BSIDES CPT 2019 - Authentication is Broken. Can We Try Fix It? - Kgothatso Ngako

which is compact simple knowledge poof's yada yada yada yada and all these things are also talked Rafi na but there's that whole information wants to be free so DRM is not really a thing because people will find a way to leak the thing and torrent the information and everything just gets around but then there's the opposite or does the stressing the point that information does want to be free so all your emails can be read by anyone who wants to read them if they're in plain text all your Internet traffic is shared all your social network as in all the friends that you have via whatsapp conversations and stuff like that are also shared so how do you secure all of

that information when it wants to make itself freely available and so that's where he was the definition that cryptography is actually the art and the science we use to fight the fundamental nature of information to bend it to our political and moral will and to directed to human ends against all chances and efforts to oppose it so I love that definition so that's the definition we're going to be using through this talk cryptography is information bending if you are the last airbender fan so a little background for the things that I'm assuming that everyone knows for this talk or you should know for this talk as symmetric cryptography basically the good old you have a password you

encrypt a file you give someone the password and the person will have to use that password to decrypt the file so it's symmetric because encryption is the cryptographic operation and the password is the key and you need the key to undo the cryptographic operation and then you get the other type of cryptography which is asymmetric cryptography now you have a public key and a private key and you use the private key to encrypt the file and you use a to decrypt the file HTTP works like that Bitcoin works like that and because all transactions or most transactions actually have a public key which gets acquaintance to it and then you spend the coin by signing the

transaction to spend the money that you got sent so it then creates a network of transactions or linked transactions to say okay this person blah blah blah blah blah and so Bitcoin since it's an open source protocol has these cool things they call bit crane improvement proposals and even you if you think you have an idea why doesn't Bitcoin do this you can sit at home pull up a little craft and say this is what it should do it gets assigned a number and BIP 39 was a proposal to generate private keys from a passphrase so instead of generating a private key randomly which is what everyone should be doing you generate a passphrase randomly and then you get an

algorithm to say give me parsley is number one and then number one is a unique private key then give me a key number two and then it gives you a unique deterministically created key and this is the opposite of what used to be the case because now you would have your Bitcoin wallet with all these different keys that control different transactions and now with the mamaan exceeds you can then have your seed which was a possibly sort of like a password for you can generate it from a word list and then you can get all these keys key 0 T 1 T 2 TN mmm that got implemented and then people are like okay what about BIP 82

which basically is the same system but we can derive you can use the derived key to derive other keys so now we end up with three of keys so you go from your C to your master key and your master key can generate other keys yada yada yada yada until infinity and beyond and this is actually in the master in Bitcoin book chapter 5 if you actually want to see more of that it's on github because the information does want to be free but the book is also being sold on Amazon in case you end up at some cash some yeah and - and where oh yeah that's the book and signatures yeah so signatures are

the other thing that I want to talk about and signatures basically you give me a message and I have a private key I sign that message with my private key and I give you my public yo you probably already have my public key because it's in public somewhere and you can use my public key to verify that the message you gave me was signed using my private key and only my private key it will probably fail or it should fail if otherwise so now bitcoin is actually in my books one of the most authenticated databases in the world because every transactions belongs to someone specific and only that specific person can spend a quaint and that's how you know who it's one of

the biggest argument people want to use to verify who Satoshi is they would he would have to sign a message using one of the earlier private keys and that how people would know that's the guy who actually invented Bitcoin but then now if we are using hierarchically deterministic keys to authenticate things what would be done so yeah I think there's two options here I can either talk or I can show the demo for for this part so who which which one would you like to get first in the demo okay cool so I kind of put together proof of concept after siggy 3.com if you have data or your phone is fully charged depending on which the impact you first

start to be in expense of aluminum you can access the site basically this is what would need to happen if you are a user now a user would have to have a wallet that supports some some of these functions so let me do something let me delete the database I have here so and also show you a few of the operations that your wallet would need to do sorry I didn't clean up but there's a few operations that you would need to do one is to create keys basically to creating new a little with the random passphrase and then yeah let me just do that before I skip ahead so I say create cheese sure and create

cheese using a randomly generated seed and that basically generates a mnemonic a 12 word mnemonic and that's the phrase and I know good wallet would give you a random phrase every time so if I delete my local file again and create another key these keys are not the same so but technically I've lost a wallet by doing that so now that's my first key in the database now I want to use my key you to authenticate myself on websites so the simplest way is to give the website a public key but then now since we are using hierarchically deterministic authentication I'm going to give every website a register on an extended public key so that the website can also derive

