12:06 a.m.
Good morning, while I was working on "that" passphrase encryption thing,
I found some improvements for UPS. But would like to discuss before.
1. Currently UPS stores master secret and secrets (from Variants) into
the database. IMO this information should never be persisted into the
database and such kind of information only belongs to the owner of that
application. How?
https://github.com/abstractj/aerogear-unifiedpush-server/tree/master-secret
2. Master secret and Secret make use of UUID from Java, not truly a PRNG
once some attributes are predictable, you are not collision free. "WTF
are you saying Bruno!?". From JDK 7:
|public static UUID randomUUID() {
SecureRandom ng = numberGenerator;
if (ng == null) {
numberGenerator = ng = new SecureRandom();
}
byte[] randomBytes = new byte[16];
ng.nextBytes(randomBytes);
randomBytes[6] &= 0x0f; /* clear version */
randomBytes[6] |= 0x40; /* set to version 4 */
randomBytes[8] &= 0x3f; /* clear variant */
randomBytes[8] |= 0x80; /* set to IETF variant */
return new UUID(randomBytes);
}|
Solution:
https://github.com/abstractj/aerogear-unifiedpush-server/commit/a9993c35e...
3. I noticed the fact that PushApplication and Variant have some
duplicated attributes with different names.
public abstract class Variant extends BaseModel {
private String variantID = UUID.randomUUID().toString();
private String secret = UUID.randomUUID().toString();
....
}
public class PushApplication extends BaseModel {
private String pushApplicationID = UUID.randomUUID().toString();
private String masterSecret = UUID.randomUUID().toString();
...
}
I can see two alternatives to avoid it:
- Move these attributes to an |Embeddable| class, something like:
|@Embeddable
*public class ApplicationKey*{
| private String id = UUID.randomUUID().toString();
private String secret = UUID.randomUUID().toString();
|
}|
public abstract class Variant extends BaseModel {
| @Embedded
@AttributeOverrides( {
@AttributeOverride(name="variantID")),
@AttributeOverride(name="secret"))
})
*private ApplicationKey*key;|
....
}
public class PushApplication extends BaseModel {
|@Embedded
@AttributeOverrides( {
@AttributeOverride(name="pushApplicationID")),
@AttributeOverride(name="masterSecret"))
})
*private ApplicationKey*key;|
...
}
- Second alternative (more simple) pull up the attributes to BaseModel
public abstract class BaseModel implements Serializable {
private String id = UUID.randomUUID().toString();
private String secret = UUID.randomUUID().toString();
...
}
Why this is important?
1. Avoid sensitive data to be stored into the database, make use of KDF
functions to store secrets, master secrets....
2. Avoid code duplication. With the inclusion of encryption for
passphrases and other kind of sensitive data, I pretty much have to
duplicate code like this
(https://github.com/abstractj/aerogear-unifiedpush-server/commit/a9993c35e...)
between both classes.
Wdyt?
--
abstractj
2:10 a.m.
Hi Bruno !
Cool stuff some comments inline
On Wed, Apr 16, 2014 at 7:06 AM, Bruno Oliveira <bruno(a)abstractj.com> wrote:
Good morning, while I was working on "that" passphrase
encryption thing,
I found some improvements for UPS. But would like to discuss before.
1. Currently UPS stores master secret and secrets (from Variants) into
the database. IMO this information should never be persisted into the
database and such kind of information only belongs to the owner of that
application. How?
https://github.com/abstractj/aerogear-unifiedpush-server/tree/master-secret
I tried out your branch and created some applications.
This is what I see now when browsing to my app details, is this the valid
ID/Secret pair that the application owner / administrator can use to send
psuh notifications ?
