Posts by D. M. Stanley

Carrier IQ Subverts HTTPS Protections

2011-12-15T12:50:00.001-08:00

There have been many recent news articles describing Carrier IQ. Carrier IQ is a piece of software that runs on mobile phones and collects information about user behaviors. According to the software manufacturer Carrier IQ does not collect sensitive data. Some have labelled Carrier IQ a "rootkit" because of its stealthy behavior ad level of access.

While watching the original demonstration of Carrier IQ, I noticed that many things were being written to the system log including web URLs (the author notes this as well). The collection of URLs may include those that use the HTTPS protocol (encrypted web traffic). The URLs may also include GET parameters (words after the question mark). GET parameters act as variables and are sent to the web server as a way to customize the resulting web page for the user. For example the following URL could be used to authenticate someone to a web service (think bank):

https://secure.foobar.com/baz?username=foo&password=bar

The intention of the HTTPS protocol is to provide transport-layer end-to-end encryption. The end points are supposed to be the web browser and the web server. HTTPS uses SSL/TLS to provide the encryption. Transport-layer encryption by nature does not protect the privacy of the source and destination ip addresses. It protects the privacy of everything in the application layer which includes GET parameters and all other HTTP data (web page contents, HTTP headers, POST parameters, etc). Once my HTTP request leaves my browser it is supposed to be encrypted until it is decrypted on the server (end-to-end!).

However, because Carrier IQ writes the URL, including parameters to the system log file they break the end-to-end encryption. This caught my attention. This is not a small matter. Now that the data is in the system log it is available to all other software on the phone! Not good.

I spent about one hour creating a proof of concept Android application that scrapes the system log and sends all HTTPS URLs, including parameters, to another computer connected to the Internet. My application also grabs the device ID and sends it along with the URL (for the demo below I used the Android emulator which has all zeros for its device ID).

The application had to request the Android "READ_LOGS" and "INTERNET" permissions. These permissions are very common. The "READ_LOGS" permission is often used by developers so that end users can send log files with bug reports. The "INTERNET" permission is used by all apps which need network access (many).

My app uses a giant user interface button to perform the log scraping. But imagine that the application ran as a service and ran without the user knowing (it is an easy change). The end result would be a hidden application that could be secretly spying on you. It could be installed as part of another seemingly legitimate application. Of course the private data being leaked isn't limited to HTTPS traffic, HTTPS is just the case that caught my attention.

I captured a screencast of my application scraping data from the logs and dumping it to an external server. This is not rocket science. For anyone with Android app development experience it would be trivial to write. My point wasn't to show off my mad hacking skills but to try to further emphasize the seriousness of this problem.

Note: I do not have a Carrier IQ plagued device. I injected similar log entries for testing my proof of concept application. I based my formatting of the log entries on the original demonstration.

Note: Quite surprisingly my log file had other HTTPS urls in it which were written by other applications. At least those applications were only leaking their own application information. For example I now have a Facebook developer key that I easily extracted from the log file. Not sure who the key belongs to. I don't think that I am supposed to have it. Come on developers, you are supposed to remove your debug messages before distributing your app!

Why the iPad is Good for Security

2010-04-09T12:14:00.001-07:00

A few weeks ago a rather chatty fellow sat next to me at the coffee shop where I was working and said: "How do you like your Mac?" I replied. He then said "I hate Macs." I told him that I think people should use whatever computer operating system they find useful. I mentioned my area of research, computer security, which piqued his interest. He said "I don't have any antivirus software on my Windows PC and I don't have any viruses." He assumed that he had no viruses because there was no evidence (nothing crashed or disappeared). He went on to report that his computer runs pretty slowly (which I found quite humorous). I told him that he didn't have *a* virus, that he actually had *many* viruses. I explained a little about botnet zombies to which he replied "I just want to read email and watch videos." He didn't seem to care in the least bit that his privacy may be at stake or that his computer may be participating in computer crime.

A research project that I am part of, Poly^2, investigates the idea of increased security through the use of specialized operating systems. In short, the idea is that we could tailor make OS's for specific tasks. The idea isn't as simple as merely turning off unused network services (though that is a good idea in general). It goes further. It tries to restrict the primitive functions of the OS (such as memory access) to the bare minimum needed to carry out the specific task. Those who have studied information security may recognize this as the "principle of least privilege". General purpose OS's defy the principle of least privilege, especially in the context of consumer-grade computers.

The iPad isn't necessarily a realization of the full Poly^2 ideology. However, I think they are related. If Joe Blow just wants to "read email and watch videos." what options does he have? He could buy a standard PC (from here forward PC refers generally to personal computers, no OS is implied) and patch it every six days. However, the act of patching a computer is distinctly not reading email or watching videos. Should Joe be able to read email and watch videos without additional responsibilities? It seems like a reasonable desire to me. Joe isn't required to patch his car even though it likely uses a microprocessor.

Botnets are a huge problem. Some botnets, like Confickr, control millions of zombie PCs. The zombies are made up of unpatched PCs. Many of them are likely owned by people like Joe who just want to consume information. If all of those people, who don't require a general purpose OS, were to buy media consumption devices (MCDs) such as the iPad, instead of PCs then we would likely see a dramatic reduction in botnet zombies.

