meant lots of nights and weekends.
• Senior engineers do NOT like to see managers integrate code. They told me so.  But, some of us still do little things.  Then again, we don't usually have time and our team will do it better.
• Crypto Week 2015! I organized an internal crypto themed conference for about 60 people, including folks from our partner companies. This is where we do our big planning and discussions.
• Continued to co-chair the PKCS#11 Technical Committee, which is fun and also a lot of work.
• Spoke at the International Cryptographic Module Conference and the Grace Hopper Celebration of Women in Computing. 
• Co-chaired the Grace Hopper Communities Committee, with more than 100 volunteers writing blogs, video blogging, note taking, speed mentoring, and leading lunch time table topics.  The conference had 12,000 attendees. We started working on this last spring for an October conference.  It was madness, amazing, inspiring and exhausting.
• Led Oracle's participation in the OASIS PKCS#11 Interop booth for RSA. Tons of fun meeting real customers face to face!
• Attended my first BlackHat. This was weird, because I attended 10 or so DefCons (starting with DefCon 2), but only possible thanks to my friend Runa, who gave me a pass :-) 
• Started leading another FIPS 140-2 validation for Solaris 11.3, because I am a glutton for punishment - but also because I think there is merit in these validations. Our algorithms will be better for it.

Personal:

• Built a gorgeous, drought tolerant, demonstration garden with my husband in our front yard. Our grass is gone. In one bed, we have California poppies (which have now spread EVERYWHERE) and a city tree (Chinese Pistache). The next, roses that did beautifully in the hot, dry summer. The next: peppers (bell, jalapeno, serano, pepperocini, poblano, banana, etc etc), tomatoes, herbs and squash. In the arbor we have roses, daisies, and other plants. In pots, we have things like "hot lips" that the hummingbirds LOVE.  Strange old ladies would walk the path in our yard and bring their tripod and take pictures. Pretty cool - and VERY low maintenance.
• Failed to take pictures, but did do a video... but need to post it. :-)
• Went home and took care of my parents when my dad had unexpected urgent surgery. My mom is disabled, so we needed all hands on deck. They are both, thankfully, doing well now.
• Read 29 books. Goodreads thinks I read 30, but one book is on there twice.
• Narrated 5 novels for Learning Ally, for people with dyslexia, blindness or other reading disorders.  That's over 45 hours of final recorded material.  Many more hours in the studio.  They are awesome - please give them money.
• Did a dream vacation with my husband and two friends from NYC to Italy! We visited Serrento, Rome and Florence. We took day trips to the Amalfi Coast, Mount Vesuvius, Pompeii, Lucca, Pisa and a Tuscan villa to learn how to make amazing pizza.  At the end, we stopped by England to see husband's family and friends.  We flew first class on air miles.  We used VRBO and saved a ton of money on lodging, had kitchens and washing machines!
• Hot tip: You need to book first class trips about 10 months in advance, to take advantage of "super saver" rates and must be flexible on dates. We were a little late (only about 8 months out) so we had to pick weird dates/times, and could not get direct home.  We also had to pay tax, which was about as much as buying economy tickets. But, first class was amazing on British Airways' A380. Not so much on the smaller plane back to Philly. 
• Found out my cat has allergies like me. She now takes the same allergy pill I do, but in half the dose. Well, sometimes she takes it. Other times, it's found hours later somewhere else in the house.  Sometimes we crush it into her food. Sometimes she falls for it. She's 14 and climbing all over my desk now as I write this.
• I had a few odd health issues this year, that meant I lost use of one hand for nearly 3 months.  That sucked. No, not RSI. No, I did not crash my bike. Yes, I am doing better. I had to use voice recognition software. It was awful. The worst. It believed I had a thick East Asian accent, and could not be convinced otherwise. Customer support was the worst.  This is the "best" software on the market. HATED IT. 
• But, it helped me to prioritize and focus.  Sorry if your email wasn't answered, but I get hundreds a day and I just couldn't get to them all.
• I lost friends, due to reasons. I found new ones, or good old ones. This is sad and awesome.  Support came from unexpected places, and I am so incredibly thankful for every one of you that called, texted, and hung out.  My anxiety levels have gone down. I no longer have to do everything for another person, just right, for fear of being ostracized. My husband was amazing, as always.  I am not perfect, and thank you to those that understand. I know you aren't either, and I like you that way.
• I managed to ride my bike 65 miles in the Marin Century in August! I want to do it again!
• I raised nearly $1600 in one week for the Valley Fire Victims as a part of the Levi's Grand Fondo. I couldn't do that hard ride, so I served free beer to thousands of thirsty cyclists.
• I was appointed as the official alternate for the Mountain View Bicycle/Pedestrian Advisory Committee - if a vacancy occurs before the next major recruitment process.  I attend nearly every meeting, and I'm getting positive changes done for bicyclists and walkers in Mountain View on a regular basis. This is awesome!

Not too shabby!

Best wishes to you all for 2016!

Valerie