[image: secret]
2. Master secret and Secret make use of UUID from Java, not truly a PRNG
once some attributes are predictable, you are not collision free. "WTF
are you saying Bruno!?". From JDK 7:
|public static UUID randomUUID() {
SecureRandom ng = numberGenerator;
if (ng == null) {
numberGenerator = ng = new SecureRandom();
}
byte[] randomBytes = new byte[16];
ng.nextBytes(randomBytes);
randomBytes[6] &= 0x0f; /* clear version */
randomBytes[6] |= 0x40; /* set to version 4 */
randomBytes[8] &= 0x3f; /* clear variant */
randomBytes[8] |= 0x80; /* set to IETF variant */
return new UUID(randomBytes);
}|
Solution:
https://github.com/abstractj/aerogear-unifiedpush-server/commit/a9993c35e...
Nice improvement
3. I noticed the fact that PushApplication and Variant have some
duplicated attributes with different names.
public abstract class Variant extends BaseModel {
private String variantID = UUID.randomUUID().toString();
private String secret = UUID.randomUUID().toString();
....
}
public class PushApplication extends BaseModel {
private String pushApplicationID = UUID.randomUUID().toString();
private String masterSecret = UUID.randomUUID().toString();
...
}
I can see two alternatives to avoid it:
- Move these attributes to an |Embeddable| class, something like:
|@Embeddable
*public class ApplicationKey*{
| private String id = UUID.randomUUID().toString();
private String secret = UUID.randomUUID().toString();
|
}|
public abstract class Variant extends BaseModel {
| @Embedded
@AttributeOverrides( {
@AttributeOverride(name="variantID")),
@AttributeOverride(name="secret"))
})
*private ApplicationKey*key;|
....
}
public class PushApplication extends BaseModel {
|@Embedded
@AttributeOverrides( {
@AttributeOverride(name="pushApplicationID")),
@AttributeOverride(name="masterSecret"))
})
*private ApplicationKey*key;|
...
}
- Second alternative (more simple) pull up the attributes to BaseModel
public abstract class BaseModel implements Serializable {
private String id = UUID.randomUUID().toString();
private String secret = UUID.randomUUID().toString();
...
}
Make sense
Why this is important?
1. Avoid sensitive data to be stored into the database, make use of KDF
functions to store secrets, master secrets....
2. Avoid code duplication. With the inclusion of encryption for
passphrases and other kind of sensitive data, I pretty much have to
duplicate code like this
(
https://github.com/abstractj/aerogear-unifiedpush-server/commit/a9993c35e...
)
between both classes.
Wdyt?
--
abstractj
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
10:27 a.m.
Hi Sebi, I didn't get any image here.
Sebastien Blanc wrote:
I tried out your branch and created some applications.
This is what I see now when browsing to my app details, is this the valid
ID/Secret pair that the application owner / administrator can use to send
psuh notifications ?
[image: secret]
--
abstractj
10:29 a.m.
Here you go !
http://s9.postimg.org/516up7p0v/secret.png
On Wed, Apr 16, 2014 at 5:27 PM, Bruno Oliveira <bruno(a)abstractj.org> wrote:
Hi Sebi, I didn't get any image here.
Sebastien Blanc wrote:
> I tried out your branch and created some applications.
> This is what I see now when browsing to my app details, is this the valid
> ID/Secret pair that the application owner / administrator can use to send
> psuh notifications ?
>
> [image: secret]
--
abstractj
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
10:40 a.m.
That's correct Sebi, I changed it to Base64 but if you guys don't feel
comfortable, we can change.
Sebastien Blanc wrote:
Here you go !
http://s9.postimg.org/516up7p0v/secret.png
--
abstractj
6:14 a.m.
Good stuff. Comments inline:
On Wed, 16 Apr 2014 02:06:35 -0300
Bruno Oliveira <bruno(a)abstractj.com> wrote:
Good morning, while I was working on "that" passphrase
encryption thing,
I found some improvements for UPS. But would like to discuss before.
1. Currently UPS stores master secret and secrets (from Variants) into
the database. IMO this information should never be persisted into the
database and such kind of information only belongs to the owner of that
application. How?
https://github.com/abstractj/aerogear-unifiedpush-server/tree/master-secret
Sorry my ignorance, does it mean that if I restart application server or
redeploy UPS, master secret will be changed?