Most of the criticisms I have seen of the iPad revolve around the assumption that it is a PC. It is not a PC. If you are comparing it to a PC, then yes you will likely be disappointed. I heard someone say that they didn't like it because it wouldn't run MatLab. If you want to run MatLab or Photoshop you should not buy an iPad. Some have criticized the iPad and iPhone because of their closed nature. I haven't developed for either, I prefer Android myself, so I don't know first hand what is required. However, as far as I can tell their APIs are available and they allow you to program in open standards programming languages. Will the iPad have security vulnerabilities? Of course! However by carefully controlling what applications can be created with and how they can be distributed, Apple can strongly influence and remedy future vulnerabilities.

Is the iPad for me. Probably not, I am not Joe. It may however be a good media consumption device for my wife.

OS X Bug : Problems connecting to WPA Enterprise with 10.5.8

2009-09-05T11:41:00.000-07:00

I have recently had trouble connecting to Purdue's wifi network named PAL2.0 (which requires WPA Enterprise/TTLS/MSCHAPv2/PEAP). Purdue's technical support (ITAP) attempted to help me but was unsuccessful (it isn't their fault). I found my own fix and wanted to share it with others who may be having the same problem. Basically the problem was introduced by Apple with Mac OS X, update 10.5.8.

The problem:
- Can't connect to PAL2.0 (sporadic)

Symptoms:
- Repeatedly tries to perform MSCHAPv2 authentication, never gets IP address. I have captured a screencast demonstrating the problem.

Setup:
- Macbook Pro (maybe other models? mine is a 2007 model) running OS X 10.5.8

Fix:
- Revert to the wifi firmware to pre-10.5.8 version. I followed these instructions (proceed at your own risk)
- If you have the right model of mac (I did not), you may be able to apply this patch from Apple.

OS X Bug : 802.1x TTLS defaults to CHAP even if changed to PAP

2009-07-10T11:01:00.000-07:00

While configuring freeradius I uncovered a nasty Mac OS X bug. My goal is/was to authenticate Mac OS X (leopard) to WPA2 using RADIUS configured to authenticate to LDAP (over EAP+TTLS+PAP).

Scenario #1 (broken)

When I get within range of a WPA2 EAP+TTLS+PAP WIFI connection I am prompted to login. If I try my login, it will fail because I have not configured 802.1x to use TTLS+PAP which is expected. If I then try to configure TTLS to use PAP using the 802.1x configuration dialogs, it will display "PAP" in the configuration dialog but it will not actually use PAP, it will continue to try to use its default CHAP authentication inside of TTLS. I am then never able to connect to this access point without deleting it and starting over (as below).

Scenario #2 (working)

However, if, with my wireless card turned off, I configure 802.1x authentication profile in advance of connecting to the same access point. Then turn on my wireless card. Then instead of entering my user/pass when prompted select "Join Other Network" and manually assign the new and correct 802.1x profile to the new wifi connection. It works as expected. It was nontrivial to track down this problem. I am using freeradius and found that despite having PAP listed under TTLS the following was logged:

MS-CHAP-Challenge = 0x...
MS-CHAP2-Response = 0x...

I have deliberately not enabled CHAP in my freeradius configuration so I knew something was up. After I finally got it working (using scenario #2), those two MS-CHAP log entries disappeared. A few of the freeradius log messages that were symptoms of the problem are as follows (in hopes that others may find this post):

pap No clear-text password in the request. Not performing PAP.
...
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Failed to authenticate the user.

Apache mod_rewrite and the HTTP Host Header

2009-06-04T07:57:00.000-07:00

I am involved with a web project that bases some application logic on the hostname of the server. During the development phase we wanted to test host-specific logic without modifying hostname resolution (through /etc/hosts or DNS) or modifying the code with specific development hostname conditionals. To accomplish this task, I crafted some handy Apache mod_rewrite rules:

<VirtualHost> ... # requires mod_rewrite and mod_headers RewriteEngine On RewriteCond %{REQUEST_URI} !^/set_site.html$ RewriteCond %{HTTP_COOKIE} ^.*choose_site=([^;]*).*$ RewriteRule ^(.*)$ $1 [E=SET_SITE:%1] RequestHeader set Host %{SET_SITE}e ... </VirtualHost>

The first condition matches anything but the form used to set the site cookie (choose_site). I am not entirely sure why, but if this conditional is omitted an infinite redirect happens. To keep the application code base clean I used mod_alias to alias this form to a location outside of the DOCUMENT_ROOT.

The second condition extracts the hostname from the cookie and places it in magic variable %1. The rule just passes through all requests and sets the apache environmental variable SET_SITE. This step is necessary because mod_headers can't use the mod_rewrite generated %1 variable.

Finally the last directive sets the Host header of the request, which if you're lucky, will get passed up to your scripting language for use in the logic.

Apple Address Book and IM Values

2009-05-29T11:55:00.000-07:00

I have recently been working on centralized authentication using OpenLDAP. Beyond authentication, LDAP-based directories can be used as a shared address book. Most desktops being used by our organization are Apple computers. The system address book, known as "Address Book" may be configured to access an LDAP directory. Bingo! Unfortunately, the Address Book is only interested in a subset of attributes that are stored in the LDAP directory. Using wireshark, I found that it asks for the following attributes:

givenName
sn
cn
mail
telephoneNumber
facsimileTelephoneNumber
o
title
ou
buildingName
street
l
st
postalCode
c
jpegPhoto
mobile
co
pager
destinationIndicator
labeledURI
IMHandle

The Address Book works as expected with one exception. The last field it requests, and it receives from LDAP, is IMHandle. It would be nice if IMHandle was *actually* supported by the Address Book, however no matter how much brute force I used, I could not get IMHandle to show up in the Address Book. The application appears to receive the value for IMHandle but discards it. By the way, getting the Apple LDAP schema (which enables the storage of IMHandle) to cooperate with our other LDAP schemas was kind of ugly.

