Transcription
EnhancingPassword BasedKey DerivationTechniquesPasswordsCon 2014Presented by Stephen Lombardo & Nick Parker
SQLCipherSQLCipher is an open source extension to SQLite that providestransparent 256-bit AES encryption of database files
SQLCipher Platform TargetsC/C , Obj-C, QT, Win32/.NET, Java, Python, Ruby, Linux, Mac OS X,iPhone/iOS, Android, Xamarin.iOS, and Xamarin.AndroidBroad spectrum of use cases in both mobile and desktop devicesOur focus on securing user data where part of the key material isprovided by the user
How it WorksTransparent interactionOn-the-flyMultiple crypto providersStandard KDF (salt passphrase)PBKDF2Predates Scrypt
Current State of the UnionSQLCipher uses 64,000 iterations when computing a key usingPBKDF2SQLCipher previously used 4,000 iterations
How Can We Do BetterAdaptive key derivation work factorMultifactor hardware token integration
Device and Platform ChallengesOur world isn't static
Problems with static KDFlengthDesktop and mobile hardware differTechnology evolves (i.e., GPU acceleration)Different security requirements / risk profiles / UX experience
Adaptive KDF GoalsFast sampling across platformsCompute ideal work factor limited by timeAllow sampling to occur on any platform
Select KDF length By SecurityNeedssqlcipher PRAGMA cipher kdf compute;Sample KDF on deviceCompute iteration length based on desired runtimeRuns by defaultTunable for time
Tune the Sampling./sqlcipher foo.dbsqlcipher PRAGMA key 'foo';sqlcipher PRAGMA cipher kdf compute;cipher kdf compute-----------------1,096,007./sqlcipher foo.dbsqlcipher PRAGMA key 'foo';sqlcipher PRAGMA cipher kdf compute 2.0;cipher kdf compute-----------------2,278,910./sqlcipher foo.dbsqlcipher PRAGMA key 'foo';sqlcipher PRAGMA cipher kdf compute .5;cipher kdf compute-----------------575,280
PBKDF2 Sampling ResultsDeviceComputed Work FactorMac Book Pro (2.3 GHz)1,161,162iOS Simulator (7.1)1,060,260iPhone 5S481,882Android Emulator (4.4.2)44,139Android Nexus S (2.3.6)72,800Android Galaxy Tab 2 (4.2.2)80,640
Persisting ConfigurationPreviously hard coded KDF work factorNow persist KDF work factor
New Database Structure
Adaptive KDF SummaryPros:Fast sampling across platformsCompute ideal work factor limited by timeAllow sampling to occur on any platformCons:Cross device performanceAdditional complexity within SQLCipher
Multi Factor Key DerivationIntroduce an addition factor into key derivation processSomething you know: Passphrasesomething you have: Hardware Token
Stepping Back - Current KDFSecret database key DKeyRandom database Salt (public) DSaltIterations / Work Factor (adaptive!) IKey LengthPBKDF2(DKey, DSalt, I, Length)
Token RequirementsWorks offlineSimple interface (USB?)Widely availableOnboard cryptoSecure key storageMulti-useInexpensive
YubikeyLong historyMultiple form factorsPractically indestructable 25 / 40http://www.yubico.com/
DaPlug / Plug-UpNew entrantOnly Available in Europe 8.00 ( 110 Shipping!)http://www.daplug.io/
Common DenominatorOnboard HMAC-SHA1 Challenge / Response APIProgrammable write-only key
Simple ImplementationOnboard Token Key and HMACPermute database salt before useUses SQLCipher provider callback
Simple MFA ProcessSecret database key DKeyRandom database Salt (public) DSaltIterations / Work Factor (adaptive) IKey LengthToken Key TKeyHMAC-SHA1PBKDF2(DKey, HMAC-SHA1(TKey,DSalt), I, Length)
ResultsPros:Database can only be opened with token in placeVery simple implementationKey can't be extracted from tokenOperating on salt does not disclose non-public data to tokenhardwareCons:USB RequiredCustom codeAPI dependencies
More pher/sqlcipher-mfa
FeedbackJoin the SQLCipher cipherQuestions?
iPhone/iOS, Android, Xamarin.iOS, and Xamarin.Android Broad spectrum of use cases in both mobile and desktop devices . Pros: Fast sampling across platforms Compute ideal work factor limited by time Allow sampling to occur on any platform Cons: Cross device performance Additional complexity within SQLCipher. Multi Factor Key Derivation