What ways are there to securely connect different sites/branches?

I’m somewhat new to the field, but I have been tasked with coming up with the best way to connect remote customer sites to our two main offices. The data sent across from the customer to the main offices contains sensitive information and needs to be protected adequately.

From what I’ve gathered, VPN connections would be one of the traditional ways of doing this, but I’m not sure about what topology would fit best, mesh or hub-and-spoke. There are probably a lot of things you can do with cloud computing too, and if you guys have any ideas that would be great.

I’m sure there are several more ways of transferring data securely and I would appreciate every single bit of advice!

How to securely get a key from a key server?

In the installation procedure of Gentoo, there is a step to check signature of the downloaded iso file. To do so, we first need to download the set of keys from a key server:

$   gpg --keyserver hkps://hkps.pool.sks-keyservers.net --recv-keys 0xBB572E0E2D182910 

However, when I first run this command, I got the following error:

$   gpg --keyserver hkps://hkps.pool.sks-keyservers.net --recv-keys 0xBB572E0E2D182910 gpg: requesting key 2D182910 from hkps server hkps.pool.sks-keyservers.net gpgkeys: HTTP fetch error 60: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none 

If I correctly understand this error, that means gpg can’t trust the CA that emitted the certificate of the key server. To fix this issue, I need to add the certificate of the CA to my list of trusted certificates.

The question is: how can I get this certificate in a safely manner? By safe, I mean the certificate can’t be compromised by a man-in-the-middle attack, for instance.

Using openssl, I can see the certificate of the key server is signed by sks-keyservers.net:

$   openssl s_client -showcerts -connect hkps.pool.sks-keyservers.net:443 CONNECTED(00000005) depth=1 C = NO, ST = Oslo, O = sks-keyservers.net CA, CN = sks-keyservers.net CA verify error:num=19:self signed certificate in certificate chain 

But how can I trust the certificate given by this command? How can I be sure no attacker falsified the anwser?

Securely execute child process on embedded Linux


Background

I have an embedded Linux devices and need to invoke a subprocess. I try to avoid it but sometimes it’s the most practical thing to do, e.g. calling networking commands like ip, networkmanager or doing data processing using an proprietary program.

The simplest thing to do is to call system(3) but then these bad things can happen:

  • Neither program name or arguments are sanitized.
  • PATH is modified by an attacker causing the wrong program to be executed
  • Another environment variable such as `IFS is modified by the attacker
  • If the attacker has been able to gain access to the child program, he may see open files which were not closed
  • And he/she may be able to gain elevated privileges if root privileges were not dropped.

So I probably should not rely on system(3) but write my own fork+exec function; pass the full path to the binary to be executed; make any arguments to the child process hard-coded; sanitize the environment variable; close open files; and drop privileges.

I’ve read the advice given in TAOSSA and John Viegas Secure Programming Cookbook

My Question

  • Are these steps sufficient?
  • Can someone point to generic implementation of procedures for safely executing subprocesses in C and C++
  • Do I have to drop capabilities as well?
  • Should I consider running child processes in more isolation? If so, what options are available to me? seccomp filters? Namespace sandboxing?

Which Physical vault would be the better option for storing and monitoring the Master Password securely? and how to do that?

Need a solution to secure manage the access to the master password of a password management tool- last pass, that we would soon be rolling out requirment is 2 people in XY country and 2 people in AB Country (for business continuity) will need to participate in the process of accessing the master/ super admin password Which Physical vault would be the better option for storing and monitoring the Master Password securely?

Securely encrypt and decrypt files via PBE in Java (Jasypt seems insecure)

Requirements:

  • I have a Java app, which among other things, needs to encrypt/decrypt binary files on the file system. I’m planning to use PBE (password based encryption) since the password will be entered by the user each time they use the app (it’s not stored anywhere).
  • I don’t know if AWS KMS (key management system) or Google KMS can assist in any way, but it doesn’t matter since remote services are not allowed to be used for this project.

My Questions:

  • Are there any Java libraries that will help me achieve my requirements, aside from directly interacting with the JCE API (java cryptography extension)? I’m not a security expert and don’t want to misuse the JCE.
  • I’m also open to other ideas that don’t use a Java library, however, it must nicely integrate with my primary Java application.

Google Tink:

Tink doesn’t support PBE.

The lead developer of Tink (Thai Duong) has stated as such. Thai does say it is possible to achieve using an internal API (AesGcmJce.java), however, he goes on: “This is not recommended because the subtle layer might change without notice”. I want a stable solution, so Tink doesn’t cut it.

There is an open github issue to add PBE to Tink.


Jasypt:

Jasypt doesn’t seem secure.

If you want to know the details, read on, but it’s not required…

Jasypt is supposed to make PBE tasks easier, and the API is very simple, but the default parameter values it uses seem to be those which haven proven insecure (e.g., MD5 and DES). I can manually configure it to use more secure options but the very fact that its defaults are insecure makes me wonder what other aspects of the library are insecure.