other public keys for my from the key that i privated it and I'm assured that the website will not be able to derive the private keys because that's all the bit 82 spec set out Mike we might we might get some time to actually go over some of the details at a later point but cool now I'm like a mr. wallet please give me an extended public key because I want to register on the site and then the wallet in the background derives signature a derivation path to say what's this create key number five and then in key number five create key number five hundred random numbers in key number 500 create key number six and

then it generates this X pop using that sure but continue yeah but I can show you okay so the question was do you guarantee single use so to do that in the code the of the one that that I kind of hacked together persistence model oops so I stole the extended public keys okay cool and so the X pub I can just say unique and the derivation path I also say unique and you let the database take care of the uniqueness from you the database indexing take care of the uniqueness for me so it will never generate the same X pub twice or if it does it won't be turn it back to the user so now I can go back and call the

same function and then yeah these two X pubs are different as you can see either and maybe at the beginning there's some similarities and some of the keys but going forward it won't be so numb the user can take their X pub and go to a service and say okay these guys probably support extended public keys because it's somewhere in the name of the site and I'm gonna crawl myself besides that's my display name and it's like Oh your display name isn't linked to an account yes I do want to join and besides school now it's optional for you to provide an email for this specific concept but you have to give an extended public key but let's say user says

extended public key what is this maybe I want to create account with a password I believe if you a service and you want to give your users multiple authentication mechanisms cook that into your registration flow and then they like with passwords but we don't do that here so they have to go back and give the X pub register with extended public key and then now they get that and this is the message there that they are going to have to sign the idea is that okay but I'll come back to this later but basically what this is is this so this is a message that a user has to sign maybe I can preach if I this with some

Jason yeah and with the private key at this path so starting from C this is a random number this is a random number this is a random number belonging to the X pub so on and so forth no so now when after user Sciences they will provide the signature here so I copy the challenge to clipboard and then I now want to sign my J years and then I give it the challenge with all that information and some information that belongs to the server itself basically this is request here and the server signs the challenge that it's presenting the user so that the user knows that oh this service actually generated this win and if we come back to this more

readable one here the service actually gives the user its own extended public key too so that for future purposes the user can also derive some public keys and user verification and then the user then signs that and so they can provide their signature and then oh hello besides you are here now and so now the user can come back and say oh now and I registered besides and then they get shown the message again and now they will just have to sign this message and this is the authentication challenge and so let's say user doesn't want to copy and paste responses all the time you could just leave variable to say post this to the

response endpoint which is this one that this service is handling responses to and once it's done challenge response accepted and so this should have an option to say signed on separate device and the user get signed on so that's basically how the demo works but just the run down for the talk or the steps that weren't behind it so a service if you are the CEOs CTO whoever has the most authority will have to then create a wallet using a randomly generated mnemonic seed just like I did with my wallet and then generate a hardened X pub now hardened is the word to use when you don't want people to derive your private keys from the public keys that

you are sharing with the world and that's also in more of the technical in depth chapter 5 reading and then the service can generate server X pubs so since the service has hardened service X pub they can then say I have server number one whose private keys are January I'd arrived for my service extended public key and then I have server number two so now these two servers can sign messages on behalf of the service and a user can use the services extended public key to verify that these messages were actually produced by servers that are in the control of the service cool and now all the server all the service has to do is keep it me man

exceed secure because once that gets leaked everyone can position itself as that service now on the side of the server it gets a hardened extended private key from the service and then it uses that to sign all messages it produces on behalf of the service same thing I just said and then it keeps the extended private key secure now on the side of the user the user kind of perform the same actions as the service bla bla bla bla bla bla but it keeps its wallet secure because that's while it then keeps track of its identity on all these different websites now ok the way is basically of a demo an HD off while it basically lets the user create a

wallet with a phrase and then create random X pubs which have a which keep track of which service the registered to and then it signs all these messages on behalf of the user now why would anyone want to do this I have a few reasons actually I think in total there's like 8 reasons so we're gonna go through them reason number one service access keys but decentralized who here has used AWS signature before okay cool okay cool so they give you a secret key that's generated by the service right now with this you are the one who generates your own secret key and then you give the AWS service your public key so then you are sure that