The solution? I figured out that we could use the labeledURI field to store IM information. Both Jabber and AIM have a protocol specification that works with the Mac and Firefox (and likely other software). The format is as follows:

Jabber (such as Google Talk): im:ACCOUNT_NAME@gmail.com
AOL Instant Messenger: aim:goim?screenname=ACCOUNT_NAME

The Address Book then shows the first (and only the first) labeledURI. So if we set the first value of labeledURI to the user primary IM URI, it shows up in the Address Book and is even "clickable".

Hey Apple Developers, how about supporting IMHandle in Address Book? Or at least show multiple labeledURI values.

Comparative Analysis of OpenPGP and S/MIME

2007-04-21T16:23:00.000-07:00

About

Both S/MIME and OpenPGP are end to end security mechanisms that facilitate secure email transmission. S/MIME and OpenPGP are competing technologies that operate in much the same way. This document aims to analyze the difference between the two technologies, and to describe the costs and benefits of each.

PGP is the common name for a security methodology first introduced by Philip Zimmermann. PGP is an acronym for "Pretty Good Privacy". The IETF standard for this methodology is referred to as OpenPGP. OpenPGP is described by RFC 2440.

S/MIME is short for Secure/Multipurpose Internet Mail Extensions. It was first developed by RSA Data Security, Inc. The S/MIME standard is described by RFC 3851. Not all versions of the technology are part of the standard.

History

OpenPGP

PGP was first developed by Philip Zimmermann in 1991. The source code of the project was distributed with the program and a team of developers emerged around the project. In 1996, Philip and his team formed PGP Inc. PGP Inc. created versions three, four and five of PGP.

In 1997, the technology branched in two directions. First, in July, amidst growing concerns over algorithms with licensing difficulties, Philip and a subset of the team proposed an "Unencumbered PGP" to the IETF for standards consideration [WIKIP-OP]. The proposal was accepted and given the formal name OpenPGP..

In December of 1997, PGP Inc. was aquired by Network Associates, Inc (NAI). Philip left NAI in 2001 to join Hush Communications, an OpenPGP based mail service provider. In 2002, NAI sold PGP assets to a group of original PGP team members excluding Philip [WIKIP-OP]. The newly formed company was named PGP Corporation, and it is still in business selling PGP based technolgogies. Philip serves in an advisory role for the company.

OpenPGP is still on the standards track (as of this writing), and is being actively developed. One primary implementation of the standard has emerged from the GNU project, named GNU Privacy Guard (GnuPG).

S/MIME

S/MIME was first developed by the RSA Data Security Inc. in collaboration with other private organizations [IMC]. Early versions of the technology were not part of the standards track, primarily due to patent restrictions on the RSA encryption algorithm used in the technology. Version three of the technology was the first to be part of a standard in 1999. However it was defined by RFC 2633 which has since been obsoleted by S/MIME version 3.1 described by RFC 3851. RFC 3851 is the current standard and the topic of this document.

One Distinct Difference

OpenPGP is a general purpose encryption methodology. As stated by the OpenPGP RFC it is "data integrity services for messages and data files." S/MIME is specifically designed for MIME-encapsulated data. Generally this means email, but technically it could mean any technology supporting MIME encoding. From the S/MIME RFC, "S/MIME provides a consistent way to send and receive secure MIME data."

This is an important distinction. OpenPGP can and does have practical application outside of the context of Internet messaging. For example:

A user may choose to encrypt their entire home directory to protect data on disk. All documents stored inside the directory would be encrypted and only accesible with the corresponding private key.
A user could encrypt a single file, then use delivery mechanisms other than email, such as FTP, to transfer the file to its destination.

Products exist for both the commerical PGP specification and the OpenPGP specification. Additionally GnuPG can be used as a library by third party programs to enable encryption and decryption for many different scenerios.

Similarities

Both OpenPGP and S/MIME function in much the same way. We will ignore the fact, for now, that OpenPGP has use outside of email and focus on its merits as an email encryption methodology. Both OpenPGP and S/MIME are end-to-end encryption methodologies. In other words, the data is encrypted at the origination site, transmitted in a standard networking envelope (the traffic patterns are not protected) and decrypted at the destination site. Additionally, both use public-private key type encryption.

Process

The following list describes the common path taken by an email message transformed by either technology:

Compose message
Encrypt/sign message with private key
- Sign message
- Encrypt data (requires recipients public key)
- Sign message and encrypt data (requires recipients public key)
Transmit message
Decrypt/verify message with senders public key
- Verify signed message
- Decrypt data (requires recipients private key)
- Verify message and decrypt data (requires recipients private key)
Read message

Encryption and Signing Process

There are many details involved in describing the encryption and signing process. For the purposes of this document we will explore where they are different in the process. For simplicity, we will compare S/MIME to OpenPGP, not OpenPGP/MIME (see below), and we will show situations where encyption and signing are occuring.

