IT Security Notes

X509 certificates (a.k.a. SSL certificates) is often synonymous to strong security. What are their advantages and drawbacks?

While religion is totally irrelevant in security, this quote is fun nonetheless:

In God we trust
Everyone else must have an X.509 certificate.

Intro
Secure applications use HTTPS for transport to ensure privacy and integrity. SSL used in HTTPS encrypts and signs all communication between the client and the server.

In a classic HTTPS connection, the client verifies the authenticity of the server X509 certificate (a.k.a. SSL Certificate) by ensuring that all the signatures in the "chain of trust" are valid and all the signer's certificates are trusted. This step is simply to ensure that the server is really who it claims to be. What we are going to discuss is the use of the same method to authenticate the client.

It's not new, it has been there for as long as SSL exists in fact. It's just that very few people use it, or know how it works. Some choose not to use it because of the drawbacks.

How does it work?
An SSL session always, like all polite protocol conversations, begins with formal introductions (think of it as an exchange of name-cards...). The process is called an SSL handshake.

The SSL handshake allows the server to "present" itself (authenticate itself) to the client by using public-key techniques. The client and server then cooperate in creating symmetric keys that will be used for encryption, decryption, and integrity validation during the SSL session that follows. The SSL handshake also allows the client to authenticate itself to the server, which is the part that interests us really.

There is no need to explain in details how it works when others do it so well... A regular SSL handshake involves the server authenticating itself to the client, while the client does not authenticate itself to the server. A detailed explanation along with schematics can be found here

The SSL server can be configured to request authentication of the client, in which case the client has to send a certificate to be authenticated. The same "chain of trust" verification will be performed. So the SSL handshake with client authentication has a few additional steps. Again, a detailed explanation can be found here

How is the actual user authentication done?
You need to have a central in-house certificate authority. You can use command-line tools like openssl or CA.pl which are part of the OpenSSL package. Or you can use OpenCA PKI software which is designed just for that.

You have to

• Generate a Certificate Authority keypair (key + certificate)
• Get the users to generate their keypair (key + certificate signing request)
• Sign each user's certificate using the Certificate Authority keypair

Now since the authentication of the client is performed by SSL as part of the handshake, you don't need to authenticate the user further (of course you can if you want to). In other words, either the client has a valid keypair (key and valid certificate signed by your Certificate Authority) and he can connect. Or he doesn't have any, in which case the SSL connection will fail at handshake time.

Smart Card
The most secure way to go about this is to store your keypair on a smart card. The private key remains on the smart card at all time, while the public key (the certificate) can be installed in the browser, or any other public key or certificate store.

This way, when you want to connect to the server, you have to have your smartcard reader plugged-in and the card properly inserted before you can even connect. The browser will pop-up a window asking you for your smart card pin. Once the pin is entered, the SSL handshake can be done properly.

Nowadays, online services requiring heavy security prefer to use USB smart card + smart card reader devices. It looks like a regular USB mass storage key, except that it's a smart card reader and smart card combined. It's easier to carry, and you just have to install the driver for it to work.

Drawbacks
Obviously, the main problem is that the user must have his certificate + key wherever he roams.

Sometimes, some companies with ultra-strict security policies will force their proxy to play man-in-the middle, so they can still intercept your SSL connections. It will break the server SSL certificate authentication but you can still choose to ignore your browser's warning. This will break the SSL client certificate authentication too but the server will obviously not ignore it and won't let you connect.

Finally, most of the integrated USB smart card reader + smart card dongles have no driver for Linux, *BSD or Solaris.

Conclusion
Although client certificates are more troublesome to set up than username and passwords, they offer a lot more security and resistance to targeted attacks. While they are inconvenient to the road-warriors users, they are perfect authentication tokens for workstation-based employees.

Posted by Fabrice A. Marie at 4:50 PM | Permalink

It is a common belief that allocating several partitions on your system is a Good Practice especially when it comes to security.

Is that really the case?

For a long time (too long if you ask me), people have been preaching that partitioning was good for security.

The "filesystem full" argument

If I use a separate partition for /var/log, when the log gets full it will not DoS my machine

Two problems here:

• The log should never get full: use logrotate, backup old logs and remove them from the working system. Review your logs regularly!!!
• If the the log directory does get full there are two more problems:
  • programs will start crashing because they can't log anymore and they didn't expect that to happen,
  • It is very dangerous to run without keeping traces (a smart attacker may create a lot of fake noise in order to get your logs full prompting the system to stop logging, before carrying on the real attack which will be unrecorded due to lack of logs)

Conclusion: creating a separate partition for /var/log is a false sense of security.

The "mount option" argument

I can mount /tmp with nosuid option and /usr with ro (read-only) option.

Mounting /tmp with nosuid is hardly a security enhancement. The only interesting kind of suid files that are really interesting are suid-root files. To create such a file you need to be root. If you are root already (using an exploit payload or with a root-shell) you can very well remount /tmp without the no-suid option...

Mounting /usr with ro option is exactly the same false sense of security. To write in /usr you need to be root to start with, and if you already are, you can remount it without the restriction.

If you truly want to prevent non authorized users (including an attacker who succeeded in getting a rootshell on your system) to write to /usr consider using the excellent RSBAC, a Linux implementation of Trusted Operating Systems security policies. Obviously RSBAC allows you to do a great deal more than just that.

The "easier to upgrade" argument

If I use partitions for let's say the /home directory, it is easier to upgrade my system.

That is true only if you upgrade your system the Windows way: "Reformat and reinstall". Otherwise, any decent Linux distribution, or any other decent Unix flavor will let you upgrade without ever touching anything in /home

The problems of partitioning

• Limited number of partitions: x86 systems let you create a maximum of 4 primary partitions per disk. You can elect to use extended partitions instead which themselves allow you to create 4 partitions per extended partition. The bottom line is that you have a limited number of partitions, so use them wisely.
• Partition full while others are free: if you have 10 megs free in your /boot partition, that's 10 megs that /var/log or any other directory cannot use since it is on another partition. Some smartasses thereafter use soft-link like /var/log/httpd -> /boot/httpdlog but needless to say that these are ugly tricks.
• Tinkering with the partition table: is very dangerous, if you screw up your partition table, your system will be lost (unless you do like me and keep a print-out of all your machines' partition tables in a printed file so you can later re-layout and restore the partition table by hand in case of a problem).

Conclusion
Don't use partitions believing that it will tremendously enhance your security: it will, but only ever so slightly. Partitions are generally a pain when you're running out of space, and today we don't really need partitions anymore with filesystems that support very large partitions and all.

You have been warned...

Posted by Fabrice A. Marie at 1:00 AM | Permalink