Open synctext opened 1 year ago
why has public key infrastructure failed for 35 years
Ask Google Scholar about PKI failure. First result:
https://www.nics.uma.es/pub/papers/JavierLopez2005.pdf
With the upcoming European passport this given a nice modern twist to 35(?) years of failure: Failure of Public Key Infrastructure for 35 years: lessons for the European passport-grade digital identity (EBSI)
{putting 2 storylines into 1 title}. Shorter attempt: 35 years of failure: European Digital Identity lessons
see 2016 ideas on Self-sovereign identity (SSI). TUDelft Master student full-time on EU digital ID from 2021. Discussed the Literature Survey wiki documentation
{brainstorm in bit harsh term} A fraud-resilient authentication method is notoriously hard to realise. Academic thinkers have offered little help, academic literature extensively documents numerous ideas and design sketches. Public key cryptography was invented in the year: ... In the 35 years since this invention we have failed to utilise this invention. The European Digital Identity project (EBSI) is only the latest in a long line of failed attempts. For instance, "Overview of the German identity card project and lessons learned (2020 update)" and "The giant is lagging behind - How the German electronic ID fails to reap its potential. This survey lists the numerous projects to provide digital identity and also highlights the decades scientific research. To date, no solution exists for the 400 million citizens within the EU. Finally, we list the vital lessons for the upcoming project to provide an EU-wide passport-grade digital identity. Contrary to numerous past projects, a refreshing amount of transparency is provided. For instance, see the detailed public EBSI node operator operational handbook.
Bit of general info news article "Digital Identity: Where We Began, Where We Are And Where We Are Going"
{early brainstorm for master thesis} The above builds expertise on wide scope of upcoming EU digital ID. Security will we essential, but EBSI server is based upon IBM Hyperledger technology. This is expected to only serve a good purpose during development. For full-scale production usage as the underpinning of the entire EU digital economy Hyperledger server probably needs replacing. Ideal outcome would be re-using the infrastructure at Delft to develop a 12-line Kotlin script to bring down such a EBSI Hyperledger server. See 2021 Delft master student who made the first open source Android EBSI v2 communications lib. Good news, save this project with application-level firewall rules????
On the risk of misbehaving RPKI authorities
REGULATION (EU) on eid 'Building trust in the online environment is key to economic and social development. Lack of trust, in particular because of a perceived lack of legal certainty, makes consumers, businesses and public authorities hesitate to carry out transactions electronically and to adopt new services.'
Lots of written documents in the past 35 years, yet no generic solution for digital identity:
Additional read:
overleaf Secure Web Client Using SPKI/SDSI SDSI Java imple Simple Public Key Infrastructure Analysis Protocol Analysis and Design Attribute-Based Identity Management Bridging the Cryptographic Design of ABCs with the Real World IRMA Glass
To get more from: Blockchain-based identity management systems: A review
Almost final draft Missing abstract, conclusion and some table information Literature_Survey_IN4306.pdf
J.H. Ellis, Communications - Electronics Security Group, Government Communications Headquarters, Research Report No. 3006, The Possibility of Secure Non-Secret Digital Encryption, January 1970. Secret.. the possibility of non-secret crypto is from Jan 1970, 53 years ago
Just stated that it might be possible, no algorithm for one-way function, no implementation. That was RSA.
Missing milestone: Trust-on-first-use (TOFU, 2008) Perspectives: Improving SSH-style host authentication with multi-path probing. low-cost and simple key management model
small errors: "W. Diffie; M. Hellman" wrote the [27] citation. That's just key agreement, not the invention or realisation of public key crypto.
typos: \event{1996}{SDSI intorduction}
Dan Boneh, FEBRUARY 1999: twenty years of attacks on the rsa cryptosystem Essence: securely implementing RSA is a nontrivial task.
We conclude: deploying public key cryptography such as RSA is also a non-trivial task!
"III. A HISTORY OF ALTERNATIVES", more like "evolution of PKI"?