OpenPGP Encryption & Signing

Plaintext message created (M)
M hashed (H)
H encrypted (EH)
EH and M concatenated (EHM)
EHM compressed (Z)
Z symettrically encrypted with session key (ZS)
Session key encrypted with recipient's public key (SP)
ZS and SP concatenated (EM)
Encrypted and signed message, EM, complete

S/MIME Encryption & Signing

OpenPGP is assembled as shown with a couple of concatenations of parts. S/MIME divides these parts into separate subtype MIME entities. These separate entities can encapsulate each other and be applied in any order because they all result in MIME encapuslated output. Following is a listing of the relevant "Content Types" according to the RFC:

Data
SignedData
EnvelopedData
CompressedData

S/MIME prior to version 3.1 did not provide compression. Compression was added to 3.1 as a MIME type. It is not clear how well current S/MIME client programs support compression . The prevailing community information indicates that compression is not well supported. Presumably, if compression were implemented, OpenPGP and S/MIME would map roughly in the following way:

OpenPGP Step	S/MIME Content Type
Plaintext message created (M)	Data
M hashed (H) H encrypted (EH) EH and M concatenated (EHM)	SignedData
EHM compressed (Z)	CompressedData (see above)
Z symettrically encrypted with session key (ZS) Session key encrypted with recipient's public key (SP) ZS and SP concatenated (EM) Encrypted and signed message, EM, complete	EnvelopedData

Transmission Format

OpenPGP has two message formats: OpenPGP and OpenPGP/MIME. OpenPGP, by default, offers a non-mime-encapsulated message transmission. In other words it is equivalent to a standard plain text email without any attachements. OpenPGP/MIME is similar in formatting to S/MIME. Both use MIME encapsulation for the transmission of data and signtures. Following are actual transmissions of encrypted and signed data (just signed or just encrypted would have similar characteristics):

OpenPGP - Signed & Encrypted



From: sender@555.com
To: recipient@555.com
Subject: Test Sign and Enc
Content-Type: text/plain;
 charset="iso-8859-1"

-----BEGIN PGP MESSAGE-----
Charset: ISO-8859-1
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

hQIOA1D+V4G4ChJkEAf/Q9gyX3nshwfjJiwBZVoZ/RcRRDeDmZC1czezhw2IHERT
CUEPlOvis/s7X7iv/6Fs3ycdOEB0/B74oTeIOIK7hdHGkDXg5LL1fPj9eBm46ETa
fN1unMpzdXrk94R6eg+s0Pz1/+cR4Dv45BX2pqZJBTSg4WrC0TBT5U9uKWS4lXYQ
QMTRlvSl+K6ZlM5VCeB8FpRcKGqFs6mTIUNo/l+oTGFaDE/iWd4cd07WXbBekiNZ
...[segment snipped for readability]...
2f30QgYMWXnyAZAh//dapq7yg+UFIaiZinF4pYOIR5U2VmctEygXIm8+a433UypG
Ot0RErIE+gwUGyfkGG5aXrG1plcvrPuvR3pFkwvf19jpatlL4pMARr+eGHIG/rQN
HuE1M2OUOsIr7pKkpbZ423gcgE1MYoGo8YWGRRBwNTbsRdwaLGfJ1IjYCCRT5eap
os8XHKH2SITlYazz6gpG7htkSFDhj8a+UeoezXmyYnuYA13VLQHDKQ/eYMvQOpum
1sh9VmHjGp1jypC1pcY=3D
=3D1HFW
-----END PGP MESSAGE-----

OpenPGP/MIME - Signed & Encrypted


From: sender@555.com
To:  recipient@555.com
Subject: test PGP/MIME
Content-Type: multipart/encrypted;
 protocol="application/pgp-encrypted";
 boundary="------------enig371AFEE0FF01CE1E773B775E"

This is an OpenPGP/MIME encrypted message (RFC 2440 and 3156)
--------------enig371AFEE0FF01CE1E773B775E
Content-Type: application/pgp-encrypted
Content-Description: PGP/MIME version identification

Version: 1

--------------enig371AFEE0FF01CE1E773B775E
Content-Type: application/octet-stream; name="encrypted.asc"
Content-Description: OpenPGP encrypted message
Content-Disposition: inline; filename="encrypted.asc"

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

hQIOA1D+V4G4ChJkEAf/R5yUQuWvLQY1XBdi9I3qCLIzKFCMv+XzOx1HUvs4kbGL
0FrQulEBzCtkNR9E6iflWkrlxZoPyrZ2Jec3wPidvVX6FxAoKFVdr/WW2pKd5iyW
KfKztEl35PjInwlqsT/XS9JXFL2yy83uzCr/R9K0KgRUUa0evr0IdhI7xCEXQoIj
5rYAoG8lxQzzkaMb+l3V/HwBiKu9unmQcrcTF9VU3IG9FqMkex9eiqbSjefoWOmm
...[segment snipped for readability]...
WAdF3IxeZbxLMDBlQCuvc8Kug6jXaKeONYrhva7rzaBHvdILECJeJXznd4hyPsuk
CCN3momgnC2y2RFWVosl0JxJiIjd2a8JALK2N07DVX7Z3qd4rw/Ra1fpnhcCX0ob
Nbs+ahvAccTegkfOeisUYQOGrrNz7uxDhSlM1JVd4dQd2mB9VA9eQwpHtIM7QOA1
pfNprvFq7vVP3GZ0Nbo71I2BgMklhnuVl919vyOXQjpkTaxh4i/6lztTV4ay+4yb
smiF0cgByg==
=1wu6
-----END PGP MESSAGE-----