there's no point where the your secret key is leaked into their logging system because apparently I think Twitter and github leak passwords by putting them in in the logs so the this is what the the decentralized option of hierarchical a deterministic key solves you are short of the safety if unless you are really bad at keeping your own stuff secure and then another reason in this crypto stands for cryptography because crypto currencies are in your face yeah so I believe like crypto currencies have done so much for cryptography in the past ten years like wow I wouldn't know half the things I knew about this presentation if it was not a Bitcoin but I also think

that there's a lot of Education that could be done to help people actually understand the cryptography side about it and we shouldn't hide the details like let a person see an X pub let a person see an actively public key and you know the more they see it the more they get used to the fact that oh this is actually what securing my wallet and reason number three mutual authentication yeah so like I access serve this I access Twitter today I'm not even sure if that's the Twitter server that I'm seeing someone hacked it or whatever but if they just keep one mnemonic seed safe and then if a server gets hacked they can just switch off

that server and work from the uncommon for my servers and I would be able to authenticate the server that I'm accessing to say oh this is actually the Twitter server and not some other hacked server that's giving me messages because they would have to hack them you want exceed and then reason number four who watched the Adam Sandler Netflix special ok yeah the standard way so you probably know the video I'm about to play so we don't have sound

[Applause] can you get in the back okay

[Music] cool that's all you need to see so yeah basically all you need is your phone wallet and your keys and crypto currencies you have your wallet on your phone you might as well have your keys on your phone if we actually use the keys to authenticate you to services and other things like that and yeah I think there's been a lot of be fun crypto Twitter about while it's actually doing authentication purposes but if your password manager did this then you might as well use it as well use it as a wallet so have you been pawned what's the worst thing about being pointed to yeah so anyone who follows have I been pawned Oh Troy hunt would know the main

beefs what I was like I definitely have it in so these are all the leaks that have come out and have I been pawned in the past few months December 4 November 22 November 19 November 19 November 18 November 10 October that you are blah blah blah it goes on and on but basically there's a leak every now and then sometimes you've registered with the site when you were 16 and then it only gets hacked now and then your part the password you used to use then it's in plain text and you only found out later that bla bla bla bla and the main beef I most people have is because trusted third parties are security holes

any website is a good target for anyone who wants this information that's why I basically also made registering with your email and optional thing you can just register have an account you do what you ever whatever you want to do on the service but if you only going to keep your email there if you trust that I didn't write bad code and I did because this is a proof of concept if you see the things you'll cry now cool reason number six yeah quite sure someone in here knows what this is yeah so what is this random at the front of the onion yeah so this is I I was chopped when I learned what this is

actually is it's a part of the public key that belongs to the store service so now I'm like why is it then we do not take this is a version 3 of the onion addresses and we use the extended public keys so that a service can then propagate its old identity yeah and a user who accesses the service can then say oh I'm accessing the actual service because that's the actual URL but it's a little longer than usual but obviously I don't have the time to set up ahead and tow service just for a demo I'm sorry yeah but the idea is that now every tour website that wants to do hierarchically deterministic authentication just shares

its X pub dot onion and then you go access that and you then get the extended public key that you can use to verify that the site you are seeing actually belongs to the service that you have interacted with before or the service that you have actually registered your account with and of course if you register with the hack service you can authenticate that you've actually accessing their hacked service so number 700 off in Federation so now I was thinking now let's say someone does a hierarchically deterministic website now they implement in oversea off server all the requests that a user now if I go to Twitter and Twitter as our login with HD off and they can sign

that they are using this derived key on Twitter and then whenever they have to provide their password for Twitter related actions the HD off service derives another key on the that guy gets it cool Thank You Man thank you thank you thank you so cool thank you very much yeah in this in a similar way that the sign-in with Apple would anonymous but if you then choose to share your actual email with that service whatever benefit you are getting from the whole just it just goes away so yeah anyone who wants to implement that have fun with it so deep fakes and Photoshop social media pages like social me let me cool I'm gonna post this as a

secret cool they say deep fakes an issue they are going to be an issue whatever they say but if you can sign everything that you are posting to social media and it can be verified by just using your extended public key it won't be a problem so you register with Twitter forgiver the next pub and then every post gets a signature from you and no defects no Photoshop social media pages but people are always gonna well on the technical level because the bigger problem is people's emotions but for them to sign it they would have to have your private keys and the private keys only say yeah what do they have to have your private

key otherwise the signature won't verify to belong to your extended public key oh

and then they just give a random signature but someone who wants to verify it has the option to say yo what's the signature for this