For master secret, that's not that big concern, I believe. People just need to
grab master secret from UPS before adding variants from CLI.
But if variant secrets are recomputed as well, all existing application
installations will cease to work!
2. Master secret and Secret make use of UUID from Java, not truly a PRNG
once some attributes are predictable, you are not collision free. "WTF
are you saying Bruno!?". From JDK 7:
|public static UUID randomUUID() {
SecureRandom ng = numberGenerator;
if (ng == null) {
numberGenerator = ng = new SecureRandom();
}
byte[] randomBytes = new byte[16];
ng.nextBytes(randomBytes);
randomBytes[6] &= 0x0f; /* clear version */
randomBytes[6] |= 0x40; /* set to version 4 */
randomBytes[8] &= 0x3f; /* clear variant */
randomBytes[8] |= 0x80; /* set to IETF variant */
return new UUID(randomBytes);
}|
Solution:
https://github.com/abstractj/aerogear-unifiedpush-server/commit/a9993c35e...
+1
3. I noticed the fact that PushApplication and Variant have some
duplicated attributes with different names.
public abstract class Variant extends BaseModel {
private String variantID = UUID.randomUUID().toString();
private String secret = UUID.randomUUID().toString();
....
}
public class PushApplication extends BaseModel {
private String pushApplicationID = UUID.randomUUID().toString();
private String masterSecret = UUID.randomUUID().toString();
...
}
I can see two alternatives to avoid it:
- Move these attributes to an |Embeddable| class, something like:
|@Embeddable
*public class ApplicationKey*{
| private String id = UUID.randomUUID().toString();
private String secret = UUID.randomUUID().toString();
|
}|
public abstract class Variant extends BaseModel {
| @Embedded
@AttributeOverrides( {
@AttributeOverride(name="variantID")),
@AttributeOverride(name="secret"))
})
*private ApplicationKey*key;|
....
}
public class PushApplication extends BaseModel {
|@Embedded
@AttributeOverrides( {
@AttributeOverride(name="pushApplicationID")),
@AttributeOverride(name="masterSecret"))
})
*private ApplicationKey*key;|
...
}
- Second alternative (more simple) pull up the attributes to BaseModel
public abstract class BaseModel implements Serializable {
private String id = UUID.randomUUID().toString();
private String secret = UUID.randomUUID().toString();
...
}
+1 to this alternative. @Embedded and (@Embeddable) is a JPA specific stuff -
might be more complicated to migrate to NoSQL DB or to other JPA provides
(EclipseLink) in future.
Why this is important?
1. Avoid sensitive data to be stored into the database, make use of KDF
functions to store secrets, master secrets....
2. Avoid code duplication. With the inclusion of encryption for
passphrases and other kind of sensitive data, I pretty much have to
duplicate code like this
(https://github.com/abstractj/aerogear-unifiedpush-server/commit/a9993c35e...)
between both classes.
Wdyt?
10:39 a.m.
Chillax and feel free to ask. Master secret must be kept with our
user/developer/client, technically it will only generated a new secret
if we got a new PushApplication.
If the server is restarted the *salt* and *secret key* will be still
there into the database. So basically on the next request we execute the
following function:
keyForComparison = PBKDF2(masterSecret, salt)
Then we check against the database if the key matches with the stored
into the database. Does it make sense to you?
Karel Piwko wrote:
Sorry my ignorance, does it mean that if I restart application server
or
redeploy UPS, master secret will be changed?
For master secret, that's not that big concern, I believe. People just need to
grab master secret from UPS before adding variants from CLI.
But if variant secrets are recomputed as well, all existing application
installations will cease to work!
--
abstractj
11:02 a.m.
Still not there.
If we store *secret key* and *salt* in DB, whoever gets access to DB can
compute derived key via PDKDF2, right?
Is the security increased because hackers need to acquire two values instead of
one?
On Wed, 16 Apr 2014 12:39:13 -0300
Bruno Oliveira <bruno(a)abstractj.org> wrote:
Chillax and feel free to ask. Master secret must be kept with our
user/developer/client, technically it will only generated a new secret
if we got a new PushApplication.