--------------enig371AFEE0FF01CE1E773B775E--

S/MIME - Signed & Encrypted

From: sender@555.com
To: recipient@555.com
Subject: Testing S/MIME Enc
Content-Type: application/x-pkcs7-mime; name="smime.p7m"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7m"
Content-Description: S/MIME Encrypted Message

MIAGCSqGSIb3DQEHA6CAMIACAQAxggMkMIIBjgIBADB2MGIxCzAJBgNVBAYTAlpBMSUwIwYD
VQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVy
c29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIQTSqaMaVxLd7IQrJvKRr4vjANBgkqhkiG9w0B
AQEFAASCAQAFYfRWKLZvmLlehIFYRNb153/H07aveQvVpWIMB7IDVnJvuMfANSFFnn2Dr8CP
...[segment snipped for readability]...
RSfYf9wEj40OMZGWDHfHbwNPCIz0usiD4xhUdqEUmmQMb8JtZ+NNf72Lepla/l57n3YSoLUf
LX+RqhtCX56MI2ynbXRHIAC1519NDFVwJArF225km6lic3A7/GoxvQDMPHocMJUf7OW6Fs5T
mWj/DriO18fsdbDZbAM2FgTyaszWi8QhEglcSw5bDSfQPdYtU8HyBaA6lxrZcTjshp5vt8Or
UcaGG0NQINx/KQYxkksREExI3mnSPTaxapyl2JjXSAQIpNuen07JarwAAAAAAAAAAAAA

Algorithms

Both technologies share a number of algorithms. The following table represents each function and its corresponding set of technologies as described by their respective RFCs (shared algorithms have added emphasis):

Function	OpenPGP	S/MIME
Public Key	RSA, Diffie-Hellman, DSA, Elgamal, Elliptic Curve, ECDSA	RSA, Diffie-Hellman, DSA
Symmetric Key	AES, Triple-DES, IDEA, CAST5, Blowfish, SAFER-SK128, DES/SK,	AES, Triple-DES, RC2
Compression	ZLIB, ZIP	ZLIB (as described in related RFC 3274)
Hash	MD5, SHA-1, RIPE-MD/160, Double-Width SHA, MD2, TIGER, HAVAL	MD5, SHA-1

Web of Trust and Public Key Infrastructure

OpenPGP and S/MIME both provide mechanisms for authenticating parties. OpenPGP relies on a concept called a "Web of Trust." It is essentially a distributed peer validating service. The concept was introduced by Philip Zimmermann. It works much like social networking. Person A, Alice, sends her public key to person B, Bob. Bob adds Alice's public key to his key ring and optionally indicates his level of trust in Alice's key. Over time the trust endorsements are calculated and the net effect is a decentralized "web of trust."

S/MIME relies on Certificate Authorities (CA) to authenticate parties. This is similar in nature to the way SSL certificates are issued for serving secure web sites. Various models are used by CA's to authenticate a person. Generally it is similar to authenticating with a government agency. A person must provide several forms of identification.

Both OpenPGP and S/MIME allow you to use them relatively untrusted. In other words, you may generate or obtain valid private and public keys that are useable but are "untrusted". This is a good thing for getting started quickly with each technology. For example if one wanted to communicate securely with someone who had never used either technology the recipient could quickly be up and running enabling them to communicate in a timely manner.

The primary difference between a Web of Trust and a Public Key Infrastructure is a matter of trust. Do you trust a decentralized peer group or a centralized organization?

Implementation

Both OpenPGP and S/MIME are well supported across many platforms and applications. For the purposes of this document, a test was conducted on the following platforms and applications:

Linux

OpenPGP

S/MIME

Mac OS X

OpenPGP

S/MIME

Windows

OpenPGP

S/MIME

Outlook
Mozilla Thunderbird

Evolution, Mail.app and Outlook were considered, for the purposes of this paper, to be the most entrenched mail applications on each platform. This is not a completely fair assertion for the Linux platform as many good email clients exist for that platform. However, Evolution is very similar to Outlook which increase its likely usage in business settings.

All tested software listed above were fairly easily installed and configured. It is worth noting that all tested Mail User Agent's (MUA) support S/MIME by default and all MUA's required a plugin to support OpenPGP. With the exception of Evolution which came preconfigured for both technologies.

Problems only occurred with one tested program, Gpg4win's Outlook plugin. Specifically, Outlook with Gpg4win could not encrypt plaintext formatted email messages. Working from a bug report found online it was discovered that by composing HTML formatted email messages worked as expected. For Outlook PGP integration PGP.com's PGP Desktop may be a better choice.

A few notes from the tested products:

S/MIME integration was very easy for all mail clients
Enigmail makes OpenPGP integration very easy for Thunderbird.
Evolution could use an integrated GPG key management window. External applications exist for this purpose but an integrated window, similar to Enigmail, would improve usability.
Similar criticism applies to Mail.app. An integrated key management window would improve usability.
The easiest configuration was S/MIME for Mail.app. Though most S/MIME configurations were simple, Mail.app was completely configured by adding the S/MIME key to the system keyring, simply by double-clicking the key file.
Thunderbird should be noted. It was the only cross platform mail application. Additionally it was easily configured to use both OpenPGP and S/MIME. Certainly Enigmail makes it the easiest OpenGPG implementation.