"TABLE I: Overview of the ranking countries eID." the core taxonomy table! Facinating stuff, please at least double the number of countries+failures
EU on ID. "Every time an App or website asks us to create a new digital identity or to easily log on via a big platform, we have no idea what happens to our data in reality. That is why the Commission will propose a secure European e-identity. One that we trust and that any citizen can use anywhere in Europe to do anything from paying your taxes to renting a bicycle. A technology where we can control ourselves what data is used and how." Ursula von der Leyen, President of the European Commission, in her State of the Union address, 16 September 2020
{early brainstorm for master thesis - PART II} EBSI wallet, wallet-to-wallet communication (known IPv4), overlay (key lookup),data sharing (EBSI-to-EBSI), server hardening! (repeating)The above builds expertise on wide scope of upcoming EU digital ID. Security will we essential, but EBSI server is based upon IBM Hyperledger technology. This is expected to only serve a good purpose during development. For full-scale production usage as the underpinning of the entire EU digital economy Hyperledger server probably needs replacing. Ideal outcome would be re-using the infrastructure at Delft to develop a 12-line Kotlin script to bring down such a EBSI Hyperledger server. See 2021 Delft master student who made the first open source https://github.com/Tribler/tribler/issues/6023#issuecomment-908087676. Good news, save this project with application-level firewall rules????
https://ec.europa.eu/digital-building-blocks/code/projects/EBSI
Finished final version of the Survey. Worked on the abstract, conclusions, history of PKI evolution, added countries to the survey and completed the taxonomy table. Rephrasing some paragraphs and added more literature about PKI failures and EU eIDs. Literature_Survey_IN4306_final.pdf
The core element of the Public Key Infrastructures, key exchange with the RSA cryptosystem, has been the subject of different attacks from its introduction and securely implementing RSA is a nontrivial task, concluding that deploying public key cryptography such as RSA is also a non-trivial task
However, only a few have succeeded, and there are several reasons behind the failure of PKIs, which can be categorized into technical, economical, legal, and social factors [37].
. See wise people of Reddit: is Keybase dead?. That was the best startup we had in PKI space.The survey is uploaded to arXiv with the lastest version. Literature_Survey_IN4306 (2).pdf
Completed! Today the master thesis work starts :tada:
Studied the code for existing EBSI wallet in the SuperApp Studied the server code and also on the gitlab with the APIs and wallets available now and wallets
Concrete tasks to further explore your thesis focus.
this server crashes with a workload of 3k `did_write` requests per second. Stable with 2.5k tps.
Next week we should get an EBSI server image to install, so there is movement...
Update sprint:
key takes from Qualified Ledgers: Bridging the Gap between Blockchain Technology and Legal Compliance:
Challenges in Stopping Application Layer DDoS Attacks:
Solution?
Could not talk to a EBSI pilot server - need a "Verifiable Authorisation To Onboard"
Found and compiled the DataVault app from old master thesis. Spend days fixing compatibility and version errors. Updated libraries to match the newer kotlin version => working on my phone(except the performance test).
Sprint update:
Update sprint:
BAN
rulesShort sprint update:
DDoS Open Threat Signaling (DOTS) protocol is developed by Internet Engineering Task Force (IETF) for DDoS attacks information sharing and mitigation.
Yet is not mentioned in thesis :bomb: collaboration agreement
, because then anonymous strangers on The Internet can no longer mess with you :rofl: thermonuclear era
.Communications between two companies and network domains need to occur to effectively both detect and mitigate an attack.
http://puluka.com/home/networking/dots/ The attack traffic is carried by many AS along the way and nobody is interesting in assisting illegitimate traffic.
Brainstorming sprint:
:astonished: :astonished: :astonished: You have a viable roadmap to fix The Internet.
P2P Modsecurity is a brilliant idea. With a bit of tweaking it is also incrementally expandable. However, no smart contracts, gas payments, and Turing incompleteness please.
We create a layer of trust The Internet always needed, but never had. In 1962 the architecture of The Internet for the thermonuclear era
was written down in report P2626. The highly survivable system structure
is fundamentally unsuitable for today's world. For instance, Internet address 180.101.88.232 owned by ISP ChinaNet Jiangsu Province has been launching SSH login attacks for multiple years.
First we create a universal trust token. It consists of a non-revocable self-sovereign identity with list of trust attestations. Second, we instrument Modsecurity with trust scoring, real-time threat signalling, coordination with others, and automatic formation of a global web-of-trust. Third, we present a trust model which is grounded in the laws of physics and mathematical axioms. By combing zero-trust principle and physical unclonable functions we create strong identity and web-of-trust framework which can serve as a mid-life upgrade of The Internet.
Roadmap till 31 Oct graduation
update: strong related work of a -simulation- of attack info sharing https://github.com/LukasForst/fides + proper code: https://github.com/stratosphereips/StratosphereLinuxIPS
Back to coding 🎊
The first experiment work in progress. https://github.com/AdiDumi/IpRepMaster
Created a simple login python app to protect and containerized it with Apache2 ModSecurity which acts as a proxy for requests and responses. Every login fail is detected by the modsecurity in the response.
Clean up on the last docker container used. Made it more simple and efficient (building was taking too long). -> very basic configuration with logging enabled for detection rule.