If the server is restarted the *salt* and *secret key* will be still
there into the database. So basically on the next request we execute the
following function:
keyForComparison = PBKDF2(masterSecret, salt)
Then we check against the database if the key matches with the stored
into the database. Does it make sense to you?
Karel Piwko wrote:
> Sorry my ignorance, does it mean that if I restart application server or
> redeploy UPS, master secret will be changed?
>
> For master secret, that's not that big concern, I believe. People just need
> to grab master secret from UPS before adding variants from CLI.
>
> But if variant secrets are recomputed as well, all existing application
> installations will cease to work!
11:57 a.m.
Hi Karel, this not bullet proof but let me try to explain. Currently you
can only send push messages if you have the master secret, currently I
can see two points of vulnerability: 1) client side in possession of
master secret, 2) database storing master secret. We can't do so much
about the former, but we can try to fix the latter.
What we are trying to avoid here is: if someone have access to the
database, this person should not be able to send push messages — because
master secret is not there. How? Look at this snippet please:
https://github.com/abstractj/aerogear-unifiedpush-server/commit/a2cb2c6f1...
Previously we had a comparison against the database:
if (pushApplication != null &&
pushApplication.getMasterSecret().equals(secret))
The proposal doesn't store the master secret and makes use of a
derivation function which means: given a salt and a password (master
secret), I was supposed to be able to compute the key for further
comparisons — to check if they match.
Let's see how it works:
1. The server generates a salt and a master secret (111111)
2. The salt is stored into the database. Master secret, not.
3. Given the master secret we compute the key
(https://github.com/abstractj/aerogear-unifiedpush-server/commit/a9993c35e...)
4. Store it for further comparisons
5. The following key is generated:
FPj+xcfeoR5vJdi6SsqxiT0WK8cv4PesQ0jpDMYdTYk=
What would happen if someone get access to DB?
1. Evil gets access to the database
2. Manage to retrieve the key: FPj+xcfeoR5vJdi6SsqxiT0WK8cv4PesQ0jpDMYdTYk=
3. Now Evil try to send push messages
4. The following code will attempt to validate:
FPj+xcfeoR5vJdi6SsqxiT0WK8cv4PesQ0jpDMYdTYk= but the password was 111111
You can see the simulation with the following code:
@Test
public void testEvilScenario() throws Exception {
Pbkdf2 pbkdf2 = AeroGearCrypto.pbkdf2();
String masterSecret = "111111";
byte[] salt = RandomUtils.randomBytes();
//Master secret is never stored into the database
byte[] applicationSecret = pbkdf2.encrypt(masterSecret);
// Now Evil stole the applicationSecret.
// Providing String pushApplicationID = credentials[0]; String secret =
credentials[1];
// First the is stored in an array of bytes and validate method do not
support byte array as parameter
// No problem, we can attempt to convert to BASE64
String evilMasterSecret = Base64.BASE64.encode(applicationSecret);
//Now lets try to compute the key
assertTrue("Key is not valid", pbkdf2.validate(evilMasterSecret,
applicationSecret, salt));
}
Let me know if you have more questions.
Karel Piwko wrote:
Still not there.
If we store *secret key* and *salt* in DB, whoever gets access to DB can
compute derived key via PDKDF2, right?
Is the security increased because hackers need to acquire two values instead of
one?
--
abstractj
12:34 p.m.
Sorry dummy question but at application creation time (and when resetting
the secret), in the response of the POST , the master secret should be
returned to the user, right ? Otherwise he will never get it.
And second question, I know Security is not often a good mate with UX but ,
the console will never show the master/variant secret anymore ?
On Wed, Apr 16, 2014 at 6:57 PM, Bruno Oliveira <bruno(a)abstractj.org> wrote:
Hi Karel, this not bullet proof but let me try to explain. Currently
you
can only send push messages if you have the master secret, currently I
can see two points of vulnerability: 1) client side in possession of
master secret, 2) database storing master secret. We can't do so much
about the former, but we can try to fix the latter.