Summary

The largest difference between OpenPGP and S/MIME is the ability for OpenPGP to encrypt a variety of data types not limited to MIME encoded data types. This gives OpenPGP a decided edge over S/MIME in the way of versatility.

For large data streams, OpenPGP provides more efficient compression. Though compression is available in the S/MIME specification it is implemented as an MIME container. In other words, the contents to be compressed have already been encoded per the MIME specification, usually Base64. Base64 actually grows the data by about 137% [WIKIP-B64]. In contrast, OpenPGP compresses the original plaintext, and optionally the signature prior to encryption or any type of encoding.

Both OpenPGP and S/MIME use industry standard encryption algorithms. Neither technology is more secure than the other, barring esoteric arguments. Some would rank each technology based on the trust model used. However, the security aspect of each trust model is subjective.

The trust models used for each technology are very different in philosophy. In practice, neither method is more difficult to use than the other. It is arguable that S/MIME is more attractive due to its similarities to SSL certificate distribution, a model already trusted by most web users implicitly.

S/MIME has an advantage when it comes to implementation. All mail clients tested came with S/MIME support built in. As a result, the barriers to entry for a new user are lower. Generating an S/MIME certificate required a bit more effort than OpenPGP. So the time commitment for setting up each initially is similar. However the zero-footprint install may be attractive to those managing many workstations.

How would one choose between the two technologies? Many factors play a part in this decision. The following table provides a visual representation of the pros and cons of each technology:

Function	OpenPGP	S/MIME
Versatility	+	-
Space Efficiency	+	-
Security	+	+
Trust Model	+	+
Implementation	-	+

References

[WIKIP-OP] - Wikipedia:Pretty Good Privacy: http://en.wikipedia.org/wiki/Openpgp
[WIKIP-B64] - Wikipedia:Base64: http://en.wikipedia.org/wiki/Base64
[IMC] - S/MIME and OpenPGP: http://www.imc.org/smime-pgpmime.html
RFC 2440 - OpenPGP Message Format: http://www.ietf.org/rfc/rfc2440.txt
RFC 3851 - Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification: http://www.ietf.org/rfc/rfc3851.txt
RFC 2633 - S/MIME Version 3 Message Specification: http://www.ietf.org/rfc/rfc2633.txt
RFC 3274 - Compressed Data Content Type for Cryptographic Message Syntax (CMS): http://www.ietf.org/rfc/rfc3274.txt

Linux Kerberos Authentication

2006-01-09T21:00:00.000-08:00

Summary

This document describes the methods used to authenticate Linux machines against a central kerberos realm.

Please note: Many documents found on the web describe Kerberos authentication as it relates to Samba and joining a Samba server to a Windows domain. They are two different things, so don't confuse them. This document describes how to authenticate against a Kerberos realm (Active Directory in our case) via PAM (Pluggable Authentication Modules).

Why use Kerberos and not NTLM

Kerberos is a standard protocol, NTLM is proprietary.
Kerberos is more secure than NTLM.
Kerberos is the "new" mechanism used by Windows servers. NTLM is the Windows NT domain authentication method.
According to Microsoft Kerberos is more efficient than NTLM.

Server Configuration

This document contains diff files which are relevant only to Red Hat Enterprise Linux AS release 3 (Taroon Update 5). Concepts should transfer.

Be sure to have proper rpms installed: up2date pam_krb5 krb5-libs krb5-devel krb5-workstation
Modify /etc/krb5.conf
- Reference (these links give you in-depth information, skip to examples if you don't care)
- Examples
  - krb5.conf.diff Diff for a working krb5.conf file.
    - Copy the contents or the file krb5.conf.diff to the server.
    - cd /etc
    - patch -b -i krb5.conf.diff krb5.conf (makes backup of original)
  - krb5.conf Working krb5.conf file.
Modify /var/kerberos/krb5kdc/kdc.conf
- Might not exist so make it first:
  - mkdir -p /var/kerberos/krb5kdc
  - touch /var/kerberos/krb5kdc/kdc.conf
- Reference (these links give you in-depth information, skip to examples if you don't care)
  - kdc.conf Manual Page
- Examples
  - kdc.conf Example file.
Modify relevant PAM service files:
- For LOGIN service only (telnet,ftp,xinetd-based-services), modify /etc/pam.d/login
  - login.diff Diff for a working login file.
    - Copy the contents or the file login.diff to the server.
    - cd /etc/pam.d
    - patch -i login.diff login
  - login Working login file.
- For SSHD service only, modify /etc/pam.d/sshd
  - sshd.diff Diff for a working sshd file.
    - Copy the contents or the file sshd.diff to the server.
    - cd /etc/pam.d
    - patch -i sshd.diff sshd
  - sshd Working sshd file.

How It Works

At this point the server has the capability of authenticating against a kerberos realm. For a user to properly authenticate they must have an active account on the domain and a local account on the Linux machine (no password). If both of these things are not true, authentication will fail.

useradd dannies

Now that the user is local you assign file permissions and groups the same as you would any user account. If a user is disabled on the domain they will no longer be able to login to the kerberos authenticated machine.