For example, here are its default values when using the API:

  • Encryption algorithm: PBEWithMD5AndDES
  • No IV generator
  • Random salt generator of 64 bits using SHA1PRNG (java.security.SecureRandom)
  • KDF using MD5 with 1000 iterations

I can manually change the defaults to obtain the following configuration:

  • Encryption algorithm: PBEWITHSHA256AND256BITAES-CBC-BC
  • Random IV generator of 128 bits using SHA1PRNG (java.security.SecureRandom)
  • Random salt generator of 128 bits using SHA1PRNG (java.security.SecureRandom)
  • KDF using SHA256 with 1000 iterations

The API is super simple. Here’s how to instantiate the Java object which encrypts and decrypts binary data using the default settings (PBEWithMD5AndDES, etc):

StandardPBEByteEncryptor binaryEncryptor = new StandardPBEByteEncryptor(); binaryEncryptor.setPassword(password); byte[] cipherBytes = binaryEncryptor.encrypt(plainBytesArray); 

In order to make things more secure I installed a lib called Bouncy Castle which adds many cipher algorithms for use by the JVM. Among the many options I chose PBEWITHSHA256AND256BITAES-CBC-BC. Similar to the code above, here’s how I instantiated the more secure configuration:

StandardPBEByteEncryptor binaryEncryptor = new StandardPBEByteEncryptor(); binaryEncryptor.setPassword(password); binaryEncryptor.setProvider(new BouncyCastleProvider()); binaryEncryptor.setAlgorithm("PBEWITHSHA256AND256BITAES-CBC-BC"); binaryEncryptor.setIvGenerator(new RandomIvGenerator()); binaryEncryptor.setSaltGenerator(new RandomSaltGenerator()); byte[] cipherBytes = binaryEncryptor.encrypt(plainBytesArray); 

The library does have its own “stronger” encryptor classes (StrongBinaryEncryptor, AES256BinaryEncryptor, etc) but like I said, I’ve lost confidence in their software (unless you can explain otherwise).


Help:

Please help 🙂
thx

How to store ECDSA public key securely in Android

I am writing an Android application that needs to verify that a request is sent from a trusted party (me).

This is my current solution:

Storing keys:

  1. Generate ECDSA public key / private key from a server.
  2. Store private key in server. Store public key in Android app, hard-coding it as a static final String.
  3. Deploy Android application.

Request some action from server to Android app:

  1. Server requests a challenge message to the Android app.
  2. Android app creates a random String and sends it to server.
  3. Server signs random String with private key and sends it to Android app.
  4. Android app verifies signature from server, if signature is verified, perform some action.

The question:

From what I understand, it is easy to reveal the server’s public key by decompiling the APK. Then it seems pretty easy for the attacker to recompile the APK with the attacker’s own public key, rather than the server’s key.

If my understanding is correct, how can I securely store the server’s public key so that an attacker cannot modify it?

How to securely transfer files from a possibly infected WinXP machine to Linux?

There is an old Windows XP installation that was being used without even an antivirus. This WinXP computer has files. These files are important and should be moved to a Linux installation. Given the lack of any security practices on the side of the WinXP owner it seems possible that the data contains malware.

I can now:

  • Ignore this and simply keep using these files in Linux; after all Linux is supposed to not need AV.
    • At the very least the files should be scanned to avoid accidental redistribution of malware if they are ever sent to anyone else again
    • The files contain eg a multitude of .odt / .doc documents – maybe it’s a very remote possibility, I don’t know, but malicious macros are OS independent?
  • Install ClamAV on Linux machine, scan the files, remove Clam afterwards.
    • AFAIK ClamAV is known for its poor detection rate – scanning the files with it is only marginally better than not scanning at all?
  • Install an AV on the WinXP machine (Panda Free AV still supports WinXP, doesn’t it?), scan the files there, only transfer them afterwards.
    • Which means going online with WinXP once again – this just feels wrong
  • Any options I overlooked?

I feel stuck. Not sure how to progress.

Note I wouldn’t like to manually inspect the files and eg remove any potentially suspicious files like .exe files while leaving safe files like .png files intact. Reason is the data is not mine, I was just asked to transfer it so that someone else may use them.

What is the accepted best practice in a situation like this?

Quarantine virus found – how to remove the file securely?

There is a file found by antivirus program and it was put into the virus’ quarantine section (its not a false positive).

Now I don’t know how to handle this “quarantined” files.

1) What is the best practice and secure way to deal with them? Delete from quarantine, or let them in there?

2) If i delete a file from the quarantine, does it mean that it goes to the “recycle bin” of the computer and is thus still existent on my PC, and could be recovered by some tools like Recuva? Or will it be gone for ever

3) What happens if there are files in the quarantine and you accidentally de-install the antivirus program from your PC, what happens to the files?

Thanks.

Would a difficult to access “Key” be an option to securely solve the Apple vs. FBI problem?

In recent times, there has been an escalating demand by legislators in the US and the world around to be able to decrypt phones that come pre-configured with strong encryption. Key escrow is commonly suggested as a solution, with the risk seeming to arise out of the escrow agent misusing or not appropriately securing the keys — allowing for remote, illegal, or surreptitious access to the secured data.

Could a system secure from remote attack be devised by adding an offline tamper-evident key to the device? This could be an unconnected WLCSP flash chip or a barcode within the device with the plaintext of a decryption key.

I recognize the evil maid attack, but presume a tamper seal could be made sufficiently challenging to thwart all but the most motivated attackers from surreptitious access to the data.

What would be lost in this scheme relative to the current security afforded by a consumer-grade pre-encrypted device (cf. iPhone)? Bitcoin, Subpoena efficacy, and other scenarios that seem fine with “smash and grab” tactics come to mind.