What we are trying to avoid here is: if someone have access to the
database, this person should not be able to send push messages — because
master secret is not there. How? Look at this snippet please:
https://github.com/abstractj/aerogear-unifiedpush-server/commit/a2cb2c6f1...
Previously we had a comparison against the database:
if (pushApplication != null &&
pushApplication.getMasterSecret().equals(secret))
The proposal doesn't store the master secret and makes use of a
derivation function which means: given a salt and a password (master
secret), I was supposed to be able to compute the key for further
comparisons — to check if they match.
Let's see how it works:
1. The server generates a salt and a master secret (111111)
2. The salt is stored into the database. Master secret, not.
3. Given the master secret we compute the key
(
https://github.com/abstractj/aerogear-unifiedpush-server/commit/a9993c35e...
)
4. Store it for further comparisons
5. The following key is generated:
FPj+xcfeoR5vJdi6SsqxiT0WK8cv4PesQ0jpDMYdTYk=
What would happen if someone get access to DB?
1. Evil gets access to the database
2. Manage to retrieve the key: FPj+xcfeoR5vJdi6SsqxiT0WK8cv4PesQ0jpDMYdTYk=
3. Now Evil try to send push messages
4. The following code will attempt to validate:
FPj+xcfeoR5vJdi6SsqxiT0WK8cv4PesQ0jpDMYdTYk= but the password was 111111
You can see the simulation with the following code:
@Test
public void testEvilScenario() throws Exception {
Pbkdf2 pbkdf2 = AeroGearCrypto.pbkdf2();
String masterSecret = "111111";
byte[] salt = RandomUtils.randomBytes();
//Master secret is never stored into the database
byte[] applicationSecret = pbkdf2.encrypt(masterSecret);
// Now Evil stole the applicationSecret.
// Providing String pushApplicationID = credentials[0]; String secret =
credentials[1];
// First the is stored in an array of bytes and validate method do not
support byte array as parameter
// No problem, we can attempt to convert to BASE64
String evilMasterSecret = Base64.BASE64.encode(applicationSecret);
//Now lets try to compute the key
assertTrue("Key is not valid", pbkdf2.validate(evilMasterSecret,
applicationSecret, salt));
}
Let me know if you have more questions.
Karel Piwko wrote:
> Still not there.
>
> If we store *secret key* and *salt* in DB, whoever gets access to DB can
> compute derived key via PDKDF2, right?
>
> Is the security increased because hackers need to acquire two values
instead of
> one?
--
abstractj
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
12:51 p.m.
Ahoy, answers inline
Sebastien Blanc wrote:
Sorry dummy question but at application creation time (and when
resetting
the secret), in the response of the POST , the master secret should be
returned to the user, right ? Otherwise he will never get it.
You are correct.
And second question, I know Security is not often a good mate with UX
but ,
the console will never show the master/variant secret anymore ?
Also correct. There is nothing set in stone, is just a proposal, because
atm anyone with read access do the database could impersonate push
applications. Another alternative would be to have a single key to the
whole database and only derive the IV, but that would defeat the purpose.
In addition I discussed the possibility of make use of vaults from
Wildfly, but it's not ready yet
(http://lists.jboss.org/pipermail/security-dev/2014-April/001557.html).
Is only available for datasources. That's why I would like to hear about
the impact of this change and why the master secret/secret must be
persisted.
--
abstractj
1:09 p.m.
Not read the thread - will do next week (traveling atm)
But one thing I noticed
On Wednesday, April 16, 2014, Bruno Oliveira <bruno(a)abstractj.org> wrote:
Ahoy, answers inline
> And second question, I know Security is not often a good mate with UX
but ,
> the console will never show the master/variant secret anymore ?
Also correct. There is nothing set in stone, is just a proposal, because
atm anyone with read access do the database could impersonate push
applications.