More Information

VMWare Help Document on Setting Up Kerberos Authentication for ESX Server: http://www.vmware.com/pdf/esx_authentication_AD.pdf

How To Calculate Subnet Masks

2005-02-10T11:52:00.000-08:00

Following is an illustration of how subnet calculations work. I had to refresh my memory so I thought I would share:

192.168.168.168 --> This is a 32 bit IP address. 8 bits times 4 segments.
255.255.255.0 --> This is a 24 bit network mask. 8 bits times 3 segments.

For it to make most sense convert the number to binary. So consider an 8 bit segment you can calculate it like this:


Place 1: 0 or 1 = 128
Place 2: 0 or 1 = 64
Place 3: 0 or 1 = 32
Place 4: 0 or 1 = 16
Place 5: 0 or 1 = 8
Place 6: 0 or 1 = 4
Place 7: 0 or 1 = 2
Place 8: 0 or 1 = 1
======================
  Total = 255

I.E. segment 255 would be 11111111, and 0 would be 00000000, and 192 would be 11000000. In the case of the subnet mask being 255.255.255.224. The binary looks like:

11111111.11111111.11111111.11100000

Which leaves the last 5 bits for the host IP address. A network with a subnet mask declared 255.255.255.224 would actually have 8 IP ranges (2^3), with 32 addresses in each. Only 30 are usable for hosts as the the first is the "network" and the last is the "broadcast".


(Last Segment)
-------------------------------------------
000xxxxx -> 00000000 - 00011111 (000 - 031)
001xxxxx -> 00100000 - 00111111 (032 - 063)
010xxxxx -> 01000000 - 01011111 (064 - 095)
011xxxxx -> 01100000 - 01111111 (096 - 127)
100xxxxx -> 10000000 - 10011111 (128 - 159)
101xxxxx -> 10100000 - 10111111 (160 - 191)
110xxxxx -> 11000000 - 11011111 (192 - 223)
111xxxxx -> 11100000 - 11111111 (224 - 255)

It is worth noting that netmask is sometimes identified by using the "network" address slash the number of bits to mask. As example you could represent the above IP ranges like this:


192.168.0.0/27
192.168.0.32/27
192.168.0.64/27
192.168.0.96/27
192.168.0.128/27
192.168.0.160/27
192.168.0.192/27
192.168.0.224/27

Maybe the following is a bit more familiar to you:

192.168.0.0/24 (192.168.0.0 - 192.168.0.255)

VMWare - Virtual to Physical with Free Tools

2004-12-16T15:24:00.000-08:00

This article describes how to take a physical machine and make a virtual copy of it for use within the VMWare virtual environment. This could be very useful for testing real world configurations. VMWare sells a tool that does this for you, but the following process is done with open source tools, primarily dd.

First, attach the physical HDD to your VMWare host machine. Theoretically you could use a HDD case that connects with USB. However I had difficulty getting USB to work inside my virtual machine with the external HDD interface. I just hooked the physical HDD up to the IDE chain to simplify.

Second, dump HDD to a file. Disk dump (dd) writes block devices byte for byte, it doesn't care about the filesystem or the boot sector. Assuming that /dev/hda is your primary host disk (and you are running Linux) mounted at / and /dev/hdb is the physical disk you wish to clone and is not mounted; run this command to create the image file file:

dd if=/dev/hdb of=/mnt-point/other-systems-hdd.img

Third, create a new virtual machine and boot into Linux. Knoppix Linux is the key component in this process, it is a version of Linux that runs entirely from a CD (it uses a ramdisk). Here are some guidlines for creating your virtual machine:

Choose the operating system that you are attempting to clone, for instance Windows 2000.
Make the disk at least as big as the HDD you are cloning. Don't allocate the entire disk at once (let it grow).
After the initial wizard you will want to edit your virtual machine and add the partition that contains your .img file (you will have to to select physical disk).

Put the Knoppix CD in and boot your new virtual machine from this CD.

Next, write the image to the VMWare virtual system disk. Once you have booted into Knoppix you will write your disk image to the virtual system disk. VMWare sets up virtual disks when you are booted into your virtual environment. The system disk will be /dev/hda (supposing you chose IDE, SCSI would be /dev/sda). The second disk that you added to your virtual machine in step #3 will now be known to Knoppix as /dev/hdb. First you need to mount the drive that contains your image file (/dev/hdb):

mount /dev/hdb

Knoppix creates a mount point for you /mnt/hdb1 (or something similar, if it doesn't create this mount point you will have to manually mount the drive). Then write the contents of your image file to the new VMWare virtual system disk with this command:

dd if=/mnt-point/other-systems-hdd.img of=/dev/hda

Last, reboot your virtual machine. Reboot the virtual machine and remove the Knoppix CD. If things went as expected it should begin booting into your cloned virtual system.

Further Reading

Installing internal ATAPI/IDE devices in Linux

2001-08-31T12:00:00.000-07:00

Introduction

First, this is not intended to be a complete HowTo on the subject. You can think of this documents as CliffsNotes on getting a 100MB Internal Zip Drive, an HP Colorado 20 (Travan), and a Mitsumi CR-2801TE CD Burner working with SuSE Linux 7.1.