# Basic configuration
SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess On
SecStatusEngine Off
# Enable audit logging
SecAuditEngine On
SecAuditLogType Serial
SecAuditLogFormat JSON
SecAuditLogParts ABIJDEFHZ
SecAuditLog /var/log/apache2/modsec_audit.log
Created custom rules for modsecurity to apply on failed login and detect. Lots of options from documentation with different level of details to add to the logging and rules for specific requests https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-%28v3.x%29
# Log failed login attempts
SecRule REQUEST_URI "/login" "phase:1,log,auditlog,id:1001,msg:'Login attempt detected'"
SecRule RESPONSE_STATUS "@streq 403" "phase:3,log,auditlog,msg:'Failed login attempt detected',id:101"
Working on processing the JSON transaction through a script that runs every time the log file is updates with a new entry(crons). Extract the relevant information about the login fail. Example:
{
"ip_address": "172.18.0.1",
"request_method": "POST",
"request_uri": "/login HTTP/1.1",
"status_code": 403,
"message": "Warning. String match \"403\" at RESPONSE_STATUS. [file \"/etc/modsecurity/custom_rules.conf\"] [line \"3\"] [id \"1001\"] [msg \"Failed login attempt detected\"]"
}
Next steps:
Work in progress:
private_key.sign( certificate.encode(), padding.PSS( mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH ), hashes.SHA256() )
public_key.verify( signature, certificate.encode(), padding.PSS( mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH ), hashes.SHA256() )
cryptography
python package
Code for this stage of development (with Dockerfile containing creation of key-pair) repo:tada: :tada: :tada:
Next sprints: idea gets bigger, experiments become more focused. 15Sep talk to EBSI server or cancel that part.
Experiment update:
[ { "id": 1, "signature": "abc123" }, { "id": 2, "signature": "def456" }, { "id": 3, "signature": "ghi789" } ]
SecRule REQUEST_URI "/login" "phase:1,log,auditlog,id:1001,msg:'Login attempt detected'"
SecRule RESPONSE_STATUS "@streq 403" "phase:3,log,auditlog,msg:'Failed login attempt detected',id:101"
SecRule RESPONSE_STATUS "^200$" \
"id:10003, \
phase:4, \
t:none, \
pass"
SecRule RESPONSE_HEADERS:X-User-Public-Key "!@streq 0" \
"id:10008, \
phase:4, \
t:none, \
pass, \
setvar:tx.header_value=%{RESPONSE_HEADERS.X-User-Public-Key}, \
log, \
msg:'received message', \
exec:'/app/add_token.py %{tx.header_value}'"
SecRule REQUEST_HEADERS:X-User-Public-Key "!@streq 0" \
"id:4001, \
phase:1, \
t:none, \
setenv:key=%{REQUEST_HEADERS:X-User-Public-Key}, \
deny, \
log, \
msg:'Missing X-User-Public-Key header'"
SecRule REQUEST_HEADERS:User-Signatures "!@streq 0" \
"id:4002, \
phase:1, \
t:none, \
setenv:sign=%{REQUEST_HEADERS:User-Signatures}, \
pass, \
nolog"
SecRule REQUEST_HEADERS:User-Signatures "!@streq 0" \
"id:4009,phase:1,t:none,exec:'/app/check_signatures.py %{env.sign} %{env.key}',setenv:EXEC_RESULT=%{TX.exec.ret}"
SecRule ENV:EXEC_RESULT "@eq 0" \
"id:7002, \
phase:1, \
t:none, \
deny, \
log, \
msg:'Python script denied the request'"
SecRule ENV:EXEC_RESULT "!@eq 0" \
"id:7003, \
phase:1, \
t:none, \
pass, \
log, \
msg:'Python script allowed the request'"
ToDo: write small text with state-of-the-art in DDoS + IPv4 reputation. Expand experiment.
Survey Q1 + Starting thesis
10 jan
{job next to thesis}Also interested in the problem of online trust. General intro and overview by Bruce {rockstar of security research} Ten Risks of PKI: What You’re not Being Told about Public Key Infrastructure. Technical discussion on HackerNews on passport failures and public key directories.
More on passport-level digital identity. Warning given :smile_cat: "this is complex stuff". identity is the foundation of trust in the old analog world. Please make a reading list about SSI, EBSI, EBP and eIDAS2
please note the survey @ Tribler lab methodology: https://github.com/Tribler/tribler/wiki/MasterThesis#10-ects-literature-survey-at-tribler-lab (e.g. try out all known open source wallets for suvey and grade them with stong/weak analysis in a table with screenshots { https://walt.id/ebsi ; https://github.com/walt-id })