I think we would need to continue having IDs/secrets visible on the UI
IMO It's very hard to use Push server, w/o that information; again I didnt
read the entire thread yet
Perhsps, we could hide the key (***************) for read-only users; but I
think the overall concern is having them in the DB. My guess is that we
need to have them being stored on the DB
-Matthias
Another alternative would be to have a single key to the
whole database and only derive the IV, but that would defeat the purpose.
In addition I discussed the possibility of make use of vaults from
Wildfly, but it's not ready yet
(http://lists.jboss.org/pipermail/security-dev/2014-April/001557.html).
Is only available for datasources. That's why I would like to hear about
the impact of this change and why the master secret/secret must be
persisted.
--
abstractj
--
Sent from Gmail Mobile
2:29 p.m.
We can discuss on the next week, but even if you define at the
application level "read only" users. People still can read from the
database.
I'm trying to understand why they need to have the master secret
displayed into the web page. At first glance, it sounds like the same
effect of displaying their passwords at admin.
Matthias Wessendorf wrote:
I think we would need to continue having IDs/secrets visible on the
UI
IMO It's very hard to use Push server, w/o that information; again I didnt
read the entire thread yet
Perhsps, we could hide the key (***************) for read-only users; but I
think the overall concern is having them in the DB. My guess is that we
need to have them being stored on the DB
--
abstractj
1:50 a.m.
On Wed, Apr 16, 2014 at 9:29 PM, Bruno Oliveira <bruno(a)abstractj.org> wrote:
We can discuss on the next week, but even if you define at the
application level "read only" users. People still can read from the
database.
I'm trying to understand why they need to have the master secret
displayed into the web page. At first glance, it sounds like the same
effect of displaying their passwords at admin.
I compare these secrets with the API keys that Google provides for its
services. When you go on their Cloud Console , you can check your API key
along with the project number.
For sure, it's for convenience but imagine someone (or a team)) having 100
apps, we delegate to them the managing of these keys. But again let's
discuss that next week.
Matthias Wessendorf wrote:
> I think we would need to continue having IDs/secrets visible on the UI
>
> IMO It's very hard to use Push server, w/o that information; again I
didnt
> read the entire thread yet
>
> Perhsps, we could hide the key (***************) for read-only users;
but I
> think the overall concern is having them in the DB. My guess is that we
> need to have them being stored on the DB
--
abstractj
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
7:39 a.m.
So maybe "master secret" and "secret" are a bad naming, once it's
not
secret? And the correct would be "API key"
Sebastien Blanc wrote:
I compare these secrets with the API keys that Google provides for
its
services. When you go on their Cloud Console , you can check your API key
along with the project number.
--
abstractj
8:39 a.m.
On Apr 17, 2014, at 8:39 AM, Bruno Oliveira <bruno(a)abstractj.org> wrote:
So maybe "master secret" and "secret" are a bad
naming, once it's not
secret? And the correct would be "API key"
+1 to API key, i believe that is what google might use
Sebastien Blanc wrote:
> I compare these secrets with the API keys that Google provides for its
> services. When you go on their Cloud Console , you can check your API key
> along with the project number.
--
abstractj
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
12:37 p.m.
On Thursday, April 17, 2014, Lucas Holmquist <lholmqui(a)redhat.com> wrote:
On Apr 17, 2014, at 8:39 AM, Bruno Oliveira
<bruno@abstractj.org<javascript:;>>
wrote:
> So maybe "master secret" and "secret" are a bad naming, once
it's not
> secret? And the correct would be "API key"
+1 to API key, i believe that is what google might use
+1
variantKey (instead if secret)
AppKey (instead of masterSecret)
Sorry for the bad initial naming :-(
>
> Sebastien Blanc wrote:
>> I compare these secrets with the API keys that Google provides for its
>> services. When you go on their Cloud Console , you can check your API
key
>> along with the project number.
>
> --
> abstractj
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org <javascript:;>
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org <javascript:;>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
Sent from Gmail Mobile
3906
days inactive
3907
days old
17 comments
6 participants
participants (6)
-
Bruno Oliveira -
Bruno Oliveira -
Karel Piwko -
Lucas Holmquist -
Matthias Wessendorf -
Sebastien Blanc