Steps

Determine Hardware IDE Locations
Edit /etc/lilo.conf
Use modprobe to detect the ide-scsi devices
See what scsi-ide devices your system discovered
Discover useful device names as listed in /dev
Add useful entries to /etc/fstab

Determine Hardware IDE Locations

I do not fully understand how to determine these values. However, I will demonstrate my logical deduction in hopes that it will help you as well. I opened the box and discovered that I had 2 IDE chains connecting 4 IDE devices. In my case it looked like this:

Motherboard
||
|----| Hard Drive |---| CD Burner |
|
----| Zip Drive |---| Tape Drive |

I determined that (whether correct or not) all 4 devices were discovered by the IDE kernel driver and assigned device addresses in /dev. The device names were as follows:

Motherboard
||
|----| /dev/hda |---| /dev/hdb |
|
----| /dev/hdc |---| /dev/hdd |

As mentioned this was just a guess that happened to work. If you know of a more concrete way to discover the device names I would be happy to know the trick.

Edit /etc/lilo.conf

We do not want the IDE driver built in to the Linux kernel to detect these devices. These devices will be accessed through the SCSI subsystem rather than the IDE subsytem (as discussed later). To accomplish this we need to send kernel parameters to Linux on boot. Assuming you are using LILO as your boot loader, all you need to do is add the following line to your /etc/lilo.conf boot entry:

append = "hdb=ide-scsi hdc=ide-scsi hdd=ide-scsi"

Of course your line may look different. Essentially we are telling the kernel that hd* will be controled by the ide-scsi kernel module rather than the ide kernel module. Here is what my whole entry looks like:

image  = /boot/vmlinuz_24
label  = linux_2.4
root   = /dev/hda3
initrd = /boot/initrd_24
append = "hdb=ide-scsi hdc=ide-scsi hdd=ide-scsi"

Obviously you will need to reboot for this setting to take affect.

Use modprobe to detect the ide-scsi devices

Now that you have rebooted and your devices are no longer setup as IDE devices, you need to load the scsi-ide kernel module to setup the devices in the SCSI subsytem. This is pretty easy, just run this command (as root):

modprobe ide-scsi

You will probably want to add this to your startup scripts.

See what scsi-ide devices your system discovered

Your system should now be setup with the new "SCSI" (though they are still technically IDE/ATAPI) devices. To see a list of the discovered device run this command (as root):

cat /proc/scsi/scsi

This should list out your devices. My results look like this:

Attached devices:
Host: scsi0 Channel: 00 Id: 00 Lun: 00
Vendor: IOMEGA   Model: ZIP 100          Rev: 14.A
Type:   Direct-Access                    ANSI SCSI revision: ffffffff
Host: scsi0 Channel: 00 Id: 01 Lun: 00
Vendor: HP       Model: COLORADO 20GB    Rev: 4.01
Type:   Sequential-Access                ANSI SCSI revision: 02
Host: scsi0 Channel: 00 Id: 02 Lun: 00
Vendor: MITSUMI  Model: CR-2801TE        Rev: 1.07
Type:   CD-ROM

Discover useful device names as listed in /dev

Here are pertinent naming conventions that I know of:

/dev/sg* All SCSI devices are assigned one of these files. I don't know why but you can't use these from applications, you need to use the more specialized device files below.
/dev/scd* SCSI CD ROMS
/dev/st* & /dev/nst* Tape devices.
/dev/sda* I don't know what type of subclass this represents but /dev/sda4 is my zip drive.

Generally devices take the first available device file, i.e. /dev/scd0. For some reason it is different for the zip drive. You can verify the location of your actual device with the scsi_info command. For example, I can verify that my zip drive is represented by /dev/sda4 with the following command:

scsi_info /dev/sda4

Which gave me these results:

SCSI_ID="0,0,0"
MODEL="IOMEGA ZIP 100"
FW_REV="14.A"

Note: I had to have media in the device before it displayed my drive info.

Add useful entries to /etc/fstab

Now you may choose to add some useful entries to your fstab to make mounting easier. My new entries look like this:

 
/dev/scd0       /cdrom          auto    ro,noauto,user,exec 0 0
/dev/sda4       /zip            auto    noauto,user 0 0

Now just type the following command to access your drives:

  
mount /zip
mount /cdrom

Posts by D. M. Stanley

Carrier IQ Subverts HTTPS Protections

Why the iPad is Good for Security

OS X Bug : Problems connecting to WPA Enterprise with 10.5.8

OS X Bug : 802.1x TTLS defaults to CHAP even if changed to PAP

Scenario #1 (broken)

Scenario #2 (working)

Apache mod_rewrite and the HTTP Host Header

Apple Address Book and IM Values

Comparative Analysis of OpenPGP and S/MIME

About

History

OpenPGP

S/MIME

One Distinct Difference

Similarities

Process

Encryption and Signing Process

OpenPGP Encryption & Signing

S/MIME Encryption & Signing

Transmission Format

OpenPGP - Signed & Encrypted

OpenPGP/MIME - Signed & Encrypted

S/MIME - Signed & Encrypted

Algorithms

Web of Trust and Public Key Infrastructure

Implementation

Summary

References

Linux Kerberos Authentication

Summary

Why use Kerberos and not NTLM

Server Configuration

How It Works

More Information

How To Calculate Subnet Masks

VMWare - Virtual to Physical with Free Tools

Installing internal ATAPI/IDE devices in Linux

Introduction

Related Documents

Steps

Determine Hardware IDE Locations

Edit /etc/lilo.conf

Use modprobe to detect the ide-scsi devices

See what scsi-ide devices your system discovered

Discover useful device names as listed in /dev

Add useful entries to /etc/fstab