[Music]

yep so yeah I think a few things would be required for this every social media service will then have to integrate with any wallet that supports the BIP 32 specification so that as a user you don't have to actually type in your private key all the time you just say yes or no I think if Mike let me just start with this and say that but I think since Bitcoin a lot of people have money on it so PGP if you want to be secure but not too many people want to be secure but a lot of people want to keep their money secure so yeah and at least you kind of this when do you find out

that a site has been storing passwords and securely have I been porn comes in yeah and when you hacked you also find out and the other thing is what's this the hashing algorithms that are used on most of the sites are really you know lame even be clipped as good as it is I've said it to what three three rounds oh I'm really risky for for doing this on a protection system but you know somebody is still using md5 so I'm okay so yeah and having the proof in with this is since it's also used on Bitcoin and other cryptocurrencies people would know when the cryptography is cleared out because a lot of money would start

moving to some other actors you will see your own wallet sitting at balance of 0 and we know that the cryptography is broken or you have leaked your own private key and when will you know when crypto graphic operation becomes insecure relates to the whole quantum computing is a thing is it no other thing is anything are people losing their money business and yeah but really how so yeah anyone wants to check it out they can either go to the site or code or chiggy g.com that HT off let me blow that up a bit mmm and that's where most of the code is and let's see if I can access it real quick oh I don't move in H cool and you

find my example wallet everything is written in JavaScript the site that is the proof of concept and think I'm also trying to make a passport a HD of implementation the passport GS if anyone has used it their strategies and wasted too much time working on this and no one in the house actually uses it so yeah but the main two things the after tickets.com website which is what you are seeing here and you can test it out you can donate some coins to that address if you have some to give away and yeah maybe one day the onion v4 will actually be alive and I'll work on that but yeah the other thing I learned while

working on this is that okay is that what it sounded like when I was playing my video 10 Facebook actually has an onion URL like yeah the little Facebook this is face

[Music] yeah I'm not yet that can't be sure well yeah if anyone wants to use it oh they even have an SDN Wafaa is so too much but if anyone wants to share their private information securely I recommend you use Facebook via to yeah so yeah yeah no I think that's about it for me any questions

so the question for the camper is how do you keep your wireless secure think the main thing is in the Bitcoin space they have this idea of what's this a hot wallet in a court wallet so the cold relat you don't even connect it online and all these things because you will get hacked and the hot wallet is connected to the Internet and it's for one that you walk around with all the time so I think you were cooking up from that is you do the same thing that the expert virtual it produces is also then has a feature whereby you could generate a cold hot wallet type thing and you only use the terminal thing for

generating hot wallets and whenever that hot wallet gets hacked you revoke that key but then it's the same thing with key management how do you do key rotation how do you do kiri vocation and that's very hard to get right

think you would have maybe maximum to the cold wallet is where the main keys are and the hot wallet is where your logins are so in the event whereby you do get hurt only those logins are impacted and you use your cold weather to revoke all of these other ones so so we okay so the question is is this as bad as having a boot certificate authority oh yeah so the poofing is instead of having one security authority holding the hood for millions of sites yeah so hacking one guy in the cloud is not the same as hacking but but there was a question in

know what the QR code stuff well so have more integration with the yeah so the question is how do you make the whole HD of thing easy for the users so the only user side they just see a QR code take out their phone and then the phone posts the response to the service and then all the user gets to see is a QR code the they are apps that currently are doing this app snap scan and all of these things I don't even know what what is in that QR code I should actually look at that but for me I feel like it's a similar workflow it's just that now we are adding a registration step to it

[Music]

[Music]

how old is this okay yeah I think

yeah oh yeah I think I had a few recommendations just to wrap things up especially as you are talking about the new biometrics and other things and it's I think it's called the $5 Finch problem like you have all these things that are making the thing easier to use but then some guy comes with a wrench and says I'm going to beat you beat the private key out of you so the easier it gets the less harmful to a user it actually becomes because you if you are ever in airport and they like unlock your phone and your phone is actually what's authenticating all these other services then they also have access to all these

other services so as much as we should make it easier on the user we should have guards in place to say ok this can happen and that could happen and keep keep users secure so yeah that's it for me